From: Junio C Hamano <gitster@pobox.com>
To: Michael Lohmann <git@lohmann.sh>
Cc: git@vger.kernel.org
Subject: Re: [PATCH v3 5/5] setup: allow not marking self owned repos as safe in `ensure_safe_repository()`
Date: Thu, 16 Oct 2025 12:33:57 -0700 [thread overview]
Message-ID: <xmqqo6q63al6.fsf@gitster.g> (raw)
In-Reply-To: <20251016053322.44495-6-git@lohmann.sh> (Michael Lohmann's message of "Thu, 16 Oct 2025 07:33:22 +0200")
Michael Lohmann <git@lohmann.sh> writes:
> +safe.assumeUnsafe::
> +--assume-unsafe::
> +`GIT_ASSUME_UNSAFE`::
I haven't thought things through thoroughly yet, but this probably
is a good thing to have. I cannot say the same to [4/5], though.
> @@ -1330,6 +1336,9 @@ static int ensure_safe_repository(const char *gitfile,
> if (data.is_safe)
> return 1;
>
> + if (git_env_bool("GIT_ASSUME_UNSAFE", 0))
> + return 0;
> +
> if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
> (!gitfile || is_path_owned_by_current_user(gitfile, report)) &&
> (!worktree || is_path_owned_by_current_user(worktree, report)) &&
I think you didn't have to do anything in [3/5] for this, though.
It is sufficient to pretend as if GIT_TEST_ASSUME_DIFFERENT_OWNER is
set when GIT_ASSUME_UNSAFE (and its config/option equivalents) is
set, no? IOW, wouldn't it be equivalent to your series, if you
dropped [3/5] and replace this hunk with the following?
setup.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git i/setup.c w/setup.c
index 7086741e6c..e3c81a6fae 100644
--- i/setup.c
+++ w/setup.c
@@ -1307,7 +1307,8 @@ static int ensure_valid_ownership(const char *gitfile,
{
struct safe_directory_data data = { 0 };
- if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
+ if (!git_env_bool("GIT_ASSUME_UNSAFE", 0) &&
+ !git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
(!gitfile || is_path_owned_by_current_user(gitfile, report)) &&
(!worktree || is_path_owned_by_current_user(worktree, report)) &&
(!gitdir || is_path_owned_by_current_user(gitdir, report)))
next prev parent reply other threads:[~2025-10-16 19:33 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-13 9:41 [PATCH 0/5] Allow enforcing safe.directory Michael Lohmann
2025-10-13 9:41 ` [PATCH 1/5] setup: rename `ensure_safe_repository()` for clarity Michael Lohmann
2025-10-13 9:41 ` [PATCH 2/5] setup: rename `die_upon_assumed_unsafe_repo()` to align with check Michael Lohmann
2025-10-14 20:16 ` Junio C Hamano
2025-10-13 9:41 ` [PATCH 3/5] setup: refactor `ensure_safe_repository()` testing priorities Michael Lohmann
2025-10-14 20:32 ` Junio C Hamano
2025-10-13 9:41 ` [PATCH 4/5] setup: allow temporary bypass of `ensure_safe_repository()` checks Michael Lohmann
2025-10-13 9:41 ` [PATCH 5/5] setup: allow not marking self owned repos as safe in `ensure_safe_repository()` Michael Lohmann
2025-10-13 11:59 ` D. Ben Knoble
2025-10-13 21:46 ` [PATCH v2 0/5] Apply comments of D. Ben Knoble Michael Lohmann
2025-10-13 21:46 ` [PATCH v2 1/5] setup: rename `ensure_safe_repository()` for clarity Michael Lohmann
2025-10-13 21:46 ` [PATCH v2 2/5] setup: rename `die_upon_assumed_unsafe_repo()` to align with check Michael Lohmann
2025-10-13 21:46 ` [PATCH v2 3/5] setup: refactor `ensure_safe_repository()` testing priorities Michael Lohmann
2025-10-13 21:46 ` [PATCH v2 4/5] setup: allow temporary bypass of `ensure_safe_repository()` checks Michael Lohmann
2025-10-13 21:46 ` [PATCH v2 5/5] setup: allow not marking self owned repos as safe in `ensure_safe_repository()` Michael Lohmann
2025-10-16 5:33 ` [PATCH v3 0/5] Allow skipping ownership of repo in safety consideration Michael Lohmann
2025-10-16 5:33 ` [PATCH v3 1/5] setup: rename `ensure_safe_repository()` for clarity Michael Lohmann
2025-10-16 5:33 ` [PATCH v3 2/5] setup: rename `die_upon_unsafe_repo()` to align with check Michael Lohmann
2025-10-16 5:33 ` [PATCH v3 3/5] setup: refactor `ensure_safe_repository()` testing priorities Michael Lohmann
2025-10-16 5:33 ` [PATCH v3 4/5] setup: allow temporary bypass of `ensure_safe_repository()` checks Michael Lohmann
2025-10-16 19:26 ` Junio C Hamano
2025-10-16 5:33 ` [PATCH v3 5/5] setup: allow not marking self owned repos as safe in `ensure_safe_repository()` Michael Lohmann
2025-10-16 19:33 ` Junio C Hamano [this message]
2025-10-16 19:58 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqo6q63al6.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@lohmann.sh \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).