* [PATCH] Documentation: clarify that cache forgets credentials if the system restarts @ 2022-12-21 8:23 M Hickford via GitGitGadget 2022-12-21 11:15 ` Junio C Hamano ` (2 more replies) 0 siblings, 3 replies; 9+ messages in thread From: M Hickford via GitGitGadget @ 2022-12-21 8:23 UTC (permalink / raw) To: git; +Cc: M Hickford, M Hickford From: M Hickford <mirth.hickford@gmail.com> Make it obvious to readers unfamiliar with Unix sockets. Signed-off-by: M Hickford <mirth.hickford@gmail.com> --- Documentation: clarify that cache forgets credentials if the system restarts Make it obvious to readers unfamiliar with Unix sockets. Signed-off-by: M Hickford mirth.hickford@gmail.com Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1447%2Fhickford%2Fpatch-2-v1 Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1447/hickford/patch-2-v1 Pull-Request: https://github.com/gitgitgadget/git/pull/1447 Documentation/git-credential-cache.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Documentation/git-credential-cache.txt b/Documentation/git-credential-cache.txt index 432e159d952..83fb4d4c4dc 100644 --- a/Documentation/git-credential-cache.txt +++ b/Documentation/git-credential-cache.txt @@ -16,7 +16,8 @@ DESCRIPTION This command caches credentials in memory for use by future Git programs. The stored credentials never touch the disk, and are forgotten -after a configurable timeout. The cache is accessible over a Unix +after a configurable timeout. Credentials are forgotten sooner if you +log out or the system restarts. The cache is accessible over a Unix domain socket, restricted to the current user by filesystem permissions. You probably don't want to invoke this command directly; it is meant to base-commit: 7c2ef319c52c4997256f5807564523dfd4acdfc7 -- gitgitgadget ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] Documentation: clarify that cache forgets credentials if the system restarts 2022-12-21 8:23 [PATCH] Documentation: clarify that cache forgets credentials if the system restarts M Hickford via GitGitGadget @ 2022-12-21 11:15 ` Junio C Hamano 2022-12-22 2:41 ` Jeff King 2022-12-21 22:09 ` brian m. carlson 2023-01-28 20:09 ` [PATCH v2] " M Hickford via GitGitGadget 2 siblings, 1 reply; 9+ messages in thread From: Junio C Hamano @ 2022-12-21 11:15 UTC (permalink / raw) To: M Hickford via GitGitGadget; +Cc: git, M Hickford "M Hickford via GitGitGadget" <gitgitgadget@gmail.com> writes: > From: M Hickford <mirth.hickford@gmail.com> > > Make it obvious to readers unfamiliar with Unix sockets. Is familiarity with sockets required? Isn't the death of the daemon process that causes the credential data cached in-core of the process? > This command caches credentials in memory for use by future Git > programs. The stored credentials never touch the disk, and are forgotten > -after a configurable timeout. The cache is accessible over a Unix > +after a configurable timeout. Credentials are forgotten sooner if you > +log out or the system restarts. The cache is accessible over a Unix If we mention "if you log out" here, the readers would also want to learn about credentialCache.ignoreSIGHUP configuration, no? This is not a new issue, but I am not sure if "never touch the disk" is a honest thing to say (I know there is no "write this in a file" done by the cache daemon, but the running daemon can be swapped out and I do not think we do anything to prevent the in-core structure credential_cache_entry from getting written to the swap. Taking all of the above together, perhaps something like this? ... caches credentials for use by future Git programs. The stored credentials are kept in memory of the cache-daemon process (instead of written to a file) and are forgotten after a configuarble timeout. The cache-daemon dies with the cached credentials upon a system shutdown/restart, or when it receives SIGHUP (i.e. by logging out, you disconnect from the terminal the daemon was started from); the latter can be disabled with credentialCache.ignoreSIGHUP configuration. The cache is accessible over a Unix domain socket, ... ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Documentation: clarify that cache forgets credentials if the system restarts 2022-12-21 11:15 ` Junio C Hamano @ 2022-12-22 2:41 ` Jeff King 2023-01-28 20:08 ` M Hickford 0 siblings, 1 reply; 9+ messages in thread From: Jeff King @ 2022-12-22 2:41 UTC (permalink / raw) To: Junio C Hamano; +Cc: M Hickford via GitGitGadget, git, M Hickford On Wed, Dec 21, 2022 at 08:15:59PM +0900, Junio C Hamano wrote: > This is not a new issue, but I am not sure if "never touch the disk" > is a honest thing to say (I know there is no "write this in a file" > done by the cache daemon, but the running daemon can be swapped out > and I do not think we do anything to prevent the in-core structure > credential_cache_entry from getting written to the swap. Right, we don't do anything like mlock(), mostly because of the portability problems (though obviously we could make an optional wrapper, which is strictly better than the status quo). On the other hand, neither does git itself, so we're only holding credential-cache to the same standard. Arguably the cache holds credentials longer, but a fetch or push may run for quite a while bottle-necked on network or pack generation/indexing (and both of those operations create memory pressure which may trigger swap). But I agree that it is more accurate to say "does not touch the filesystem" or your "instead of written to a file". > Taking all of the above together, perhaps something like this? > > ... caches credentials for use by future Git programs. The > stored credentials are kept in memory of the cache-daemon > process (instead of written to a file) and are forgotten after a > configuarble timeout. The cache-daemon dies with the cached > credentials upon a system shutdown/restart, or when it receives > SIGHUP (i.e. by logging out, you disconnect from the terminal > the daemon was started from); the latter can be disabled with > credentialCache.ignoreSIGHUP configuration. The cache is > accessible over a Unix domain socket, ... That seems reasonable. I was going to suggest also mentioning that we can ask the daemon to exit manually, but that is pretty well covered later in the document. On the other hand, it may make sense to put all of this together in the description. As brian mentioned, not every system behaves the same with respect to SIGHUP here. So we may need to be a little more vague here. So maybe more like: ...are forgotten after a configurable timeout, or if the daemon exits. You can ask the daemon to exit manually, forgetting all cached credentials before their timeout, by running: git credential-cache exit The daemon will also exit when it receives a signal. Depending on the configuration of your system, this may happen automatically when you log out. If you want to inhibit this behavior (and let items time out as normal even when you're logged out), you can set the credentialCache.ignoreSIGHUP configuration variable to `true`. There are many possible variations, of course. I was mostly just trying to get across the point that: - there are several ways for the daemon to exit - sighup / logout handling may depend on your system And I am happy with any text that says so. -Peff ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH] Documentation: clarify that cache forgets credentials if the system restarts 2022-12-22 2:41 ` Jeff King @ 2023-01-28 20:08 ` M Hickford 0 siblings, 0 replies; 9+ messages in thread From: M Hickford @ 2023-01-28 20:08 UTC (permalink / raw) To: peff; +Cc: git, gitgitgadget, gitster, sandals, mirth.hickford Thanks Junio, Jeff and Brian for your replies. I'll send an updated patch based on Junio's text. To me, most important is to explain that credentials are forgotten early if the daemon exits, so that setting a timeout of 1 year is unlikely to work. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Documentation: clarify that cache forgets credentials if the system restarts 2022-12-21 8:23 [PATCH] Documentation: clarify that cache forgets credentials if the system restarts M Hickford via GitGitGadget 2022-12-21 11:15 ` Junio C Hamano @ 2022-12-21 22:09 ` brian m. carlson 2023-01-28 20:09 ` [PATCH v2] " M Hickford via GitGitGadget 2 siblings, 0 replies; 9+ messages in thread From: brian m. carlson @ 2022-12-21 22:09 UTC (permalink / raw) To: M Hickford via GitGitGadget; +Cc: git, M Hickford [-- Attachment #1: Type: text/plain, Size: 2211 bytes --] On 2022-12-21 at 08:23:14, M Hickford via GitGitGadget wrote: > From: M Hickford <mirth.hickford@gmail.com> > > Make it obvious to readers unfamiliar with Unix sockets. > > Signed-off-by: M Hickford <mirth.hickford@gmail.com> > --- > Documentation: clarify that cache forgets credentials if the system > restarts > > Make it obvious to readers unfamiliar with Unix sockets. > > Signed-off-by: M Hickford mirth.hickford@gmail.com > > Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1447%2Fhickford%2Fpatch-2-v1 > Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1447/hickford/patch-2-v1 > Pull-Request: https://github.com/gitgitgadget/git/pull/1447 > > Documentation/git-credential-cache.txt | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/Documentation/git-credential-cache.txt b/Documentation/git-credential-cache.txt > index 432e159d952..83fb4d4c4dc 100644 > --- a/Documentation/git-credential-cache.txt > +++ b/Documentation/git-credential-cache.txt > @@ -16,7 +16,8 @@ DESCRIPTION > > This command caches credentials in memory for use by future Git > programs. The stored credentials never touch the disk, and are forgotten > -after a configurable timeout. The cache is accessible over a Unix > +after a configurable timeout. Credentials are forgotten sooner if you > +log out or the system restarts. The cache is accessible over a Unix > domain socket, restricted to the current user by filesystem permissions. I don't think it's accurate to say that the credentials are forgotten sooner if you log out. That may be the case on Windows, or it may be the case if you or your distro have configured systemd to gratuitously murder all your local processes when your session exits[0], but it hasn't traditionally been the case on Unix that processes exit when your session or shell exits. For example, I don't believe that the statement is accurate on Debian, Ubuntu, or the BSDs by default, which constitute a substantial number of deployed Unix systems. [0] Such as with KillUserProcesses=yes. -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 263 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v2] Documentation: clarify that cache forgets credentials if the system restarts 2022-12-21 8:23 [PATCH] Documentation: clarify that cache forgets credentials if the system restarts M Hickford via GitGitGadget 2022-12-21 11:15 ` Junio C Hamano 2022-12-21 22:09 ` brian m. carlson @ 2023-01-28 20:09 ` M Hickford via GitGitGadget 2023-01-28 20:13 ` [PATCH v3] " M Hickford via GitGitGadget 2 siblings, 1 reply; 9+ messages in thread From: M Hickford via GitGitGadget @ 2023-01-28 20:09 UTC (permalink / raw) To: git; +Cc: brian m. carlson, Jeff King, M Hickford, M Hickford From: M Hickford <mirth.hickford@gmail.com> Signed-off-by: M Hickford <mirth.hickford@gmail.com> --- Documentation: clarify that cache forgets credentials if the system restarts Make it obvious to readers unfamiliar with Unix sockets. Signed-off-by: M Hickford mirth.hickford@gmail.com Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1447%2Fhickford%2Fpatch-2-v2 Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1447/hickford/patch-2-v2 Pull-Request: https://github.com/gitgitgadget/git/pull/1447 Range-diff vs v1: 1: 5032ddf99da ! 1: e84d069cf19 Documentation: clarify that cache forgets credentials if the system restarts @@ Metadata ## Commit message ## Documentation: clarify that cache forgets credentials if the system restarts - Make it obvious to readers unfamiliar with Unix sockets. - Signed-off-by: M Hickford <mirth.hickford@gmail.com> ## Documentation/git-credential-cache.txt ## -@@ Documentation/git-credential-cache.txt: DESCRIPTION +@@ Documentation/git-credential-cache.txt: git config credential.helper 'cache [<options>]' + DESCRIPTION + ----------- - This command caches credentials in memory for use by future Git - programs. The stored credentials never touch the disk, and are forgotten +-This command caches credentials in memory for use by future Git +-programs. The stored credentials never touch the disk, and are forgotten -after a configurable timeout. The cache is accessible over a Unix -+after a configurable timeout. Credentials are forgotten sooner if you -+log out or the system restarts. The cache is accessible over a Unix - domain socket, restricted to the current user by filesystem permissions. +-domain socket, restricted to the current user by filesystem permissions. ++This command caches credentials for use by future Git programs. ++The stored credentials are kept in memory of the cache-daemon ++process (instead of written to a file) and are forgotten after a ++configurable timeout. Credentials are forgotten sooner if the ++cache-daemon dies, for example if the system restarts. The cached ++is accessible over a Unix domain socket, restricted to the current ++user by filesystem permissions. You probably don't want to invoke this command directly; it is meant to + be used as a credential helper by other parts of Git. See Documentation/git-credential-cache.txt | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Documentation/git-credential-cache.txt b/Documentation/git-credential-cache.txt index 432e159d952..9eef5d2cc10 100644 --- a/Documentation/git-credential-cache.txt +++ b/Documentation/git-credential-cache.txt @@ -14,10 +14,13 @@ git config credential.helper 'cache [<options>]' DESCRIPTION ----------- -This command caches credentials in memory for use by future Git -programs. The stored credentials never touch the disk, and are forgotten -after a configurable timeout. The cache is accessible over a Unix -domain socket, restricted to the current user by filesystem permissions. +This command caches credentials for use by future Git programs. +The stored credentials are kept in memory of the cache-daemon +process (instead of written to a file) and are forgotten after a +configurable timeout. Credentials are forgotten sooner if the +cache-daemon dies, for example if the system restarts. The cached +is accessible over a Unix domain socket, restricted to the current +user by filesystem permissions. You probably don't want to invoke this command directly; it is meant to be used as a credential helper by other parts of Git. See base-commit: 5cc9858f1b470844dea5c5d3e936af183fdf2c68 -- gitgitgadget ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH v3] Documentation: clarify that cache forgets credentials if the system restarts 2023-01-28 20:09 ` [PATCH v2] " M Hickford via GitGitGadget @ 2023-01-28 20:13 ` M Hickford via GitGitGadget 2023-01-29 6:48 ` Jeff King 0 siblings, 1 reply; 9+ messages in thread From: M Hickford via GitGitGadget @ 2023-01-28 20:13 UTC (permalink / raw) To: git; +Cc: brian m. carlson, Jeff King, M Hickford, M Hickford From: M Hickford <mirth.hickford@gmail.com> Signed-off-by: M Hickford <mirth.hickford@gmail.com> --- Documentation: clarify that cache forgets credentials if the system restarts Make it obvious to readers unfamiliar with Unix sockets. Signed-off-by: M Hickford mirth.hickford@gmail.com Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1447%2Fhickford%2Fpatch-2-v3 Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1447/hickford/patch-2-v3 Pull-Request: https://github.com/gitgitgadget/git/pull/1447 Range-diff vs v2: 1: e84d069cf19 ! 1: 09f4afae70c Documentation: clarify that cache forgets credentials if the system restarts @@ Documentation/git-credential-cache.txt: git config credential.helper 'cache [<op +The stored credentials are kept in memory of the cache-daemon +process (instead of written to a file) and are forgotten after a +configurable timeout. Credentials are forgotten sooner if the -+cache-daemon dies, for example if the system restarts. The cached ++cache-daemon dies, for example if the system restarts. The cache +is accessible over a Unix domain socket, restricted to the current +user by filesystem permissions. Documentation/git-credential-cache.txt | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Documentation/git-credential-cache.txt b/Documentation/git-credential-cache.txt index 432e159d952..f473994a864 100644 --- a/Documentation/git-credential-cache.txt +++ b/Documentation/git-credential-cache.txt @@ -14,10 +14,13 @@ git config credential.helper 'cache [<options>]' DESCRIPTION ----------- -This command caches credentials in memory for use by future Git -programs. The stored credentials never touch the disk, and are forgotten -after a configurable timeout. The cache is accessible over a Unix -domain socket, restricted to the current user by filesystem permissions. +This command caches credentials for use by future Git programs. +The stored credentials are kept in memory of the cache-daemon +process (instead of written to a file) and are forgotten after a +configurable timeout. Credentials are forgotten sooner if the +cache-daemon dies, for example if the system restarts. The cache +is accessible over a Unix domain socket, restricted to the current +user by filesystem permissions. You probably don't want to invoke this command directly; it is meant to be used as a credential helper by other parts of Git. See base-commit: 5cc9858f1b470844dea5c5d3e936af183fdf2c68 -- gitgitgadget ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH v3] Documentation: clarify that cache forgets credentials if the system restarts 2023-01-28 20:13 ` [PATCH v3] " M Hickford via GitGitGadget @ 2023-01-29 6:48 ` Jeff King 2023-01-29 17:26 ` Junio C Hamano 0 siblings, 1 reply; 9+ messages in thread From: Jeff King @ 2023-01-29 6:48 UTC (permalink / raw) To: M Hickford via GitGitGadget; +Cc: git, brian m. carlson, M Hickford On Sat, Jan 28, 2023 at 08:13:34PM +0000, M Hickford via GitGitGadget wrote: > diff --git a/Documentation/git-credential-cache.txt b/Documentation/git-credential-cache.txt > index 432e159d952..f473994a864 100644 > --- a/Documentation/git-credential-cache.txt > +++ b/Documentation/git-credential-cache.txt > @@ -14,10 +14,13 @@ git config credential.helper 'cache [<options>]' > DESCRIPTION > ----------- > > -This command caches credentials in memory for use by future Git > -programs. The stored credentials never touch the disk, and are forgotten > -after a configurable timeout. The cache is accessible over a Unix > -domain socket, restricted to the current user by filesystem permissions. > +This command caches credentials for use by future Git programs. > +The stored credentials are kept in memory of the cache-daemon > +process (instead of written to a file) and are forgotten after a > +configurable timeout. Credentials are forgotten sooner if the > +cache-daemon dies, for example if the system restarts. The cache > +is accessible over a Unix domain socket, restricted to the current > +user by filesystem permissions. This version looks good to me. -Peff ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3] Documentation: clarify that cache forgets credentials if the system restarts 2023-01-29 6:48 ` Jeff King @ 2023-01-29 17:26 ` Junio C Hamano 0 siblings, 0 replies; 9+ messages in thread From: Junio C Hamano @ 2023-01-29 17:26 UTC (permalink / raw) To: Jeff King; +Cc: M Hickford via GitGitGadget, git, brian m. carlson, M Hickford Jeff King <peff@peff.net> writes: > On Sat, Jan 28, 2023 at 08:13:34PM +0000, M Hickford via GitGitGadget wrote: > >> diff --git a/Documentation/git-credential-cache.txt b/Documentation/git-credential-cache.txt >> index 432e159d952..f473994a864 100644 >> --- a/Documentation/git-credential-cache.txt >> +++ b/Documentation/git-credential-cache.txt >> @@ -14,10 +14,13 @@ git config credential.helper 'cache [<options>]' >> DESCRIPTION >> ----------- >> >> -This command caches credentials in memory for use by future Git >> -programs. The stored credentials never touch the disk, and are forgotten >> -after a configurable timeout. The cache is accessible over a Unix >> -domain socket, restricted to the current user by filesystem permissions. >> +This command caches credentials for use by future Git programs. >> +The stored credentials are kept in memory of the cache-daemon >> +process (instead of written to a file) and are forgotten after a >> +configurable timeout. Credentials are forgotten sooner if the >> +cache-daemon dies, for example if the system restarts. The cache >> +is accessible over a Unix domain socket, restricted to the current >> +user by filesystem permissions. > > This version looks good to me. Yup, it looks good to me, too. Thanks, all. ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-01-29 17:27 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-12-21 8:23 [PATCH] Documentation: clarify that cache forgets credentials if the system restarts M Hickford via GitGitGadget 2022-12-21 11:15 ` Junio C Hamano 2022-12-22 2:41 ` Jeff King 2023-01-28 20:08 ` M Hickford 2022-12-21 22:09 ` brian m. carlson 2023-01-28 20:09 ` [PATCH v2] " M Hickford via GitGitGadget 2023-01-28 20:13 ` [PATCH v3] " M Hickford via GitGitGadget 2023-01-29 6:48 ` Jeff King 2023-01-29 17:26 ` Junio C Hamano
Code repositories for project(s) associated with this public inbox https://80x24.org/mirrors/git.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).