You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
a Credentials Manager (used for private repositories ... ie. GitHub forks)
a set of trusted certificate authorities
Git configuration
Implications
We can't expose git.exe from Cygwin (or MSYS2) to a Windows user. Cygwin git has its own Credentials Manager (none of the Windows credentials will work), a different set of trusted certificate authorities (rarely important, except in a managed or corporate environment), and a different Git configuration (the different core.autocrlf configuration settings are quite important for interoperability, etc.).
git is required for opam ... early in its initialization
Two suggestions given:
Ask user to install Git for Windows before installing opam
Have opam use Cygwin git for opam initialization, but after that use git from the system (ie. Git for Windows)
Git and PATH
Context
The canonical Git on Windows is:
Git for Windows
However, many Windows power users (ie. average Windows developers) use Chocolatey and Scoop to install their packages.
The real problem is that adding git.exe to the PATH is often dangerous.
Here is Git for Windows which is safe except if user said "Add Git Bash to PATH" during installation.
REM Having this in the PATH is safe!
C:>dir"C:\Program Files\Git\cmd\"
Directory: C:\Program Files\Git\cmd
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 10/7/2022 12:51 PM 136752 git-gui.exe
-a---- 10/7/2022 12:51 PM 45616 git.exe
-a---- 10/7/2022 12:51 PM 136752 gitk.exe
-a---- 10/7/2022 12:51 PM 45616 scalar.exe
-a---- 10/7/2022 12:51 PM 3022 start-ssh-agent.cmd
-a---- 10/7/2022 12:51 PM 2723 start-ssh-pageant.cmd
REM Having Git Bash in the PATH is dangerous because the bash.exe will conflict (sometimes silently) with Cygwin bash!
C:>dir"C:\Program Files\Git\bin"
Directory: C:\Program Files\Git\bin
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 10/7/2022 12:51 PM 46128 bash.exe
-a---- 10/7/2022 12:51 PM 45616 git.exe
-a---- 10/7/2022 12:51 PM 46128 sh.exe
Implications
It is very easy for a Windows installation to have executables that are bad for opam to be in the same directory as git.exe. Hence adding dirname git to the PATH is often dangerous
Git for Windows is safe but only if the default options are used
The "Deciding Which Git To Use" needs to be in opam 2.2.0.
The "Git and PATH" can be punted as long as there are cautions to the user to only use opam 2.2.0 with a "happy" setup (Git for Windows with default options; definitely no Chocolatey or Scoop).
(Follow-up issue from opam-dev conversation)
Deciding Which Git To Use
Context
Git has:
Implications
git.exe
from Cygwin (or MSYS2) to a Windows user. Cygwin git has its own Credentials Manager (none of the Windows credentials will work), a different set of trusted certificate authorities (rarely important, except in a managed or corporate environment), and a different Git configuration (the differentcore.autocrlf
configuration settings are quite important for interoperability, etc.).git
is required for opam ... early in its initializationTwo suggestions given:
git
for opam initialization, but after that usegit
from the system (ie. Git for Windows)Git and PATH
Context
The canonical Git on Windows is:
However, many Windows power users (ie. average Windows developers) use Chocolatey and Scoop to install their packages.
The real problem is that adding
git.exe
to the PATH is often dangerous.Here is Git for Windows which is safe except if user said "Add Git Bash to PATH" during installation.
Implications
git.exe
. Hence addingdirname git
to the PATH is often dangerousgit.exe
to be in the same directory as hundreds of other executables, includingbash.exe
. Here is one issue: Scoop bash.exe (etc.) conflicts with v1.2.0-prerel7 Installer diskuv/dkml-installer-ocaml#34Suggestion:
The text was updated successfully, but these errors were encountered: