summaryrefslogtreecommitdiff
path: root/builtin/fetch.c
diff options
context:
space:
mode:
authorLibravatar Patrick Steinhardt <ps@pks.im>2021-01-12 13:27:14 +0100
committerLibravatar Junio C Hamano <gitster@pobox.com>2021-01-15 13:03:45 -0800
commitd8d77153eafdb0fc334e827976f09e4bdff26b58 (patch)
tree9ad261640d42b1c2e5cf36830f6c797e711ee547 /builtin/fetch.c
parentenvironment: make `getenv_safe()` a public function (diff)
downloadtgif-d8d77153eafdb0fc334e827976f09e4bdff26b58.tar.xz
config: allow specifying config entries via envvar pairs
While we currently have the `GIT_CONFIG_PARAMETERS` environment variable which can be used to pass runtime configuration data to git processes, it's an internal implementation detail and not supposed to be used by end users. Next to being for internal use only, this way of passing config entries has a major downside: the config keys need to be parsed as they contain both key and value in a single variable. As such, it is left to the user to escape any potentially harmful characters in the value, which is quite hard to do if values are controlled by a third party. This commit thus adds a new way of adding config entries via the environment which gets rid of this shortcoming. If the user passes the `GIT_CONFIG_COUNT=$n` environment variable, Git will parse environment variable pairs `GIT_CONFIG_KEY_$i` and `GIT_CONFIG_VALUE_$i` for each `i` in `[0,n)`. While the same can be achieved with `git -c <name>=<value>`, one may wish to not do so for potentially sensitive information. E.g. if one wants to set `http.extraHeader` to contain an authentication token, doing so via `-c` would trivially leak those credentials via e.g. ps(1), which typically also shows command arguments. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin/fetch.c')
0 files changed, 0 insertions, 0 deletions