Browse Source

post on git-gcrypt

master
Vincent Truchseß 5 months ago
parent
commit
bf30b95961
3 changed files with 75 additions and 2 deletions
  1. 2
    1
      css/default.css
  2. 71
    0
      posts/2019-04-25-git-gcrypt.md
  3. 2
    1
      stitch.sh

+ 2
- 1
css/default.css View File

@@ -45,6 +45,7 @@ footer {
bottom: 0;
height: 16px;
line-height: 16px;
background-color: inherit;
}

p {
@@ -145,7 +146,7 @@ article .header {
}
}

@media (min-width: 860px) {
@media (min-width: 950px) {
body {
width: 75%;
max-width: 110rem;

+ 71
- 0
posts/2019-04-25-git-gcrypt.md View File

@@ -0,0 +1,71 @@
---
author: Vi
title: Encrypted Git remotes with git-remote-gcrypt
---

## The Problem

The problem I was facing lately was quite simple.
I use [vimwiki](https://github.com/vimwiki/vimwiki) to keep my notes organized.
Now, I want to synchronize my notes with other devices, having them available
wherever I might need them. Since **vimWiki** stores plaintext files in a
folder, that sounds like a perfect job for **git**.
Now, I like to have my git-repos accessible from the
internet. That leaves me with the problem of storing my personal notes in
plaintext on a server in someone else's datacenter.

## The Solution

Searching allover the internet for a solution that doesn't involve some extra
sync-client (like a VeraCrypt-Container in a dropbox) and that doesn't break the
ability to cleanly solve conflicts between edits on different devices I found
[git-remote-gcrypt](https://github.com/spwhitton/git-remote-gcrypt).
This nice little tool let's you have pgp-encrypted git-remotes, which was exactly
what I was looking for.

### Installation

On Arch-Linux there is an AUR-package available, so no further explanation
needed.
On other systems, just use the supplied `install.sh` -script as mentioned in the
project's readme. Since it's written in `POSIX` -shell it should run on every
modern OS without problems.

### Usage

#### Setting up an encrypted remote

To add a git-remote as an encrypted one, just prefix it's git-uri with
`gcrypt::`, like this:

```bash
git remote add <remote> gcrypt::ssh://user@server.tld:secrets
```

#### Setting up keys

In order for `gcrypt` to properly encrypt your data you should configure the
proper keys in the local repository's config. Here is an example:

```bash
git config remote.remotename.<remote>.gcrypt-participate "key1 key2"
```

This will make gcrypt encrypt the remote for the keys `key1` and `key2`.

### A word of warning

Since every push on the remote is effectively a force-push, make sure to always
pull before you push!

Using a plain git-uri (like GitHub or similar do) to push-access your repository
effectively transfers the whole repository-content on every push. For larger
repo, consider to choose a server that supports rsync-transfer or similar.

## First Impressions

I have been playing around with this tool for quite some time now, testing
different use-cases. It definitely has it's place on my toolbelt now.


[Discussion](https://social.fyber.space/notice/9iAvXuKWHsWIq8NrtI)

+ 2
- 1
stitch.sh View File

@@ -12,6 +12,7 @@ USER="blog"
PASSWD="$(pass internet/social.fyber.space/blog)"
INSTANCE="social.fyber.space"
BLOG_DOMAIN="blog.fyber.space"
CC="@vi@social.fyber.space"

# Setup Paths, Filenames and urls
DRAFT="$1"
@@ -26,7 +27,7 @@ cp "$DRAFT" "$POSTS_DIR"/"$TARGET".md

# Posting title and link to article in fediverse-instance, getting status-url as response
TITLE="$(grep title: "$DRAFT" | sed -E 's/^.+:\s*//' | sed -E 's/\s*$//')"
TEXT="$TITLE"%0D%0A"$POST_URL"
TEXT="$TITLE"%0D%0A"$POST_URL%0D%0ACC: $CC"
REQUEST_URL="https://$INSTANCE/api/v1/statuses"
STATUS_URL="$(curl -u $USER:$PASSWD --data status="$TEXT" -X POST $REQUEST_URL | jq -r .url)"


Loading…
Cancel
Save