Thanks for all your replies. Much appreciated. On 26/06/2024 20.11, Junio C Hamano wrote:
Phillip Wood <phillip.wood123@xxxxxxxxx> writes:To expand an this a little - a couple of times I've wanted to checkout a bare repository that is owned by a different user. It is a pain to have to add a new config setting just for a one-off checkout. Being able to adjust the config on the command line would be very useful in that case.True. As long as it is deemed safe to honor the one-off "git -c safe.directory=..." from the command line, for the purpose of this "I who am running this 'git' process hereby declare that I trust this and that repository", I think it would be the best solution for the "git daemon" use case.
How does one pass "-c safe.directory=…" to git-http-backend? I currently have an Apache config snippet like SetEnv GIT_PROJECT_ROOT /var/www/example.org/htdocs/git SetEnv GIT_HTTP_EXPORT_ALL ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/ <Files "git-http-backend"> Require all granted AcceptPathInfo On </Files> to serve git repositories.Granted, the apache user has a home directory, so I am probably able to set save.directory via ~/.gitconfig.
However, the point here is that git is often invoked indirectly, with no control over the command line arguments that are passed to it. On the other hand, one has usually control over the environment variables.
I agree that "-c safe.directory=…" is preferable to GIT_IGNORE_INSECURE_OWNER. However, sometimes using "-c safe.directory=…" is cumbersome and maybe even impossible.
One alternative to GIT_IGNORE_INSECURE_OWNER would be a generic GIT_EXTRA_ARGS environment variable. So one could set
GIT_EXTRA_ARGS="-c safe.directory=…" Not saying that I like the idea, just pointing out this option. - Florian
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
