New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make the .git/safe directory in bin/setup #282

Merged
merged 1 commit into from Feb 19, 2014

Conversation

Projects
None yet
3 participants
@croaky
Contributor

croaky commented Feb 14, 2014

Our expected way of managing Rubies is with rbenv:

https://github.com/thoughtbot/laptop/blob/master/common-components/ruby-environment

We load rbenv and add .git/safe/../../bin:$PATH to our $PATH in:

https://github.com/thoughtbot/dotfiles/blob/master/zshrc

Loading rbenv in zshrc is recommended by the rbenv docs:

https://github.com/sstephenson/rbenv#basic-github-checkout

Assuming the binstubs for a project are in the local bin/ directory, we go a
step further to add the directory to shell $PATH so that rspec can be invoked
without the bin/ prefix:

export PATH="./bin:$PATH"

Doing so on a system that other people have write access to (such as a shared
host) is a security risk:

rbenv/rbenv#309

The .git/safe convention addresses the security problem:

https://twitter.com/tpope/status/165631968996900865

This zsh fix may be necessary for OS users in order to fix a bug:

https://github.com/thoughtbot/laptop/blob/master/mac-components/zsh-fix

@joshuaclayton

This comment has been minimized.

Member

joshuaclayton commented Feb 19, 2014

👍

Make the .git/safe directory in bin/setup
Our expected way of managing Rubies is with rbenv:

https://github.com/thoughtbot/laptop/blob/master/common-components/ruby-environment

We load rbenv and add `.git/safe/../../bin:$PATH` to our $PATH in:

https://github.com/thoughtbot/dotfiles/blob/master/zshrc

Loading rbenv in `zshrc` is recommended by the rbenv docs:

https://github.com/sstephenson/rbenv#basic-github-checkout

Assuming the binstubs for a project are in the local bin/ directory, we
go a step further to add the directory to shell $PATH so that rspec can
be invoked without the bin/ prefix:

    export PATH="./bin:$PATH"

Doing so on a system that other people have write access to (such as a
shared host) is a security risk:

rbenv/rbenv#309

The `.git/safe` convention addresses the security problem:

https://twitter.com/tpope/status/165631968996900865

This zsh fix may be necessary for OS users in order to fix a bug:

https://github.com/thoughtbot/laptop/blob/master/mac-components/zsh-fix

@croaky croaky merged commit 2ec7108 into master Feb 19, 2014

@croaky croaky deleted the dc-git-safe branch Feb 19, 2014

faun added a commit to faun/dotfiles that referenced this pull request Nov 4, 2014

@faun faun referenced this pull request Nov 4, 2014

Closed

regenerate rails binstubs #569

@michaelmior

This comment has been minimized.

michaelmior commented Dec 31, 2014

This doesn't address the problem of other users having write access to your files. They can still create executables that will end up in your PATH. What this does solve is repositories you don't trust putting executables in your PATH by simply having a bin directory. The .git/safe convention forces you to "whitelist" repositories by creating the .git/safe directory (which cannot be created simply by cloning a repository).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment