[ITP] git-crypt 0.6.0

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[ITP] git-crypt 0.6.0

Nick Nauwelaerts
heya,

git-crypt is a git plugin that transparently handles encryption/decryption of files in combination with git. i've used it on and off again when i need to place sensitive info on a location that could be public (or as most ppl seem to use it: to save dotfiles on github without all your private stuff being world readable). i've been using it sporadicly in cygwin for 2 months as well without any issues.

as such i made a cygport of it, but i'm not quite clear on how the process works to submit it.

cygport file & patches are here: https://github.com/inphobia/git-crypt.cygport

cygport file was written by me, windows patches came from the issue tracker, a link to the original patch is included as a comment in each patch file.

it completes all cygport steps (compile, package, etc, ...) just fine and the resulting package seems to be compliant.

major distro references as requested for new packages:
https://software.opensuse.org/package/git-crypt
https://packages.debian.org/sid/git-crypt

license: gpl v3

tested on windows 10 x64 - 1903, cygwin 3.0.7




// nick

________________________________

Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | Twitter<https://twitter.com/aquafinnv> | YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> | LinkedIN<http://www.linkedin.com/company/aquafin/products> | Instagram<https://www.instagram.com/aquafin_nv/>

In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy<https://www.aquafin.be/nl-be/privacy-policy>.

  P Denk aan het milieu. Druk deze mail niet onnodig af.
Reply | Threaded
Open this post in threaded view
|

Re: [ITP] git-crypt 0.6.0

Brian Inglis
On 2019-08-08 22:17, Nick Nauwelaerts wrote:
> git-crypt is a git plugin that transparently handles encryption/decryption
> of files in combination with git. i've used it on and off again when i need
> to place sensitive info on a location that could be public (or as most ppl
> seem to use it: to save dotfiles on github without all your private stuff
> being world readable). i've been using it sporadicly in cygwin for 2 months
> as well without any issues.
>
> as such i made a cygport of it, but i'm not quite clear on how the process
> works to submit it.

See also:

https://cygwin.com/packaging-contributors-guide.html
https://cygwin.com/packaging-hint-files.html
https://cygwin.com/packaging-package-files.html
https://cygwin.com/package-server.html
https://cygwin.com/package-upload.html

but ignore anything that does not jive with cygport doing most of the grunt work
for you:

        $ cygport package.cygport download all test upload announce

but you might want to run the latter two separately after manually installing
and using the packages under Cygwin on your system.

> cygport file & patches are here: https://github.com/inphobia/git-crypt.cygport
>
> cygport file was written by me, windows patches came from the issue tracker,
> a link to the original patch is included as a comment in each patch file.
>
> it completes all cygport steps (compile, package, etc, ...) just fine and the
> resulting package seems to be compliant.
>
> major distro references as requested for new packages:
> https://software.opensuse.org/package/git-crypt
> https://packages.debian.org/sid/git-crypt

You can also check package availability easily on https://pkgs.org/:

        $ cygstart https://pkgs.org/download/git-crypt

shows Alt Linux, Arch Linux, Debian, Fedora, FreeBSD, OpenSuSE, Ubuntu.

> license: gpl v3
>
> tested on windows 10 x64 - 1903, cygwin 3.0.7

You also have to build on x86 and provide public links to the package.cygport,
source package-ver-1-src.tar.xz, x86 and x86_64 binary package-ver-1.hint,
package-ver-1.tar.xz, x86 and x86_64 debuginfo package-debuginfo-ver-1.hint and
package-debuginfo-ver-1.tar.xz files, from the build package-ver-1.arch/dist
subdirectories.

--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
Reply | Threaded
Open this post in threaded view
|

RE: [ITP] git-crypt 0.6.0

Nick Nauwelaerts
> -----Original Message-----
> From: [hidden email] [mailto:cygwin-apps-
> [hidden email]] On Behalf Of Brian Inglis
> Sent: Friday, August 9, 2019 08:15
> To: [hidden email]
> Subject: Re: [ITP] git-crypt 0.6.0
>
> On 2019-08-08 22:17, Nick Nauwelaerts wrote:
> > git-crypt is a git plugin that transparently handles encryption/decryption
> > of files in combination with git. i've used it on and off again when i need
> > to place sensitive info on a location that could be public (or as most ppl
> > seem to use it: to save dotfiles on github without all your private stuff
> > being world readable). i've been using it sporadicly in cygwin for 2 months
> > as well without any issues.
> >
> > as such i made a cygport of it, but i'm not quite clear on how the process
> > works to submit it.
>
> See also:
>
> https://cygwin.com/packaging-contributors-guide.html
> https://cygwin.com/packaging-hint-files.html
> https://cygwin.com/packaging-package-files.html

i actually did go through all those to try and get everything right on the first go, seems i missed some things :)

> https://cygwin.com/package-server.html

since this seemed to be such a simple package i must admit i did not set up a mirror, i did however follow https://cygwin.com/packaging-contributors-guide.html (Installing your package for testing), extracting everything in my root dir as explained there. i assumed this would suffice since the package only contains 1 binary & 1 man page and no scripts or anything special that needs to be run.

> https://cygwin.com/package-upload.html

i figured if i made the cygport file and patches available you would import them in a build system like suse's openbuild to verify that no shortcuts were taken or my system was otherwise not comparable to normal install. come to think of it, kinda like what is proposed here: https://cygwin.com/ml/cygwin-apps/2019-08/msg00012.html :)


> but ignore anything that does not jive with cygport doing most of the grunt
> work
> for you:
>
> $ cygport package.cygport download all test upload announce

since i didn't bother with requesting access upload ofcourse fails, also making announce irrelevant. i'll will send an email with a key in the requested mail format asap.

>
> but you might want to run the latter two separately after manually installing
> and using the packages under Cygwin on your system.
>
> > cygport file & patches are here: https://github.com/inphobia/git-
> crypt.cygport
> >
> > cygport file was written by me, windows patches came from the issue
> tracker,
> > a link to the original patch is included as a comment in each patch file.
> >
> > it completes all cygport steps (compile, package, etc, ...) just fine and the
> > resulting package seems to be compliant.
> >
> > major distro references as requested for new packages:
> > https://software.opensuse.org/package/git-crypt
> > https://packages.debian.org/sid/git-crypt
>
> You can also check package availability easily on https://pkgs.org/:
>
> $ cygstart https://pkgs.org/download/git-crypt
>
> shows Alt Linux, Arch Linux, Debian, Fedora, FreeBSD, OpenSuSE, Ubuntu.
>
> > license: gpl v3
> >
> > tested on windows 10 x64 - 1903, cygwin 3.0.7
>
> You also have to build on x86 and provide public links to the
> package.cygport,
> source package-ver-1-src.tar.xz, x86 and x86_64 binary package-ver-1.hint,
> package-ver-1.tar.xz, x86 and x86_64 debuginfo package-debuginfo-ver-1.hint
> and
> package-debuginfo-ver-1.tar.xz files, from the build package-ver-1.arch/dist
> subdirectories.

uploaded them all here (x64 only):
https://github.com/inphobia/git-crypt.cygport/releases/tag/0.6.0-1.beta


because, for some reason the 32bit versions fails to build.

the first try i didn't have the required packages:
*** ERROR: Compiling this package requires i686-pc-cygwin binutils and gcc

so i installed all cygwin32* packages. seems i also has some mingw64-i686 packages left over which i uninstalled so the wouldn't get in the way.

and then my build broke with a missing ssl header for some reason:

crypto-openssl-10.cpp:31:33: fatal error: openssl/opensslconf.h: No such file or directory
 #include <openssl/opensslconf.h>



am i missing something obvious here like the i686 toolchain having different include paths or compiler arguments? or does openssl actually have different headers depending on arch, which is what quite a lot of google answers seem to point to.


thx

// nick

________________________________

Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | Twitter<https://twitter.com/aquafinnv> | YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> | LinkedIN<http://www.linkedin.com/company/aquafin/products> | Instagram<https://www.instagram.com/aquafin_nv/>

In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy<https://www.aquafin.be/nl-be/privacy-policy>.

  P Denk aan het milieu. Druk deze mail niet onnodig af.
Reply | Threaded
Open this post in threaded view
|

Re: [ITP] git-crypt 0.6.0

Brian Inglis
On 2019-08-09 19:48, Nick Nauwelaerts wrote:

> On Friday, August 9, 2019 08:15, Brian Inglis wrote:
>> On 2019-08-08 22:17, Nick Nauwelaerts wrote:
>>> git-crypt is a git plugin that transparently handles encryption/decryption
>>> of files in combination with git. i've used it on and off again when i need
>>> to place sensitive info on a location that could be public (or as most ppl
>>> seem to use it: to save dotfiles on github without all your private stuff
>>> being world readable). i've been using it sporadicly in cygwin for 2 months
>>> as well without any issues.
>>>
>>> as such i made a cygport of it, but i'm not quite clear on how the process
>>> works to submit it.
>>
>> See also:
>>
>> https://cygwin.com/packaging-contributors-guide.html
>> https://cygwin.com/packaging-hint-files.html
>> https://cygwin.com/packaging-package-files.html
>
> i actually did go through all those to try and get everything right on the
> first go, seems i missed some things :)
>
>> https://cygwin.com/package-server.html
>
> since this seemed to be such a simple package i must admit i did not set up
> a mirror, i did however follow
> https://cygwin.com/packaging-contributors-guide.html (Installing your
> package for testing), extracting everything in my root dir as explained
> there. i assumed this would suffice since the package only contains 1 binary
> & 1 man page and no scripts or anything special that needs to be run.
>
>> https://cygwin.com/package-upload.html
>
> i figured if i made the cygport file and patches available you would import
> them in a build system like suse's openbuild to verify that no shortcuts were
> taken or my system was otherwise not comparable to normal install. come to
> think of it, kinda like what is proposed here:
> https://cygwin.com/ml/cygwin-apps/2019-08/msg00012.html :)
>
>> but ignore anything that does not jive with cygport doing most of the grunt
>> work
>> for you:
>>
>> $ cygport package.cygport download all test upload announce
>
> since i didn't bother with requesting access upload of course fails, also
> making announce irrelevant. i'll will send an email with a key in the
> requested mail format asap.
>
>>
>> but you might want to run the latter two separately after manually installing
>> and using the packages under Cygwin on your system.
>>
>>> cygport file & patches are here: https://github.com/inphobia/git-
>> crypt.cygport
>>>
>>> cygport file was written by me, windows patches came from the issue
>> tracker,
>>> a link to the original patch is included as a comment in each patch file.
>>>
>>> it completes all cygport steps (compile, package, etc, ...) just fine and the
>>> resulting package seems to be compliant.
>>>
>>> major distro references as requested for new packages:
>>> https://software.opensuse.org/package/git-crypt
>>> https://packages.debian.org/sid/git-crypt
>>
>> You can also check package availability easily on https://pkgs.org/:
>>
>> $ cygstart https://pkgs.org/download/git-crypt
>>
>> shows Alt Linux, Arch Linux, Debian, Fedora, FreeBSD, OpenSuSE, Ubuntu.
>>
>>> license: gpl v3
>>>
>>> tested on windows 10 x64 - 1903, cygwin 3.0.7
>>
>> You also have to build on x86 and provide public links to the
>> package.cygport,
>> source package-ver-1-src.tar.xz, x86 and x86_64 binary package-ver-1.hint,
>> package-ver-1.tar.xz, x86 and x86_64 debuginfo package-debuginfo-ver-1.hint
>> and
>> package-debuginfo-ver-1.tar.xz files, from the build package-ver-1.arch/dist
>> subdirectories.
>
> uploaded them all here (x64 only):
> https://github.com/inphobia/git-crypt.cygport/releases/tag/0.6.0-1.beta
>
> because, for some reason the 32bit versions fails to build.
>
> the first try i didn't have the required packages:
> *** ERROR: Compiling this package requires i686-pc-cygwin binutils and gcc
>
> so i installed all cygwin32* packages. seems i also has some mingw64-i686
> packages left over which i uninstalled so the wouldn't get in the way.
> and then my build broke with a missing ssl header for some reason:
>
> crypto-openssl-10.cpp:31:33: fatal error: openssl/opensslconf.h: No such file or directory
>  #include <openssl/opensslconf.h>
>
> am i missing something obvious here like the i686 toolchain having different
> include paths or compiler arguments? or does openssl actually have different
> headers depending on arch, which is what quite a lot of google answers seem
> to point to.
Download setup-x86 and set up a Cygwin 32 install parallel to your Cygwin 64
install, install base, cygport, and dependencies, open a Cygwin 32 mintty
window, running Cygwin 32 bash, cd to your git-crypt.cygport dir, and rerun your
cygport download all test.

--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
Reply | Threaded
Open this post in threaded view
|

Re: [ITP] git-crypt 0.6.0

Jon TURNEY
In reply to this post by Nick Nauwelaerts
On 10/08/2019 02:48, Nick Nauwelaerts wrote:

>> -----Original Message-----
>> From: [hidden email] [mailto:cygwin-apps-
>> [hidden email]] On Behalf Of Brian Inglis
>> Sent: Friday, August 9, 2019 08:15
>> To: [hidden email]
>> Subject: Re: [ITP] git-crypt 0.6.0
>>
>> On 2019-08-08 22:17, Nick Nauwelaerts wrote:
>>> git-crypt is a git plugin that transparently handles encryption/decryption
>>> of files in combination with git. i've used it on and off again when i need
>>> to place sensitive info on a location that could be public (or as most ppl
>>> seem to use it: to save dotfiles on github without all your private stuff
>>> being world readable). i've been using it sporadicly in cygwin for 2 months
>>> as well without any issues.
>>>
>>> as such i made a cygport of it, but i'm not quite clear on how the process
>>> works to submit it.

Thanks.  Sorry for the delay in getting to this.

Some minor comments on the cygport file:

> # runtime deps to go in setup.hint, and note the escaped newline
> REQUIRES="git openssl"

The part of the comment about escaped newline doesn't make a lot of sense.

Are you sure that 'openssl' is required at runtime (and not just
libssl1.1, which is autodetected as a dependency)?

> # We use the src_compile and src_test provided by meson.cygclass

This comment is confusing since it's built with make?

> i figured if i made the cygport file and patches available you would
> import them in a build system like suse's openbuild to verify that no
> shortcuts were taken or my system was otherwise not comparable to
> normal install. come to think of it, kinda like what is proposed
> here: https://cygwin.com/ml/cygwin-apps/2019-08/msg00012.html :)

Unfortunately, we do not (yet) have a system to build packages from
those repositories.
> since i didn't bother with requesting access upload ofcourse fails,
> also making announce irrelevant. i'll will send an email with a key
> in the requested mail format asap.

I don't see an email with a key from you.  If you are still interested
in progressing this, please provide a ssh key as per
https://cygwin.com/package-upload.html
Reply | Threaded
Open this post in threaded view
|

RE: [ITP] git-crypt 0.6.0

Nick Nauwelaerts
> -----Original Message-----
> From: Jon Turney [mailto:[hidden email]]
> Sent: Sunday, December 1, 2019 16:06
> To: [hidden email]; Nick Nauwelaerts
> <[hidden email]>
> Subject: Re: [ITP] git-crypt 0.6.0
>
> >> On 2019-08-08 22:17, Nick Nauwelaerts wrote:
> >>> git-crypt is a git plugin that transparently handles encryption/decryption
> >>> of files in combination with git. i've used it on and off again when i need
> >>> to place sensitive info on a location that could be public (or as most ppl
> >>> seem to use it: to save dotfiles on github without all your private stuff
> >>> being world readable). i've been using it sporadicly in cygwin for 2
> months
> >>> as well without any issues.
> >>>
> >>> as such i made a cygport of it, but i'm not quite clear on how the process
> >>> works to submit it.
>
> Thanks.  Sorry for the delay in getting to this.
>
> Some minor comments on the cygport file:
>
> > # runtime deps to go in setup.hint, and note the escaped newline
> > REQUIRES="git openssl"
>
> The part of the comment about escaped newline doesn't make a lot of sense.

true that, seems to be a mindless copy/paste from:
https://github.com/cygwinports/cygport/blob/master/data/sample.cygport

> Are you sure that 'openssl' is required at runtime (and not just
> libssl1.1, which is autodetected as a dependency)?

excellent question.
after reviewing the contents of both packages it seems the openssl package contains all userland tools & manuals, while libssl contains the libraries only. looking throug the code git-crypt does not seem to use the actual openssl command, but the linux distros (opensuse & debian) i partially based this on all required full openssl. i'll look into it.

> > # We use the src_compile and src_test provided by meson.cygclass
>
> This comment is confusing since it's built with make?

also to much copy/paste from sample.cygport

> > i figured if i made the cygport file and patches available you would
> > import them in a build system like suse's openbuild to verify that no
> > shortcuts were taken or my system was otherwise not comparable to
> > normal install. come to think of it, kinda like what is proposed
> > here: https://cygwin.com/ml/cygwin-apps/2019-08/msg00012.html :)
>
> Unfortunately, we do not (yet) have a system to build packages from
> those repositories.
> > since i didn't bother with requesting access upload ofcourse fails,
> > also making announce irrelevant. i'll will send an email with a key
> > in the requested mail format asap.
>
> I don't see an email with a key from you.  If you are still interested
> in progressing this, please provide a ssh key as per
> https://cygwin.com/package-upload.html

i think there also was a question to provide 32bit packages in addition to the 64bit ones. since i haven't yet have had time for that i figured requesting a key for a half finished package was bad form.



bottom line:
 * i'll fix the confusing comments now (-> done)
 *¨i'll test to see if libssl suffices instead of openssl
 * not sure if i should request a key alrdy since 32bit testing most likely won't be happening the coming few weeks. can you drop me a private note with if i should or shouldn't alrdy request a key?


thx


 // nick

________________________________

Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | Twitter<https://twitter.com/aquafinnv> | YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> | LinkedIN<http://www.linkedin.com/company/aquafin/products> | Instagram<https://www.instagram.com/aquafin_nv/>

In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy<https://www.aquafin.be/nl-be/privacy-policy>.

  P Denk aan het milieu. Druk deze mail niet onnodig af.
Reply | Threaded
Open this post in threaded view
|

Re: [ITP] git-crypt 0.6.0

marco atzeri-4
Am 05.12.2019 um 20:59 schrieb Nick Nauwelaerts:

>
> i think there also was a question to provide 32bit packages in addition to the 64bit ones. since i haven't yet have had time for that i figured requesting a key for a half finished package was bad form.
>
>
>
> bottom line:
>   * i'll fix the confusing comments now (-> done)
>   *¨i'll test to see if libssl suffices instead of openssl
>   * not sure if i should request a key alrdy since 32bit testing most likely won't be happening the coming few weeks. can you drop me a private note with if i should or shouldn't alrdy request a key?
>
>
> thx
>
>
>   // nick
>

the key is needed only after the package is Good To Go.

Regards
Marco