Skip to content


Merge pull request #3791: Various fixes around
Browse files Browse the repository at this point in the history
The first three commits are rebased versions of those in gitgitgadget#1215. These allow the following:

1. Fix `git config --global <path>` from allowing the `<path>`. As a bonus, users with a config value starting with `/` will not get a warning about "old-style" paths needing a "`%(prefix)/`".

2. When in WSL, the path starts with `/` so it needs to be interpolated properly. Update the warning to include `%(prefix)/` to get the right value for WSL users. (This is specifically for using Git for Windows from Git Bash, but in a WSL directory.)

3. When using WSL, the ownership check fails and reports an error message. This is noisy, and happens even if the user has marked the path with ``. Remove that error message.
  • Loading branch information
derrickstolee authored and vdye committed Apr 18, 2022
2 parents e5184a0 + 0ba14f3 commit fbe1df4
Show file tree
Hide file tree
Showing 4 changed files with 75 additions and 7 deletions.
7 changes: 7 additions & 0 deletions Documentation/config/safe.txt
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,10 @@ Unix' simpler permission model, it can be a bit tricky to figure out why
a directory is considered unsafe. To help with this, Git will provide
more detailed information when the environment variable
To completely opt-out of this security check, set `` to the
string `*`. This will allow all repositories to be treated as if their
directory was listed in the `` list. If `*`
is set in system config and you want to re-enable this protection, then
initialize your list with an empty value before listing the repositories
that you deem safe.
4 changes: 1 addition & 3 deletions compat/mingw.c
Original file line number Diff line number Diff line change
Expand Up @@ -3509,9 +3509,7 @@ int is_path_owned_by_current_sid(const char *path)
&sid, NULL, NULL, NULL, &descriptor);

if (err != ERROR_SUCCESS)
error(_("failed to get owner for '%s' (%ld)"), path, err);
else if (sid && IsValidSid(sid)) {
if (err == ERROR_SUCCESS && sid && IsValidSid(sid)) {
/* Now, verify that the SID matches the current user's */
static PSID current_user_sid;
BOOL is_member;
Expand Down
22 changes: 18 additions & 4 deletions setup.c
Original file line number Diff line number Diff line change
Expand Up @@ -1100,9 +1100,14 @@ static int safe_directory_cb(const char *key, const char *value, void *d)
struct safe_directory_data *data = d;

if (!value || !*value)
if (strcmp(key, ""))
return 0;

if (!value || !*value) {
data->is_safe = 0;
else {
} else if (!strcmp(value, "*")) {
data->is_safe = 1;
} else {
const char *interpolated = NULL;

if (!git_config_pathname(&interpolated, key, value) &&
Expand All @@ -1119,7 +1124,8 @@ static int ensure_valid_ownership(const char *path)
struct safe_directory_data data = { .path = path };

if (is_path_owned_by_current_user(path))
if (is_path_owned_by_current_user(path) &&
return 1;

read_very_early_config(safe_directory_cb, &data);
Expand Down Expand Up @@ -1368,9 +1374,17 @@ const char *setup_git_directory_gently(int *nongit_ok)
if (!nongit_ok) {
struct strbuf prequoted = STRBUF_INIT;
struct strbuf quoted = STRBUF_INIT;

sq_quote_buf_pretty(&quoted, dir.buf);
#ifdef __MINGW32__
if (dir.buf[0] == '/')
strbuf_addstr(&prequoted, "%(prefix)/");

strbuf_add(&prequoted, dir.buf, dir.len);
sq_quote_buf_pretty(&quoted, prequoted.buf);

die(_("unsafe repository ('%s' is owned by someone else)\n"
"To add an exception for this directory, call:\n"
Expand Down
49 changes: 49 additions & 0 deletions t/
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@

test_description='verify checks'

. ./


expect_rejected_dir () {
test_must_fail git status 2>err &&
grep "" err

test_expect_success ' is not set' '

test_expect_success ' does not match' '
git config --global bogus &&

test_expect_success 'path exist as different key' '
git config --global "$(pwd)" &&

test_expect_success ' matches' '
git config --global --add "$(pwd)" &&
git status

test_expect_success ' matches, but is reset' '
git config --global --add "" &&

test_expect_success '*' '
git config --global --add "*" &&
git status

test_expect_success '*, but is reset' '
git config --global --add "" &&


0 comments on commit fbe1df4

Please sign in to comment.