aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Jirutka <jakub@jirutka.cz>2019-07-28 21:37:19 +0200
committerJakub Jirutka <jakub@jirutka.cz>2019-07-28 21:39:54 +0200
commit73f168230426b9c6466d5aef3ed4bb50c5b3d043 (patch)
tree8aa788a1ac9ab5577bf34db8a5784a1ac80cebb3
parent7debd812a8338d4b17d2553e51532ad422d00eb0 (diff)
downloadaports-73f168230426b9c6466d5aef3ed4bb50c5b3d043.tar.gz
aports-73f168230426b9c6466d5aef3ed4bb50c5b3d043.tar.bz2
aports-73f168230426b9c6466d5aef3ed4bb50c5b3d043.tar.xz
testing/git-crypt: fix bug with encrypting empty files
-rw-r--r--testing/git-crypt/0002-keep-empty-files-unencrypted.patch44
-rw-r--r--testing/git-crypt/APKBUILD4
2 files changed, 47 insertions, 1 deletions
diff --git a/testing/git-crypt/0002-keep-empty-files-unencrypted.patch b/testing/git-crypt/0002-keep-empty-files-unencrypted.patch
new file mode 100644
index 0000000000..d0e490bfd8
--- /dev/null
+++ b/testing/git-crypt/0002-keep-empty-files-unencrypted.patch
@@ -0,0 +1,44 @@
+From 62c372581b3342d6540e5c11aaea3247ee9f852c Mon Sep 17 00:00:00 2001
+From: Hugo Peixoto <hugo.peixoto@gmail.com>
+Date: Mon, 29 Oct 2018 19:40:18 +0000
+Subject: [PATCH] Keep empty files unencrypted
+
+To work around the issue that git considers the working directory
+dirty when empty files are encrypted, these are kept untouched when
+cleaning/smudging.
+
+Security wise, this is not an issue, as you can check if an encrypted
+file is empty due to the deterministic encryption properties.
+
+Patch-Source: https://github.com/AGWA/git-crypt/issues/53
+---
+ commands.cpp | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/commands.cpp b/commands.cpp
+index 5ac0b47..a0a8d6e 100644
+--- a/commands.cpp
++++ b/commands.cpp
+@@ -748,6 +748,10 @@ int clean (int argc, const char** argv)
+ return 1;
+ }
+
++ if (file_size == 0) {
++ return 0;
++ }
++
+ // We use an HMAC of the file as the encryption nonce (IV) for CTR mode.
+ // By using a hash of the file we ensure that the encryption is
+ // deterministic so git doesn't think the file has changed when it really
+@@ -865,6 +869,11 @@ int smudge (int argc, const char** argv)
+ // Read the header to get the nonce and make sure it's actually encrypted
+ unsigned char header[10 + Aes_ctr_decryptor::NONCE_LEN];
+ in.read(reinterpret_cast<char*>(header), sizeof(header));
++
++ if (in.gcount() == 0) {
++ return 0;
++ }
++
+ if (in.gcount() != sizeof(header) || std::memcmp(header, "\0GITCRYPT\0", 10) != 0) {
+ // File not encrypted - just copy it out to stdout
+ std::clog << "git-crypt: Warning: file not encrypted" << std::endl;
diff --git a/testing/git-crypt/APKBUILD b/testing/git-crypt/APKBUILD
index 00609a2229..037fdc3799 100644
--- a/testing/git-crypt/APKBUILD
+++ b/testing/git-crypt/APKBUILD
@@ -14,6 +14,7 @@ makedepends="docbook-xml docbook-xsl openssl-dev"
subpackages="$pkgname-doc"
source="$pkgname-$pkgver.tar.gz::https://github.com/AGWA/$pkgname/archive/$pkgver.tar.gz
0001-add-merge-driver.patch
+ 0002-keep-empty-files-unencrypted.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -29,4 +30,5 @@ package() {
}
sha512sums="06fd9f6dbdc5c9fa9196f3e81a87cd3688089623b2658daf9c98809d5ca14df0b7ca69fdfe8279abf575957c366f2f93bd5a6885092eb533bd0d1ed9fe9dfac5 git-crypt-0.6.0.tar.gz
-90da8f4c6f084ec35a753969908eb1b1c4e2ff3bc6b0eb22aa3d4b88c712c2f9db09d7ad404ec2fb0e6addeb6f4c724b7008ed2687ad3892ea4bf16f4685c975 0001-add-merge-driver.patch"
+90da8f4c6f084ec35a753969908eb1b1c4e2ff3bc6b0eb22aa3d4b88c712c2f9db09d7ad404ec2fb0e6addeb6f4c724b7008ed2687ad3892ea4bf16f4685c975 0001-add-merge-driver.patch
+136b5ad3a197f462878210462ce4d4bac6978d9ef67f5a4f49acedd58c48491c245f8649885bcc2bed43d642f7e5652d32acf12861b28582b6658482168f7088 0002-keep-empty-files-unencrypted.patch"