community/git-crypt: move from testing

1 files changed, 44 insertions, 0 deletions

diff --git a/community/git-crypt/0002-keep-empty-files-unencrypted.patch b/community/git-crypt/0002-keep-empty-files-unencrypted.patch
new file mode 100644
index 0000000000..d0e490bfd8
--- /dev/null
+++ b/community/git-crypt/0002-keep-empty-files-unencrypted.patch
@@ -0,0 +1,44 @@
+From 62c372581b3342d6540e5c11aaea3247ee9f852c Mon Sep 17 00:00:00 2001
+From: Hugo Peixoto <hugo.peixoto@gmail.com>
+Date: Mon, 29 Oct 2018 19:40:18 +0000
+Subject: [PATCH] Keep empty files unencrypted
+
+To work around the issue that git considers the working directory
+dirty when empty files are encrypted, these are kept untouched when
+cleaning/smudging.
+
+Security wise, this is not an issue, as you can check if an encrypted
+file is empty due to the deterministic encryption properties.
+
+Patch-Source: https://github.com/AGWA/git-crypt/issues/53
+---
+ commands.cpp | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/commands.cpp b/commands.cpp
+index 5ac0b47..a0a8d6e 100644
+--- a/commands.cpp
++++ b/commands.cpp
+@@ -748,6 +748,10 @@ int clean (int argc, const char** argv)
+ 		return 1;
+ 	}
+ 
++	if (file_size == 0) {
++		return 0;
++	}
++
+ 	// We use an HMAC of the file as the encryption nonce (IV) for CTR mode.
+ 	// By using a hash of the file we ensure that the encryption is
+ 	// deterministic so git doesn't think the file has changed when it really
+@@ -865,6 +869,11 @@ int smudge (int argc, const char** argv)
+ 	// Read the header to get the nonce and make sure it's actually encrypted
+ 	unsigned char		header[10 + Aes_ctr_decryptor::NONCE_LEN];
+ 	in.read(reinterpret_cast<char*>(header), sizeof(header));
++
++	if (in.gcount() == 0) {
++		return 0;
++	}
++
+ 	if (in.gcount() != sizeof(header) || std::memcmp(header, "\0GITCRYPT\0", 10) != 0) {
+ 		// File not encrypted - just copy it out to stdout
+ 		std::clog << "git-crypt: Warning: file not encrypted" << std::endl;