Make the .git/safe directory in bin/setup #282

Merged
merged 1 commit into from Feb 19, 2014

Conversation

Projects
None yet
3 participants
Owner

croaky commented Feb 14, 2014

Our expected way of managing Rubies is with rbenv:

https://github.com/thoughtbot/laptop/blob/master/common-components/ruby-environment

We load rbenv and add .git/safe/../../bin:$PATH to our $PATH in:

https://github.com/thoughtbot/dotfiles/blob/master/zshrc

Loading rbenv in zshrc is recommended by the rbenv docs:

https://github.com/sstephenson/rbenv#basic-github-checkout

Assuming the binstubs for a project are in the local bin/ directory, we go a
step further to add the directory to shell $PATH so that rspec can be invoked
without the bin/ prefix:

export PATH="./bin:$PATH"

Doing so on a system that other people have write access to (such as a shared
host) is a security risk:

sstephenson/rbenv#309

The .git/safe convention addresses the security problem:

https://twitter.com/tpope/status/165631968996900865

This zsh fix may be necessary for OS users in order to fix a bug:

https://github.com/thoughtbot/laptop/blob/master/mac-components/zsh-fix

Owner

joshuaclayton commented Feb 19, 2014

👍

@croaky croaky Make the .git/safe directory in bin/setup
Our expected way of managing Rubies is with rbenv:

https://github.com/thoughtbot/laptop/blob/master/common-components/ruby-environment

We load rbenv and add `.git/safe/../../bin:$PATH` to our $PATH in:

https://github.com/thoughtbot/dotfiles/blob/master/zshrc

Loading rbenv in `zshrc` is recommended by the rbenv docs:

https://github.com/sstephenson/rbenv#basic-github-checkout

Assuming the binstubs for a project are in the local bin/ directory, we
go a step further to add the directory to shell $PATH so that rspec can
be invoked without the bin/ prefix:

    export PATH="./bin:$PATH"

Doing so on a system that other people have write access to (such as a
shared host) is a security risk:

rbenv/rbenv#309

The `.git/safe` convention addresses the security problem:

https://twitter.com/tpope/status/165631968996900865

This zsh fix may be necessary for OS users in order to fix a bug:

https://github.com/thoughtbot/laptop/blob/master/mac-components/zsh-fix
2ec7108

@croaky croaky merged commit 2ec7108 into master Feb 19, 2014

croaky deleted the dc-git-safe branch Feb 19, 2014

@faun faun added a commit to faun/dotfiles that referenced this pull request Nov 4, 2014

@faun faun Add safe binstubs to PATH 33d01f5

This doesn't address the problem of other users having write access to your files. They can still create executables that will end up in your PATH. What this does solve is repositories you don't trust putting executables in your PATH by simply having a bin directory. The .git/safe convention forces you to "whitelist" repositories by creating the .git/safe directory (which cannot be created simply by cloning a repository).

@TheLonelyGhost TheLonelyGhost added a commit to TheLonelyGhost/dotphiles that referenced this pull request Apr 30, 2015

@TheLonelyGhost TheLonelyGhost Adds ./bin/ (relative to PWD) to $PATH
See thoughtbot/suspenders#282 for more details
bcf164e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment