cmd/go/internal/modfetch/codehost: explicitly specify GIT_DIR

When Git has safe.bareRepository=explicit set, operations on bare Git repositories will fail unless --git-dir or GIT_DIR is set. The rest of the time, specifying the gitdir makes repository discovery at the beginning of a Git command ever-so-slightly faster. So, there is no downside to ensuring that users with this stricter security config set can still use 'go mod' commands easily. See https://lore.kernel.org/git/pull.1261.v8.git.git.1657834081.gitgitgadget@gmail.com/ for a more detailed description of security concerns around embedded bare repositories without an explicitly specified GIT_DIR. Change-Id: I01c1d97a79fdab12c2b5532caf84eb7760f96b18 Reviewed-on: https://go-review.googlesource.com/c/go/+/489915 Reviewed-by: Bryan Mills <bcmills@google.com> Auto-Submit: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Bryan Mills <bcmills@google.com>
golang · Jul 19, 2023 · 2148304 · 2148304
1 parent decc400
commit 2148304
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/cmd/go/internal/modfetch/codehost/codehost.go b/src/cmd/go/internal/modfetch/codehost/codehost.go
@@ -377,6 +377,8 @@ func RunWithStdin(dir string, stdin io.Reader, cmdline ...any) ([]byte, error) {
 	c.Stdin = stdin
 	c.Stderr = &stderr
 	c.Stdout = &stdout
+	// For Git commands, manually supply GIT_DIR so Git works with safe.bareRepository=explicit set. Noop for other commands.
+	c.Env = append(c.Environ(), "GIT_DIR="+dir)
 	err := c.Run()
 	if err != nil {
 		err = &RunError{Cmd: strings.Join(cmd, " ") + " in " + dir, Stderr: stderr.Bytes(), Err: err}