From: Patrick Steinhardt <ps@pks.im> To: git@vger.kernel.org Subject: [PATCH 2/2] config: allow specifying config entries via envvar pairs Date: Fri, 13 Nov 2020 13:16:22 +0100 Message-ID: <44e8dd50c6ea7cbcc5e4fc35c9b9057c0a52038c.1605269465.git.ps@pks.im> (raw) In-Reply-To: <cover.1605269465.git.ps@pks.im> [-- Attachment #1: Type: text/plain, Size: 5391 bytes --] While not document, it is currently possible to specify config entries via the environment by passing `GIT_CONFIG_PARAMETERS`. This variable is expected to hold one or multiple "section.key=value" entries separated by space. Next to being undocumented, this way of passing config entries has a major downside: the config keys need to be parsed. As such, it is left to the user to escape any potentially harmful characters in the value, which is quite hard to do if values are controlled by a third party. This commit thus adds a new way of adding config entries via the environment which doesn't require splitting of keys and values. The user can specify an config entry's key via `GIT_CONFIG_KEY_$n` and a value via `GIT_CONFIG_VALUE_$n`, where `n` is any number starting with 1. It is possible to add multiple entries via consecutively numbered envvars `GIT_CONFIG_KEY_1`, `GIT_CONFIG_KEY_2`, etc, where each of the keys may have a matching value. When no matching value exists, it's assumed to be the empty value. While the same can be achieved with `git -c <name>=<value>`, one may wish to not do so for potentially sensitive information. E.g. if one wants to set `http.extraHeader` to contain an authentication token, doing so via `-c` would trivially leak those credentials via e.g. ps(1), which typically also shows command arguments. Signed-off-by: Patrick Steinhardt <ps@pks.im> --- Documentation/git-config.txt | 6 ++++++ config.c | 41 ++++++++++++++++++++++++++---------- t/t1300-config.sh | 23 ++++++++++++++++++++ 3 files changed, 59 insertions(+), 11 deletions(-) diff --git a/Documentation/git-config.txt b/Documentation/git-config.txt index 7573160f21..83fbac3705 100644 --- a/Documentation/git-config.txt +++ b/Documentation/git-config.txt @@ -335,6 +335,12 @@ GIT_CONFIG_NOSYSTEM:: Whether to skip reading settings from the system-wide $(prefix)/etc/gitconfig file. See linkgit:git[1] for details. +GIT_CONFIG_KEY_1,GIT_CONFIG_VALUE_1:: + Each pair of GIT_CONFIG_KEY_/GIT_CONFIG_VALUE_ is added to the process's + runtime configuration. It is possible to add multiple entries by adding + consecutively numbered pairs, starting at 1. If the value corresponding + to a key is not set, it is treated as if it was empty. + See also <<FILES>>. diff --git a/config.c b/config.c index 3281b1374e..ab40479df2 100644 --- a/config.c +++ b/config.c @@ -485,37 +485,56 @@ int git_config_parse_parameter(const char *text, int git_config_from_parameters(config_fn_t fn, void *data) { const char *env = getenv(CONFIG_DATA_ENVIRONMENT); + struct strbuf envvar = STRBUF_INIT; int ret = 0; - char *envw; + char *envw = NULL; const char **argv = NULL; int nr = 0, alloc = 0; int i; struct config_source source; - if (!env) - return 0; - memset(&source, 0, sizeof(source)); source.prev = cf; source.origin_type = CONFIG_ORIGIN_CMDLINE; cf = &source; - /* sq_dequote will write over it */ - envw = xstrdup(env); + if (env) { + /* sq_dequote will write over it */ + envw = xstrdup(env); - if (sq_dequote_to_argv(envw, &argv, &nr, &alloc) < 0) { - ret = error(_("bogus format in %s"), CONFIG_DATA_ENVIRONMENT); - goto out; + if (sq_dequote_to_argv(envw, &argv, &nr, &alloc) < 0) { + ret = error(_("bogus format in %s"), CONFIG_DATA_ENVIRONMENT); + goto out; + } + + for (i = 0; i < nr; i++) { + if (git_config_parse_parameter(argv[i], fn, data) < 0) { + ret = -1; + goto out; + } + } } - for (i = 0; i < nr; i++) { - if (git_config_parse_parameter(argv[i], fn, data) < 0) { + for (i = 1; i; i++) { + const char *key, *value; + + strbuf_addf(&envvar, "GIT_CONFIG_KEY_%d", i); + if ((key = getenv(envvar.buf)) == NULL) + break; + strbuf_reset(&envvar); + + strbuf_addf(&envvar, "GIT_CONFIG_VALUE_%d", i); + value = getenv(envvar.buf); + strbuf_reset(&envvar); + + if (config_parse_pair(key, value, fn, data) < 0) { ret = -1; goto out; } } out: + strbuf_release(&envvar); free(argv); free(envw); cf = source.prev; diff --git a/t/t1300-config.sh b/t/t1300-config.sh index 825d9a184f..2ae9533aa8 100755 --- a/t/t1300-config.sh +++ b/t/t1300-config.sh @@ -1316,6 +1316,29 @@ test_expect_success 'detect bogus GIT_CONFIG_PARAMETERS' ' git config --get-regexp "env.*" ' +test_expect_success 'git config handles environment config pairs' ' + GIT_CONFIG_KEY_1="pair.one" GIT_CONFIG_VALUE_1="foo" \ + GIT_CONFIG_KEY_2="pair.two" GIT_CONFIG_VALUE_2="bar" \ + GIT_CONFIG_KEY_4="pair.four" GIT_CONFIG_VALUE_4="not-parsed" \ + git config --get-regexp "pair.*" >actual && + cat >expect <<-EOF && + pair.one foo + pair.two bar + EOF + test_cmp expect actual +' + +test_expect_success 'git config copes with missing config pair value' ' + GIT_CONFIG_KEY_1="pair.one" git config --get-regexp "pair.*" >actual && + echo pair.one >expect && + test_cmp expect actual +' + +test_expect_success 'git config fails with invalid config pair key' ' + test_must_fail env GIT_CONFIG_KEY_1= git config --list && + test_must_fail env GIT_CONFIG_KEY_1=missing-section git config --list +' + test_expect_success 'git config --edit works' ' git config -f tmp test.value no && echo test.value=yes >expect && -- 2.29.2 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-11-13 12:16 UTC|newest] Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-11-13 12:16 [PATCH 0/2] " Patrick Steinhardt 2020-11-13 12:16 ` [PATCH 1/2] config: extract function to parse config pairs Patrick Steinhardt 2020-11-13 12:16 ` Patrick Steinhardt [this message] 2020-11-13 13:04 ` [PATCH 2/2] config: allow specifying config entries via envvar pairs Ævar Arnfjörð Bjarmason 2020-11-16 19:39 ` Junio C Hamano 2020-11-17 2:34 ` Jeff King 2020-11-17 6:37 ` Patrick Steinhardt 2020-11-17 7:01 ` Jeff King 2020-11-17 14:22 ` Ævar Arnfjörð Bjarmason 2020-11-17 23:57 ` Jeff King 2020-11-18 13:44 ` Ævar Arnfjörð Bjarmason 2020-11-18 0:50 ` brian m. carlson 2020-11-18 1:59 ` Jeff King 2020-11-18 2:25 ` brian m. carlson 2020-11-18 7:04 ` Patrick Steinhardt 2020-11-19 2:11 ` brian m. carlson 2020-11-19 6:37 ` Patrick Steinhardt 2020-11-18 5:44 ` Junio C Hamano 2020-11-17 6:28 ` Patrick Steinhardt 2020-11-17 7:06 ` Junio C Hamano 2020-11-18 13:49 ` Ævar Arnfjörð Bjarmason 2020-11-18 13:56 ` Patrick Steinhardt 2020-11-18 16:01 ` Junio C Hamano 2020-11-17 14:03 ` Ævar Arnfjörð Bjarmason 2020-11-13 16:37 ` Philip Oakley 2020-11-17 6:40 ` Patrick Steinhardt 2020-11-13 13:11 ` [PATCH 0/2] " Ævar Arnfjörð Bjarmason
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: http://vger.kernel.org/majordomo-info.html * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=44e8dd50c6ea7cbcc5e4fc35c9b9057c0a52038c.1605269465.git.ps@pks.im \ --to=ps@pks.im \ --cc=git@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
git@vger.kernel.org list mirror (unofficial, one of many) This inbox may be cloned and mirrored by anyone: git clone --mirror https://public-inbox.org/git git clone --mirror http://ou63pmih66umazou.onion/git git clone --mirror http://czquwvybam4bgbro.onion/git git clone --mirror http://hjrcffqmbrq6wope.onion/git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V1 git git/ https://public-inbox.org/git \ git@vger.kernel.org public-inbox-index git Example config snippet for mirrors. Newsgroups are available over NNTP: nntp://news.public-inbox.org/inbox.comp.version-control.git nntp://ou63pmih66umazou.onion/inbox.comp.version-control.git nntp://czquwvybam4bgbro.onion/inbox.comp.version-control.git nntp://hjrcffqmbrq6wope.onion/inbox.comp.version-control.git nntp://news.gmane.io/gmane.comp.version-control.git note: .onion URLs require Tor: https://www.torproject.org/ code repositories for the project(s) associated with this inbox: https://80x24.org/mirrors/git.git AGPL code for this site: git clone https://public-inbox.org/public-inbox.git