git-secret (rpm) - .gitsecret folder is ignored. abort.

[rsguhr]

What are the steps to reproduce this issue?

1. dnf install git-secret
2. Setup git repo and git-secret
3. Create this .gitignore file:

# Ignore everything
*

# But do not ignore these ones
!.gitignore

!.git
!.git/**

!.gitsecret
!.gitsecret/**

!**/*.secret

# I only want to upload encrypted files that have the extension .secret

What happens?

If you tries to encrypt your data with git-secret hide, it will produces this output:
.gitsecret folder is ignored. abort.

What were you expecting to happen?

git-secrets encrypt my added files

Any logs, error output, etc?

.gitsecret folder is ignored. abort.

Any other comments?

This issue happens only in the rpm version because this line is incorrect:

# in /usr/bin/git-secret


  # Checking if the '.gitsecret' is not ignored:
  local ignored
  ignored=$(_check_ignore ".gitsecret/")
  if [[ ! $ignored -eq 1 ]]; then
    _abort '.gitsecret folder is ignored.'
  fi

It should be $ignored -eq 0

  # Checking if the '.gitsecret' is not ignored:
  local ignored
  ignored=$(_check_ignore ".gitsecret/")
  if [[ ! $ignored -eq 0 ]]; then
    _abort '.gitsecret folder is ignored.'
  fi

PS: You could also change .gitsecret to the variable $SECRETS_DIR.
PS2: This is not fixed by this merge #103

What versions of software are you using?

Operating system: (uname -a) …
Linux xxx 4.12.5-300.fc26.x86_64 #1 SMP Mon Aug 7 15:27:25 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

git-secret path: (which git-secret) …
/usr/bin/git-secret

git-secret version: (git secret --version) …
0.2.2

Shell type and version: ($SHELL --version) …
GNU bash, version 4.4.12

gpg version: (gpg --version) …
gpg (GnuPG) 1.4.22

[sobolevn]

Thanks! A pr maybe?

Would be so nice!

[rsguhr]

@sobolevn with pleasure but I didn't found this code snippet here in this repo? :)

[hurricanehrndz]

@rsguhr
What is the git version you are using. I tested your scenario and I don't not encounter the issue you specify. Additionally, the code snippet you blame is actually correct. Please read the following:
https://git-scm.com/docs/git-check-ignore

If you notice towards the bottom git check-ignore returns 1 when none of the paths provided are ignored. Meaning the git secret should abort when equal to 0 or when it is not equal to 1.

[rsguhr]

Hi @hurricanehrndz,
yes you are right. The if condition is consistent from the exit codes from the man page. Which means git check-ignore doesn't work correctly.

sh-4.4$ mkdir test-git
sh-4.4$ cd test-git/
sh-4.4$ git init
Initialized empty Git repository in /home/rsg/test-git/.git/
sh-4.4$ echo "mysecret" > secret.txt
sh-4.4$ git check-ignore secret.txt ; echo $?
1
sh-4.4$ git status
On branch master

Initial commit

Untracked files:
  (use "git add <file>..." to include in what will be committed)

	secret.txt

nothing added to commit but untracked files present (use "git add" to track)
sh-4.4$ echo "secret.txt" > .gitignore
sh-4.4$ git check-ignore secret.txt ; echo $?
secret.txt
0
sh-4.4$ git status
On branch master

Initial commit

Untracked files:
  (use "git add <file>..." to include in what will be committed)

	.gitignore

nothing added to commit but untracked files present (use "git add" to track)
sh-4.4$ echo "!secret.txt" >> .gitignore
sh-4.4$ git check-ignore secret.txt ; echo $?
secret.txt
0
sh-4.4$ git status
On branch master

Initial commit

Untracked files:
  (use "git add <file>..." to include in what will be committed)

	.gitignore
	secret.txt

nothing added to commit but untracked files present (use "git add" to track)
sh-4.4$ 

In the last one, git check-ignore says the file is ignored but git status says it's not. :(

I found this StackOverflow thread about that topic: https://stackoverflow.com/questions/45210790/how-to-reliably-check-whether-a-file-is-ignored-by-git

Maybe you should rather use git status --ignored --porcelain <FILENAME> instead of git check-ignore.

My git version:

sh-4.4$ git --version
git version 2.13.5

[hurricanehrndz]

@rsguhr

What version of git are you using?

[rsguhr]

@hurricanehrndz
2.13.5

[hurricanehrndz]

@rsguhr

git status --ignored --porcelain
Is one way of checking, the only problem is that before the check can actually be run the file/directory must exist. Another way is with the dry run. I already attempted this once, and the results were less than favorable, but I will see what I can do.

You can verify this by running the following:

# git status --ignored  --porcelain=v1 test1
# echo "test1" > .gitignore 
# git status --ignored  --porcelain=v1 test1

[hurricanehrndz]

@rsguhr,

Try this: https://github.com/hurricanehrndz/git-secret/tree/issue105
If it works, I will make a pull request. You will need gawk installed now. PS if this works, you have created a lot of work for me. I will need to refactor all the gawk scripts so that CentOS can be supported.

[rsguhr]

@hurricanehrndz
Yes this solution is working for me (git-secret init / tell / add / hide) 👍

[sobolevn]

@hurricanehrndz @rsguhr thanks!

[nozzlegear]

I left a solution for this in #104, but just in case people are reading this thread in the future: I was getting this every time I tried to init git secret on a Windows machine (with WSL). The error was caused by my .gitignore file being in the wrong file format. I fixed it by using the dos2unix tool (apt install dos2unix) on my .gitignore file: dos2unix .gitignore. After that git secret init works fine.

[snoopdouglas]

For any other future googlers: this error can also occur if you don't have read permissions on some of git-secret's files. Fix by doing chown -R "$USER:$USER" .gitsecret in the root of your repo