From dbe80f928c762db21bb19d6969a804d437978741 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Fri, 1 May 2020 03:33:05 -0400 Subject: [PATCH 1/2] gitcredentials(7): clarify quoting of helper examples We give several helper config examples, but don't make clear that these are raw values. It's up to the user to add the appropriate quoting to put them into a config file (either by running with "git config" and quoting against the shell, or by adding double-quotes as appropriate within the git-config file). Let's flesh them out as full config blocks, which makes the syntax more clear (and makes it possible for people to just cut-and-paste them as a starting point). I added double-quotes to any values larger than a single word. That isn't strictly necessary in all cases, but it sidesteps explaining the rules about exactly when you need to quote a value. The existing quotes can be converted to single-quotes in one instance, and backslash-esccaped in the other. I also swapped out backticks for our preferred $(). Reported-by: douglas.fuller@gmail.com Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- Documentation/gitcredentials.txt | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt index 1814d2d23c..8127dfcd2f 100644 --- a/Documentation/gitcredentials.txt +++ b/Documentation/gitcredentials.txt @@ -216,20 +216,25 @@ Here are some example specifications: ---------------------------------------------------- # run "git credential-foo" -foo +[credential] + helper = foo # same as above, but pass an argument to the helper -foo --bar=baz +[credential] + helper = "foo --bar=baz" # the arguments are parsed by the shell, so use shell # quoting if necessary -foo --bar="whitespace arg" +[credential] + helper = "foo --bar='whitespace arg'" # you can also use an absolute path, which will not use the git wrapper -/path/to/my/helper --with-arguments +[credential] + helper = "/path/to/my/helper --with-arguments" # or you can specify your own shell snippet -!f() { echo "password=`cat $HOME/.secret`"; }; f +[credential] + helper = "!f() { echo \"password=$(cat $HOME/.secret)\"; }; f" ---------------------------------------------------- Generally speaking, rule (3) above is the simplest for users to specify. From 177681a07ea1c486b41db666b67c2fabd3c5a1d8 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Fri, 1 May 2020 03:33:11 -0400 Subject: [PATCH 2/2] gitcredentials(7): make shell-snippet example more realistic There's an example of using your own bit of shell to act as a credential helper, but it's not very realistic: - It's stupid to hand out your secret password to _every_ host. In the real world you'd use the config-matcher to limit it to a particular host. - We never provided a username. We can easily do that in another config option (you can do it in the helper, too, but this is much more readable). - We were sending the secret even for store/erase operations. This is OK because Git would just ignore it, but a real system would probably be unlocking a password store, which you wouldn't want to do more than necessary. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- Documentation/gitcredentials.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt index 8127dfcd2f..0d0f7149bd 100644 --- a/Documentation/gitcredentials.txt +++ b/Documentation/gitcredentials.txt @@ -233,8 +233,9 @@ Here are some example specifications: helper = "/path/to/my/helper --with-arguments" # or you can specify your own shell snippet -[credential] - helper = "!f() { echo \"password=$(cat $HOME/.secret)\"; }; f" +[credential "https://example.com"] + username = your_user + helper = "!f() { test \"$1\" = get && echo \"password=$(cat $HOME/.secret)\"; }; f" ---------------------------------------------------- Generally speaking, rule (3) above is the simplest for users to specify.