Home > Mobile >  How to encrypt remote repo, with gcrypt or other?
How to encrypt remote repo, with gcrypt or other?

Time:04-05

The goal is to store my code encrypted on a BitBucket remote repo. Something should deal with encrypting and decrypting so I landed on gcrypt or in full, git-remote-gcrypt.

I have a Bitbucket account with SSH keys configured.
This is what I've tried.

rsync

I copied these commands from the manual.

git remote remove cryptremote
git remote add cryptremote gcrypt::rsync://[email protected]/user/cryptremote.git
git config remote.cryptremote.gcrypt-participants "user"
git push cryptremote master

console:

gcrypt: Repository not found: rsync://[email protected]/user/cryptremote.git
gcrypt: Setting up new repository
protocol version mismatch -- is your shell clean?
(see the rsync man page for an explanation)
rsync error: protocol incompatibility (code 2) at compat.c(600) [sender=v3.2.3]
error: failed to push some refs to 'gcrypt::rsync://[email protected]/user/cryptremote.git'

CodePudding user response:

[email protected]: I confirm this would never work, as an SSH URL to a Git remote repository hosting service would always use the 'git' user (and rely on the SSH key to authenticate and identify the actual user account).

spwhitton/git-remote-gcrypt commit 6233fde does mention:

Remove deprecated gcrypt::ssh:// (use rsync instead)

So a rsync URI seems more supported, as in commit 3b69f81

In your case:

 gcrypt::rsync://[email protected]/user/cryptremote.git
                ^^^^^            ^^^

For any "protocol version mismatch -- is your shell clean?" error message, try and put in your .bashrc:

# for non-interactive sessions stop execution here -- https://serverfault.com/a/805532/67528
[[ $- != *i* ]] && return

But check also a possible rsync version mismatch (for instance, using a Bitbucket pipeline just to display rsync version).

As illustrated here, if SSH is not working, a gcrypt::https://[email protected]/user/test.git HTTPS URL might work better.

CodePudding user response:

Thanks to the comments, I got it to work over HTTPS.

git remote add cryptremote gcrypt::https://USERNAME:[email protected]/USERNAME/cryptremote.git
git config remote.cryptremote.gcrypt-participants "B36D55677E894F7D7CDF513BB0768C8032AF8A32"
git config remote.cryptremote.gcrypt-signingkey "B36D55677E894F7D7CDF513BB0768C8032AF8A32"
git push cryptremote master

If you want a git push to work without extra args though, do this.

git remote add origin gcrypt::https://USERNAME:[email protected]/USERNAME/cryptremote.git
git config remote.origin.gcrypt-participants "B36D55677E894F7D7CDF513BB0768C8032AF8A32"
git config remote.origin.gcrypt-signingkey "B36D55677E894F7D7CDF513BB0768C8032AF8A32"
git push origin master

Gratitude for something that works.

However, I don't like that I had to use HTTPS and an app password as Bitbucket now forces its users to use those for HTTPS.

Though I'm not sure why rsync isn't working, it seems the issue lies at Bitbucket as I use rsync flawlessly between my computer and my Android.

  • Related