mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
1ab5948141e62b52bcb812b04a901b3efaf1b578
git/Documentation/config/credential.txt
Derrick Stolee 719399b57b credential: add new interactive config option 
When scripts or background maintenance wish to perform HTTP(S) requests,
there is a risk that our stored credentials might be invalid. At the
moment, this causes the credential helper to ping the user and block the
process. Even if the credential helper does not ping the user, Git falls
back to the 'askpass' method, which includes a direct ping to the user
via the terminal.

Even setting the 'core.askPass' config as something like 'echo' will
causes Git to fallback to a terminal prompt. It uses
git_terminal_prompt(), which finds the terminal from the environment and
ignores whether stdin has been redirected. This can also block the
process awaiting input.

Create a new config option to prevent user interaction, favoring a
failure to a blocked process.

The chosen name, 'credential.interactive', is taken from the config
option used by Git Credential Manager to already avoid user
interactivity, so there is already one credential helper that integrates
with this option. However, older versions of Git Credential Manager also
accepted other string values, including 'auto', 'never', and 'always'.
The modern use is to use a boolean value, but we should still be
careful that some users could have these non-booleans. Further, we
should respect 'never' the same as 'false'. This is respected by the
implementation and test, but not mentioned in the documentation.

The implementation for the Git interactions takes place within
credential_getpass(). The method prototype is modified to return an
'int' instead of 'void'. This allows us to detect that no attempt was
made to fill the given credential, changing the single caller slightly.

Also, a new trace2 region is added around the interactive portion of the
credential request. This provides a way to measure the amount of time
spent in that region for commands that _are_ interactive. It also makes
a conventient way to test that the config option works with
'test_region'.

Signed-off-by: Derrick Stolee <stolee@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2024-09-20 14:44:31 -07:00

45 lines
1.9 KiB
Plaintext
Raw Blame History

credential.helper::
Specify an external helper to be called when a username or
password credential is needed; the helper may consult external
storage to avoid prompting the user for the credentials. This is
normally the name of a credential helper with possible
arguments, but may also be an absolute path with arguments or, if
preceded by `!`, shell commands.
+
Note that multiple helpers may be defined. See linkgit:gitcredentials[7]
for details and examples.
credential.interactive::
By default, Git and any configured credential helpers will ask for
user input when new credentials are required. Many of these helpers
will succeed based on stored credentials if those credentials are
still valid. To avoid the possibility of user interactivity from
Git, set `credential.interactive=false`. Some credential helpers
respect this option as well.
credential.useHttpPath::
When acquiring credentials, consider the "path" component of an http
or https URL to be important. Defaults to false. See
linkgit:gitcredentials[7] for more information.
credential.username::
If no username is set for a network authentication, use this username
by default. See credential.<context>.* below, and
linkgit:gitcredentials[7].
credential.<url>.*::
Any of the credential.* options above can be applied selectively to
some credentials. For example, "credential.https://example.com.username"
would set the default username only for https connections to
example.com. See linkgit:gitcredentials[7] for details on how URLs are
matched.
credentialCache.ignoreSIGHUP::
Tell git-credential-cache--daemon to ignore SIGHUP, instead of quitting.
credentialStore.lockTimeoutMS::
The length of time, in milliseconds, for git-credential-store to retry
when trying to lock the credentials file. A value of 0 means not to retry at
all; -1 means to try indefinitely. Default is 1000 (i.e., retry for
1s).
Reference in New Issue View Git Blame Copy Permalink