From ef9d0232004ca729fbf15a48d4bb24a163254697 Mon Sep 17 00:00:00 2001
From: Tom Payne <twpayne@gmail.com>
Date: Mon, 5 Aug 2024 00:23:29 +0000
Subject: [PATCH] fix: Don't modify ciphertext in edit command if plaintext did
 not change

---
 internal/cmd/editcmd.go                       | 10 +++++++++
 internal/cmd/testdata/scripts/issue3887.txtar | 21 +++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 internal/cmd/testdata/scripts/issue3887.txtar

diff --git a/internal/cmd/editcmd.go b/internal/cmd/editcmd.go
index 336fecb9901..15c8a30e469 100644
--- a/internal/cmd/editcmd.go
+++ b/internal/cmd/editcmd.go
@@ -1,6 +1,7 @@
 package cmd
 
 import (
+	"bytes"
 	"log/slog"
 	"os"
 	"runtime"
@@ -87,6 +88,7 @@ func (c *Config) runEditCmd(cmd *cobra.Command, args []string) error {
 	type transparentlyDecryptedFile struct {
 		sourceAbsPath    chezmoi.AbsPath
 		decryptedAbsPath chezmoi.AbsPath
+		preEditPlaintext []byte
 	}
 	var transparentlyDecryptedFiles []transparentlyDecryptedFile
 TARGET_REL_PATH:
@@ -119,6 +121,7 @@ TARGET_REL_PATH:
 			transparentlyDecryptedFile := transparentlyDecryptedFile{
 				sourceAbsPath:    c.SourceDirAbsPath.Join(sourceRelPath.RelPath()),
 				decryptedAbsPath: decryptedAbsPath,
+				preEditPlaintext: contents,
 			}
 			transparentlyDecryptedFiles = append(transparentlyDecryptedFiles, transparentlyDecryptedFile)
 			editorArgs = append(editorArgs, decryptedAbsPath.String())
@@ -165,6 +168,13 @@ TARGET_REL_PATH:
 
 	postEditFunc := func() error {
 		for _, transparentlyDecryptedFile := range transparentlyDecryptedFiles {
+			postEditPlaintext, err := c.baseSystem.ReadFile(transparentlyDecryptedFile.decryptedAbsPath)
+			if err != nil {
+				return err
+			}
+			if bytes.Equal(postEditPlaintext, transparentlyDecryptedFile.preEditPlaintext) {
+				return nil
+			}
 			contents, err := c.encryption.EncryptFile(transparentlyDecryptedFile.decryptedAbsPath)
 			if err != nil {
 				return err
diff --git a/internal/cmd/testdata/scripts/issue3887.txtar b/internal/cmd/testdata/scripts/issue3887.txtar
new file mode 100644
index 00000000000..e5316cac89c
--- /dev/null
+++ b/internal/cmd/testdata/scripts/issue3887.txtar
@@ -0,0 +1,21 @@
+[!exec:age] skip 'age not found in path'
+
+mkageconfig
+mkgitconfig
+
+# add an initial encrypted file
+exec chezmoi init
+exec chezmoi add --encrypt ${HOME}${/}.encrypted
+exec chezmoi git add .
+exec chezmoi git commit -- -m 'initial commit' .
+
+# test that chezmoi edit on an encrypted file with no changes does not change the ciphertext
+prependline ${CHEZMOICONFIGDIR}/chezmoi.toml 'edit.command = "true"'
+exec chezmoi edit ${HOME}${/}.encrypted
+exec chezmoi diff
+! stdout .
+exec chezmoi git diff
+! stdout .
+
+-- home/user/.encrypted --
+plaintext