On Wed, Jun 26, 2024 at 09:06:10PM +0200, Florian Schmaus wrote:

quoted

True.  As long as it is deemed safe to honor the one-off "git -c
safe.directory=..." from the command line, for the purpose of this
"I who am running this 'git' process hereby declare that I trust
this and that repository", I think it would be the best solution
for the "git daemon" use case.

How does one pass "-c safe.directory=…" to git-http-backend?

I currently have an Apache config snippet like

SetEnv GIT_PROJECT_ROOT /var/www/example.org/htdocs/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/

<Files "git-http-backend">
  Require all granted
  AcceptPathInfo On
</Files>

to serve git repositories.

Granted, the apache user has a home directory, so I am probably able to set
save.directory via ~/.gitconfig.

However, the point here is that git is often invoked indirectly, with no
control over the command line arguments that are passed to it. On the other
hand, one has usually control over the environment variables.

I agree that "-c safe.directory=…" is preferable to
GIT_IGNORE_INSECURE_OWNER. However, sometimes using "-c safe.directory=…" is
cumbersome and maybe even impossible.

One alternative to GIT_IGNORE_INSECURE_OWNER would be a generic
GIT_EXTRA_ARGS environment variable. So one could set

GIT_EXTRA_ARGS="-c safe.directory=…"

Not saying that I like the idea, just pointing out this option.

You can do:

  GIT_CONFIG_COUNT=1
  GIT_CONFIG_KEY_0=safe.directory
  GIT_CONFIG_VALUE_0="*"

It is a bit verbose, but it's a documented interface in git-config(1).

Under the hood "git -c" uses a different, older mechanism, but we've not
documented it nor promised that it will remain stable.

-Peff