Gopass: git push error: "refusing to update checked out branch"

Created on 28 Sep 2017 · 9Comments · Source: gopasspw/gopass

gopass version: 1.3.2

I created a new store on system A with gopass init, then ran gopass clone on system B as recommended by the README. That worked, but when I tried to add a secret on B via gopass insert, I got this error message:

remote: error: refusing to update checked out branch: refs/heads/master
remote: error: By default, updating the current branch in a non-bare repository
remote: is denied, because it will make the index and work tree inconsistent
remote: with what you pushed, and will require 'git reset --hard' to match
remote: the work tree to HEAD.
remote: 
remote: You can set the 'receive.denyCurrentBranch' configuration variable
remote: to 'ignore' or 'warn' in the remote repository to allow pushing into
remote: its current branch; however, this is not recommended unless you
remote: arranged to update its work tree to match what you pushed in some
remote: other way.
remote: 
remote: To squelch this message and still keep the default behaviour, set
remote: 'receive.denyCurrentBranch' configuration variable to 'refuse'.

I don't understand git well enough to know what this means, or whether it's safe to use the config variable mentioned in the message. But I assume the fact that things aren't working out-of-the-box should be considered a bug.

bug documentation

Source

zsau

Most helpful comment

You can do as the error message says and set receive.denyCurrentBranch in the server side, where this repository is originally located. You can do this by navigating to the repository in the original location and running:
git config receive.denyCurrentBranch ignore

wagnerfreiria on 12 Dec 2017

👍2

All 9 comments

From a git perspective, that setup is odd. So I am not sure if this is a gopass problem at all. Try to use a bare repo as synchronization point. Did you follow some instructions from gopass? Maybe we need better documentation and an example setup.

martinhoefling on 2 Oct 2017

I did what was suggested by the README: gopass init ... on system A followed by gopass clone ... on system B. I did nothing with git directly. Though the README seems to have been split recently, and I haven't found where those particular instructions moved to.

zsau on 2 Oct 2017

Yes, so git init creates a non bare repo, that explains why you receive the above error. Try the following:

systemA:

git init --bare ~/mygopassrepo
gopass clone ~/mygopassrepo

systemB:

gopass clone systemA:~/mygopassrepo

martinhoefling on 2 Oct 2017

@zsau On System B you cloned from System A directly? This is technically possible (as @martinhoefling just explained), but not recommended.

We usually recommend to use some kind of remote (bare repo, GitHub/GitLab, ...) as the exchange point between the repos.

dominikschulz on 2 Oct 2017

One other option that supports direct pushing to the checked out repo is using a non-checked out branch to sync. This is the way how git-annex is syncing its file refs. That however would require some additional logic in gopass.

martinhoefling on 2 Oct 2017

Thanks, guys. For context, I have a desktop server and a laptop, and I want the desktop to act as the remote. So I should do git init --remote ... on the desktop, followed by gopass clone ... on both the desktop and the laptop?

zsau on 2 Oct 2017

Not sure what git init --remote is supposed to do, but my recommendation would be to create a git repo somewhere and gopass clone from both desktop server and the laptop.

dominikschulz on 3 Oct 2017

Sorry, that was supposed to read --bare rather than --remote.

I got everything working thanks to you kind folks, so as far I'm concerned the issue can be closed. But if you want to re-purpose it for adding documentation around this use-case, feel free to re-open.

zsau on 3 Oct 2017

👍1

wagnerfreiria on 12 Dec 2017

👍2

Was this page helpful?

0 / 5 - 0 ratings