Patrick Steinhardt <ps@xxxxxx> writes: > While we currently have the `GIT_CONFIG_PARAMETERS` environment variable > which can be used to pass runtime configuration data to git processes, > it's an internal implementation detail and not supposed to be used by > end users. > > Next to being for internal use only, this way of passing config entries > has a major downside: the config keys need to be parsed as they contain > both key and value in a single variable. As such, it is left to the user > to escape any potentially harmful characters in the value, which is > quite hard to do if values are controlled by a third party. > > This commit thus adds a new way of adding config entries via the > environment which gets rid of this shortcoming. If the user passes the > `GIT_CONFIG_COUNT=$n` environment variable, Git will parse environment > variable pairs `GIT_CONFIG_KEY_$i` and `GIT_CONFIG_VALUE_$i` for each > `i` in `[0,n)`. > > While the same can be achieved with `git -c <name>=<value>`, one may > wish to not do so for potentially sensitive information. E.g. if one > wants to set `http.extraHeader` to contain an authentication token, > doing so via `-c` would trivially leak those credentials via e.g. ps(1), > which typically also shows command arguments. > > Signed-off-by: Patrick Steinhardt <ps@xxxxxx> > --- > Documentation/git-config.txt | 16 +++++ > cache.h | 1 + > config.c | 67 +++++++++++++++++--- > environment.c | 1 + > t/t1300-config.sh | 115 ++++++++++++++++++++++++++++++++++- > 5 files changed, 191 insertions(+), 9 deletions(-) > > diff --git a/Documentation/git-config.txt b/Documentation/git-config.txt > index 0e9351d3cb..72ccea4419 100644 > --- a/Documentation/git-config.txt > +++ b/Documentation/git-config.txt > @@ -346,6 +346,22 @@ GIT_CONFIG_NOSYSTEM:: > > See also <<FILES>>. > > +GIT_CONFIG_COUNT:: > +GIT_CONFIG_KEY_<n>:: > +GIT_CONFIG_VALUE_<n>:: > + If GIT_CONFIG_COUNT is set to a positive number, all environment pairs > + GIT_CONFIG_KEY_<n> and GIT_CONFIG_VALUE_<n> up to that number will be > + added to the process's runtime configuration. The config pairs are > + zero-indexed. Any missing key or value is treated as an error. An empty > + GIT_CONFIG_COUNT is treated the same as GIT_CONFIG_COUNT=0, namely no > + pairs are processed. These environment variables will override values > + in configuration files, but will be overridden by any explicit options > + passed via `git -c`. > + > + This is useful for cases where you want to spawn multiple git commands > + with a common configuration but cannot depend on a configuration file, > + for example when writing scripts. Dedent these three lines, and replace the blank lines before it with a line with a single '+' on it (an example is found in the paragraph that describes the "--get-color" option; look for "type=color" in the same file). Otherwise these subsequent paragraphs are treated differently from the first paragraph. The same problem may exist in new paragraphs in git.txt that describes the "--config-env" stuff. Thanks.
