| Message ID | 7e7506217e4aac82e3a03013d24e6f885383ecd3.1618835148.git.ps@pks.im (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 4179b4897f2de28858acaebd6382c06c91532e98 |
| Headers | show |
| Series | config: allow overriding global/system config | expand |
On Mon, Apr 19, 2021 at 02:31:16PM +0200, Patrick Steinhardt wrote: > In order to have git run in a fully controlled environment without any > misconfiguration, it may be desirable for users or scripts to override > global- and system-level configuration files. We already have a way of > doing this, which is to unset both HOME and XDG_CONFIG_HOME environment > variables and to set `GIT_CONFIG_NOGLOBAL=true`. This is quite kludgy, > and unsetting the first two variables likely has an impact on other > executables spawned by such a script. > > The obvious way to fix this would be to introduce `GIT_CONFIG_NOGLOBAL` > as an equivalent to `GIT_CONFIG_NOSYSTEM`. But in the past, it has > turned out that this design is inflexible: we cannot test system-level > parsing of the git configuration in our test harness because there is no > way to change its location, so all tests run with `GIT_CONFIG_NOSYSTEM` > set. > > Instead of doing the same mistake with `GIT_CONFIG_NOGLOBAL`, introduce > two new variables `GIT_CONFIG_GLOBAL` and `GIT_CONFIG_SYSTEM`: > > - If unset, git continues to use the usual locations. > > - If set to a specific path, we skip reading the normal > configuration files and instead take the path. By setting the path > to `/dev/null`, no configuration will be loaded for the respective > level. > > This implements the usecase where we want to execute code in a sanitized > environment without any potential misconfigurations via `/dev/null`, but > is more flexible and allows for more usecases than simply adding > `GIT_CONFIG_NOGLOBAL`. Something is still not right with this patch series, because: > +test_expect_success 'write to overridden global and system config' ' > + cat >expect <<EOF && > +[config] > + key = value > +EOF > + > + GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && > + test_cmp expect write-to-global && > + > + GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && > + test_cmp expect write-to-system > +' This test fails on Travis CI's Linux32 job: expecting success of 1300.184 'write to overridden global and system config': cat >expect <<EOF && [config] key = value EOF GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && test_cmp expect write-to-global && GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && test_cmp expect write-to-system + cat + GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value fatal: unable to access '/root/etc/gitconfig': Permission denied error: last command exited with $?=128 not ok 184 - write to overridden global and system config Yeah, that job has a weird environment with Docker and 'su' interacting in a way that ultimately builds Git with 'HOME=/root', which in our build system means that 'sysconfdir=/root/etc'. To reproduce at home just run: make prefix=/root && cd t && ./t1300-config.sh -V -x -i
On Wed, Apr 21, 2021 at 10:46:37PM +0200, SZEDER Gábor wrote: > On Mon, Apr 19, 2021 at 02:31:16PM +0200, Patrick Steinhardt wrote: > > In order to have git run in a fully controlled environment without any > > misconfiguration, it may be desirable for users or scripts to override > > global- and system-level configuration files. We already have a way of > > doing this, which is to unset both HOME and XDG_CONFIG_HOME environment > > variables and to set `GIT_CONFIG_NOGLOBAL=true`. This is quite kludgy, > > and unsetting the first two variables likely has an impact on other > > executables spawned by such a script. > > > > The obvious way to fix this would be to introduce `GIT_CONFIG_NOGLOBAL` > > as an equivalent to `GIT_CONFIG_NOSYSTEM`. But in the past, it has > > turned out that this design is inflexible: we cannot test system-level > > parsing of the git configuration in our test harness because there is no > > way to change its location, so all tests run with `GIT_CONFIG_NOSYSTEM` > > set. > > > > Instead of doing the same mistake with `GIT_CONFIG_NOGLOBAL`, introduce > > two new variables `GIT_CONFIG_GLOBAL` and `GIT_CONFIG_SYSTEM`: > > > > - If unset, git continues to use the usual locations. > > > > - If set to a specific path, we skip reading the normal > > configuration files and instead take the path. By setting the path > > to `/dev/null`, no configuration will be loaded for the respective > > level. > > > > This implements the usecase where we want to execute code in a sanitized > > environment without any potential misconfigurations via `/dev/null`, but > > is more flexible and allows for more usecases than simply adding > > `GIT_CONFIG_NOGLOBAL`. > > Something is still not right with this patch series, because: > > > +test_expect_success 'write to overridden global and system config' ' > > + cat >expect <<EOF && > > +[config] > > + key = value > > +EOF > > + > > + GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && > > + test_cmp expect write-to-global && > > + > > + GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && > > + test_cmp expect write-to-system > > +' > > This test fails on Travis CI's Linux32 job: > > expecting success of 1300.184 'write to overridden global and system config': > cat >expect <<EOF && > [config] > key = value > EOF > GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && > test_cmp expect write-to-global && > GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && > test_cmp expect write-to-system > + cat > + GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value > fatal: unable to access '/root/etc/gitconfig': Permission denied > error: last command exited with $?=128 > not ok 184 - write to overridden global and system config https://travis-ci.org/github/git/git/jobs/767898817#L6931 > Yeah, that job has a weird environment with Docker and 'su' > interacting in a way that ultimately builds Git with 'HOME=/root', > which in our build system means that 'sysconfdir=/root/etc'. To > reproduce at home just run: > > make prefix=/root && cd t && ./t1300-config.sh -V -x -i Hrm, that's not the only test that fails, but I only ran it with '-i'... but in fact most subsequent tests fail with the same error. I think the culprit is the previous test case which I too eagerly snipped from my previous email, so here it is again (copy-pasted, whitespace-damaged): > test_expect_success 'override global and system config' ' > test_when_finished rm -f "$HOME"/.config/git && > > cat >"$HOME"/.gitconfig <<-EOF && > [home] > config = true > EOF > mkdir -p "$HOME"/.config/git && > cat >"$HOME"/.config/git/config <<-EOF && > [xdg] > config = true > EOF > cat >.git/config <<-EOF && > [local] > config = true > EOF > cat >custom-global-config <<-EOF && > [global] > config = true > EOF > cat >custom-system-config <<-EOF && > [system] > config = true > EOF > > cat >expect <<-EOF && > global xdg.config=true > global home.config=true > local local.config=true > EOF > git config --show-scope --list >output && > test_cmp expect output && > > sane_unset GIT_CONFIG_NOSYSTEM && Unsetting GIT_CONFIG_NOSYSTEM like this does affect the environment of all subsequent tests and their git commands will then try to look at the system config file. Putting this 'sane_unset' and the rest of this test case in a subshell seems to fix the issue. > cat >expect <<-EOF && > system system.config=true > global global.config=true > local local.config=true > EOF > GIT_CONFIG_SYSTEM=custom-system-config GIT_CONFIG_GLOBAL=custom-global-config \ > git config --show-scope --list >output && > test_cmp expect output && > > cat >expect <<-EOF && > local local.config=true > EOF > GIT_CONFIG_SYSTEM=/dev/null GIT_CONFIG_GLOBAL=/dev/null git config --show-scope --list >output && > test_cmp expect output > '
On Wed, Apr 21, 2021 at 11:06:14PM +0200, SZEDER Gábor wrote: > On Wed, Apr 21, 2021 at 10:46:37PM +0200, SZEDER Gábor wrote: > > On Mon, Apr 19, 2021 at 02:31:16PM +0200, Patrick Steinhardt wrote: [snip] > > test_expect_success 'override global and system config' ' > > test_when_finished rm -f "$HOME"/.config/git && > > > > cat >"$HOME"/.gitconfig <<-EOF && > > [home] > > config = true > > EOF > > mkdir -p "$HOME"/.config/git && > > cat >"$HOME"/.config/git/config <<-EOF && > > [xdg] > > config = true > > EOF > > cat >.git/config <<-EOF && > > [local] > > config = true > > EOF > > cat >custom-global-config <<-EOF && > > [global] > > config = true > > EOF > > cat >custom-system-config <<-EOF && > > [system] > > config = true > > EOF > > > > cat >expect <<-EOF && > > global xdg.config=true > > global home.config=true > > local local.config=true > > EOF > > git config --show-scope --list >output && > > test_cmp expect output && > > > > sane_unset GIT_CONFIG_NOSYSTEM && > > Unsetting GIT_CONFIG_NOSYSTEM like this does affect the environment of > all subsequent tests and their git commands will then try to look at > the system config file. > > Putting this 'sane_unset' and the rest of this test case in a subshell > seems to fix the issue. Ah, that makes sense. Thanks for digging into the issue, I'll send a fix for this later today. Patrick
diff --git a/Documentation/git-config.txt b/Documentation/git-config.txt index 4b4cc5c5e8..5cddadafd2 100644 --- a/Documentation/git-config.txt +++ b/Documentation/git-config.txt @@ -340,6 +340,11 @@ GIT_CONFIG:: Using the "--global" option forces this to ~/.gitconfig. Using the "--system" option forces this to $(prefix)/etc/gitconfig. +GIT_CONFIG_GLOBAL:: +GIT_CONFIG_SYSTEM:: + Take the configuration from the given files instead from global or + system-level configuration. See linkgit:git[1] for details. + GIT_CONFIG_NOSYSTEM:: Whether to skip reading settings from the system-wide $(prefix)/etc/gitconfig file. See linkgit:git[1] for details. diff --git a/Documentation/git.txt b/Documentation/git.txt index 3a9c44987f..380422a6a9 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -670,6 +670,16 @@ for further details. If this environment variable is set to `0`, git will not prompt on the terminal (e.g., when asking for HTTP authentication). +`GIT_CONFIG_GLOBAL`:: +`GIT_CONFIG_SYSTEM`:: + Take the configuration from the given files instead from global or + system-level configuration files. If `GIT_CONFIG_SYSTEM` is set, the + system config file defined at build time (usually `/etc/gitconfig`) + will not be read. Likewise, if `GIT_CONFIG_GLOBAL` is set, neither + `$HOME/.gitconfig` nor `$XDG_CONFIG_HOME/git/config` will be read. Can + be set to `/dev/null` to skip reading configuration files of the + respective level. + `GIT_CONFIG_NOSYSTEM`:: Whether to skip reading settings from the system-wide `$(prefix)/etc/gitconfig` file. This environment variable can diff --git a/config.c b/config.c index 161dfaa707..f9c400ad30 100644 --- a/config.c +++ b/config.c @@ -1832,13 +1832,24 @@ static int git_config_from_blob_ref(config_fn_t fn, char *git_system_config(void) { + char *system_config = xstrdup_or_null(getenv("GIT_CONFIG_SYSTEM")); + if (system_config) + return system_config; return system_path(ETC_GITCONFIG); } -void git_global_config(char **user_config, char **xdg_config) +void git_global_config(char **user_out, char **xdg_out) { - *user_config = expand_user_path("~/.gitconfig", 0); - *xdg_config = xdg_config_home("config"); + char *user_config = xstrdup_or_null(getenv("GIT_CONFIG_GLOBAL")); + char *xdg_config = NULL; + + if (!user_config) { + user_config = expand_user_path("~/.gitconfig", 0); + xdg_config = xdg_config_home("config"); + } + + *user_out = user_config; + *xdg_out = xdg_config; } /* diff --git a/t/t1300-config.sh b/t/t1300-config.sh index e0dd5d65ce..0f92dfe6fb 100755 --- a/t/t1300-config.sh +++ b/t/t1300-config.sh @@ -2059,6 +2059,92 @@ test_expect_success '--show-scope with --show-origin' ' test_cmp expect output ' +test_expect_success 'override global and system config' ' + test_when_finished rm -f "$HOME"/.config/git && + + cat >"$HOME"/.gitconfig <<-EOF && + [home] + config = true + EOF + mkdir -p "$HOME"/.config/git && + cat >"$HOME"/.config/git/config <<-EOF && + [xdg] + config = true + EOF + cat >.git/config <<-EOF && + [local] + config = true + EOF + cat >custom-global-config <<-EOF && + [global] + config = true + EOF + cat >custom-system-config <<-EOF && + [system] + config = true + EOF + + cat >expect <<-EOF && + global xdg.config=true + global home.config=true + local local.config=true + EOF + git config --show-scope --list >output && + test_cmp expect output && + + sane_unset GIT_CONFIG_NOSYSTEM && + + cat >expect <<-EOF && + system system.config=true + global global.config=true + local local.config=true + EOF + GIT_CONFIG_SYSTEM=custom-system-config GIT_CONFIG_GLOBAL=custom-global-config \ + git config --show-scope --list >output && + test_cmp expect output && + + cat >expect <<-EOF && + local local.config=true + EOF + GIT_CONFIG_SYSTEM=/dev/null GIT_CONFIG_GLOBAL=/dev/null git config --show-scope --list >output && + test_cmp expect output +' + +test_expect_success 'override global and system config with missing file' ' + test_must_fail env GIT_CONFIG_GLOBAL=does-not-exist GIT_CONFIG_SYSTEM=/dev/null git config --global --list && + test_must_fail env GIT_CONFIG_GLOBAL=/dev/null GIT_CONFIG_SYSTEM=does-not-exist git config --system --list && + GIT_CONFIG_GLOBAL=does-not-exist GIT_CONFIG_SYSTEM=does-not-exist git version +' + +test_expect_success 'system override has no effect with GIT_CONFIG_NOSYSTEM' ' + # `git config --system` has different semantics compared to other + # commands as it ignores GIT_CONFIG_NOSYSTEM. We thus test whether the + # variable has an effect via a different proxy. + cat >alias-config <<-EOF && + [alias] + hello-world = !echo "hello world" + EOF + test_must_fail env GIT_CONFIG_NOSYSTEM=true GIT_CONFIG_SYSTEM=alias-config \ + git hello-world && + GIT_CONFIG_NOSYSTEM=false GIT_CONFIG_SYSTEM=alias-config \ + git hello-world >actual && + echo "hello world" >expect && + test_cmp expect actual +' + +test_expect_success 'write to overridden global and system config' ' + cat >expect <<EOF && +[config] + key = value +EOF + + GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && + test_cmp expect write-to-global && + + GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && + test_cmp expect write-to-system +' + for opt in --local --worktree do test_expect_success "$opt requires a repo" '
In order to have git run in a fully controlled environment without any misconfiguration, it may be desirable for users or scripts to override global- and system-level configuration files. We already have a way of doing this, which is to unset both HOME and XDG_CONFIG_HOME environment variables and to set `GIT_CONFIG_NOGLOBAL=true`. This is quite kludgy, and unsetting the first two variables likely has an impact on other executables spawned by such a script. The obvious way to fix this would be to introduce `GIT_CONFIG_NOGLOBAL` as an equivalent to `GIT_CONFIG_NOSYSTEM`. But in the past, it has turned out that this design is inflexible: we cannot test system-level parsing of the git configuration in our test harness because there is no way to change its location, so all tests run with `GIT_CONFIG_NOSYSTEM` set. Instead of doing the same mistake with `GIT_CONFIG_NOGLOBAL`, introduce two new variables `GIT_CONFIG_GLOBAL` and `GIT_CONFIG_SYSTEM`: - If unset, git continues to use the usual locations. - If set to a specific path, we skip reading the normal configuration files and instead take the path. By setting the path to `/dev/null`, no configuration will be loaded for the respective level. This implements the usecase where we want to execute code in a sanitized environment without any potential misconfigurations via `/dev/null`, but is more flexible and allows for more usecases than simply adding `GIT_CONFIG_NOGLOBAL`. Signed-off-by: Patrick Steinhardt <ps@pks.im> --- Documentation/git-config.txt | 5 +++ Documentation/git.txt | 10 +++++ config.c | 17 +++++-- t/t1300-config.sh | 86 ++++++++++++++++++++++++++++++++++++ 4 files changed, 115 insertions(+), 3 deletions(-)