From: Junio C Hamano <gitster@pobox.com>
To: Jeff King <peff@peff.net>
Cc: "Carlo Marcelo Arenas Belón" <carenas@gmail.com>,
git@vger.kernel.org, dirk@ed4u.de, sunshine@sunshineco.com
Subject: Re: [PATCH v3] git-credential-store: skip empty lines and comments from store
Date: Mon, 27 Apr 2020 13:43:38 -0700 [thread overview]
Message-ID: <xmqqv9lk7j7p.fsf@gitster.c.googlers.com> (raw)
In-Reply-To: <20200427191858.GB1728884@coredump.intra.peff.net> (Jeff King's message of "Mon, 27 Apr 2020 15:18:58 -0400")
Jeff King <peff@peff.net> writes:
> On Mon, Apr 27, 2020 at 11:09:34AM -0700, Junio C Hamano wrote:
>
>> > modified store files which might have empty lines or even comments
>> > were reported[1] failing to parse as valid credentials.
>>
>> These files are not supposed to be viewed or edited without the help
>> of the credential helpers. Do these blank lines and comments even
>> survive when a new credential is approved, or do we just overwrite
>> and lose them?
>
> That's a good question. In the older code we do save them, because
> credential-store passes through lines which don't match the credential
> we're operating on.
>
> But in Carlo's patch, the immediate "continue" means we wouldn't ever
> call "other_cb", which is what does that pass-through.
So, does that mean the patch that started this thread will still help
users who wrote custom comments and blank lines in their credential
store by letting git-credential-store start up, but leaves a ticking
bomb for them to lose these precious comments and blanks once they
add a new site, change password, etc., at which point the user realizes
that comments and blanks are not supported after all?
>> I'd rather not to do either, if we did not have to, but if it were
>> necessary for us to do something, I am OK to ignore empty lines.
>> But I'd prefer not to mix the new "# comment" feature in, if we did
>> not have to.
>>
>> Also, triming the lines that are not empty is unwarranted. IIUC,
>> what the "store" action writes encodes whitespaces, so as soon as
>> you see whitespace on either end, (or anywhere on the line for that
>> matter), it is a hand-edited cruft in the file. If you ignore
>> comments, you probably should ignore those lines, too.
>
> Yeah, all of that seems quite sensible.
I think the first patch we need is a (belated) documentation patch,
that adds to the existing "STORAGE FORMAT". We already say "Each
credential is stored on its own line as a URL", but we do not say
anything about allowing other cruft in the file. We probably
should. Adding a "comment" feature, if anybody feels like it, is OK
and we can loosen the paragraph when that happens.
-- >8 --
Subject: credential-store: document the file format a bit more
Reading a malformed credential URL line and silently ignoring it
does not mean that we promise to torelate and/or keep empty lines
and "# commented" lines forever.
Some people seem to take anything that is not explicitly forbidden
as allowed, but the world does not work that way.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
Documentation/git-credential-store.txt | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Documentation/git-credential-store.txt b/Documentation/git-credential-store.txt
index 693dd9d9d7..76b0798856 100644
--- a/Documentation/git-credential-store.txt
+++ b/Documentation/git-credential-store.txt
@@ -94,6 +94,10 @@ stored on its own line as a URL like:
https://user:pass@example.com
------------------------------
+No other kinds of lines (e.g. empty lines or comment lines) are
+allowed in the file, even though some may be silently ignored. Do
+not view or edit the file with editors.
+
When Git needs authentication for a particular URL context,
credential-store will consider that context a pattern to match against
each entry in the credentials file. If the protocol, hostname, and
next prev parent reply other threads:[~2020-04-27 20:43 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-26 23:47 [PATCH] git-credential-store: skip empty lines and comments from store Carlo Marcelo Arenas Belón
2020-04-27 0:19 ` Eric Sunshine
2020-04-27 0:46 ` Carlo Marcelo Arenas Belón
2020-04-27 8:42 ` [PATCH v2] " Carlo Marcelo Arenas Belón
2020-04-27 11:52 ` Jeff King
2020-04-27 12:25 ` Carlo Marcelo Arenas Belón
2020-04-27 14:43 ` Eric Sunshine
2020-04-27 17:47 ` Junio C Hamano
2020-04-27 19:09 ` Jeff King
2020-04-27 12:59 ` [PATCH v3] " Carlo Marcelo Arenas Belón
2020-04-27 13:48 ` Philip Oakley
2020-04-28 1:49 ` Carlo Marcelo Arenas Belón
2020-04-29 10:09 ` Philip Oakley
2020-04-27 15:39 ` Dirk
2020-04-27 18:09 ` Junio C Hamano
2020-04-27 19:18 ` Jeff King
2020-04-27 20:43 ` Junio C Hamano [this message]
2020-04-27 21:10 ` Jeff King
2020-04-28 1:37 ` Carlo Marcelo Arenas Belón
2020-04-27 23:49 ` Carlo Marcelo Arenas Belón
2020-04-28 5:25 ` Jonathan Nieder
2020-04-28 5:41 ` Jeff King
2020-04-28 7:18 ` Carlo Marcelo Arenas Belón
2020-04-28 8:16 ` Jeff King
2020-04-28 11:25 ` Carlo Marcelo Arenas Belón
2020-04-28 10:58 ` Stefan Tauner
2020-04-28 16:03 ` Junio C Hamano
2020-04-28 21:14 ` Carlo Marcelo Arenas Belón
2020-04-28 21:17 ` Junio C Hamano
2020-04-28 10:48 ` [PATCH v4 0/4] credential-store: prevent fatal errors Carlo Marcelo Arenas Belón
2020-04-28 10:52 ` [PATCH v4 1/4] credential-store: document the file format a bit more Carlo Marcelo Arenas Belón
2020-04-28 10:52 ` [PATCH v4 2/4] git-credential-store: skip empty lines and comments from store Carlo Marcelo Arenas Belón
2020-04-28 16:09 ` Eric Sunshine
2020-04-28 16:42 ` Carlo Marcelo Arenas Belón
2020-04-28 10:52 ` [PATCH v4 3/4] git-credential-store: fix (WIP) Carlo Marcelo Arenas Belón
2020-04-28 16:11 ` Eric Sunshine
2020-04-28 17:14 ` Carlo Marcelo Arenas Belón
2020-04-28 10:52 ` [PATCH v4 4/4] credential-store: make sure there is no regression with missing scheme Carlo Marcelo Arenas Belón
2020-04-28 16:06 ` [PATCH v4 1/4] credential-store: document the file format a bit more Eric Sunshine
2020-04-28 18:18 ` Junio C Hamano
2020-04-28 18:15 ` Junio C Hamano
2020-04-29 0:33 ` [PATCH v5] credential-store: warn instead of fatal for bogus lines from store Carlo Marcelo Arenas Belón
2020-04-29 4:36 ` Junio C Hamano
2020-04-29 7:31 ` Carlo Marcelo Arenas Belón
2020-04-29 16:46 ` Junio C Hamano
2020-04-29 20:35 ` [RFC PATCH v6 0/2] credential-store: prevent fatal errors Carlo Marcelo Arenas Belón
2020-04-29 20:35 ` [RFC PATCH v6 1/2] credential-store: warn instead of fatal for bogus lines from store Carlo Marcelo Arenas Belón
2020-04-29 21:05 ` Junio C Hamano
2020-04-29 21:17 ` Junio C Hamano
2020-04-29 20:35 ` [RFC PATCH v6 2/2] credential-store: warn for any incomplete credentials instead of using Carlo Marcelo Arenas Belón
2020-04-29 21:12 ` Junio C Hamano
2020-04-29 21:49 ` [RFC PATCH v6 2/2] credential-store: warn for any incomplete credentials instead of usingy Carlo Marcelo Arenas Belón
2020-04-29 22:04 ` Junio C Hamano
2020-04-29 23:23 ` [PATCH v6] credential-store: warn instead of fatal for bogus lines from store Carlo Marcelo Arenas Belón
2020-04-29 23:47 ` Junio C Hamano
2020-04-29 23:57 ` Junio C Hamano
2020-04-30 1:00 ` Carlo Marcelo Arenas Belón
2020-04-30 1:19 ` [PATCH v7] " Carlo Marcelo Arenas Belón
2020-04-30 9:29 ` [PATCH v8] " Carlo Marcelo Arenas Belón
2020-04-30 16:06 ` [PATCH v9] " Carlo Marcelo Arenas Belón
2020-04-30 20:21 ` Junio C Hamano
2020-04-30 21:14 ` Junio C Hamano
2020-05-01 0:30 ` Carlo Marcelo Arenas Belón
2020-05-01 1:40 ` Junio C Hamano
2020-05-01 2:24 ` Carlo Arenas
2020-05-01 5:27 ` Junio C Hamano
2020-05-01 13:57 ` Carlo Marcelo Arenas Belón
2020-05-01 18:59 ` Junio C Hamano
2020-05-01 3:21 ` [RFC PATCH v10] credential-store: warn/ignore for bogus lines from store file Carlo Marcelo Arenas Belón
2020-05-01 5:18 ` [RFC PATCH v10 2/1] credential-store: warn also for store and erase Carlo Marcelo Arenas Belón
2020-05-01 5:35 ` Junio C Hamano
2020-05-02 18:16 ` [PATCH v10] credential-store: ignore bogus lines from store file Carlo Marcelo Arenas Belón
2020-05-02 20:47 ` Junio C Hamano
2020-05-02 21:23 ` Carlo Marcelo Arenas Belón
2020-05-02 21:53 ` Carlo Marcelo Arenas Belón
2020-05-03 0:44 ` Junio C Hamano
2020-05-03 10:06 ` Jeff King
2020-05-02 21:05 ` Carlo Marcelo Arenas Belón
2020-05-02 22:34 ` [PATCH v11] " Carlo Marcelo Arenas Belón
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqv9lk7j7p.fsf@gitster.c.googlers.com \
--to=gitster@pobox.com \
--cc=carenas@gmail.com \
--cc=dirk@ed4u.de \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).