fix: Don't modify ciphertext in edit command if plaintext did not change

twpayne · Aug 5, 2024 · 73893c1 · 73893c1
1 parent c0a8059
commit 73893c1
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 0 deletions.
diff --git a/internal/cmd/editcmd.go b/internal/cmd/editcmd.go
@@ -1,6 +1,7 @@
 package cmd
 
 import (
+	"bytes"
 	"log/slog"
 	"os"
 	"runtime"
@@ -87,6 +88,7 @@ func (c *Config) runEditCmd(cmd *cobra.Command, args []string) error {
 	type transparentlyDecryptedFile struct {
 		sourceAbsPath    chezmoi.AbsPath
 		decryptedAbsPath chezmoi.AbsPath
+		preEditPlaintext []byte
 	}
 	var transparentlyDecryptedFiles []transparentlyDecryptedFile
 TARGET_REL_PATH:
@@ -119,6 +121,7 @@ TARGET_REL_PATH:
 			transparentlyDecryptedFile := transparentlyDecryptedFile{
 				sourceAbsPath:    c.SourceDirAbsPath.Join(sourceRelPath.RelPath()),
 				decryptedAbsPath: decryptedAbsPath,
+				preEditPlaintext: contents,
 			}
 			transparentlyDecryptedFiles = append(transparentlyDecryptedFiles, transparentlyDecryptedFile)
 			editorArgs = append(editorArgs, decryptedAbsPath.String())
@@ -165,6 +168,13 @@ TARGET_REL_PATH:
 
 	postEditFunc := func() error {
 		for _, transparentlyDecryptedFile := range transparentlyDecryptedFiles {
+			postEditPlaintext, err := c.baseSystem.ReadFile(transparentlyDecryptedFile.decryptedAbsPath)
+			if err != nil {
+				return err
+			}
+			if bytes.Equal(postEditPlaintext, transparentlyDecryptedFile.preEditPlaintext) {
+				return nil
+			}
 			contents, err := c.encryption.EncryptFile(transparentlyDecryptedFile.decryptedAbsPath)
 			if err != nil {
 				return err

diff --git a/internal/cmd/testdata/scripts/issue3887.txtar b/internal/cmd/testdata/scripts/issue3887.txtar
@@ -0,0 +1,21 @@
+[!exec:age] skip 'age not found in path'
+
+mkageconfig
+mkgitconfig
+
+# add an initial encrypted file
+exec chezmoi init
+exec chezmoi add --encrypt ${HOME}${/}.encrypted
+exec chezmoi git add .
+exec chezmoi git commit -- -m 'initial commit' .
+
+# test that chezmoi edit on an encrypted file with no changes does not change the ciphertext
+prependline ${CHEZMOICONFIGDIR}/chezmoi.toml 'edit.command = "true"'
+exec chezmoi edit ${HOME}${/}.encrypted
+exec chezmoi diff
+! stdout .
+exec chezmoi git diff
+! stdout .
+
+-- home/user/.encrypted --
+plaintext