Nuances of encryption in git
If you want to use a public resource like GitHub or GoogleDrive to store your repository, but are not ready to share the results of your work with the whole world, then you will be helped by encrypting files in the git repository. This is not a top-secret technology and there are a number of small articles on the Internet on this topic (and even on Habré), but all of them are a variation of a piece of git documentation on attributes and the topic is not disclosed at all. In addition, in the process of using git in this mode, there are nuances of use that are not always easy to understand and solve and which I will try to highlight in this article.
Initially it is assumed the presence of encryption software on the computer. The natural choice is to use openssl. In Linux, it is by default. On windows, it comes with mingw in a git installation for windows. The only thing we need to take care of under Windows is that the folder in which openssl is located (for example, “C: \ Program Files \ Git \ mingw64 \ bin \”) is in the PATH environment variable. Then we don’t have to create additional utilities (as recommended in the articles about encryption in gita) and the whole configuration is much simpler.
Now let's do the magic of creating attributes in git. First we need to figure out what we want to encrypt in the tree. If you are a hard-core paranoid like me, then you decide to encrypt everything. Create a file in the root of the empty .gitattributes repository:
If you are not so paranoid, you can replace wildcard with * .java or * .cpp to taste.
Why init.txt? Let's make a small memo for yourself so that in case of cloning the repository you do not have to frantically search for instructions on the Internet. In addition, it can be very successfully used as a Shelowski script for initializing encryption in a newly cloned copy.
')
Now create the mentioned init.txt file:
After making sure that git and openssl are accessible in the paths, we run the file as shown in the comment (If you are in Windows, this must be run from git-bash).
Or just use your hands to launch 3 git config commands from this file, replacing $ 1 in the line with the password for the repository.
Now add this to the repository:
Voila, everything is ready for work. Now we can add new files and they will be automatically encrypted.
Now the fun part. If you create a java-encrypted project on github and start working with it, you will notice very soon that the IDE plugin in the IDE doesn’t want to compare files with previous versions. This is due to the fact that intelij pulls up previous versions of a file from the repository using the git show command. And now attention: the git show and git format-patch commands do not use filters by default. To do this, they need to specify the option --textconv. I could not force this to do the Gitovsky plugin myself, so I did a little wrapper for git and specified it in the settings. It automatically adds this option to the show command.
Option for Linux (unfortunately not verified):
Now, I hope, the topic is revealed.
Environment
Initially it is assumed the presence of encryption software on the computer. The natural choice is to use openssl. In Linux, it is by default. On windows, it comes with mingw in a git installation for windows. The only thing we need to take care of under Windows is that the folder in which openssl is located (for example, “C: \ Program Files \ Git \ mingw64 \ bin \”) is in the PATH environment variable. Then we don’t have to create additional utilities (as recommended in the articles about encryption in gita) and the whole configuration is much simpler.
Git setup
Now let's do the magic of creating attributes in git. First we need to figure out what we want to encrypt in the tree. If you are a hard-core paranoid like me, then you decide to encrypt everything. Create a file in the root of the empty .gitattributes repository:
* filter=openssl diff=openssl
.git* !filter !diff
init.txt !filter !diff
If you are not so paranoid, you can replace wildcard with * .java or * .cpp to taste.
Why init.txt? Let's make a small memo for yourself so that in case of cloning the repository you do not have to frantically search for instructions on the Internet. In addition, it can be very successfully used as a Shelowski script for initializing encryption in a newly cloned copy.
')
Now create the mentioned init.txt file:
<code> #This is protected repository. To initialize it you need: # # git clone -n ​​https://github.com/ <your_project_name> # git checkout tags / init # Then execute in shell: # init.txt <password for repository> [-z "$ 1"] && echo "Argument required: <password>" && return git config filter.openssl.clean "openssl enc -base64 -aes-256-ecb -S 123456789 -k $ 1" git config filter.openssl.smudge "openssl enc -d -base64 -aes-256-ecb -k $ 1" git config diff.openssl.textconv "openssl enc -d -base64 -aes-256-ecb -k $ 1 2 &> / dev / null || cat" git checkout master </ code>
After making sure that git and openssl are accessible in the paths, we run the file as shown in the comment (If you are in Windows, this must be run from git-bash).
. init.txt my_repo_passOr just use your hands to launch 3 git config commands from this file, replacing $ 1 in the line with the password for the repository.
Now add this to the repository:
git add .
git commit -m "protection initialization"
git push
git tag init
git push --tagsVoila, everything is ready for work. Now we can add new files and they will be automatically encrypted.
Intelij Integration
Now the fun part. If you create a java-encrypted project on github and start working with it, you will notice very soon that the IDE plugin in the IDE doesn’t want to compare files with previous versions. This is due to the fact that intelij pulls up previous versions of a file from the repository using the git show command. And now attention: the git show and git format-patch commands do not use filters by default. To do this, they need to specify the option --textconv. I could not force this to do the Gitovsky plugin myself, so I did a little wrapper for git and specified it in the settings. It automatically adds this option to the show command.
git4idea.bat
@echo off
set ARGS=%*
"C:\Program Files\Git\bin\git.exe" %ARGS: show = show --textconv %
Option for Linux (unfortunately not verified):
#!/bin/bash
export ARGS="$*"
git "${ARGS/ show / show --textconv }"
Now, I hope, the topic is revealed.
Source: https://habr.com/ru/post/340076/
All Articles