git-crypt used alongside Github for Mac reliably breaks

[ghost]

This is essentially Issue #26 for Github for Mac instead of Atlassian SourceTree.

If I have a file to be encrypted upon commit, git commit ... from the command line works as expected. Clicking commit from the Github app produces the following message.

[master 3846a0e] MY_COMMIT_MESSAGE


"git-crypt" clean: git-crypt: command not found
error: cannot feed the input to external filter "git-crypt" clean
error: external filter "git-crypt" clean failed -1
error: external filter "git-crypt" clean failed
fatal: FILE_TO_BE_ENCRYPTED: clean filter 'git-crypt' failed
 (128)

The file(s) then pass through to the repository unencrypted.

I understand this might not be a high priority. Just thought it might as well be documented. :information_source:

[AGWA]

This sounds like a pretty straightforward problem to fix. GitHub for Mac can't find the git-crypt command, so there are two possible fixes:

1. Add the bin directory containing git-crypt to the $PATH as seen by GitHub for Mac.
2. Modify your repository config to specify the full path to git-crypt.

The first fix seems like the better option, but I don't know offhand how to do it. To implement the second fix:

1. Run which git-crypt from a terminal and note the path.
2. Edit your repository's .git/config file, and change the smudge, clean, and textconv options to specify the full path to git-crypt. Example:

[filter "git-crypt"]
    smudge = \"/path/to/git-crypt\" smudge
    clean = \"/path/to/git-crypt\" clean
    required = true
[diff "git-crypt"]
    textconv = \"/path/to/git-crypt\" diff

[ghost]

Thank you for such a quick reply.

I've investigated making PATH visible to GUI apps in OS X Yosemite without any luck (or without enough patience) [1].

I added the full path to git-crypt in .git/config. Github for Mac committed without error, but without encryption either. Git from the command line still worked properly as always.

I will post any developments.

[yogiben]

+1

[tjaskula]

Hi,

I have the same problem as @ghost. When I commit and push nothing gets encrypted. It seems that the config is ok, and there is no error. Any hints on how I can debug it ?

After doing git-crypt status the files appear as encrypted but the content is not

[GregDracoulis]

+1 I am having the same issue here

Looks like this is addressed in https://github.com/AGWA/git-crypt/issues/91 (also opened by @tjaskula), but not to any satisfaction. The answer given mentions that the GitHub Desktop client for Mac has its own git binaries, but I don't see how that would be an issue.

Submitting a support ticket to GitHub to see if there might be an issue or some weird handling of filters on their end.

[jasonm]

@GregDracoulis did you hear anything back from the support ticket? Thanks!

[jasonm]

I've also submitted a note to github.com/contact to see if they have any recommendations.

[mosesoak]

The suggested PATH fixes above did not work for me. But I did find a janky workaround:

git update-index --assume-unchanged ./secrets/*

This is a special git command that does not remove a file from source but makes git stop watching it for changes. After running it on my secrets directory, GitHub Desktop stops seeing changes on the files.

Doesn't work super well – keep a close eye for secrets files to show again after branch checkout, stash, and stash pop. For me, adding the files specifically eventually made it calm down, but in general it doesn't feel like much of a stable fix.

I added a few yarn commands to my top-level package.json to make this easier to manage:

"scripts": {
    "ignore-secrets": "git update-index --assume-unchanged ./secrets/*",
    "unignore-secrets": "git update-index --no-assume-unchanged ./secrets/*"

yarn run ignore-secrets