"Glen Choo via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes:
> From: Glen Choo <chooglen@xxxxxxxxxx>
>
> Add a config variable, `discovery.bare`, that tells Git whether or not
> it should work with the bare repository it has discovered i.e. Git will
> die() if it discovers a bare repository, but it is not allowed by
> `discovery.bare`. This only affects repository discovery, thus it has no
> effect if discovery was not done (e.g. `--git-dir` was passed).
>
> This is motivated by the fact that some workflows don't use bare
> repositories at all, and users may prefer to opt out of bare repository
> discovery altogether:
>
> - An easy assumption for a user to make is that Git commands run
> anywhere inside a repository's working tree will use the same
> repository. However, if the working tree contains a bare repository
> below the root-level (".git" is preferred at the root-level), any
> operations inside that bare repository use the bare repository
> instead.
>
> In the worst case, attackers can use this confusion to trick users
> into running arbitrary code (see [1] for a deeper discussion). But
> even in benign situations (e.g. a user renames ".git/" to ".git.old/"
> and commits it for archival purposes), disabling bare repository
> discovery can be a simpler mode of operation (e.g. because the user
> doesn't actually want to use ".git.old/") [2].
>
> - Git won't "accidentally" recognize a directory that wasn't meant to be
> a bare repository, but happens to resemble one. While such accidents
> are probably very rare in practice, this lets users reduce the chance
> to zero.
>
> This config is an enum of:
>
> - ["always"|(unset)]: always recognize bare repositories (like Git does
> today)
> - "never": never recognize bare repositories
>
> More values are expected to be added later, and the default is expected
> to change (i.e. to something other than "always").
>
> [1]: https://lore.kernel.org/git/kl6lsfqpygsj.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> [2]: I don't personally know anyone who does this as part of their
> normal workflow, but a cursory search on GitHub suggests that there is a
> not insubstantial number of people who munge ".git" in order to store
> its contents.
>
> https://github.com/search?l=&o=desc&p=1&q=ref+size%3A%3C1000+filename%3AHEAD&s=indexed&type=Code
> (aka search for the text "ref", size:<1000, filename:HEAD)
>
> Signed-off-by: Glen Choo <chooglen@xxxxxxxxxx>
The intended commit message ends here...
> WIP setup.c: make discovery.bare die on failure
>
> Signed-off-by: Glen Choo <chooglen@xxxxxxxxxx>
Ugh, dumb mistake (bad squash). Fortunately this was one of my more
professional-sounding WIP commit messages.
