Re: [PATCH 2/2] config: allow specifying config entries via envvar pairs

[Jeff King <peff@peff.net>]

On Wed, Nov 18, 2020 at 12:50:14AM +0000, brian m. carlson wrote:

> > then I'd feel comfortable making it a public-facing feature. And for
> > most cases it would be pretty pleasant to use (and for the unpleasant
> > ones, I'm not sure that a little quoting is any worse than the paired
> > environment variables found here).
> 
> What if we didn't document it but provided a command that produced a
> suitable value?  Maybe something like this:
> 
>   GIT_CONFIG_PARAMETERS=$(git rev-parse --quote-parameters a.b.c ENV_VAR d.e.f OTHER_ENV_VAR)
> 
> Or whatever we decide.

I think we mostly already have that tooling.

  $ GIT_CONFIG_PARAMETERS=$(
      git rev-parse --sq-quote \
        foo.bar=value \
        'section.key=with spaces' \
        "or.even=embedded 'quotes'" |
      sed 's/^ //'; # yuck
    )
  $ export GIT_CONFIG_PARAMETERS
  $ git config --list --show-scope | grep ^command
  command	foo.bar=value
  command	section.key=with spaces
  command	or.even=embedded 'quotes'

The "yuck" there is because --sq-quote insists on putting a space at the
front. Our parser should probably ignore that, but right now it's quite
picky.

Though I suppose:

  - do you mean ENV_VAR to literally look up an environment variable?
    That solves Patrick's original problem of not wanting to put
    sensitive values onto the command line. But it's much more annoying
    to use if you _don't_ already have the value in an environment
    variable. I'm not sure if that original problem matters here, as a
    program that does a lot of this would probably implement the quoting
    itself.

  - obviously it is doubling down on the shell-quoting as a public
    thing, and part of your point is that we would leave it opaque.
    I'm OK with that aspect (even if it ends up as an alias for
    --sq-quote for now). I'm not entirely sure people aren't using this
    in the wild already, though. Saying "it was undocumented" may give
    us a leg to stand on if we change the format, but it will still be
    annoying to people we break.

  - my example above still has the "a.b=c.d=e" ambiguity that I
    mentioned earlier. Fixing that requires changing the format in the
    environment variable.

> I don't personally love shell quoting as an interchange mechanism; I'd
> prefer something like URI-encoding, which is a bit more standardized and
> easier to reason about from a security perspective.  But if we decide to
> change it, it doesn't matter, since it's still undocumented and this
> would be the only acceptable way to pass config through the environment.

Yes, I think concatenating uri_encode(key) + "=" + uri_encode(value)
would be easier to reason about, and solves the ambiguity problem. If we
are willing to break from the existing format, it's probably a
reasonable direction.

> Alternatively, we could just do this:
> 
>   git with-config --key a.b.c --value ENV_VAR --key d.e.f --value OTHER_ENV_VAR --command git foo
> 
> That would also leave it undocumented, but make it easier to work with.

I wondered at first how this is different from:

  git -c a.b.c=value foo

but I guess it is meant to do the same environment-lookup? We could
probably add:

  git --env-config a.b.c=ENV_VAR foo

to have Git internally stick $ENV_VAR into $GIT_CONFIG_PARAMETERS. That
avoids all of the rev-parse rigamarole, keeps the format of the
environment variable opaque, and solves Patrick's problem of putting the
value onto the command-line.

It doesn't solve the ambiguity with "=" in the subsection, but IMHO that
is not all that important a problem.

-Peff