Merge branch 'main' into update-github-workflow-tests

* main: (27 commits)
  Add or update references to me (James Murty) as project maintainer
  Update long-outdated copyright notices
  Note performance improvements from #193 in changelog
  Remove repeated lines in comments
  Add tests for feature: detect incorrect password on init
  Improve name of function that counts dirty files, and do all the needed work in the function
  handle --force when checking for incorrect password
  performance: don't create subshells
  Document in changelog improvements by weichunglee in PR #197
  fix logic for version checking in pre_commit, fix empty files always failing validate_file
  Update ongoing dev version to 2.3.2-pre
  Release 2.3.1
  Warn when password is probably incorrect with error message and return code #182
  Fix --export-gpg command to properly include cipher in exported .asc file
  Fail with error when an empty password is provided to the -p or --password options #188
  Make --upgrade safer by failing fast if transcrypt config cannot be read #189
  Remove hard dependency on `xxd` which can be onerous, fall back to `printf` or `perl` instead #181
  Don't set global Git config when running tests
  Make ongoing dev version 2.3.1-pre
  Release 2.3.0
  ...

Author: jmurty

CHANGELOG.md

@@ -34,6 +34,33 @@ system, you must also run the `--upgrade` command in each repository:
 
 ## [Unreleased]
 
+### Changed
+
+- Improve check for incorrect password to avoid false report when transcrypt
+  init is run with --force in a repo containing dirty files & add tests (#196)
+- Greatly improve performance in a repository with many files for pre-commit
+  safety check, encrypted file listing, and showing raw file (#193)
+
+### Fixed
+
+- Fix pre-commit hook to use "fast" multi-threaded mode for Bash versions 5+ as
+  well as 4.4+, and even if some encrypted files are empty (#197)
+
+## [2.3.1] - 2025-02-24
+
+### Fixed
+
+- Warn when password is probably incorrect by returning an error message and
+  return code if repo has dirty files after init (#182)
+- Fail with error when an empty password is provided to the -p or --password
+  options (#188)
+- Fix handling of double-quotes in encrypted file names (#173)
+- Make --upgrade safer by failing fast if transcrypt config cannot be read
+  (#189)
+- Fix --export-gpg command to properly include cipher in exported .asc file
+
+## [2.3.0] - 2024-09-10
+
 ### Added
 
 - Add contexts feature that lets you encrypt different sets of files with
@@ -47,11 +74,18 @@ system, you must also run the `--upgrade` command in each repository:
 
 - Prevent `cd` commands printing out excess details when `CDPATH` is set (#156)
 - Fix `--flush` command to work with contexts (#175)
+- Fix unbound variable error using `$GIT_REFLOG_ACTION` (issue #150)
 
 ### Changed
 
+- Remove hard dependency on `xxd` which is often a heavy requirement because it
+  is only available with Vim on some platforms. Fall back to `printf` with full
+  %b support or `perl` when either of these are available, and only require
+  `xxd` when it is the only viable option (#181)
 - Prevent global options set in `GREP_OPTIONS` enviroment variable from
   breaking transcrypt's use of grep (#166)
+- If `CDPATH` is set then cd will print the path (#156)
+- Centralise load and save of password into functions (#141)
 
 ## [2.2.3] - 2023-03-09
 
@@ -318,7 +352,9 @@ Since the v0.9.7 release, these are the notable improvements made to transcrypt:
 
 ## [0.9.4] - 2014-03-03
 
-[unreleased]: https://github.com/elasticdog/transcrypt/compare/v2.2.3...HEAD
+[unreleased]: https://github.com/elasticdog/transcrypt/compare/v2.3.1...HEAD
+[2.3.1]: https://github.com/elasticdog/transcrypt/compare/v2.3.0...v2.3.1
+[2.3.0]: https://github.com/elasticdog/transcrypt/compare/v2.2.3...v2.3.0
 [2.2.3]: https://github.com/elasticdog/transcrypt/compare/v2.2.2...v2.2.3
 [2.2.2]: https://github.com/elasticdog/transcrypt/compare/v2.2.1...v2.2.2
 [2.2.1]: https://github.com/elasticdog/transcrypt/compare/v2.2.0...v2.2.1

INSTALL.md

@@ -6,8 +6,8 @@ The requirements to run transcrypt are minimal:
 - Git
 - OpenSSL
 - `column` command (on Ubuntu/Debian install `bsdmainutils`)
-- `xxd` command if using OpenSSL version 3
-  (on Ubuntu/Debian is included with `vim`)
+- if using OpenSSL 3+ one of: `xxd` (on Ubuntu/Debian is included with `vim`)
+  or `printf` command (with %b directive) or `perl`
 
 ...and optionally:
 
@@ -74,4 +74,3 @@ collection:
 or via the packages system:
 
     # `pkg install -y security/transcrypt`
-

LICENSE

@@ -1,4 +1,5 @@
-Copyright (c) 2014-2019, Aaron Bull Schaefer <aaron@elasticdog.com>
+Copyright (c) 2019-2025, James Murty <james@murty.co>
+Copyright (c) 2014-2020, Aaron Bull Schaefer <aaron@elasticdog.com>
 Copyright (c) 2011, Woody Gilk <woody.gilk@gmail.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

README.md

@@ -56,8 +56,8 @@ The requirements to run transcrypt are minimal:
 - Git
 - OpenSSL
 - `column` and `hexdump` commands (on Ubuntu/Debian install `bsdmainutils`)
-- `xxd` command if using OpenSSL version 3
-  (on Ubuntu/Debian is included with `vim`)
+- if using OpenSSL 3+ one of: `xxd` (on Ubuntu/Debian is included with `vim`)
+  or `printf` command (with %b directive) or `perl`
 
 ...and optionally:
 
@@ -344,6 +344,7 @@ to encrypt a file \_top-secret* in a "super" context:
 transcrypt is provided under the terms of the
 [MIT License](https://en.wikipedia.org/wiki/MIT_License).
 
+Copyright &copy; 2019-2025, James Murty <mailto:james@murty.co>.  
 Copyright &copy; 2014-2020, [Aaron Bull Schaefer](mailto:aaron@elasticdog.com).
 
 ## Contributing

contrib/bash/transcrypt

@@ -21,8 +21,8 @@ _transcrypt() {
 	COMPREPLY=()
 	cur="${COMP_WORDS[COMP_CWORD]}"
 	prev="${COMP_WORDS[COMP_CWORD-1]}"
-	opts="-c -p -y -d -r -f -F -u -l -s -e -i -v -h \
-	      --cipher --password --set-openssl-path --yes --display --rekey --flush-credentials --force --uninstall --upgrade --list --show-raw --export-gpg --import-gpg --version --help"
+	opts="-c -p -y -d -r -f -F -u -l -s -e -i -C -v -h \
+	      --cipher --password --set-openssl-path --yes --display --rekey --flush-credentials --force --uninstall --upgrade --list --show-raw --export-gpg --import-gpg --context --list-contexts --version --help"
 
 	case "${prev}" in
 		-c | --cipher)

contrib/packaging/pacman/PKGBUILD

@@ -1,6 +1,6 @@
-# Maintainer: Aaron Bull Schaefer <aaron@elasticdog.com>
+# Maintainer: James Murty <james@murty.co>
 pkgname=transcrypt
-pkgver=2.3.0-pre
+pkgver=2.3.2-pre
 pkgrel=1
 pkgdesc='A script to configure transparent encryption of files within a Git repository'
 arch=('any')

man/transcrypt.1

@@ -114,5 +114,8 @@ If the origin repository has just rekeyed, all clones should flush their transcr
 .SH "AUTHOR"
 Aaron Bull Schaefer <aaron@elasticdog\.com>
 .
+.SH "MAINTAINER"
+James Murty <james@murty\.co>
+.
 .SH "SEE ALSO"
 enc(1), gitattributes(5)

man/transcrypt.1.ronn

@@ -145,6 +145,10 @@ For example, to encrypt a file 'top-secret' in a "super" context:
 
 Aaron Bull Schaefer <aaron@elasticdog.com>
 
+## MAINTAINER
+
+James Murty <james@murty.co>
+
 ## SEE ALSO
 
 enc(1), gitattributes(5)

tests/_test_helper.bash

@@ -7,13 +7,13 @@ function init_git_repo {
     echo "WARNING: Test repo already exists at $BATS_TEST_DIRNAME/.git"
   else
     # Configure "main" as the default branch name
-    git config --global init.defaultBranch main
+    git config --local init.defaultBranch main
     # Initialise test git repo at the same path as the test files
     git init "$BATS_TEST_DIRNAME"
     git checkout -b main
     # Tests will fail if name and email aren't set
-    git config user.name "John Doe"
-    git config user.email johndoe@example.com
+    git config --local user.name "John Doe"
+    git config --local user.email johndoe@example.com
     # Flag test git repo as 100% the test one, for safety before later removal
     touch "$BATS_TEST_DIRNAME"/.git/repo-for-transcrypt-bats-tests
   fi
@@ -43,6 +43,10 @@ function init_transcrypt {
   "$BATS_TEST_DIRNAME"/../transcrypt --cipher=aes-256-cbc --password='abc 123' --yes
 }
 
+function uninstall_transcrypt {
+  "$BATS_TEST_DIRNAME"/../transcrypt --uninstall --yes
+}
+
 function encrypt_named_file {
   filename="$1"
   content=$2

tests/test_contexts.bats

@@ -76,7 +76,7 @@ function teardown {
   [[ $(git config --get diff.crypt.binary) = "true" ]]
   [[ $(git config --get merge.renormalize) = "true" ]]
 
-  [[ "$(git config --get alias.ls-crypt)" = "!git -c core.quotePath=false ls-files | git -c core.quotePath=false check-attr --stdin filter | awk 'BEGIN { FS = \":\" }; / crypt/{ print \$1 }'" ]]
+  [[ "$(git config --get alias.ls-crypt)" = '!"$(git config transcrypt.crypt-dir 2>/dev/null || printf %s/crypt ""$(git rev-parse --git-dir)"")"/transcrypt --list' ]]
 }
 
 @test "init: show extra context details in --display" {
@@ -216,7 +216,7 @@ function teardown {
   [ "${lines[1]}" = "$SUPER_SECRET_CONTENT_ENC" ]
 }
 
-@test "contexts: git ls-crypt lists encrypted file for all contexts" {
+@test "contexts: git ls-crypt lists encrypted files for all contexts" {
   encrypt_named_file sensitive_file "$SECRET_CONTENT"
   encrypt_named_file super_sensitive_file "$SECRET_CONTENT" "super-secret"
 
@@ -226,14 +226,14 @@ function teardown {
   [ "${lines[1]}" = "super_sensitive_file" ]
 }
 
-@test "contexts: git ls-crypt-default lists encrypted file for only 'default' context" {
+@test "contexts: git ls-crypt-default lists encrypted files for all contexts" {
   encrypt_named_file sensitive_file "$SECRET_CONTENT"
   encrypt_named_file super_sensitive_file "$SECRET_CONTENT" "super-secret"
 
   run git ls-crypt-default
   [ "$status" -eq 0 ]
   [ "${lines[0]}" = "sensitive_file" ]
-  [ "${lines[1]}" = "" ]
+  [ "${lines[1]}" = "super_sensitive_file" ]
 }
 
 @test "contexts: git ls-crypt-super-secret lists encrypted file for only 'super-secret' context" {