Merge pull request #17068 from Homebrew/pkg-no-writing-to-gitconfig

package/scripts/postinstall: avoid writing to `~/.gitconfig`
Homebrew · Apr 11, 2024 · e8b142d · e8b142d
2 parents 8083e2d + 8a0b4ed
commit e8b142d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 25 deletions.
diff --git a/.github/workflows/pkg-installer.yml b/.github/workflows/pkg-installer.yml
@@ -146,6 +146,9 @@ jobs:
  with:
  name: "${{ needs.build.outputs.installer_path }}"
 
+ - name: Unset global Git safe directory setting
+ run: git config --global --unset-all safe.directory
+
  - name: Remove existing Homebrew installations
  run: |
  sudo rm -rf brew /{usr/local,opt/homebrew}/{Cellar,Caskroom,Homebrew/Library/Taps}

diff --git a/package/scripts/postinstall b/package/scripts/postinstall
@@ -21,35 +21,18 @@ fi
 # add Git to path
 export PATH="/Library/Developer/CommandLineTools/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:${PATH}"
 
-# helpers for setting/unsetting Git's safe directory setting
-set_git_safe_directory() {
- if git config --global --get-all safe.directory | grep -q "${1}"
- then
- return
- fi
- SET_GIT_SAFE_DIRECTORY="${1}"
- git config --global --add safe.directory "${1}"
-}
-unset_git_safe_directory() {
- if [[ -z "${SET_GIT_SAFE_DIRECTORY-}" ]]
- then
- return
- fi
-
- git config --global --unset safe.directory "${1}" || git config --global --unset-all safe.directory
- if [[ ${SET_GIT_SAFE_DIRECTORY-} == "${1}" ]]
- then
- unset SET_GIT_SAFE_DIRECTORY
- fi
-}
+# avoid writing to user's global config file by overriding HOME
+# https://git-scm.com/docs/git-config#SCOPES
+unset XDG_CONFIG_HOME
+export HOME="${homebrew_directory}"
 
 # reset Git repository
 cd "${homebrew_directory}"
-set_git_safe_directory "${homebrew_directory}"
+git config --global --add safe.directory "${homebrew_directory}"
 git reset --hard
 git checkout --force master
 git branch | grep -v '\*' | xargs -n 1 git branch --delete --force || true
-unset_git_safe_directory "${homebrew_directory}"
+rm "${homebrew_directory}/.gitconfig"
 
 # move to /usr/local if on x86_64
 if [[ $(uname -m) == "x86_64" ]]
@@ -59,10 +42,11 @@ then
  cp -pRL "${homebrew_directory}/.git" "/usr/local/Homebrew/"
  mv "${homebrew_directory}/cache_api" "/usr/local/Homebrew/"
 
- set_git_safe_directory /usr/local/Homebrew
+ export HOME="/usr/local/Homebrew"
+ git config --global --add safe.directory /usr/local/Homebrew
  git -C /usr/local/Homebrew reset --hard
  git -C /usr/local/Homebrew checkout --force master
- unset_git_safe_directory /usr/local/Homebrew
+ rm /usr/local/Homebrew/.gitconfig
  else
  mkdir -vp /usr/local/bin
  mv "${homebrew_directory}" "/usr/local/Homebrew/"