Skip to content

signing with login shell #5910

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 10, 2025
Merged

signing with login shell #5910

merged 4 commits into from
Jan 10, 2025

Conversation

Byron
Copy link
Collaborator

@Byron Byron commented Jan 9, 2025
edited
Loading

Use a login shell for spawning the programs to sign a buffer.

Related to #5839 and #5022.

Tasks

  • cleanup
  • use shell for any invocation
  • use login shell
  • additional fix: use gix for all Git configuration

Notes for the Reviewer

  • I did some testing regarding signing, and the UI picking up signing related configuration, but that probably didn't run all the codepaths that changed.
  • Fetching git configuration (one key at a time like the UI does) is now about 25% to 40% slower, at ~120microseconds. Still within the range I think.

Research

Environment variables in a release application

Launching a release application on MacOS (through the finder) yields the following environment variables.

  (
        "TMPDIR",
        "/var/folders/x7/jgy95vjs3v3ffszwn0wg0gz80000gn/T/",
    ),
    (
        "__CFBundleIdentifier",
        "com.apple.Terminal",
    ),
    (
        "XPC_FLAGS",
        "0x0",
    ),
    (
        "TERM",
        "xterm-256color",
    ),
    (
        "SSH_AUTH_SOCK",
        "/Users/byron/.gnupg/S.gpg-agent.ssh",
    ),
    (
        "XPC_SERVICE_NAME",
        "0",
    ),
    (
        "TERM_PROGRAM",
        "Apple_Terminal",
    ),
    (
        "TERM_PROGRAM_VERSION",
        "455",
    ),
    (
        "TERM_SESSION_ID",
        "<redacted>",
    ),
    (
        "SHELL",
        "/bin/zsh",
    ),
    (
        "HOME",
        "/Users/byron",
    ),
    (
        "LOGNAME",
        "byron",
    ),
    (
        "USER",
        "byron",
    ),
    (
        "PATH",
        "<redacted, but looks complete>",
    ),
    (
        "SHLVL",
        "1",
    ),
    (
        "PWD",
        "/Users/byron",
    ),
    (
        "OLDPWD",
        "/Users/byron",
    ),
    (
        "ZSH",
        "/Users/byron/.oh-my-zsh",
    ),
    (
        "PAGER",
        "less",
    ),
    (
        "LESS",
        "-R",
    ),
    (
        "LSCOLORS",
        "Gxfxcxdxbxegedabagacad",
    ),
    (
        "LS_COLORS",
        "di=1;36:ln=35:so=32:pi=33:ex=31:bd=34;46:cd=34;43:su=30;41:sg=30;46:tw=30;42:ow=30;43",
    ),
    (
        "HOMEBREW_PREFIX",
        "/opt/homebrew",
    ),
    (
        "HOMEBREW_CELLAR",
        "/opt/homebrew/Cellar",
    ),
    (
        "HOMEBREW_REPOSITORY",
        "/opt/homebrew",
    ),
    (
        "INFOPATH",
        "/opt/homebrew/share/info:/opt/homebrew/share/info:",
    ),
    (
        "GPG_TTY",
        "/dev/ttys005",
    ),
    (
        "EDITOR",
        "hx",
    ),
    (
        "BAT_THEME",
        "TwoDark",
    ),
    (
        "STARSHIP_SHELL",
        "zsh",
    ),
    (
        "STARSHIP_SESSION_KEY",
    ),
    (
        "HOMEBREW_NO_ANALYTICS",
        "1",
    ),
    (
        "LC_CTYPE",
        "UTF-8",
    ),
    (
        "_",
        "/Users/byron/dev/github.com/gitbutlerapp/gitbutler/target/debug/gitbutler-tauri",
    ),
    (
        "__CF_USER_TEXT_ENCODING",
        "0x1F5:0x0:0x0",
    ),
]

It looks like $SHELL can be used to figure out the login shell at least on MacOS. It's notable how many other additional variables are available, as if it was opened through a login shell already.

It really seems that a lot, but not all, of the login shell environment is picked up. It's unclear why

@vercel Vercel
Copy link

vercel bot commented Jan 9, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
gitbutler-components ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 10, 2025 10:58am

@vercel Vercel
Copy link

vercel bot commented Jan 9, 2025

@Byron is attempting to deploy a commit to the GitButler Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the rust Pull requests that update Rust code label Jan 9, 2025
@Byron Byron force-pushed the signing-login-shell branch from 22b230a to 69d4472 Compare January 9, 2025 14:22
@Byron Byron force-pushed the signing-login-shell branch from 69d4472 to f4f26dc Compare January 9, 2025 14:32
@Byron Byron marked this pull request as ready for review January 9, 2025 14:38
Byron
Byron commented Jan 9, 2025
View reviewed changes
Copy link
Collaborator Author

@Byron Byron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I definitely changed more than originally planned, as I also added gix to read Git configuration. As it fully implements Git configuration, it will pick up more 'special' configuration that users might have to adjust their signing keys based on the repository at hand. git2 doesn't implement hasconfig.

Also note the config.trusted_program() calls which is gitoxides way of assuring no configuration of untrusted users (i.e. all others) is picked up to define which program to execute automatically.

crates/gitbutler-repo/src/repository_ext.rs Outdated
pub fn command_with_login_shell(shell_cmd: impl Into<OsString>) -> std::process::Command {
gix::command::prepare(shell_cmd)
.with_shell_disallow_manual_argument_splitting()
.with_shell_program(std::env::var_os("SHELL").unwrap_or("bash".into()))
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is how the hooks crate does it as well and it seems to work for hooks.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Byron Do we need to the same windows bash.exe lookup that the git2_hooks does?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://docs.rs/git2-hooks/latest/src/git2_hooks/hookspath.rs.html#179

slamp
slamp reviewed Jan 9, 2025
View reviewed changes
Copy link

@slamp slamp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't see any basic stuff that seemed wrong or incorrect to me.

@Byron Byron force-pushed the signing-login-shell branch from f4f26dc to b146b70 Compare January 10, 2025 09:22
@Byron Byron mentioned this pull request Jan 10, 2025
Merged
Caleb-T-Owens
Caleb-T-Owens reviewed Jan 10, 2025
View reviewed changes
crates/gitbutler-repo/src/repository_ext.rs Outdated
let config = repo.config_snapshot();
let signing_key = config.string("user.signingkey");
let Some(signing_key) = signing_key else {
return Err(anyhow::anyhow!("No signing key found"));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a bail! macro which is equivalent to return Err(anyhow::anyhow!(...))

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, done!

Byron added 3 commits January 10, 2025 11:57
@Byron
Use gix-config to be able to pick up more configuration.
bdf9929 
Some parts of `git configuration` aren't implemented in `git2`, and it's
the kind of configuration that's typically used to configure signing keys
dynamically.
@Byron
Use the login shell when invoking the signing binary (gitbutlerapp#5839)
ff3ba3b 
That way it should pick up all configuration just as it does
when invoking it from the terminal.
@Byron
Use gitoxide for all Git configuration
03cbb99 
It's a fully fledged implementation that should be able to pick
up additional special cases.

Useful for users who configure things per repository.
@Byron Byron force-pushed the signing-login-shell branch from b146b70 to 03cbb99 Compare January 10, 2025 10:57
@krlvi krlvi merged commit 4dcd0a8 into gitbutlerapp:master Jan 10, 2025
20 of 21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slamp slamp slamp left review comments

@Caleb-T-Owens Caleb-T-Owens Caleb-T-Owens left review comments

@krlvi krlvi krlvi approved these changes

Assignees
No one assigned
Labels
rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Byron @slamp @krlvi @Caleb-T-Owens