diff options
author | Martin F. Krafft <madduck@madduck.net> | 2019-08-14 10:26:55 +1200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-11-28 12:18:25 +0100 |
commit | 88936b11aff49e48f79842e4628c55620e0ad736 (patch) | |
tree | 02fb1e2df84004caf5c2fd10d1dc4d360ed569c1 /contrib/importers/gorilla2pass.rb | |
parent | b830119762416fa8706e479e9b01f2453d6f6ad6 (diff) | |
download | pass-88936b11aff49e48f79842e4628c55620e0ad736.tar.gz pass-88936b11aff49e48f79842e4628c55620e0ad736.tar.bz2 pass-88936b11aff49e48f79842e4628c55620e0ad736.zip |
Unset variables messing with Git use
This patch makes sure that variables from the environment cannot
override e.g. the Git directory to operate on, as well as other critical
parts of Git operations. These variables are:
- GIT_DIR
- GIT_WORK_TREE
- GIT_NAMESPACE
- GIT_INDEX_FILE
- GIT_INDEX_VERSION
- GIT_OBJECT_DIRECTORY
- GIT_COMMON_DIR
If any of those are set, pass might end up operating on another
repository, and things would break.
I caught this having GIT_DIR set, but fortunately the other repository
had a .gitignore that would have ignored the file:
```
fishbowl~% echo $GIT_DIR
/home/madduck/.config/vcsh/repo.d/zsh.git
fishbowl~% pass generate test
The following paths are ignored by one of your .gitignore files:
.password-store/test.gpg
Use -f if you really want to add them.
The generated password for test is:
…
```
The result was an orphan file `test.gpg` in the password-store root.
Signed-off-by: Martin F. Krafft <madduck@madduck.net>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions