[PATCH v2 0/5] Apply comments of D. Ben Knoble

[Michael Lohmann <git@lohmann.sh>]

Thanks!

Michael Lohmann (5):
  setup: rename `ensure_safe_repository()` for clarity
  setup: rename `die_upon_assumed_unsafe_repo()` to align with check
  setup: refactor `ensure_safe_repository()` testing priorities
  setup: allow temporary bypass of `ensure_safe_repository()` checks
  setup: allow not marking self owned repos as safe in
    `ensure_safe_repository()`

 Documentation/config/safe.adoc    |  9 ++++
 Documentation/git.adoc            | 25 +++++++++++
 builtin/clone.c                   |  2 +-
 environment.h                     |  2 +
 git.c                             |  9 ++++
 path.c                            |  4 +-
 setup.c                           | 45 ++++++++++++++------
 setup.h                           |  2 +-
 t/meson.build                     |  1 +
 t/t0036-allow-unsafe-directory.sh | 70 +++++++++++++++++++++++++++++++
 10 files changed, 153 insertions(+), 16 deletions(-)
 create mode 100755 t/t0036-allow-unsafe-directory.sh

Range-diff against v1:
1:  3f8805eb96 = 1:  3f8805eb96 setup: rename `ensure_safe_repository()` for clarity
2:  aa09159dec = 2:  aa09159dec setup: rename `die_upon_assumed_unsafe_repo()` to align with check
3:  ad4f64fdb8 = 3:  ad4f64fdb8 setup: refactor `ensure_safe_repository()` testing priorities
4:  db31fdef4e = 4:  db31fdef4e setup: allow temporary bypass of `ensure_safe_repository()` checks
5:  f65fd1c4fa ! 5:  6f710af1da setup: allow not marking self owned repos as safe in `ensure_safe_repository()`
    @@ Documentation/config/safe.adoc: which id the original user has.
     +safe.assumeUnsafe::
     +	Boolean to indicate that the ownership of a repository should not
     +	be taken into account when checking if the repository is safe. It
    -+	will prevent against accidental arbitrariy code execution
    ++	will prevent against accidental arbitrary code execution.
     ++
     +To temporarily allow git execution in case of an assumed unsafe repository,
     +run the command with `--allow-unsafe`. To permanently trust this path, add
    @@ Documentation/git.adoc: If you just want to run git as if it was started in `<pa
     +	Prevent arbitrary code execution by hooks or configuration if not
     +	executed in a "safe.directory". With setting this, filesystem ownership
     +	of the repository in question no longer satisfies to mark it as safe.
    -+	Equivalent to setting `GIT_ASSUME_UNSAFE=1`. This is overwritten if
    ++	Equivalent to setting `GIT_ASSUME_UNSAFE=1`. This is overridden if
     +	`--allow-unsafe` is passed as well.
     +
      GIT COMMANDS
    @@ Documentation/git.adoc: Git so take care if using a foreign front-end.
     +`GIT_ASSUME_UNSAFE`::
     +	This Boolean environment variable can be set to true enforce
     +	explicit "safe.directory" configuration for the repository. This
    -+	can be overwritten by setting `GIT_ALLOW_UNSAFE`.
    ++	can be overridden by setting `GIT_ALLOW_UNSAFE`.
     +
      `GIT_INDEX_FILE`::
      	This environment variable specifies an alternate
    @@ t/t0036-allow-unsafe-directory.sh: test_expect_success 'GIT_ALLOW_UNSAFE bool al
     +	grep "dubious ownership" err
     +'
     +
    -+test_expect_success 'allow-unsafe must overwrite assume-unsafe' '
    ++test_expect_success 'allow-unsafe must override assume-unsafe' '
     +	env GIT_ASSUME_UNSAFE=1 git --allow-unsafe status
     +'
     +
-- 
2.50.1 (Apple Git-155)