Prepare 0.8.0 release

Closes: #313

.github/workflows/release-linux.yml

@@ -0,0 +1,46 @@
+on:
+  release:
+    types: [published]
+name: Build Release Binary (Linux)
+jobs:
+  build:
+    name: Build Release Binary
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install dependencies
+        run: sudo apt install libssl-dev
+      - name: Build binary
+        run: make
+      - name: Upload release artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: git-crypt-artifacts
+          path: git-crypt
+  upload:
+    name: Upload Release Binary
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - name: Download release artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: git-crypt-artifacts
+      - name: Upload release asset
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require("fs").promises;
+            const { repo: { owner, repo }, sha } = context;
+            await github.repos.uploadReleaseAsset({
+              owner, repo,
+              release_id: ${{ github.event.release.id }},
+              name: 'git-crypt-${{ github.event.release.name }}-linux-x86_64',
+              data: await fs.readFile('git-crypt'),
+            });

.github/workflows/release-windows.yml

@@ -0,0 +1,56 @@
+on:
+  release:
+    types: [published]
+name: Build Release Binary (Windows)
+jobs:
+  build:
+    name: Build Release Binary
+    runs-on: windows-2022
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Setup msys2
+        uses: msys2/setup-msys2@v2
+        with:
+          msystem: MINGW64
+          update: true
+          install: >-
+            base-devel
+            msys2-devel
+            mingw-w64-x86_64-toolchain
+            mingw-w64-x86_64-openssl
+            openssl-devel
+      - name: Build binary
+        shell: msys2 {0}
+        run: make LDFLAGS="-static-libstdc++ -static -lcrypto -lws2_32"
+      - name: Upload release artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: git-crypt-artifacts
+          path: git-crypt.exe
+  upload:
+    name: Upload Release Binary
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - name: Download release artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: git-crypt-artifacts
+      - name: Upload release asset
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require("fs").promises;
+            const { repo: { owner, repo }, sha } = context;
+            await github.repos.uploadReleaseAsset({
+              owner, repo,
+              release_id: ${{ github.event.release.id }},
+              name: 'git-crypt-${{ github.event.release.name }}-x86_64.exe',
+              data: await fs.readFile('git-crypt.exe'),
+            });

CONTRIBUTING.md

@@ -4,8 +4,7 @@ documentation, bug reports, or anything else that improves git-crypt.
 
 When contributing code, please consider the following guidelines:
 
- * You are encouraged to open an issue on GitHub or send mail to
+ * You are encouraged to open an issue on GitHub to discuss any non-trivial
-   git-crypt-discuss@lists.cloudmutt.com to discuss any non-trivial
    changes before you start coding.
 
  * Please mimic the existing code style as much as possible.  In
@@ -15,8 +14,7 @@ When contributing code, please consider the following guidelines:
  * To minimize merge commits, please rebase your changes before opening
    a pull request.
 
- * To submit your patch, open a pull request on GitHub or send a
+ * To submit your patch, open a pull request on GitHub.
-   properly-formatted patch to git-crypt-discuss@lists.cloudmutt.com.
 
 Finally, be aware that since git-crypt is security-sensitive software,
 the bar for contributions is higher than average.  Please don't be

Makefile

@@ -24,7 +24,7 @@ OBJFILES = \
     coprocess.o \
     fhstream.o
 
-OBJFILES += crypto-openssl-10.o crypto-openssl-11.o
+OBJFILES += crypto-openssl-11.o
 LDFLAGS += -lcrypto
 
 XSLTPROC ?= xsltproc

NEWS

@@ -1,3 +1,12 @@
+v0.8.0 (2025-09-23)
+  * Remove OpenSSL 1.0 support, fix compilation with OpenSSL 3.
+  * Avoid use of problematic short GPG key IDs.
+
+v0.7.0 (2022-04-21)
+  * Avoid "argument list too long" errors on macOS.
+  * Fix handling of "-" arguments.
+  * Minor documentation improvements.
+
 v0.6.0 (2017-11-26)
   * Add support for OpenSSL 1.1 (still works with OpenSSL 1.0).
   * Switch to C++11 (gcc 4.9 or higher now required to build).

NEWS.md

@@ -1,6 +1,15 @@
 News
 ====
 
+######v0.8.0 (2025-09-23)
+* Remove OpenSSL 1.0 support, fix compilation with OpenSSL 3.
+* Avoid use of problematic short GPG key IDs.
+
+######v0.7.0 (2022-04-21)
+* Avoid "argument list too long" errors on macOS.
+* Fix handling of "-" arguments.
+* Minor documentation improvements.
+
 ######v0.6.0 (2017-11-26)
 * Add support for OpenSSL 1.1 (still works with OpenSSL 1.0).
 * Switch to C++11 (gcc 4.9 or higher now required to build).

README

@@ -70,7 +70,7 @@ encryption and decryption happen transparently.
 
 CURRENT STATUS
 
-The latest version of git-crypt is 0.6.0, released on 2017-11-26.
+The latest version of git-crypt is 0.8.0, released on 2025-09-23.
 git-crypt aims to be bug-free and reliable, meaning it shouldn't
 crash, malfunction, or expose your confidential data.  However,
 it has not yet reached maturity, meaning it is not as documented,
@@ -158,12 +158,3 @@ match it accidentally.  If necessary, you can exclude .gitattributes from
 encryption like this:
 
 	.gitattributes !filter !diff
-
-
-MAILING LISTS
-
-To stay abreast of, and provide input to, git-crypt development, consider
-subscribing to one or both of our mailing lists:
-
-Announcements: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce
-Discussion:    https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss

README.md

@@ -71,8 +71,8 @@ encryption and decryption happen transparently.
 Current Status
 --------------
 
-The latest version of git-crypt is [0.6.0](NEWS.md), released on
+The latest version of git-crypt is [0.8.0](NEWS.md), released on
-2017-11-26.  git-crypt aims to be bug-free and reliable, meaning it
+2025-09-23.  git-crypt aims to be bug-free and reliable, meaning it
 shouldn't crash, malfunction, or expose your confidential data.
 However, it has not yet reached maturity, meaning it is not as
 documented, featureful, or easy-to-use as it should be.  Additionally,
@@ -160,12 +160,3 @@ match it accidentally.  If necessary, you can exclude .gitattributes from
 encryption like this:
 
     .gitattributes !filter !diff
-
-Mailing Lists
--------------
-
-To stay abreast of, and provide input to, git-crypt development,
-consider subscribing to one or both of our mailing lists:
-
-* [Announcements](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce)
-* [Discussion](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss)

commands.cpp

@@ -1297,7 +1297,8 @@ int add_gpg_user (int argc, const char** argv)
 			std::ostringstream	commit_message_builder;
 			commit_message_builder << "Add " << collab_keys.size() << " git-crypt collaborator" << (collab_keys.size() != 1 ? "s" : "") << "\n\nNew collaborators:\n\n";
 			for (std::vector<std::pair<std::string, bool> >::const_iterator collab(collab_keys.begin()); collab != collab_keys.end(); ++collab) {
-				commit_message_builder << '\t' << gpg_shorten_fingerprint(collab->first) << ' ' << gpg_get_uid(collab->first) << '\n';
+				commit_message_builder << "    " << collab->first << '\n';
+				commit_message_builder << "        " << gpg_get_uid(collab->first) << '\n';
 			}
 
 			// git commit -m MESSAGE NEW_FILE ...

crypto-openssl-10.cpp

@@ -1,120 +0,0 @@
-/*
- * Copyright 2012, 2014 Andrew Ayer
- *
- * This file is part of git-crypt.
- *
- * git-crypt is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * git-crypt is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with git-crypt.  If not, see <http://www.gnu.org/licenses/>.
- *
- * Additional permission under GNU GPL version 3 section 7:
- *
- * If you modify the Program, or any covered work, by linking or
- * combining it with the OpenSSL project's OpenSSL library (or a
- * modified version of that library), containing parts covered by the
- * terms of the OpenSSL or SSLeay licenses, the licensors of the Program
- * grant you additional permission to convey the resulting work.
- * Corresponding Source for a non-source form of such a combination
- * shall include the source code for the parts of OpenSSL used as well
- * as that of the covered work.
- */
-
-#include <openssl/opensslconf.h>
-
-#if !defined(OPENSSL_API_COMPAT)
-
-#include "crypto.hpp"
-#include "key.hpp"
-#include "util.hpp"
-#include <openssl/aes.h>
-#include <openssl/sha.h>
-#include <openssl/hmac.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <sstream>
-#include <cstring>
-
-void init_crypto ()
-{
-	ERR_load_crypto_strings();
-}
-
-struct Aes_ecb_encryptor::Aes_impl {
-	AES_KEY key;
-};
-
-Aes_ecb_encryptor::Aes_ecb_encryptor (const unsigned char* raw_key)
-: impl(new Aes_impl)
-{
-	if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) {
-		throw Crypto_error("Aes_ctr_encryptor::Aes_ctr_encryptor", "AES_set_encrypt_key failed");
-	}
-}
-
-Aes_ecb_encryptor::~Aes_ecb_encryptor ()
-{
-	// Note: Explicit destructor necessary because class contains an unique_ptr
-	// which contains an incomplete type when the unique_ptr is declared.
-
-	explicit_memset(&impl->key, '\0', sizeof(impl->key));
-}
-
-void Aes_ecb_encryptor::encrypt(const unsigned char* plain, unsigned char* cipher)
-{
-	AES_encrypt(plain, cipher, &(impl->key));
-}
-
-struct Hmac_sha1_state::Hmac_impl {
-	HMAC_CTX ctx;
-};
-
-Hmac_sha1_state::Hmac_sha1_state (const unsigned char* key, size_t key_len)
-: impl(new Hmac_impl)
-{
-	HMAC_Init(&(impl->ctx), key, key_len, EVP_sha1());
-}
-
-Hmac_sha1_state::~Hmac_sha1_state ()
-{
-	// Note: Explicit destructor necessary because class contains an unique_ptr
-	// which contains an incomplete type when the unique_ptr is declared.
-
-	HMAC_cleanup(&(impl->ctx));
-}
-
-void Hmac_sha1_state::add (const unsigned char* buffer, size_t buffer_len)
-{
-	HMAC_Update(&(impl->ctx), buffer, buffer_len);
-}
-
-void Hmac_sha1_state::get (unsigned char* digest)
-{
-	unsigned int len;
-	HMAC_Final(&(impl->ctx), digest, &len);
-}
-
-
-void random_bytes (unsigned char* buffer, size_t len)
-{
-	if (RAND_bytes(buffer, len) != 1) {
-		std::ostringstream	message;
-		while (unsigned long code = ERR_get_error()) {
-			char		error_string[120];
-			ERR_error_string_n(code, error_string, sizeof(error_string));
-			message << "OpenSSL Error: " << error_string << "; ";
-		}
-		throw Crypto_error("random_bytes", message.str());
-	}
-}
-
-#endif

crypto-openssl-11.cpp

@@ -30,8 +30,6 @@
 
 #include <openssl/opensslconf.h>
 
-#if defined(OPENSSL_API_COMPAT)
-
 #include "crypto.hpp"
 #include "key.hpp"
 #include "util.hpp"
@@ -115,5 +113,3 @@ void random_bytes (unsigned char* buffer, size_t len)
 		throw Crypto_error("random_bytes", message.str());
 	}
 }
-
-#endif

git-crypt.hpp

@@ -31,7 +31,7 @@
 #ifndef GIT_CRYPT_GIT_CRYPT_HPP
 #define GIT_CRYPT_GIT_CRYPT_HPP
 
-#define VERSION "0.6.0"
+#define VERSION "0.8.0"
 
 extern const char*	argv0;	// initialized in main() to argv[0]
 

gpg.cpp

@@ -61,12 +61,6 @@ static std::string gpg_nth_column (const std::string& line, unsigned int col)
 	       line.substr(pos);
 }
 
-// given a key fingerprint, return the last 8 nibbles
-std::string gpg_shorten_fingerprint (const std::string& fingerprint)
-{
-	return fingerprint.size() == 40 ? fingerprint.substr(32) : fingerprint;
-}
-
 // given a key fingerprint, return the key's UID (e.g. "John Smith <jsmith@example.com>")
 std::string gpg_get_uid (const std::string& fingerprint)
 {

gpg.hpp

@@ -41,7 +41,6 @@ struct Gpg_error {
 	explicit Gpg_error (std::string m) : message(m) { }
 };
 
-std::string			gpg_shorten_fingerprint (const std::string& fingerprint);
 std::string			gpg_get_uid (const std::string& fingerprint);
 std::vector<std::string>	gpg_lookup_key (const std::string& query);
 std::vector<std::string>	gpg_list_secret_keys ();

man/git-crypt.xml

@@ -7,8 +7,8 @@
 	-->
 	<refentryinfo>
 		<title>git-crypt</title>
-		<date>2017-11-26</date>
+		<date>2022-04-21</date>
-		<productname>git-crypt 0.6.0</productname>
+		<productname>git-crypt 0.8.0</productname>
 
 		<author>
 			<othername>Andrew Ayer</othername>