From: Patrick Steinhardt <ps@pks.im>
To: git@vger.kernel.org
Subject: [PATCH 2/2] config: allow specifying config entries via envvar pairs
Date: Fri, 13 Nov 2020 13:16:22 +0100 [thread overview]
Message-ID: <44e8dd50c6ea7cbcc5e4fc35c9b9057c0a52038c.1605269465.git.ps@pks.im> (raw)
In-Reply-To: <cover.1605269465.git.ps@pks.im>
[-- Attachment #1: Type: text/plain, Size: 5391 bytes --]
While not document, it is currently possible to specify config entries
via the environment by passing `GIT_CONFIG_PARAMETERS`. This variable is
expected to hold one or multiple "section.key=value" entries separated
by space.
Next to being undocumented, this way of passing config entries has a
major downside: the config keys need to be parsed. As such, it is left
to the user to escape any potentially harmful characters in the value,
which is quite hard to do if values are controlled by a third party.
This commit thus adds a new way of adding config entries via the
environment which doesn't require splitting of keys and values. The user
can specify an config entry's key via `GIT_CONFIG_KEY_$n` and a value
via `GIT_CONFIG_VALUE_$n`, where `n` is any number starting with 1. It
is possible to add multiple entries via consecutively numbered envvars
`GIT_CONFIG_KEY_1`, `GIT_CONFIG_KEY_2`, etc, where each of the keys may
have a matching value. When no matching value exists, it's assumed to be
the empty value.
While the same can be achieved with `git -c <name>=<value>`, one may
wish to not do so for potentially sensitive information. E.g. if one
wants to set `http.extraHeader` to contain an authentication token,
doing so via `-c` would trivially leak those credentials via e.g. ps(1),
which typically also shows command arguments.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
---
Documentation/git-config.txt | 6 ++++++
config.c | 41 ++++++++++++++++++++++++++----------
t/t1300-config.sh | 23 ++++++++++++++++++++
3 files changed, 59 insertions(+), 11 deletions(-)
diff --git a/Documentation/git-config.txt b/Documentation/git-config.txt
index 7573160f21..83fbac3705 100644
--- a/Documentation/git-config.txt
+++ b/Documentation/git-config.txt
@@ -335,6 +335,12 @@ GIT_CONFIG_NOSYSTEM::
Whether to skip reading settings from the system-wide
$(prefix)/etc/gitconfig file. See linkgit:git[1] for details.
+GIT_CONFIG_KEY_1,GIT_CONFIG_VALUE_1::
+ Each pair of GIT_CONFIG_KEY_/GIT_CONFIG_VALUE_ is added to the process's
+ runtime configuration. It is possible to add multiple entries by adding
+ consecutively numbered pairs, starting at 1. If the value corresponding
+ to a key is not set, it is treated as if it was empty.
+
See also <<FILES>>.
diff --git a/config.c b/config.c
index 3281b1374e..ab40479df2 100644
--- a/config.c
+++ b/config.c
@@ -485,37 +485,56 @@ int git_config_parse_parameter(const char *text,
int git_config_from_parameters(config_fn_t fn, void *data)
{
const char *env = getenv(CONFIG_DATA_ENVIRONMENT);
+ struct strbuf envvar = STRBUF_INIT;
int ret = 0;
- char *envw;
+ char *envw = NULL;
const char **argv = NULL;
int nr = 0, alloc = 0;
int i;
struct config_source source;
- if (!env)
- return 0;
-
memset(&source, 0, sizeof(source));
source.prev = cf;
source.origin_type = CONFIG_ORIGIN_CMDLINE;
cf = &source;
- /* sq_dequote will write over it */
- envw = xstrdup(env);
+ if (env) {
+ /* sq_dequote will write over it */
+ envw = xstrdup(env);
- if (sq_dequote_to_argv(envw, &argv, &nr, &alloc) < 0) {
- ret = error(_("bogus format in %s"), CONFIG_DATA_ENVIRONMENT);
- goto out;
+ if (sq_dequote_to_argv(envw, &argv, &nr, &alloc) < 0) {
+ ret = error(_("bogus format in %s"), CONFIG_DATA_ENVIRONMENT);
+ goto out;
+ }
+
+ for (i = 0; i < nr; i++) {
+ if (git_config_parse_parameter(argv[i], fn, data) < 0) {
+ ret = -1;
+ goto out;
+ }
+ }
}
- for (i = 0; i < nr; i++) {
- if (git_config_parse_parameter(argv[i], fn, data) < 0) {
+ for (i = 1; i; i++) {
+ const char *key, *value;
+
+ strbuf_addf(&envvar, "GIT_CONFIG_KEY_%d", i);
+ if ((key = getenv(envvar.buf)) == NULL)
+ break;
+ strbuf_reset(&envvar);
+
+ strbuf_addf(&envvar, "GIT_CONFIG_VALUE_%d", i);
+ value = getenv(envvar.buf);
+ strbuf_reset(&envvar);
+
+ if (config_parse_pair(key, value, fn, data) < 0) {
ret = -1;
goto out;
}
}
out:
+ strbuf_release(&envvar);
free(argv);
free(envw);
cf = source.prev;
diff --git a/t/t1300-config.sh b/t/t1300-config.sh
index 825d9a184f..2ae9533aa8 100755
--- a/t/t1300-config.sh
+++ b/t/t1300-config.sh
@@ -1316,6 +1316,29 @@ test_expect_success 'detect bogus GIT_CONFIG_PARAMETERS' '
git config --get-regexp "env.*"
'
+test_expect_success 'git config handles environment config pairs' '
+ GIT_CONFIG_KEY_1="pair.one" GIT_CONFIG_VALUE_1="foo" \
+ GIT_CONFIG_KEY_2="pair.two" GIT_CONFIG_VALUE_2="bar" \
+ GIT_CONFIG_KEY_4="pair.four" GIT_CONFIG_VALUE_4="not-parsed" \
+ git config --get-regexp "pair.*" >actual &&
+ cat >expect <<-EOF &&
+ pair.one foo
+ pair.two bar
+ EOF
+ test_cmp expect actual
+'
+
+test_expect_success 'git config copes with missing config pair value' '
+ GIT_CONFIG_KEY_1="pair.one" git config --get-regexp "pair.*" >actual &&
+ echo pair.one >expect &&
+ test_cmp expect actual
+'
+
+test_expect_success 'git config fails with invalid config pair key' '
+ test_must_fail env GIT_CONFIG_KEY_1= git config --list &&
+ test_must_fail env GIT_CONFIG_KEY_1=missing-section git config --list
+'
+
test_expect_success 'git config --edit works' '
git config -f tmp test.value no &&
echo test.value=yes >expect &&
--
2.29.2
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-11-13 12:16 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-13 12:16 [PATCH 0/2] config: allow specifying config entries via envvar pairs Patrick Steinhardt
2020-11-13 12:16 ` [PATCH 1/2] config: extract function to parse config pairs Patrick Steinhardt
2020-11-13 12:16 ` Patrick Steinhardt [this message]
2020-11-13 13:04 ` [PATCH 2/2] config: allow specifying config entries via envvar pairs Ævar Arnfjörð Bjarmason
2020-11-16 19:39 ` Junio C Hamano
2020-11-17 2:34 ` Jeff King
2020-11-17 6:37 ` Patrick Steinhardt
2020-11-17 7:01 ` Jeff King
2020-11-17 14:22 ` Ævar Arnfjörð Bjarmason
2020-11-17 23:57 ` Jeff King
2020-11-18 13:44 ` Ævar Arnfjörð Bjarmason
2020-11-18 0:50 ` brian m. carlson
2020-11-18 1:59 ` Jeff King
2020-11-18 2:25 ` brian m. carlson
2020-11-18 7:04 ` Patrick Steinhardt
2020-11-19 2:11 ` brian m. carlson
2020-11-19 6:37 ` Patrick Steinhardt
2020-11-18 5:44 ` Junio C Hamano
2020-11-17 6:28 ` Patrick Steinhardt
2020-11-17 7:06 ` Junio C Hamano
2020-11-18 13:49 ` Ævar Arnfjörð Bjarmason
2020-11-18 13:56 ` Patrick Steinhardt
2020-11-18 16:01 ` Junio C Hamano
2020-11-17 14:03 ` Ævar Arnfjörð Bjarmason
2020-11-13 16:37 ` Philip Oakley
2020-11-17 6:40 ` Patrick Steinhardt
2020-11-13 13:11 ` [PATCH 0/2] " Ævar Arnfjörð Bjarmason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44e8dd50c6ea7cbcc5e4fc35c9b9057c0a52038c.1605269465.git.ps@pks.im \
--to=ps@pks.im \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).