[PATCH 0/1] support GIT_IGNORE_INSECURE_OWNER environment variable

[PATCH 0/1] support GIT_IGNORE_INSECURE_OWNER environment variable

[Florian Schmaus]

I could imagine that the safe-directory check was deliberately not
made controllable via an environment variable. However, git versions
with the safe-directory check gained adoption and we can now see that
there is some fallout caused by the check.

A prominent example is that git-daemon cannot export repos when
running under nobody (see https://bugs.gentoo.org/932091). Since the
'nobody' user typically has no home directory, the suggested fix

        git config --global --add safe.directory xxx.git

does not work. Likewise, adding it to /etc/gitconfig is also not
ideal, as it applies to every user.

In Gentoo, the safe-directory check can be completely disabled via a
USE-flag (i.e., Gentoo's mechanism for compile-time package
customization). However, I recently suggested to Gentoo's git-package
maintainers the following patch, introducing the
GIT_IGNORE_INSECURE_OWNER environment variable, as an alternative.

Being able to disable the safe directory check via an environment
variable allows for more flexibility, solves the issue described
above, and does *not* statically and globally disable the
safe-directory check. This was received with a positive response and
the patch will likely be applied by Gentoo.

But downstream patchery is always the second-best option. Therefore,
I hereby propose the patch to upstream.

Florian Schmaus (1):
  setup: support GIT_IGNORE_INSECURE_OWNER environment variable

 setup.c | 8 ++++++++
 1 file changed, 8 insertions(+)

-- 
2.44.2

[PATCH 0/1] support GIT_IGNORE_INSECURE_OWNER environment variable

[Florian Schmaus]

I could imagine that the safe-directory check was deliberately not
made controllable via an environment variable. However, git versions
with the safe-directory check gained adoption and we can now see that
there is some fallout caused by the check.

A prominent example is that git-daemon cannot export repos when
running under nobody (see https://bugs.gentoo.org/932091). Since the
'nobody' user typically has no home directory, the suggested fix

        git config --global --add safe.directory xxx.git

does not work. Likewise, adding it to /etc/gitconfig is also not
ideal, as it applies to every user.

In Gentoo, the safe-directory check can be completely disabled via a
USE-flag (i.e., Gentoo's mechanism for compile-time package
customization). However, I recently suggested to Gentoo's git-package
maintainers the following patch, introducing the
GIT_IGNORE_INSECURE_OWNER environment variable, as an alternative.

Being able to disable the safe directory check via an environment
variable allows for more flexibility, solves the issue described
above, and does *not* statically and globally disable the
safe-directory check. This was received with a positive response and
the patch will likely be applied by Gentoo.

But downstream patchery is always the second-best option. Therefore,
I hereby propose the patch to upstream.

Florian Schmaus (1):
  setup: support GIT_IGNORE_INSECURE_OWNER environment variable

 setup.c | 8 ++++++++
 1 file changed, 8 insertions(+)

-- 
2.44.2