Install transcrypt extension on bitbucket server - gitattributes not working

    Hello,
I'm preparing Bitbucket server for a migration from SVN to Git with bitbucket.

I will need to crypt some files in order to hide "secret" files for some people. Note that the people that won't add the "key", won't have access to Bitbucket too.

 

I test the transcrypt extension (which used OpenSSL), and it works very easily on my computer. https://github.com/elasticdog/transcrypt

I think that the problem is exactly the same with git-crypt extension.

 

So I try to add transcrypt to bucket server in order to be able to view the diff and make comment inside pull request that will have encrypted file.

The problem is that I'm not able to create/modified a .gitattributes on the bitbucket server.

If go on my server repo, "C:\Atlassian\ApplicationData\Bitbucket\shared\data\repositories\32", change the config file to add these lines :
"[transcrypt]

    version = 0.9.7

    cipher = aes-256-cbc

    password = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[filter "crypt"]

    clean = \"$(git rev-parse --show-toplevel)\"/crypt/clean %f

    smudge = \"$(git rev-parse --show-toplevel)\"/crypt/smudge

[diff "crypt"]

    textconv = \"$(git rev-parse --show-toplevel)\"/crypt/textconv

[alias]

    ls-crypt = "!git ls-files | git check-attr --stdin filter | awk 'BEGIN { FS = \":\" }; /crypt$/{ print $1 }'"
"

After that, I create a "crypt" folder that will host the clean/smudge script/hook (like it is on my local git repo).

But I didn't see where putting my ".gitattributes" that will tell to git which files are crypted or not. Here the .gitattributes file I want to add:
"#pattern filter=crypt diff=crypt
SDK/** filter=crypt diff=crypt
Protected/** filter=crypt diff=crypt"

I try to create a folder "attributes" in "info" folder and put the .gitattributes, but it doesn't work.

Someone can help me about that ?

2 answers

This widget could not be displayed.
Adam Ahmed Atlassian Team Apr 19, 2016

I could be wrong, but I don't think it's possible to implement what you want in that way.

Bitbucket Server uses bare repositories - that is, versions of the repository that don't have a working directory checked out.

In contrast, clean and smudge happen on checkout and on commit back to the repo from the working directory. These wouldn't run in a bare repo (if my understanding is correct). The diff handler _might_ run, but we use lots of customized low level commands anyway - relying on us to use a particular command for diffing is probably not a good idea.

I would instead encourage you to write your own diff and source viewers for transcrypted files. You could check the file's contents and handle it if you believe it is transcrypted, or use gitattributes to make that determination.  I will note that it it would require programming knowledge and a bit of time to get right. If you have purchased Bitbucket Server you'll have access to the code - you can use the LFS plugin as an example of how to implement your own viewer.

You can also create a feature request for transcrypted support at jira.atlassian.com, but I suspect we won't prioritize it until transcrypt is more widely used.

And maybe you can prove me wrong and find a way to make it work anyway! Best of luck!

 

Adam

    Hello Adam,

thank you for these explanations. It seems more clear for me now, even If I don't see a quick solution right now ...

 

I was thinking that Bitbucket server web interface was doing a checkout in a temp local directory. But if it used only a bare repository, I better understand that it won't be possible to used the clean/smudge hook.

 

Using the LFS Bitbucket addons seems a solution to reach my goal, but seems also not easy while I don't know the technology used by Bitbucket web server and that I'm not a git expert too.

 

For the moment, I'm evaluating/testing Bitbucket server, so I don't have the sources yet. I hope to buy it soon, but originally I was hoping to have a solution for crypted files before that.

 

best regards,

François

This widget could not be displayed.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Aug 21, 2018 in Bitbucket

Branch Management with Bitbucket

As a project manager, I have discovered that different developers want to bring their previous branching method with them when they join the team. Some developers are used to performing individual wo...

1,337 views 8 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you