On Mon, Apr 19, 2021 at 02:31:16PM +0200, Patrick Steinhardt wrote: > In order to have git run in a fully controlled environment without any > misconfiguration, it may be desirable for users or scripts to override > global- and system-level configuration files. We already have a way of > doing this, which is to unset both HOME and XDG_CONFIG_HOME environment > variables and to set `GIT_CONFIG_NOGLOBAL=true`. This is quite kludgy, > and unsetting the first two variables likely has an impact on other > executables spawned by such a script. > > The obvious way to fix this would be to introduce `GIT_CONFIG_NOGLOBAL` > as an equivalent to `GIT_CONFIG_NOSYSTEM`. But in the past, it has > turned out that this design is inflexible: we cannot test system-level > parsing of the git configuration in our test harness because there is no > way to change its location, so all tests run with `GIT_CONFIG_NOSYSTEM` > set. > > Instead of doing the same mistake with `GIT_CONFIG_NOGLOBAL`, introduce > two new variables `GIT_CONFIG_GLOBAL` and `GIT_CONFIG_SYSTEM`: > > - If unset, git continues to use the usual locations. > > - If set to a specific path, we skip reading the normal > configuration files and instead take the path. By setting the path > to `/dev/null`, no configuration will be loaded for the respective > level. > > This implements the usecase where we want to execute code in a sanitized > environment without any potential misconfigurations via `/dev/null`, but > is more flexible and allows for more usecases than simply adding > `GIT_CONFIG_NOGLOBAL`. Something is still not right with this patch series, because: > +test_expect_success 'write to overridden global and system config' ' > + cat >expect <<EOF && > +[config] > + key = value > +EOF > + > + GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && > + test_cmp expect write-to-global && > + > + GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && > + test_cmp expect write-to-system > +' This test fails on Travis CI's Linux32 job: expecting success of 1300.184 'write to overridden global and system config': cat >expect <<EOF && [config] key = value EOF GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && test_cmp expect write-to-global && GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && test_cmp expect write-to-system + cat + GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value fatal: unable to access '/root/etc/gitconfig': Permission denied error: last command exited with $?=128 not ok 184 - write to overridden global and system config Yeah, that job has a weird environment with Docker and 'su' interacting in a way that ultimately builds Git with 'HOME=/root', which in our build system means that 'sysconfdir=/root/etc'. To reproduce at home just run: make prefix=/root && cd t && ./t1300-config.sh -V -x -i
