mirror of
https://github.com/AGWA/git-crypt.git
synced 2025-12-23 07:28:18 -08:00
6a454b1fa1
The active key is now stored in .git/git-crypt/key instead of being stored outside the repo. This will facilitate GPG support, where the user may never interact directly with a key file. It's also more convenient, because it means you don't have to keep the key file around in a fixed location (which can't be moved without breaking git-crypt). 'git-crypt init' now takes no arguments and is used only when initializing git-crypt for the very first time. It generates a brand-new key, so there's no longer a separate keygen step. To export the key (for conveyance to another system or to a collaborator), run 'git-crypt export-key FILENAME'. To decrypt an existing repo using an exported key, run 'git-crypt unlock KEYFILE'. After running unlock, you can delete the key file you passed to unlock. Key files now use a new format that supports key versioning (which will facilitate secure revocation in the future). I've made these changes as backwards-compatible as possible. Repos already configured with git-crypt will continue to work without changes. However, 'git-crypt unlock' expects a new format key. You can use the 'git-crypt migrate-key KEYFILE' command to migrate old keys to the new format. Note that old repos won't be able to use the new commands, like export-key, or the future GPG support. To migrate an old repo, migrate its key file and then unlock the repo using the unlock command, as described above. While making these changes, I cleaned up the code significantly, adding better error handling and improving robustness. Next up: GPG support.
61 lines
2.1 KiB
C++
61 lines
2.1 KiB
C++
/*
|
|
* Copyright 2012, 2014 Andrew Ayer
|
|
*
|
|
* This file is part of git-crypt.
|
|
*
|
|
* git-crypt is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* git-crypt is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
* Additional permission under GNU GPL version 3 section 7:
|
|
*
|
|
* If you modify the Program, or any covered work, by linking or
|
|
* combining it with the OpenSSL project's OpenSSL library (or a
|
|
* modified version of that library), containing parts covered by the
|
|
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
|
|
* grant you additional permission to convey the resulting work.
|
|
* Corresponding Source for a non-source form of such a combination
|
|
* shall include the source code for the parts of OpenSSL used as well
|
|
* as that of the covered work.
|
|
*/
|
|
|
|
#ifndef _UTIL_H
|
|
#define _UTIL_H
|
|
|
|
#include <string>
|
|
#include <ios>
|
|
#include <iosfwd>
|
|
#include <stdint.h>
|
|
|
|
struct System_error {
|
|
std::string action;
|
|
std::string target;
|
|
int error;
|
|
|
|
System_error (const std::string& a, const std::string& t, int e) : action(a), target(t), error(e) { }
|
|
};
|
|
|
|
void mkdir_parent (const std::string& path); // Create parent directories of path, __but not path itself__
|
|
std::string readlink (const char* pathname);
|
|
std::string our_exe_path ();
|
|
int exec_command (const char* command, std::ostream& output);
|
|
bool successful_exit (int status);
|
|
void open_tempfile (std::fstream&, std::ios_base::openmode);
|
|
std::string escape_shell_arg (const std::string&);
|
|
uint32_t load_be32 (const unsigned char*);
|
|
void store_be32 (unsigned char*, uint32_t);
|
|
bool read_be32 (std::istream& in, uint32_t&);
|
|
void write_be32 (std::ostream& out, uint32_t);
|
|
|
|
#endif
|
|
|