diff mbox series

[v2] build-many-glibcs.py: Avoid loading user/system configurations

Message ID 20240313000429.23213-2-palmer@rivosinc.com
State New
Headers show
Series [v2] build-many-glibcs.py: Avoid loading user/system configurations | expand

Commit Message

Palmer Dabbelt March 13, 2024, 12:04 a.m. UTC
I have commit verification turned on by default, which trips up pulling
when there is a non-signed commit at HEAD.  There's likely a whole class
of similar configuration issues that could crop up, so this just ignores
user configuration files entirely.

Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
---
This has been pretty lightly tested, but it seems to not be breaking
anything on my end.

Changes since v1 <20240112185846.24483-1-palmer@rivosinc.com/>:
* Ignore the git configs rather than passing "--no-verify-signatures" to
  "git pull" commands.
---
 scripts/build-many-glibcs.py | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Andreas Schwab March 13, 2024, 9:01 a.m. UTC | #1
On Mär 12 2024, Palmer Dabbelt wrote:

> I have commit verification turned on by default, which trips up pulling
> when there is a non-signed commit at HEAD.

So fix your configuration?
Arjun Shankar March 18, 2024, 1:31 p.m. UTC | #2
> I have commit verification turned on by default, which trips up pulling
> when there is a non-signed commit at HEAD.  There's likely a whole class
> of similar configuration issues that could crop up, so this just ignores
> user configuration files entirely.
>
> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>

Looks like this unconditionally sets these environment variables? I'm
wondering if this limits other use cases like e.g., users who set
these environment variables and expect those values to be used during
build-many-glibcs (for whatever reason)?

> ---
> This has been pretty lightly tested, but it seems to not be breaking
> anything on my end.
>
> Changes since v1 <20240112185846.24483-1-palmer@rivosinc.com/>:
> * Ignore the git configs rather than passing "--no-verify-signatures" to
>   "git pull" commands.
> ---
>  scripts/build-many-glibcs.py | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
> index cc30dd5862..0d06ca1ba4 100755
> --- a/scripts/build-many-glibcs.py
> +++ b/scripts/build-many-glibcs.py
> @@ -1976,8 +1976,15 @@ def check_for_required_tools():
>      if count_old_tools > 0 or count_missing_tools > 0:
>          exit (1);
>
> +def setup_env_vars():
> +    # Prevents git from loading configuration files, to avoid tripping over
> +    # user settings like --verify-signatures.
> +    os.environ["GIT_CONFIG_GLOBAL"]   = "/dev/null"
> +    os.environ["GIT_CONFIG_NOSYSTEM"] = "1"
> +
>  def main(argv):
>      """The main entry point."""
> +    setup_env_vars();
>      check_for_required_tools();
>      parser = get_parser()
>      opts = parser.parse_args(argv)
> --
> 2.43.0
>
Palmer Dabbelt March 18, 2024, 3:41 p.m. UTC | #3
On Mon, 18 Mar 2024 06:31:00 PDT (-0700), arjun@redhat.com wrote:
>> I have commit verification turned on by default, which trips up pulling
>> when there is a non-signed commit at HEAD.  There's likely a whole class
>> of similar configuration issues that could crop up, so this just ignores
>> user configuration files entirely.
>>
>> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
>
> Looks like this unconditionally sets these environment variables? I'm
> wondering if this limits other use cases like e.g., users who set
> these environment variables and expect those values to be used during
> build-many-glibcs (for whatever reason)?

Ya, I was kind of worried about that too.  I've also got a bunch of 
insteadOf lines in my configs, and while I don't know of anything that 
would trip up build-many-glibcs if they disappeared I wouldn't be 
surprised if someone else had a setup that did.  That's why the v1 went 
the other way and just tried to override the signature verification for 
the pulls.

IIRC there's some sort of global git config to override per-repo-path 
settings, maybe the right answer is to just do that for whatever test 
paths I have?

>> ---
>> This has been pretty lightly tested, but it seems to not be breaking
>> anything on my end.
>>
>> Changes since v1 <20240112185846.24483-1-palmer@rivosinc.com/>:
>> * Ignore the git configs rather than passing "--no-verify-signatures" to
>>   "git pull" commands.
>> ---
>>  scripts/build-many-glibcs.py | 7 +++++++
>>  1 file changed, 7 insertions(+)
>>
>> diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
>> index cc30dd5862..0d06ca1ba4 100755
>> --- a/scripts/build-many-glibcs.py
>> +++ b/scripts/build-many-glibcs.py
>> @@ -1976,8 +1976,15 @@ def check_for_required_tools():
>>      if count_old_tools > 0 or count_missing_tools > 0:
>>          exit (1);
>>
>> +def setup_env_vars():
>> +    # Prevents git from loading configuration files, to avoid tripping over
>> +    # user settings like --verify-signatures.
>> +    os.environ["GIT_CONFIG_GLOBAL"]   = "/dev/null"
>> +    os.environ["GIT_CONFIG_NOSYSTEM"] = "1"
>> +
>>  def main(argv):
>>      """The main entry point."""
>> +    setup_env_vars();
>>      check_for_required_tools();
>>      parser = get_parser()
>>      opts = parser.parse_args(argv)
>> --
>> 2.43.0
>>
Arjun Shankar March 18, 2024, 4:07 p.m. UTC | #4
> On Mon, 18 Mar 2024 06:31:00 PDT (-0700), arjun@redhat.com wrote:
> >> I have commit verification turned on by default, which trips up pulling
> >> when there is a non-signed commit at HEAD.  There's likely a whole class
> >> of similar configuration issues that could crop up, so this just ignores
> >> user configuration files entirely.
> >>
> >> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
> >
> > Looks like this unconditionally sets these environment variables? I'm
> > wondering if this limits other use cases like e.g., users who set
> > these environment variables and expect those values to be used during
> > build-many-glibcs (for whatever reason)?
>
> Ya, I was kind of worried about that too.  I've also got a bunch of
> insteadOf lines in my configs, and while I don't know of anything that
> would trip up build-many-glibcs if they disappeared I wouldn't be
> surprised if someone else had a setup that did.  That's why the v1 went
> the other way and just tried to override the signature verification for
> the pulls.
>
> IIRC there's some sort of global git config to override per-repo-path
> settings, maybe the right answer is to just do that for whatever test
> paths I have?

While I don't know about other alternatives, looking at your suggested
patch: will setting/exporting GIT_CONFIG_GLOBAL/GIT_CONFIG_NOSYSTEM
before your build_many_glibcs invocation do the trick for you?
diff mbox series

Patch

diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
index cc30dd5862..0d06ca1ba4 100755
--- a/scripts/build-many-glibcs.py
+++ b/scripts/build-many-glibcs.py
@@ -1976,8 +1976,15 @@  def check_for_required_tools():
     if count_old_tools > 0 or count_missing_tools > 0:
         exit (1);
 
+def setup_env_vars():
+    # Prevents git from loading configuration files, to avoid tripping over
+    # user settings like --verify-signatures.
+    os.environ["GIT_CONFIG_GLOBAL"]   = "/dev/null"
+    os.environ["GIT_CONFIG_NOSYSTEM"] = "1"
+
 def main(argv):
     """The main entry point."""
+    setup_env_vars();
     check_for_required_tools();
     parser = get_parser()
     opts = parser.parse_args(argv)