<!DOCTYPE html>

<html><head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
<meta charset="utf-8"/>
<meta content="width=device-width, initial-scale=1.0, user-scalable=yes" name="viewport"/>
<title>HTML E-Mail</title>
</head><body class="email">
<p>Hello,</p>
<p>Wondering if there's anything I can do to further<br/>
facilitate acceptance of this patch I sent 3 months ago?</p>
<p>Thank you,<br/>
martin</p>
<p>----- Forwarded message from "martin f. krafft" <a class="email" href="mailto:madduck@madduck.net">madduck@madduck.net</a> -----</p>
<p>Date: Wed, 14 Aug 2019 10:26:55 +1200<br/>
From: "martin f. krafft" <a class="email" href="mailto:madduck@madduck.net">madduck@madduck.net</a><br/>
To: <a class="email" href="mailto:password-store@lists.zx2c4.com">password-store@lists.zx2c4.com</a><br/>
Cc: "martin f. krafft" <a class="email" href="mailto:madduck@madduck.net">madduck@madduck.net</a><br/>
Subject: [PATCH v2] Unset variables messing with Git<br/>
use<br/>
Message-Id: <a class="email" href="mailto:20190813222655.3524-1-madduck@madduck.net">20190813222655.3524-1-madduck@madduck.net</a><br/>
X-Spam: no (crm114:17.14 SA:-102.1)<br/>
X-Justme: from machine in my domain</p>
<p>This patch makes sure that variables from the environment cannot<br/>
override e.g. the Git directory to operate on, as well as other critical<br/>
parts of Git operations. These variables are:</p>
<ul>
<li>GIT_DIR<br/>
</li>
<li>GIT_WORK_TREE<br/>
</li>
<li>GIT_NAMESPACE<br/>
</li>
<li>GIT_INDEX_FILE<br/>
</li>
<li>GIT_INDEX_VERSION<br/>
</li>
<li>GIT_OBJECT_DIRECTORY<br/>
</li>
<li>GIT_COMMON_DIR</li>
</ul>
<p>If any of those are set, pass might end up operating on another<br/>
repository, and things would break.</p>
<p>I caught this having GIT_DIR set, but fortunately the other repository<br/>
had a .gitignore that would have ignored the file:</p>
<pre><code>fishbowl~% echo $GIT_DIR  
/home/madduck/.config/vcsh/repo.d/zsh.git  

fishbowl~% pass generate test  
The following paths are ignored by one of your .gitignore files:  
.password-store/test.gpg  
Use -f if you really want to add them.  
The generated password for test is:  
…</code></pre>
<p>The result was an orphan file <code>test.gpg</code> in the password-store root.</p>
<h2 id="signed-off-by-martin-f.-krafft-madduckmadduck.net">Signed-off-by: martin f. krafft <a class="email" href="mailto:madduck@madduck.net">madduck@madduck.net</a></h2>
<p>src/password-store.sh | 4 ++++<br/>
1 file changed, 4 insertions(+)</p>
<p>diff --git a/src/password-store.sh b/src/password-store.sh<br/>
index 1d119f2..ddb30f2 100755<br/>
--- a/src/password-store.sh<br/>
+++ b/src/password-store.sh<br/>
@@ -20,6 +20,10 @@ GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}"<br/>
CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:punct:][:alnum:]}"<br/>
CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}"</p>
<p>+unset GIT_DIR GIT_WORK_TREE GIT_NAMESPACE   + GIT_INDEX_FILE GIT_INDEX_VERSION   + GIT_OBJECT_DIRECTORY GIT_COMMON_DIR<br/>
+ export GIT_CEILING_DIRECTORIES="$PREFIX/.."</p>
<p>#</p>
<div class="signature" style="color: #999; font-family: monospace; white-space: pre; margin: 1em 0 0 0; font-size: 80%"><span class="leader">-- </span><br/>@martinkrafft | https://riot.im/app/#/room/#madduck:madduck.net  <br/> <br/>"most people become bankrupt through having invested too heavily in  <br/>  the prose of life. to have ruined one's self over poetry is an  <br/>  honour."  <br/>                                                       -- oscar wilde  <br/> <br/>spamtraps: madduck.bogus@madduck.net</div>
</body></html>