Glen Choo <chooglen@xxxxxxxxxx> writes: >>> +static int check_bare_repo_allowed(void) >>> +{ >>> + if (discovery_bare_config == DISCOVERY_BARE_UNKNOWN) { >>> + read_very_early_config(discovery_bare_cb, NULL); >> >> This will add the third place where we use read_very_early_config(), >> adding to the existing calls in tr2_sysenv_load() and >> ensure_valid_ownership(). If I understand it correctly, that means >> that every Git execution in a bare repository will now parse the >> system and global config three times. >> >> This doesn't count the check for uploadpack.packobjectshook in >> upload-pack.c that uses current_config_scope() to restrict its >> value to the system and global config. >> >> We are probably at the point where we need to instead create a >> configset that stores this "protected config" and allow us to >> lookup config keys directly from that configset instead of >> iterating through these config files repeatedly. > > Looking at all of the read_very_early_config() calls, > > - check_bare_repo_allowed() can use git_configset_get_string() > - ensure_valid_ownership() can use git_configset_get_value_multi() > - tr2_sysenv_load() reads every value with the "trace2." prefix. AFAICT > configsets only support exact key lookups and I don't see an easy way > teach configsets to support prefix lookups. > > (I didn't look too closely at uploadpack.packobjectshook because I don't > know enough about config scopes to comment.) > > So using a configset, we'll still need to read the config files at least > twice. That's better than thrice, but it doesn't cover the > tr2_sysenv_load() use case, and we'll run into this yet again if add > function that reads all config values with a given prefix. > > An hacky alternative that covers all of these use cases would be to read > all protected config in a single pass, e.g. > > static struct protected_config { > struct safe_directory_data safe_directory_data; > const char *discovery_bare; > struct string_list tr2_sysenv; > }; > > static int protected_config_cb() > { > /* Parse EVERYTHING that belongs in protected_config. */ > } > > but protected_config_cb() would have to parse too many unrelated things > for my liking. > > So I'll use the configset for the cases where the key is known, and > perhaps we'll punt on tr2_sysenv_load(). Since I'm trying to replace read_very_early_config() anyway, is this a good time to teach git to respect "-c safe.directory"? My understanding of [1] is that we only ignore "-c safe.directory" because read_very_early_config() doesn't support it, but we would prefer to support it if we could. [1] https://lore.kernel.org/git/xmqqlevabcsu.fsf@gitster.g/