On Wed, Nov 21, 2018 at 10:23:34AM +0100, Marc Strapetz wrote: > From our GUI client we are invoking git operations on a possibly large set > of files. This may result in pathspecs which are exceeding the maximum > command line length, especially on Windows [1] and OSX [2]. To workaround > this problem we are currently splitting up such operations by invoking > multiple git commands. This works well for some commands (like add), but > doesn't work well for others (like commit). > > A possible solution could be to add another patchspec magic word which will > read paths from a file instead of command line. A similar approach can be > found in Mercurial with its "listfile:" pattern [3]. > > Does that sound reasonable? If so, we should be able to provide a > corresponding patch. Quite a few commands take --stdin, which can be used to send pathspecs (and often other stuff) without size limits. I don't think either "commit" or "add" does, but that might be another route. I'm slightly nervous at a pathspec that starts reading arbitrary files, because I suspect there may be interesting ways to abuse it for services which expose Git. E.g., if I have a web service which can show the history of a file, I might take a $file parameter from the client and run "git rev-list -- $file" (handling shell quoting, of course). That's OK now, but with the proposed pathspec magic, a malicious user could ask for ":(from-file=/etc/passwd)" or whatever. I dunno. Maybe that is overly paranoid, and certainly servers like that are a subset of users. And perhaps such servers should be specifying GIT_LITERAL_PATHSPECS=1 anyway. -Peff
