Re: [PATCH v5 8/8] config: allow specifying config entries via envvar pairs

From: Junio C Hamano <gitster@pobox.com>
To: Patrick Steinhardt <ps@pks.im>
Cc: git@vger.kernel.org, "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
	"Jeff King" <peff@peff.net>,
	"brian m. carlson" <sandals@crustytoothpaste.net>,
	"Philip Oakley" <philipoakley@iee.email>
Subject: Re: [PATCH v5 8/8] config: allow specifying config entries via envvar pairs
Date: Wed, 23 Dec 2020 13:14:52 -0800	[thread overview]
Message-ID: <xmqqczz06x83.fsf@gitster.c.googlers.com> (raw)
In-Reply-To: <dfceffd8d4fbc3c99cfa7c5d838e4c3a2db6598a.1608104755.git.ps@pks.im> (Patrick Steinhardt's message of "Wed, 16 Dec 2020 08:54:48 +0100")

Patrick Steinhardt <ps@pks.im> writes:

> While we currently have the `GIT_CONFIG_PARAMETERS` environment variable
> which can be used to pass runtime configuration data to git processes,
> it's an internal implementation detail and not supposed to be used by
> end users.
>
> Next to being for internal use only, this way of passing config entries
> has a major downside: the config keys need to be parsed as they contain
> both key and value in a single variable. As such, it is left to the user
> to escape any potentially harmful characters in the value, which is
> quite hard to do if values are controlled by a third party.
>
> This commit thus adds a new way of adding config entries via the
> environment which gets rid of this shortcoming. If the user passes the
> `GIT_CONFIG_COUNT=$n` environment variable, Git will parse environment
> variable pairs `GIT_CONFIG_KEY_$i` and `GIT_CONFIG_VALUE_$i` for each
> `i` in `[0,n)`.
>
> While the same can be achieved with `git -c <name>=<value>`, one may
> wish to not do so for potentially sensitive information. E.g. if one
> wants to set `http.extraHeader` to contain an authentication token,
> doing so via `-c` would trivially leak those credentials via e.g. ps(1),
> which typically also shows command arguments.
>
> Signed-off-by: Patrick Steinhardt <ps@pks.im>
> ---
>  Documentation/git-config.txt |  16 +++++
>  cache.h                      |   1 +
>  config.c                     |  67 +++++++++++++++++---
>  environment.c                |   1 +
>  t/t1300-config.sh            | 115 ++++++++++++++++++++++++++++++++++-
>  5 files changed, 191 insertions(+), 9 deletions(-)
>
> diff --git a/Documentation/git-config.txt b/Documentation/git-config.txt
> index 0e9351d3cb..72ccea4419 100644
> --- a/Documentation/git-config.txt
> +++ b/Documentation/git-config.txt
> @@ -346,6 +346,22 @@ GIT_CONFIG_NOSYSTEM::
>  
>  See also <<FILES>>.
>  
> +GIT_CONFIG_COUNT::
> +GIT_CONFIG_KEY_<n>::
> +GIT_CONFIG_VALUE_<n>::
> +	If GIT_CONFIG_COUNT is set to a positive number, all environment pairs
> +	GIT_CONFIG_KEY_<n> and GIT_CONFIG_VALUE_<n> up to that number will be
> +	added to the process's runtime configuration. The config pairs are
> +	zero-indexed. Any missing key or value is treated as an error. An empty
> +	GIT_CONFIG_COUNT is treated the same as GIT_CONFIG_COUNT=0, namely no
> +	pairs are processed. These environment variables will override values
> +	in configuration files, but will be overridden by any explicit options
> +	passed via `git -c`.
> +
> +	This is useful for cases where you want to spawn multiple git commands
> +	with a common configuration but cannot depend on a configuration file,
> +	for example when writing scripts.

Dedent these three lines, and replace the blank lines before it with
a line with a single '+' on it (an example is found in the paragraph
that describes the "--get-color" option; look for "type=color" in
the same file).  Otherwise these subsequent paragraphs are treated
differently from the first paragraph.

The same problem may exist in new paragraphs in git.txt that
describes the "--config-env" stuff.

Thanks.