Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate to git-crypt #113

Closed
14 tasks done
arcticicestudio opened this issue Sep 8, 2018 · 0 comments
Closed
14 tasks done

Migrate to git-crypt #113

arcticicestudio opened this issue Sep 8, 2018 · 0 comments
Labels
context-core priority-high scope-security type-feature
Milestone
0.1.0

Comments

@arcticicestudio
Copy link
Owner

arcticicestudio commented Sep 8, 2018
edited
Loading

In #64 (PR #69) a transparent Git encryption was introduced to GPG encrypt specific files using the smudge and clean filters.
This approach only worked reasonably well with various problems, e.g. caused files to be flagged as „dirty“ (modified) after checkout even if there have been no changes. The pure Git builtin solution with filters was chosen to prevent dependence to external tools, but the latest release versions of Git causing more and more problems due to changes in the behavior e.g. how git diff works (also causing diff-so-fancy to be broken).

This issue will undo the previous solution and, against contrary to the opinion in #64, migrate the repository to use git-crypt instead. Even if this adds additional files to the repository and adds the external dependency to the tool itself, git-crypt is a stable and production proven concept that works safely and allows to really use a transparent encryption.

After playing around and testing git-crypt locally the resulting migration steps are as follows:

  • 1 Delete the custom git-diff-igloocrypt script
  • 2 Remove the custom [diff "igloocrypt"] section from the gitconfig file
  • 3 Remove the custom filter "igloocrypt" from the gitconfig file
  • 4 Update the filter and diff custom global Git attributes handler for all *.igloocrypt files to the new git-crypt setup
  • 5 Decrypt all *.igloocrypt files and backup them up outside the repository
  • 6 Delete all *.igloocrypt files within the repository
  • 7 Initialize git-crypt for the repository: git-crypt init (default key)
  • 8 Add the main Arctic Ice Studio GPG key: git-crypt add-gpg-user -n <ID> (-n flag prevents automatic commit of generated files)
  • 9 Commit the new generated .git-crypt folder
  • 10 Unlock the repository: git-crypt unlock
  • 11 Add all backed up *.igloocrypt files back into the repository
  • 12 Ensure all *.igloocrypt are tracked to be encryped: git-crypt status
  • 13 Commit all *.igloocrypt files
  • 14 Validate the encryption works by locking the repository again: git-crypt lock
@arcticicestudio arcticicestudio added this to the 0.1.0 milestone Sep 8, 2018
@arcticicestudio arcticicestudio self-assigned this Sep 8, 2018
arcticicestudio added a commit that referenced this issue Sep 8, 2018
@arcticicestudio
Reverse solution from GH-64
b9d8518 
1. Deleted the custom `git-diff-igloocrypt` script
2. Removed the custom `[diff "igloocrypt"]` section from the
   `gitconfig` file
3. Removed the custom filter "igloocrypt" from the `gitconfig` file
4. Updated the `filter` and `diff` custom global Git attributes handler
   for all `*.igloocrypt` files to the new `git-crypt` setup

GH-113
arcticicestudio added a commit that referenced this issue Sep 8, 2018
@arcticicestudio
Remove currently encrypted files
6cb24f2 
1. Decrypted all `*.igloocrypt` files and backuped them up outside the
   repository
2. Deleted all `*.igloocrypt` files within the repository

GH-113
arcticicestudio added a commit that referenced this issue Sep 8, 2018
@arcticicestudio
Initialize "git"crypt" and add Arctic Ice Studio GPG key
4362ef5 
1. Initialized `git-crypt` for the repository: `git-crypt init`
   (default key)
2. Added the main Arctic Ice Studio GPG key:
   `git-crypt add-gpg-user -n <ID>`
   (`-n` flag prevents automatic commit of generated files)

GH-113
arcticicestudio added a commit that referenced this issue Sep 8, 2018
@arcticicestudio
Remove forgotten "old" encrypted files
cff197e 
GH-113
arcticicestudio added a commit that referenced this issue Sep 8, 2018
@arcticicestudio
Add (backed up) previously encrypted files back again
b079adb 
1. Unlocked the repository: `git-crypt unlock`
2. Added all backed up `*.igloocrypt` files back into the repository
3. Ensured all `*.igloocrypt` are tracked to be encryped:
   `git-crypt status`

After this commit the encryption can be validated to by locking the
repository again: `git-crypt lock`

GH-113
@arcticicestudio arcticicestudio mentioned this issue Sep 8, 2018
Merged
@arcticicestudio arcticicestudio removed their assignment Sep 8, 2018
arcticicestudio added a commit that referenced this issue Apr 5, 2020
@arcticicestudio
Merge pull request #114 from arcticicestudio/feature/gh-113-migrate-t…
4bb0d48 
…o-git-crypt

Migrate to "git-crypt"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
context-core priority-high scope-security type-feature
Projects
None yet
Milestone
0.1.0
Development

No branches or pull requests
1 participant
@arcticicestudio