Right now, any time we try to set up a repository in that's owned by another user, we die. While good for security, this is inconvenient in a bunch of ways. For example, when Git LFS wants to push data locally, it needs to know where the `.git` directory is because it pushes the objects into `.git/lfs`. Thus, we want to do `git rev-parse --absolute-git-dir` to find the remote Git directory, but we can't do that if the repository is owned by a different user. That issue also affects the Git LFS SSH transfer server (Scutiger), which also needs to read the configuration (to set the umask appropriately for `core.sharedrepository`). I had looked at sending a patch to make `git rev-parse` operate in a special mode where it's impossible to invoke any binaries at all, but unfortunately, `get_superproject_working_tree` invokes binaries, so that's not possible. (If anyone is interested in picking this up, there is a start on it, failing many tests, in the `rev-parse-safe-directory` on my GitHub remote.) I guess I'm looking for us to provide some basic functionality that is guaranteed to work in this case, including `git rev-parse` and `git config -l`. I don't think it's useful for every program that wants to work with Git to need to implement its own repository discovery and config parsing, and those are essential needs for tooling that needs to work with untrusted repositories. -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
