On Wed, Apr 21, 2021 at 10:46:37PM +0200, SZEDER Gábor wrote: > On Mon, Apr 19, 2021 at 02:31:16PM +0200, Patrick Steinhardt wrote: > > In order to have git run in a fully controlled environment without any > > misconfiguration, it may be desirable for users or scripts to override > > global- and system-level configuration files. We already have a way of > > doing this, which is to unset both HOME and XDG_CONFIG_HOME environment > > variables and to set `GIT_CONFIG_NOGLOBAL=true`. This is quite kludgy, > > and unsetting the first two variables likely has an impact on other > > executables spawned by such a script. > > > > The obvious way to fix this would be to introduce `GIT_CONFIG_NOGLOBAL` > > as an equivalent to `GIT_CONFIG_NOSYSTEM`. But in the past, it has > > turned out that this design is inflexible: we cannot test system-level > > parsing of the git configuration in our test harness because there is no > > way to change its location, so all tests run with `GIT_CONFIG_NOSYSTEM` > > set. > > > > Instead of doing the same mistake with `GIT_CONFIG_NOGLOBAL`, introduce > > two new variables `GIT_CONFIG_GLOBAL` and `GIT_CONFIG_SYSTEM`: > > > > - If unset, git continues to use the usual locations. > > > > - If set to a specific path, we skip reading the normal > > configuration files and instead take the path. By setting the path > > to `/dev/null`, no configuration will be loaded for the respective > > level. > > > > This implements the usecase where we want to execute code in a sanitized > > environment without any potential misconfigurations via `/dev/null`, but > > is more flexible and allows for more usecases than simply adding > > `GIT_CONFIG_NOGLOBAL`. > > Something is still not right with this patch series, because: > > > +test_expect_success 'write to overridden global and system config' ' > > + cat >expect <<EOF && > > +[config] > > + key = value > > +EOF > > + > > + GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && > > + test_cmp expect write-to-global && > > + > > + GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && > > + test_cmp expect write-to-system > > +' > > This test fails on Travis CI's Linux32 job: > > expecting success of 1300.184 'write to overridden global and system config': > cat >expect <<EOF && > [config] > key = value > EOF > GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && > test_cmp expect write-to-global && > GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && > test_cmp expect write-to-system > + cat > + GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value > fatal: unable to access '/root/etc/gitconfig': Permission denied > error: last command exited with $?=128 > not ok 184 - write to overridden global and system config https://travis-ci.org/github/git/git/jobs/767898817#L6931 > Yeah, that job has a weird environment with Docker and 'su' > interacting in a way that ultimately builds Git with 'HOME=/root', > which in our build system means that 'sysconfdir=/root/etc'. To > reproduce at home just run: > > make prefix=/root && cd t && ./t1300-config.sh -V -x -i Hrm, that's not the only test that fails, but I only ran it with '-i'... but in fact most subsequent tests fail with the same error. I think the culprit is the previous test case which I too eagerly snipped from my previous email, so here it is again (copy-pasted, whitespace-damaged): > test_expect_success 'override global and system config' ' > test_when_finished rm -f "$HOME"/.config/git && > > cat >"$HOME"/.gitconfig <<-EOF && > [home] > config = true > EOF > mkdir -p "$HOME"/.config/git && > cat >"$HOME"/.config/git/config <<-EOF && > [xdg] > config = true > EOF > cat >.git/config <<-EOF && > [local] > config = true > EOF > cat >custom-global-config <<-EOF && > [global] > config = true > EOF > cat >custom-system-config <<-EOF && > [system] > config = true > EOF > > cat >expect <<-EOF && > global xdg.config=true > global home.config=true > local local.config=true > EOF > git config --show-scope --list >output && > test_cmp expect output && > > sane_unset GIT_CONFIG_NOSYSTEM && Unsetting GIT_CONFIG_NOSYSTEM like this does affect the environment of all subsequent tests and their git commands will then try to look at the system config file. Putting this 'sane_unset' and the rest of this test case in a subshell seems to fix the issue. > cat >expect <<-EOF && > system system.config=true > global global.config=true > local local.config=true > EOF > GIT_CONFIG_SYSTEM=custom-system-config GIT_CONFIG_GLOBAL=custom-global-config \ > git config --show-scope --list >output && > test_cmp expect output && > > cat >expect <<-EOF && > local local.config=true > EOF > GIT_CONFIG_SYSTEM=/dev/null GIT_CONFIG_GLOBAL=/dev/null git config --show-scope --list >output && > test_cmp expect output > '
