@@ -340,6 +340,11 @@ GIT_CONFIG::
Using the "--global" option forces this to ~/.gitconfig. Using the
"--system" option forces this to $(prefix)/etc/gitconfig.
+GIT_CONFIG_GLOBAL::
+GIT_CONFIG_SYSTEM::
+ Take the configuration from the given files instead from global or
+ system-level configuration. See linkgit:git[1] for details.
+
GIT_CONFIG_NOSYSTEM::
Whether to skip reading settings from the system-wide
$(prefix)/etc/gitconfig file. See linkgit:git[1] for details.
@@ -670,6 +670,16 @@ for further details.
If this environment variable is set to `0`, git will not prompt
on the terminal (e.g., when asking for HTTP authentication).
+`GIT_CONFIG_GLOBAL`::
+`GIT_CONFIG_SYSTEM`::
+ Take the configuration from the given files instead from global or
+ system-level configuration files. If `GIT_CONFIG_SYSTEM` is set, the
+ system config file defined at build time (usually `/etc/gitconfig`)
+ will not be read. Likewise, if `GIT_CONFIG_GLOBAL` is set, neither
+ `$HOME/.gitconfig` nor `$XDG_CONFIG_HOME/git/config` will be read. Can
+ be set to `/dev/null` to skip reading configuration files of the
+ respective level.
+
`GIT_CONFIG_NOSYSTEM`::
Whether to skip reading settings from the system-wide
`$(prefix)/etc/gitconfig` file. This environment variable can
@@ -674,7 +674,10 @@ int cmd_config(int argc, const char **argv, const char *prefix)
char *user_config, *xdg_config;
git_global_config(&user_config, &xdg_config);
- if (!user_config)
+ if (!user_config) {
+ if (!strcmp(getenv("GIT_CONFIG_GLOBAL"), "/dev/null"))
+ die(_("GIT_CONFIG_GLOBAL=/dev/null set"));
+
/*
* It is unknown if HOME/.gitconfig exists, so
* we do not know if we should write to XDG
@@ -682,6 +685,7 @@ int cmd_config(int argc, const char **argv, const char *prefix)
* is set and points at a sane location.
*/
die(_("$HOME not set"));
+ }
given_config_source.scope = CONFIG_SCOPE_GLOBAL;
@@ -1846,13 +1846,31 @@ static int git_config_from_blob_ref(config_fn_t fn,
char *git_system_config(void)
{
+ char *system_config = xstrdup_or_null(getenv("GIT_CONFIG_SYSTEM"));
+ if (system_config) {
+ if (!strcmp(system_config, "/dev/null"))
+ FREE_AND_NULL(system_config);
+ return system_config;
+ }
return system_path(ETC_GITCONFIG);
}
-void git_global_config(char **user_config, char **xdg_config)
+void git_global_config(char **user_out, char **xdg_out)
{
- *user_config = expand_user_path("~/.gitconfig", 0);
- *xdg_config = xdg_config_home("config");
+ char *user_config = xstrdup_or_null(getenv("GIT_CONFIG_GLOBAL"));
+ char *xdg_config = NULL;
+
+ if (user_config) {
+ if (!strcmp(user_config, "/dev/null"))
+ FREE_AND_NULL(user_config);
+ xdg_config = NULL;
+ } else {
+ user_config = expand_user_path("~/.gitconfig", 0);
+ xdg_config = xdg_config_home("config");
+ }
+
+ *user_out = user_config;
+ *xdg_out = xdg_config;
}
/*
@@ -2059,6 +2059,77 @@ test_expect_success '--show-scope with --show-origin' '
test_cmp expect output
'
+test_expect_success 'override global and system config' '
+ test_when_finished rm -f "$HOME"/.config/git &&
+
+ cat >"$HOME"/.gitconfig <<-EOF &&
+ [home]
+ config = true
+ EOF
+ mkdir -p "$HOME"/.config/git &&
+ cat >"$HOME"/.config/git/config <<-EOF &&
+ [xdg]
+ config = true
+ EOF
+ cat >.git/config <<-EOF &&
+ [local]
+ config = true
+ EOF
+ cat >custom-global-config <<-EOF &&
+ [global]
+ config = true
+ EOF
+ cat >custom-system-config <<-EOF &&
+ [system]
+ config = true
+ EOF
+
+ cat >expect <<-EOF &&
+ global xdg.config=true
+ global home.config=true
+ local local.config=true
+ EOF
+ git config --show-scope --list >output &&
+ test_cmp expect output &&
+
+ sane_unset GIT_CONFIG_NOSYSTEM &&
+
+ cat >expect <<-EOF &&
+ system system.config=true
+ global global.config=true
+ local local.config=true
+ EOF
+ GIT_CONFIG_SYSTEM=custom-system-config GIT_CONFIG_GLOBAL=custom-global-config \
+ git config --show-scope --list >output &&
+ test_cmp expect output &&
+
+ cat >expect <<-EOF &&
+ local local.config=true
+ EOF
+ GIT_CONFIG_SYSTEM=/dev/null GIT_CONFIG_GLOBAL=/dev/null git config --show-scope --list >output &&
+ test_cmp expect output
+'
+
+test_expect_success 'override global and system config with missing file' '
+ sane_unset GIT_CONFIG_NOSYSTEM &&
+ test_must_fail env GIT_CONFIG_GLOBAL=does-not-exist GIT_CONFIG_SYSTEM=/dev/null git config --global --list >actual &&
+ test_must_fail env GIT_CONFIG_GLOBAL=/dev/null GIT_CONFIG_SYSTEM=does-not-exist git config --system --list >actual &&
+ GIT_CONFIG_GLOBAL=does-not-exist GIT_CONFIG_SYSTEM=does-not-exist git version
+'
+
+test_expect_success 'write to overridden global and system config' '
+ cat >expect <<EOF &&
+[config]
+ key = value
+EOF
+
+ GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value &&
+ test_cmp expect write-to-global &&
+
+ GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value &&
+ test_cmp expect write-to-system
+'
+
for opt in --local --worktree
do
test_expect_success "$opt requires a repo" '
In order to have git run in a fully controlled environment without any misconfiguration, it may be desirable for users or scripts to override global- and system-level configuration files. We already have a way of doing this, which is to unset both HOME and XDG_CONFIG_HOME environment variables and to set `GIT_CONFIG_NOGLOBAL=true`. This is quite kludgy, and unsetting the first two variables likely has an impact on other executables spawned by such a script. The obvious way to fix this would be to introduce `GIT_CONFIG_NOGLOBAL` as an equivalent to `GIT_CONFIG_NOSYSTEM`. But in the past, it has turned out that this design is inflexible: we cannot test system-level parsing of the git configuration in our test harness because there is no way to change its location, so all tests run with `GIT_CONFIG_NOSYSTEM` set. Instead of doing the same mistake with `GIT_CONFIG_NOGLOBAL`, introduce two new variables `GIT_CONFIG_GLOBAL` and `GIT_CONFIG_SYSTEM`: - If unset, git continues to use the usual locations. - If set to a specific path, we skip reading the normal configuration files and instead take the path. This path must exist and be readable to ensure that the user didn't typo. - If set to `/dev/null`, we do not load either global- or system-level configuration at all. This implements the usecase where we want to execute code in a sanitized environment without any potential misconfigurations via `/dev/null`, but is more flexible and allows for more usecases than simply adding `GIT_CONFIG_NOGLOBAL`. Signed-off-by: Patrick Steinhardt <ps@pks.im> --- Range-diff against v2: 1: da0b8ce6f0 < -: ---------- config: rename `git_etc_config()` 2: dddc85bcf5 < -: ---------- config: unify code paths to get global config paths 3: 272a3b31aa ! 1: aa0f2957e6 config: allow overriding of global and system configuration @@ Commit message and unsetting the first two variables likely has an impact on other executables spawned by such a script. - The obvious way to fix this would be to introduce `GIT_CONFIG_NOSYSTEM` - as an equivalent to `GIT_CONFIG_NOGLOBAL`. But in the past, it has + The obvious way to fix this would be to introduce `GIT_CONFIG_NOGLOBAL` + as an equivalent to `GIT_CONFIG_NOSYSTEM`. But in the past, it has turned out that this design is inflexible: we cannot test system-level parsing of the git configuration in our test harness because there is no way to change its location, so all tests run with `GIT_CONFIG_NOSYSTEM` @@ Documentation/git.txt: for further details. +`GIT_CONFIG_GLOBAL`:: +`GIT_CONFIG_SYSTEM`:: + Take the configuration from the given files instead from global or -+ system-level configuration files. The files must exist and be readable -+ by the current user. If `GIT_CONFIG_SYSTEM` is set, `/etc/gitconfig` ++ system-level configuration files. If `GIT_CONFIG_SYSTEM` is set, the ++ system config file defined at build time (usually `/etc/gitconfig`) + will not be read. Likewise, if `GIT_CONFIG_GLOBAL` is set, neither + `$HOME/.gitconfig` nor `$XDG_CONFIG_HOME/git/config` will be read. Can + be set to `/dev/null` to skip reading configuration files of the @@ Documentation/git.txt: for further details. Whether to skip reading settings from the system-wide `$(prefix)/etc/gitconfig` file. This environment variable can + ## builtin/config.c ## +@@ builtin/config.c: int cmd_config(int argc, const char **argv, const char *prefix) + char *user_config, *xdg_config; + + git_global_config(&user_config, &xdg_config); +- if (!user_config) ++ if (!user_config) { ++ if (!strcmp(getenv("GIT_CONFIG_GLOBAL"), "/dev/null")) ++ die(_("GIT_CONFIG_GLOBAL=/dev/null set")); ++ + /* + * It is unknown if HOME/.gitconfig exists, so + * we do not know if we should write to XDG +@@ builtin/config.c: int cmd_config(int argc, const char **argv, const char *prefix) + * is set and points at a sane location. + */ + die(_("$HOME not set")); ++ } + + given_config_source.scope = CONFIG_SCOPE_GLOBAL; + + ## config.c ## @@ config.c: static int git_config_from_blob_ref(config_fn_t fn, - const char *git_system_config(void) + + char *git_system_config(void) { - static const char *system_wide; -- if (!system_wide) -- system_wide = system_path(ETC_GITCONFIG); -+ -+ if (!system_wide) { -+ system_wide = xstrdup_or_null(getenv("GIT_CONFIG_SYSTEM")); -+ if (system_wide) { -+ /* -+ * If GIT_CONFIG_SYSTEM is set, it overrides the -+ * /etc/gitconfig. Furthermore, the file must exist in -+ * order to prevent any typos by the user. -+ */ -+ if (access(system_wide, R_OK)) -+ die(_("cannot access '%s'"), system_wide); -+ } else { -+ system_wide = system_path(ETC_GITCONFIG); -+ } ++ char *system_config = xstrdup_or_null(getenv("GIT_CONFIG_SYSTEM")); ++ if (system_config) { ++ if (!strcmp(system_config, "/dev/null")) ++ FREE_AND_NULL(system_config); ++ return system_config; + } -+ - return system_wide; + return system_path(ETC_GITCONFIG); } -@@ config.c: void git_global_config(const char **user, const char **xdg) - static const char *user_config, *xdg_config; +-void git_global_config(char **user_config, char **xdg_config) ++void git_global_config(char **user_out, char **xdg_out) + { +- *user_config = expand_user_path("~/.gitconfig", 0); +- *xdg_config = xdg_config_home("config"); ++ char *user_config = xstrdup_or_null(getenv("GIT_CONFIG_GLOBAL")); ++ char *xdg_config = NULL; ++ ++ if (user_config) { ++ if (!strcmp(user_config, "/dev/null")) ++ FREE_AND_NULL(user_config); ++ xdg_config = NULL; ++ } else { ++ user_config = expand_user_path("~/.gitconfig", 0); ++ xdg_config = xdg_config_home("config"); ++ } ++ ++ *user_out = user_config; ++ *xdg_out = xdg_config; + } - if (!user_config) { -- user_config = expand_user_path("~/.gitconfig", 0); -- xdg_config = xdg_config_home("config"); -+ user_config = xstrdup_or_null(getenv("GIT_CONFIG_GLOBAL")); -+ if (user_config) { -+ /* -+ * If GIT_CONFIG_GLOBAL is set, then it overrides both -+ * the ~/.gitconfig and the XDG configuration file. -+ * Furthermore, the file must exist in order to prevent -+ * any typos by the user. -+ */ -+ if (access(user_config, R_OK)) -+ die(_("cannot access '%s'"), user_config); -+ } else { -+ user_config = expand_user_path("~/.gitconfig", 0); -+ xdg_config = xdg_config_home("config"); -+ } - } - - *user = user_config; + /* ## t/t1300-config.sh ## @@ t/t1300-config.sh: test_expect_success '--show-scope with --show-origin' ' @@ t/t1300-config.sh: test_expect_success '--show-scope with --show-origin' ' + +test_expect_success 'override global and system config with missing file' ' + sane_unset GIT_CONFIG_NOSYSTEM && -+ test_must_fail env GIT_CONFIG_GLOBAL=does-not-exist git version && -+ test_must_fail env GIT_CONFIG_SYSTEM=does-not-exist git version && -+ GIT_CONFIG_NOSYSTEM=true GIT_CONFIG_SYSTEM=does-not-exist git version ++ test_must_fail env GIT_CONFIG_GLOBAL=does-not-exist GIT_CONFIG_SYSTEM=/dev/null git config --global --list >actual && ++ test_must_fail env GIT_CONFIG_GLOBAL=/dev/null GIT_CONFIG_SYSTEM=does-not-exist git config --system --list >actual && ++ GIT_CONFIG_GLOBAL=does-not-exist GIT_CONFIG_SYSTEM=does-not-exist git version +' + +test_expect_success 'write to overridden global and system config' ' @@ t/t1300-config.sh: test_expect_success '--show-scope with --show-origin' ' + key = value +EOF + -+ test_must_fail env GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && -+ touch write-to-global && + GIT_CONFIG_GLOBAL=write-to-global git config --global config.key value && + test_cmp expect write-to-global && + -+ test_must_fail env GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && -+ touch write-to-system && + GIT_CONFIG_SYSTEM=write-to-system git config --system config.key value && + test_cmp expect write-to-system +' Documentation/git-config.txt | 5 +++ Documentation/git.txt | 10 +++++ builtin/config.c | 6 ++- config.c | 24 ++++++++++-- t/t1300-config.sh | 71 ++++++++++++++++++++++++++++++++++++ 5 files changed, 112 insertions(+), 4 deletions(-)