Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow GIT_ASKPASS as a pass through env var #2564

Merged
merged 1 commit into from
Oct 27, 2022
Merged

Conversation

mattp-
Copy link
Contributor

@mattp- mattp- commented Oct 27, 2022

documented via man gitcredentials, it is used to provide a script/input for git to fetch creds in a no-tty usecase. used among other things by jenkins to pass credentials down to git for authentication.

https://github.com/jenkinsci/git-plugin/blob/1e3488a730a169778ba0863dd4edbb1dc29154a1/README.adoc#git-bindings https://github.com/jenkinsci/git-plugin/blob/9429e7d05df3dbb4060ac6ab4da6538bb0eb50ba/src/main/java/jenkins/plugins/git/GitUsernamePasswordBinding.java#L130

@@ -43,6 +43,7 @@ def no_git_env(_env: Mapping[str, str] | None = None) -> dict[str, str]:
'GIT_SSL_NO_VERIFY', 'GIT_CONFIG_COUNT',
'GIT_HTTP_PROXY_AUTHMETHOD',
'GIT_ALLOW_PROTOCOL',
'SSH_ASKPASS', 'GIT_ASKPASS', 'GIT_USERNAME', 'GIT_PASSWORD',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • SSH_ASKPASS doesn't start with GIT_ so it's not relevant
  • GIT_USERNAME isn't a variable supported by git
  • GIT_PASSWORD isn't a variable supported by git

Copy link
Contributor Author

@mattp- mattp- Oct 27, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops, good point; removed ssh_askpass. although git_username/git_password isn't directly, it is the default used by jenkins git plugin; so there is no way to provide creds down to git from jenkins as a caller without it. is there any harm in adding it ? I don't think you can use jenkins credential store to execute precommit otherwise.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jenkins shouldn't be setting environment variables in other tools' namespaces -- I'm fine adding GIT_ASKPASS but not the other ones

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fair enough; removed in latest force push. commit is just GIT_ASKPASS now

documented via man gitcredentials,  it is used to provide a script/input
for git to fetch creds in a no-tty usecase.
used among other things by jenkins to pass credentials down to git for
authentication.

https://github.com/jenkinsci/git-plugin/blob/1e3488a730a169778ba0863dd4edbb1dc29154a1/README.adoc#git-bindings
https://github.com/jenkinsci/git-plugin/blob/9429e7d05df3dbb4060ac6ab4da6538bb0eb50ba/src/main/java/jenkins/plugins/git/GitUsernamePasswordBinding.java#L130
@mattp- mattp- changed the title add some allowed GIT_ env vars allow GIT_ASKPASS as a pass through env var Oct 27, 2022
Copy link
Member

@asottile asottile left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@asottile asottile merged commit 5c9e844 into pre-commit:main Oct 27, 2022
@mattp-
Copy link
Contributor Author

mattp- commented Oct 27, 2022

in case anyone ever stumbles onto this from google, i was mistaken on GIT_USERNAME/GIT_PASSWORD, those aren't actually passed down by that plugin as env vars at all; just me failing to read java code properly. thanks for the merge 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants