mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-07-21 18:25:41 +03:00
44 lines
1.5 KiB
Diff
44 lines
1.5 KiB
Diff
From 62c372581b3342d6540e5c11aaea3247ee9f852c Mon Sep 17 00:00:00 2001
|
|
From: Hugo Peixoto <hugo.peixoto@gmail.com>
|
|
Date: Mon, 29 Oct 2018 19:40:18 +0000
|
|
Subject: [PATCH] Keep empty files unencrypted
|
|
|
|
To work around the issue that git considers the working directory
|
|
dirty when empty files are encrypted, these are kept untouched when
|
|
cleaning/smudging.
|
|
|
|
Security wise, this is not an issue, as you can check if an encrypted
|
|
file is empty due to the deterministic encryption properties.
|
|
|
|
Patch-Source: https://github.com/AGWA/git-crypt/issues/53
|
|
---
|
|
commands.cpp | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/commands.cpp b/commands.cpp
|
|
index 5ac0b47..a0a8d6e 100644
|
|
--- a/commands.cpp
|
|
+++ b/commands.cpp
|
|
@@ -748,6 +748,10 @@ int clean (int argc, const char** argv)
|
|
return 1;
|
|
}
|
|
|
|
+ if (file_size == 0) {
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
// We use an HMAC of the file as the encryption nonce (IV) for CTR mode.
|
|
// By using a hash of the file we ensure that the encryption is
|
|
// deterministic so git doesn't think the file has changed when it really
|
|
@@ -865,6 +869,11 @@ int smudge (int argc, const char** argv)
|
|
// Read the header to get the nonce and make sure it's actually encrypted
|
|
unsigned char header[10 + Aes_ctr_decryptor::NONCE_LEN];
|
|
in.read(reinterpret_cast<char*>(header), sizeof(header));
|
|
+
|
|
+ if (in.gcount() == 0) {
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
if (in.gcount() != sizeof(header) || std::memcmp(header, "\0GITCRYPT\0", 10) != 0) {
|
|
// File not encrypted - just copy it out to stdout
|
|
std::clog << "git-crypt: Warning: file not encrypted" << std::endl;
|