[Package Request] - Add git-crypt

Question

[Package Request] - Add git-crypt

sgleske-ias opened this issue 7 months ago · comments

sgleske-ias commented 7 months ago

What package is missing from Amazon Linux 2023?

git-crypt is a CLI utility which is used to decrypt secrets using GPG stored within a git repo.

Is this an update to existing package or new package request?

New request because the package is missing.

Is this package available in Amazon Linux 2? If it is available via external sources such as EPEL, please specify.

Unknown, I only care about Amazon Linux 2023 and haven't looked into Amazon Linux 2.

Any additional information you'd like to include. (use-cases, etc)

If a GPG private key is available you should be able to run git crypt unlock to decrypt secret files from gitattributes.

Current (undesirable) workaround is:

dnf localinstall https://cbs.centos.org/kojifiles/packages/git-crypt/0.6.0/12.el9/x86_64/git-crypt-0.6.0-12.el9.x86_64.rpm

We have both Graviton and AMD64 infra so this solution is fragile since it relies on a source that is currently uncontrolled.

Ideally, we should just be able to run the following on both Graviton and AMD64 instances.

dnf makecache
dnf install git-crypt

daniejstriata · Answer 1 · Tue Mar 19 2024 17:29:15 GMT+0800 (China Standard Time)

It is possible to build packages like these from the Fedora or Centos Stream repos as I've done here:
https://copr.fedorainfracloud.org/coprs/faramirza/al2023/package/git-crypt/
Using Fedora COPR.

Bryan Furlong · Answer 2 · Tue Mar 19 2024 20:38:39 GMT+0800 (China Standard Time)

+1 would like this package

sgleske-ias · Answer 3 · Wed Mar 20 2024 02:02:02 GMT+0800 (China Standard Time)

I normally like to also rely on GitHub releases if they're available but it doesn't provide enough cross-compiled versions.

https://github.com/AGWA/git-crypt/releases/tag/0.7.0

Ideally, for GH releases I like to see Darwin and Linux aarch64 and x86_64. git-crypt only ships Linux x86_64 and no other OS or architecture with pre-compiled binaries.

sgleske-ias · Answer 4 · Wed Mar 20 2024 02:10:52 GMT+0800 (China Standard Time)

I also cross-posted a request for more binaries via GitHub releases. AGWA/git-crypt#309

I'm okay obtaining binaries directly from projects when they're available. In general, I'd like to avoid compiling if the binaries are available (compiling is okay too; just more time consuming in the Docker build process).

daniejstriata · Answer 5 · Wed Mar 20 2024 03:21:47 GMT+0800 (China Standard Time)

If you use COPR, it creates a repo that will mostly keep itself up-to-date. Ideally Amazon should add packages but I can understand that they'd want to keep the supported package number down.