This patch makes sure that variables from the environment cannot override e.g. the Git directory to operate on, as well as other critical parts of Git operations. These variables are:
- GIT_DIR - GIT_WORK_TREE - GIT_NAMESPACE - GIT_INDEX_FILE - GIT_INDEX_VERSION - GIT_OBJECT_DIRECTORY - GIT_COMMON_DIR If any of those are set, pass might end up operating on another repository, and things would break. I caught this having GIT_DIR set, but fortunately the other repository had a .gitignore that would have ignored the file: ``` fishbowl~% echo $GIT_DIR /home/madduck/.config/vcsh/repo.d/zsh.git fishbowl~% pass generate test The following paths are ignored by one of your .gitignore files: .password-store/test.gpg Use -f if you really want to add them. The generated password for test is: … ``` The result was an orphan file `test.gpg` in the password-store root. Signed-off-by: martin f. krafft <madd...@madduck.net> --- src/password-store.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/password-store.sh b/src/password-store.sh index 1d119f2..ddb30f2 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -20,6 +20,10 @@ GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}" CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:punct:][:alnum:]}" CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}" +unset GIT_DIR GIT_WORK_TREE GIT_NAMESPACE \ + GIT_INDEX_FILE GIT_INDEX_VERSION \ + GIT_OBJECT_DIRECTORY GIT_COMMON_DIR + export GIT_CEILING_DIRECTORIES="$PREFIX/.." # -- 2.23.0.rc1 _______________________________________________ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store