Merging encrypted files with conflicts produces encrypted content in the "merged" file #69
Comments
|
In case it helps someone else, here is our latest merge driver script that fixes merging of transcrypt-encrypted files whether or not the merged changes result in conflicts. You can see the transcrypt (1.1.0) changes necessary to fully support this on the branch https://github.com/ixc/transcrypt/commits/fix-merge-with-conflicts You enable the driver by:
#!/usr/bin/env bash
# Decrypt BASE, LOCAL, and REMOTE versions of file being merged
echo "$(cat $1 | ./.git/crypt/smudge)" > $1
echo "$(cat $2 | ./.git/crypt/smudge)" > $2
echo "$(cat $3 | ./.git/crypt/smudge)" > $3
# Merge the decrypted files to the working copy named by $5
# We must redirect stdout to $5 here instead of letting merge-file write to
# $2 as it would by default, because we need $5 to contain the final result
# content so a later crypt `clean` generates the correct hash salt value
git merge-file --stdout --marker-size=$4 -L local -L base -L remote $2 $1 $3 > $5
if [[ "$?" == "0" ]]; then
# If the merge was successful (no conflicts) re-encrypt the merged working
# copy file to the incoming "local" temp file $2 which git will then
# update in the index during the "Auto-merging" step.
# Git needs the cleaned copy to avoid triggering the error:
# error: add_cacheinfo failed to refresh for path 'FILE'; merge aborting.
echo "$(cat $5 | ./.git/crypt/clean $5)" > $2
exit 0
else
# If the merge was not successful, copy the merged working copy file to the
# "local" temp file $2 which git will then re-copy back to the working copy
# so the user can fix it manually
cp $5 $2
exit 1
fi |
|
A fix for this issue is now on the https://github.com/elasticdog/transcrypt/tree/legacy-v1 branch pending possible inclusion in a future update to the legacy version 1 stream, and definite inclusion in the version 2 stream. |
jmurty
added a commit
that referenced
this issue
Apr 12, 2020
Fix merged and adapted from version on legacy version 1 branch. Clarify grouping & source of crypt tests Apply latest test improvements from master branch Add merge=crypt to setup instructions and detailed change notes Update tests to account for merge fixes Add test showing successful and unsuccessful merges Add bats-core tests of core functionality and Travis config Fix handling of successfully merged encrypted files Fix merge of encrypted files with conflicts # Conflicts: # README.md # tests/test_crypt.bats # tests/test_init.bats # transcrypt
jmurty
added a commit
that referenced
this issue
Apr 12, 2020
Show actual names of the target and incoming branch/ref in conflict markers for merges, instead of the generic "local" and "remote" we used for these markers previously. This required much more digging through Git entrails than I had expected...
jmurty
added a commit
that referenced
this issue
Apr 12, 2020
Show actual names of the target and incoming branch/ref in conflict markers for merges, instead of the generic "local" and "remote" we used for these markers previously. This required much more digging through Git entrails than I had expected...
jmurty
added a commit
that referenced
this issue
Apr 14, 2020
* legacy-v1: #69 Improve target and source names used for merge conflict markers Clarify grouping & source of crypt tests Apply latest test improvements from master branch Add merge=crypt to setup instructions and detailed change notes Update tests to account for merge fixes Add test showing successful and unsuccessful merges Add bats-core tests of core functionality and Travis config Fix handling of successfully merged encrypted files Fix merge of encrypted files with conflicts
jmurty
added a commit
that referenced
this issue
Apr 14, 2020
…t-hook-safety-check * add-pre-commit-hook-safety-check: Don't rely on transcrypt being available to pre-commit hook script Improve installation and clean-up of pre-commit hook Improve and test warning when pre-commit hook cannot be installed Mention pre-commit hook addition in README Add tests of pre-commit hook #69 Improve target and source names used for merge conflict markers Clarify grouping & source of crypt tests Apply latest test improvements from master branch Add merge=crypt to setup instructions and detailed change notes Update tests to account for merge fixes Add test showing successful and unsuccessful merges Add bats-core tests of core functionality and Travis config Fix handling of successfully merged encrypted files Allow commit of empty encrypted files Add Git pre-commit hook to abort commit with unencrypted files Fix merge of encrypted files with conflicts # Conflicts: # README.md # tests/test_crypt.bats # tests/test_init.bats # transcrypt
jmurty
added a commit
that referenced
this issue
Apr 27, 2020
…s-with-conflicts Fix `transcrypt`'s handling of merges where encrypted files have conflicting changes, a situation which would lead to Git producing "merged" files with conflict markers around partially- or fully-encrypted content that cannot be sensibly merged by a person. See issue #69 and a bunch of related issues. The root problem is that git does not run the `smudge`/`textconv` filter on all BASE, LOCAL, REMOTE conflicting version files before attempting a three-way merge. This change adds: - a merge driver script to pre-decrypt conflicting BASE, LOCAL, and REMOTE file versions then run git's internal `merge-file` command to merge the decrypted versions - git repo settings to configure the merge driver - recommendation to add the extra `merge=crypt` setting to *.gitattribute* definitions - tests of merge functionality to prove that non-conflicting and conflicting merges work. Also included are minor listing and formatting fixes from applying the recommended tools to do this clean-up, and documentation for how to run these tools in *README.md* The bulk of this work is originally from https://github.com/ixc/transcrypt/commits/fix-merge-with-conflicts
|
Fix merged to |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When you merge branches containing transcrypt-encrypted files, if the files have conflicts the resulting "merged" file produced by Git for manual resolution ends up as a real mess, mostly or entirely full of the encrypted text which cannot be sensibly merged.
The root problem seems to be that git does not run the smudge/textconv filter on all the BASE, LOCAL, REMOTE conflicting versions of files before attempting a three-way merge, and instead attempts the merge using at least one – and maybe all – of the encrypted versions of these files. E.g. the encrypted content as available from
git show :1:FILENAMEandgit show :2:FILENAMEetc mid-merge.I have not been able to find a workaround just within Git, and have instead added a custom "crypt" merge driver to handle this situation.
Here is a PR against our fork of Transcrypt as an example: ixc#1
This change isn't yet fully tested, and is written against a fairly old version of transcrypt.
Let me know if I should bring it up to date and submit a PR here directly to add the "crypt" merge driver to the latest version of transcrypt?
The text was updated successfully, but these errors were encountered: