florian/git-hardening
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
69707b447587a6fa86cddf1a5098bd50835f65ce
git-hardening/CHANGELOG.md
Flo 69707b4475 feat: keychain-aware credential helper, array refactor, cleanup 
- Detect GCM (Git Credential Manager) as preferred cross-platform helper
- Recognize osxkeychain, GCM, libsecret, gnome-keyring as keychain-backed
- Print distro-specific install hints when no keychain helper found
- Refactor apply_setting_group and apply_ssh_directive_group to use bash
  arrays instead of sed-indexed newline-delimited strings
- Extract get_ssh_directive_value() to deduplicate SSH config parsing
- Fix stale function name in tests (apply_ssh_directive → apply_single_ssh_directive)
- Remove orphan comment in detect_existing_keys
- Bump version to 0.4.0

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 15:00:02 +02:00

4.3 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog.

[0.4.0] - 2026-04-04

Added

  • GCM (Git Credential Manager) detection — preferred cross-platform credential helper
  • is_keychain_credential_helper() recognizes osxkeychain, GCM, libsecret, and gnome-keyring
  • Distro-specific install hints when no keychain-backed credential helper is found (Debian/Ubuntu, Fedora/RHEL, Arch, openSUSE, Alpine)
  • Audit labels keychain-backed helpers as (keychain-backed) for clarity

Changed

  • Harden step skips credential.helper prompt when user already has a keychain-backed helper
  • Audit messaging improved: clearer descriptions for missing, insecure, and unknown helpers
  • FIDO2 signing wizard, grouped SSH config directives, REASONING.md (prior unreleased work)

[0.2.3] - 2026-03-31

Fixed

  • Fix e2e.sh distro loop not splitting on spaces (#39)
  • FIDO2 key generation on macOS — detect Homebrew's openssh via ssh-sk-helper (no freeze), use its ssh-keygen binary for hardware key generation
  • Linux gitleaks install hint now shows apt/dnf instead of brew
  • e2e test runner distro loop broken by IFS setting — use bash array

Changed

  • Group interactive apply prompts into 6 categories with one-line explanations (replaces ~25 individual prompts)

[0.2.0] - 2026-03-31

Added

  • Add REASONING.md documenting trade-offs for each hardening default (#48)
  • Gitleaks pre-commit hook installation — creates ~/.config/git/hooks/pre-commit with SKIP_GITLEAKS bypass
  • Global gitignore creation (~/.config/git/ignore) with security patterns (.env, *.pem, *.key, credentials, Terraform state)
  • Audit of existing global gitignore for missing security patterns
  • 8 new git config settings: user.useConfigOnly, protocol.version=2, transfer.bundleURI=false, init.defaultBranch=main, core.symlinks=false (interactive-only), fetch.prune=true, gc.reflogExpire=180.days, gc.reflogExpireUnreachable=90.days
  • Combined signing enablement into single prompt (replaces 3 individual prompts)
  • 26 new BATS tests (90 total)

Security

  • SSH key hygiene audit — scans ~/.ssh/*.pub and IdentityFile entries, warns about DSA/ECDSA/weak RSA keys
  • Plaintext credential file detection — warns about ~/.git-credentials, ~/.netrc, ~/.npmrc (auth tokens), ~/.pypirc (passwords)
  • safe.directory = * wildcard detection and removal (CVE-2022-24765)

Fixed

  • ssh-keygen calls fail on macOS with -- end-of-options separator (removed)
  • Interactive tests fail on macOS due to tmux resetting HOME in login shells
  • Interactive tests race condition with tmux session cleanup between tests

[0.1.0] - 2026-03-30

Added

  • Interactive shell script that audits and hardens global git config
  • Audit mode (--audit) with color-coded report and CI-friendly exit codes
  • Auto-apply mode (-y) for unattended hardening
  • Object integrity checks (transfer.fsckObjects, fetch.fsckObjects, receive.fsckObjects)
  • Protocol restrictions with default-deny policy (blocks git:// and ext://)
  • Filesystem protection (core.protectNTFS, core.protectHFS, core.fsmonitor=false)
  • Hook execution control via core.hooksPath redirection
  • Repository safety (safe.bareRepository=explicit, submodule.recurse=false)
  • Pull/merge hardening (pull.ff=only, merge.ff=only) with pull.rebase conflict detection
  • Transport security (HTTP-to-HTTPS rewrite, http.sslVerify=true)
  • Platform-detected credential helper (osxkeychain on macOS, libsecret on Linux)
  • SSH signing setup wizard with two tiers: software ed25519 and FIDO2 hardware keys
  • SSH config hardening (StrictHostKeyChecking, HashKnownHosts, IdentitiesOnly, algorithm restrictions)
  • Allowed signers file management
  • Pre-execution safety review gate with AI assistant review instructions
  • OSINT privacy advisory about signing key reuse across orgs
  • Admin/org-level recommendations printed at end of every run
  • Config backup before applying changes
  • BATS test suite with 64 tests

Security

  • Safe tilde expansion without eval
  • SSH config value parsing handles inline comments and quoted paths
  • Version comparison uses base-10 arithmetic to prevent octal interpretation
  • Temp file cleanup trap in SSH config updates
Reference in New Issue View Git Blame Copy Permalink