feature request - implement a "GIT_AUTHOR_EMAIL" equivalent, but processed BEFORE .gitconfig

feature request - implement a "GIT_AUTHOR_EMAIL" equivalent, but processed BEFORE .gitconfig

[Nathan Neulinger]

Four related feature requests/ideas:


1. equivalent to GIT_*_EMAIL/NAME vars, but processed only if git config doesn't set values

Right now, there isn't any way to have a systemwide profile script that tries to determine a better default for the user 
name/email values, such as in the case of shared logins. The best I've been able to do for now is use the 'EMAIL' var.

Use case in my environment - most shared-login accounts are accessed via krb5 login, so it provides a nice way to set a 
better default for "who is doing this commit" than just the userid.


2. Setting option to user.name (or other setting) that would BLOCK the commit from occurring at all if it would 
otherwise fall back to defaults. I thought this previously worked by setting an empty value, but apparently doesn't work 
that way in current versions.


3. Setting option to user.name/user.email to prompt, SVN-style, for the name/email. Yes, this would be 
annoying/obnoxious to use normally, but intent is to avoid un-named "root@host" commits that would otherwise occur from 
user being lazy.


4. (This would accomplish all of the above) - enhance the include.path option to support the "!" syntax similar to what 
aliases can do. i.e.

[include]
    path = !/usr/local/bin/gen-git-env

or

[include]
    cmd = /usr/local/bin/gen-git-env


-- Nathan

------------------------------------------------------------
Nathan Neulinger                       nneul@neulinger.org
Neulinger Consulting                   (573) 612-1412

Re: feature request - implement a "GIT_AUTHOR_EMAIL" equivalent, but processed BEFORE .gitconfig

[Jonathan Nieder]

Hi,

Nathan Neulinger wrote:

> Right now, there isn't any way to have a systemwide profile script
> that tries to determine a better default for the user name/email
> values, such as in the case of shared logins. The best I've been
> able to do for now is use the 'EMAIL' var.

I wouldn't mind having a GIT_EMAIL envvar with the semantics you mean,
but can you say more about the use case?  What's wrong with the usual
EMAIL environment variable?

[...]
> [include]
>    path = !/usr/local/bin/gen-git-env

This is scary in terms of privilege escalation attacks.  ("Admin,
could you please take a look at this repo?  When I run 'git status',
...".)

That said, smudge/clean filters may have the same problem already.

Thanks,
Jonathan

Re: feature request - implement a "GIT_AUTHOR_EMAIL" equivalent, but processed BEFORE .gitconfig

[Nathan Neulinger]

> I wouldn't mind having a GIT_EMAIL envvar with the semantics you mean,
> but can you say more about the use case?  What's wrong with the usual
> EMAIL environment variable?

EMAIL actually worked for this case for me, but there wasn't any equivalent for author name, so the commits all look 
like "sharedaccount <myuser@mydomain>".

> [...]
>> [include]
>>     path = !/usr/local/bin/gen-git-env
>
> This is scary in terms of privilege escalation attacks.  ("Admin,
> could you please take a look at this repo?  When I run 'git status',
> ...".)

Wouldn't that be pulling from ~sharedaccount/.gitconfig anyway though? (Agreed that it could be an issue if you have 
shared ssh agent, krb5 tgts, etc. - but that would exist any time you connected into a shared account.)

I would probably take the approach of not supporting that syntax in anything other than the per-user gitconfig file 
though as a safety measure - per-repo config could indeed be a problem.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       nneul@neulinger.org
Neulinger Consulting                   (573) 612-1412

Re: feature request - implement a "GIT_AUTHOR_EMAIL" equivalent, but processed BEFORE .gitconfig

[Junio C Hamano]

Nathan Neulinger <nneul@neulinger.org> writes:

>> I wouldn't mind having a GIT_EMAIL envvar with the semantics you mean,
>> but can you say more about the use case?  What's wrong with the usual
>> EMAIL environment variable?
>
> EMAIL actually worked for this case for me, but there wasn't any
> equivalent for author name, so the commits all look like
> "sharedaccount <myuser@mydomain>".

I do not want to go into the discussion on the sanity/insanity of
using such a "shared account", but I am guessing that you already
have a concrete and workable mechanism in mind to allow you to set
these environment variables such as GIT_WEAKER_AUTHOR_NAME to
individual real users who share that account, and I further guess
that that is what you use to set EMAIL.  Am I guessing right?

If so, wouldn't it be a better option to use that mechanism to set
separate $HOME (or XDG_CONFIG_HOME if you prefer) to these real
users who share the account, so that separate $HOME/.gitconfig files
can be used by them?

Re: feature request - implement a "GIT_AUTHOR_EMAIL" equivalent, but processed BEFORE .gitconfig

[Nathan Neulinger]

On 05/30/2014 02:48 PM, Junio C Hamano wrote:
> Nathan Neulinger <nneul@neulinger.org> writes:
>
>>> I wouldn't mind having a GIT_EMAIL envvar with the semantics you mean,
>>> but can you say more about the use case?  What's wrong with the usual
>>> EMAIL environment variable?
>>
>> EMAIL actually worked for this case for me, but there wasn't any
>> equivalent for author name, so the commits all look like
>> "sharedaccount <myuser@mydomain>".
>
> I do not want to go into the discussion on the sanity/insanity of
> using such a "shared account", but I am guessing that you already
> have a concrete and workable mechanism in mind to allow you to set
> these environment variables such as GIT_WEAKER_AUTHOR_NAME to
> individual real users who share that account, and I further guess
> that that is what you use to set EMAIL.  Am I guessing right?

Yes, the behavior currently is:

	If I can figure out "who", I'll set the EMAIL/attributes based on that.
	If not, it'll default to the "don't know" behavior that throws up the list

Ideally, I'd prefer the second option be:

	Force user to specify --author if a good default can't be determined

But there doesn't appear to be a way to do that.

> If so, wouldn't it be a better option to use that mechanism to set
> separate $HOME (or XDG_CONFIG_HOME if you prefer) to these real
> users who share the account, so that separate $HOME/.gitconfig files
> can be used by them?

Not really, since there are lots of servers, and lots of application/service accounts. Where filesystem acl'ing can be 
used reasonably, it is, making this moot, but it still boils down to example case of "I have a team of X people 
maintaining Y different applications, each on their own dedicated account". I'd just like a good mechanism to set 
defaults based on information other than what is in the home dir on the occasions that users log in directly to the app 
account, as opposed to doing updates offline on their own systems/to central repo/etc.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       nneul@neulinger.org
Neulinger Consulting                   (573) 612-1412

Re: feature request - implement a "GIT_AUTHOR_EMAIL" equivalent, but processed BEFORE .gitconfig

[Jeff King]

On Fri, May 30, 2014 at 02:58:47PM -0500, Nathan Neulinger wrote:

> Yes, the behavior currently is:
> 
> 	If I can figure out "who", I'll set the EMAIL/attributes based on that.
> 	If not, it'll default to the "don't know" behavior that throws up the list
> 
> Ideally, I'd prefer the second option be:
> 
> 	Force user to specify --author if a good default can't be determined
> 
> But there doesn't appear to be a way to do that.

Yeah, I don't think there is a blessed way to tell git "I am explicitly
_not_ giving you an identity". You can set user.email to "bogus.(none)"
which git will think "oh, I tried to get the FQDN, but failed". However,
that is not a documented interface, and I would not be surprised if it
changes in the future.

The instructions you get:

	*** Please tell me who you are.
	
	Run
	
	  git config --global user.email "you@example.com"
	  git config --global user.name "Your Name"
	
	to set your account's default identity.
	Omit --global to set the identity only in this repository.
	

are probably not helpful either (you do not want the user to run "git
config", as that would interfere with the other shared users).

> >If so, wouldn't it be a better option to use that mechanism to set
> >separate $HOME (or XDG_CONFIG_HOME if you prefer) to these real
> >users who share the account, so that separate $HOME/.gitconfig files
> >can be used by them?
> 
> Not really, since there are lots of servers, and lots of application/service
> accounts. Where filesystem acl'ing can be used reasonably, it is, making
> this moot, but it still boils down to example case of "I have a team of X
> people maintaining Y different applications, each on their own dedicated
> account". I'd just like a good mechanism to set defaults based on
> information other than what is in the home dir on the occasions that users
> log in directly to the app account, as opposed to doing updates offline on
> their own systems/to central repo/etc.

But I think anything you could set up in the environment could be set up
in an on-the-fly $HOME. For example, instead of:

  GIT_WEAK_AUTHOR_NAME=$name
  GIT_WEAK_AUTHOR_EMAIL=$email

do:

  HOME=$(mktemp -d gitenv.XXXXXX")
  trap 'rm -rf "$HOME"' 0
  git config --global user.name "$name"
  git config --global user.email "$email"

You'd want to link in anything else you actually _want_ in $HOME, but
that also gives an opportunity to set up application-specific options
based on the user (e.g., if you could pull their .vimrc from some shared
storage or something).

-Peff

Re: feature request - implement a "GIT_AUTHOR_EMAIL" equivalent, but processed BEFORE .gitconfig

[Junio C Hamano]

Jeff King <peff@peff.net> writes:

> On Fri, May 30, 2014 at 02:58:47PM -0500, Nathan Neulinger wrote:
>
>> Not really, since there are lots of servers,...
>
> But I think anything you could set up in the environment could be set up
> in an on-the-fly $HOME. For example, instead of:
>
>   GIT_WEAK_AUTHOR_NAME=$name
>   GIT_WEAK_AUTHOR_EMAIL=$email
>
> do:
>
>   HOME=$(mktemp -d gitenv.XXXXXX")
>   trap 'rm -rf "$HOME"' 0
>   git config --global user.name "$name"
>   git config --global user.email "$email"
>
> You'd want to link in anything else you actually _want_ in $HOME, but
> that also gives an opportunity to set up application-specific options
> based on the user (e.g., if you could pull their .vimrc from some shared
> storage or something).

Yes.  I agree that "Not really, ..." was not very convincing to me.

Another thing that might be useful in general (i.e. I am not
particularly trying to help the "shared" configuration on the topic
of this thread) is to allow environment variable substitution in
expand_user_path().

Nathan's installation can set a "GIT_MYSELF" and then have something
like this in the shared $HOME/.gitconfig

	[include]
        	path = /usr/local/users/$GIT_MYSELF/ident

we could even make the whole thing fail when GIT_MYSELF is not set
but I haven't thought things through ;-)

Re: feature request - implement a "GIT_AUTHOR_EMAIL" equivalent, but processed BEFORE .gitconfig

[Jeff King]

On Fri, May 30, 2014 at 02:35:37PM -0700, Junio C Hamano wrote:

> Nathan's installation can set a "GIT_MYSELF" and then have something
> like this in the shared $HOME/.gitconfig
> 
> 	[include]
>         	path = /usr/local/users/$GIT_MYSELF/ident
> 
> we could even make the whole thing fail when GIT_MYSELF is not set
> but I haven't thought things through ;-)

Yeah, that is something I considered[1] when writing the initial
include.path implementation. Something like:

  [include]
	path = .gitconfig-$HOSTNAME

could be potentially useful. But I punted at the time to wait for
somebody to actually ask for it. If somebody wanted to implement it, I
don't see a reason to avoid it.

-Peff

[1] http://article.gmane.org/gmane.comp.version-control.git/190196