Adjust update to honor custom SSH command#21822
Adjust update to honor custom SSH command#21822sfc-gh-ksmogor wants to merge 3 commits intoHomebrew:mainfrom
Conversation
| ENV_VAR_NAMES=( | ||
| HOME SHELL PATH TERM TERMINFO TERMINFO_DIRS COLUMNS DISPLAY LOGNAME USER CI SSH_AUTH_SOCK SUDO_ASKPASS | ||
| http_proxy https_proxy ftp_proxy no_proxy all_proxy HTTPS_PROXY FTP_PROXY ALL_PROXY | ||
| http_proxy https_proxy ftp_proxy no_proxy all_proxy HTTPS_PROXY FTP_PROXY ALL_PROXY GIT_SSH_COMMAND |
There was a problem hiding this comment.
I don't think we want to pass this variable through transparently. Can we use USED_BY_HOMEBREW_VARS above instead?
You'll also need to make sure this interacts properly with HOMEBREW_SSH_CONFIG_PATH:
Lines 1093 to 1097 in c437bf7
There was a problem hiding this comment.
I read the USED_BY_HOMEBREW_VARS and it looks fine to use this mechanism.
I also would like to understand how to treat the config and additional flags. Because from my understanding of the current code, it looks like -oBatchMode=yes and -F/config/path options are treated independently (as decorators). So it looks like the custom ssh command should be ready for decorating by those two options. Is it fine to assume that for brew users? Anyone wanted to use custom ssh command has to expect that brew will add some flags to it before passing it to git.
I can change all places that use plain ssh to fill GIT_SSH_COMMAND. Those places will use value from HOMEBREW_GIT_SSH_COMMAND or from global git config.
There was a problem hiding this comment.
I read the
USED_BY_HOMEBREW_VARSand it looks fine to use this mechanism.
To be more explicit: we're telling you we don't want to do that.
I can change all places that use plain
sshto fillGIT_SSH_COMMAND.
This seems overkill. Let's keep this change as tightly scoped as possible.
| export GIT_TERMINAL_PROMPT="0" | ||
| export GIT_SSH_COMMAND="${GIT_SSH_COMMAND:-ssh} -oBatchMode=yes" | ||
| # Set GIT_SSH_COMMAND only when user haven't set custom SSH command | ||
| if [[ -z "${GIT_SSH_COMMAND}" ]] && ! git config --get core.sshCommand &>/dev/null |
There was a problem hiding this comment.
it is worth checking if this command is actually a non-empty string and valid?
3 participants
In my use case I use custom ssh command to access homebrew repositories (set as a global config in
~/.gitconfigfile). Currentbrew updatedoesn't work with my custom repository because of wrong credentials. Tapping still works as expected.It turned out that setting up explicit
GIT_SSH_COMMAND=${GIT_SSH_COMMAND:-ssh} -oBatchMode=yesoverrides global git config. Additionally, I couldn't override the defaultsshcommand by exportingGIT_SSH_COMMAND. It happened because the flag wasn't whitelisted.I propose to fix two things:
-oBatchModeonly when default ssh implementation is used. Otherwise brew can break custom wrapper by adding ssh-only flag.update.sh.brew lgtm(style, typechecking and tests) with your changes locally?Used for searching the code through and diagnosing the problem with passing the flag to update (comparison between tap and update, suggesting the change when problem was pinned down by local modification).