git secret adding a tracked file fails with ambiguous message "file_name is not a file. abort"

[aymens]

What are the steps to reproduce this issue?

1. git secret add -i already_tracked_filename

What happens?

File not added, operation aborted.

What were you expecting to happen?

• Option 1: File to be added to the "to encrypt" files list.
  Or
• Option 2: See a meaningful message telling that tracked files can't be added to the list and advise me to untrack the file myself with a git rm --cached already_tracked_filename

Any logs, error output, etc?

already_tracked_filename is not a file. abort.

Any other comments?

@sobolevn which option do you prefer 1 or 2? I'm asking because I'm interested in working on it (if I find time).

What versions of software are you using?

Operating system: (uname -a) …
Linux instance-2-git-secret 4.9.0-4-amd64 #1 SMP Debian 4.9.65-3 (2017-12-03) x86_64 GNU/Linux

git-secret path: (which git-secret) …
/usr/local/bin/git-secret

git-secret version: (git secret --version) …
0.2.2

git version: (git --version) …
git version 2.11.0

Shell type and version: ($SHELL --version) …
GNU bash, version 4.4.12(1)-release (x86_64-pc-linux-gnu)

gpg version: (gpg --version) …

gpg (GnuPG) 2.1.18
libgcrypt 1.7.6-beta
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/sayhi_aymen/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

[sobolevn]

@aymens could you please try it with the latest version?

[aymens]

I've been using master. That should be latest no?

[lukaszraczylo]

Same here

$ brew info git-secret
git-secret: stable 0.2.3 (bottled), HEAD
Bash-tool to store the private data inside a git repo
https://sobolevn.github.io/git-secret/
/usr/local/Cellar/git-secret/0.2.3 (19 files, 56.3KB) *
  Poured from bottle on 2018-01-28 at 14:05:32
From: https:/Homebrew/homebrew-core/blob/master/Formula/git-secret.rb
==> Dependencies
Required: gawk ✔
Recommended: gnupg ✔
==> Options
--without-gnupg
        Build without gnupg support
--HEAD
        Install HEAD version

[sobolevn]

@aymens yeap, we need to fix that.

Since I am very limited in my free time, I would really appreciate any help. And you said that you are interested in working on it.
So, let's make the message clear for everyone. That's Option 2.

Feel free to ask any questions you have! Thanks!

[sandorgazdag]

Hi,

Is there a development in this regard? I would love to use this tool but so far I have the same issue.
Im using HEAD btw.
git-secret: stable 0.2.3 (bottled), HEAD

[sobolevn]

Nope, this issue is still not addressed.

[aymens]

@sandorgazdag this is on my todo list, I'll do it as soon as I can.

In the meantime you can simply do git rm --cached the_already_tracked_filename before doing the git secret add for each tracked file you want to encrypt.

[hurricanehrndz]

@sobolevn

Feel free to include me on some of the todo list. If you want to create one I will be more than happy to help.

@aymens,
We would only remove a cached file, if it has been committed before right? Otherwise it would expose secrets potentially to the public.

[sobolevn]

@hurricanehrndz done!

[joshrabinowitz]

is this completed? Shall we close?

[sobolevn]

ping @hurricanehrndz

[joshrabinowitz]

oh, I see, this is still an issue:
(in a git repo with git-secret set up)

% cat 'text here' > normalfile.txt

% git add normalfile.txt

% git commit -m 'message' normalfile.txt
[master 30a13a2] new
 1 file changed, 1 insertion(+)
 create mode 100644 normalfile.txt

% git secret add normalfile.txt
git-secret: abort: normalfile.txt is not a file.

[sobolevn]

@joshrabinowitz I think that option 2 provided by @aymens is good enough:

Option 2: See a meaningful message telling that tracked files can't be added to the list and advise me to untrack the file myself with a git rm --cached already_tracked_filename

[Xtigyro]

It appears it still throws the same ambiguous msg:

~/repos/xtigyro/helmfiles # git secret add helmfile.yaml
helmfile.yaml is not a file. abort.

[aymens]

It's working as expected, I've just checked HEAD.

You might be on an old version of git secret.

[Xtigyro]

Yeah - I'm using the pkg that comes with Ubuntu 20.04.

~ # dpkg -l git-secret
||/ Name           Version      Architecture Description
+++-==============-============-============-============================================================
ii  git-secret     0.2.3-1      all          store encrypted credential inside source code git repository

[joshrabinowitz]

@Xtigyro that's a really old version of git-secret. The last released version was 0.3.2.

We've been trying to get git-secret updated in debian, which would flow downstream to Ubuntu: See #312 and
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919722

In the meantime your best course of action is probably to uninstall the Ubuntu package and re-install git-secret from source or https://dl.bintray.com/sobolevn/deb/

[Xtigyro]

I've sent Debian a reminder about this - I hope it helps a bit.