fix(cli): GIT_CONFIG* envvars leaking child processes

When launching Doom via 'doom run', the child process inherits bin/doom's environment. This change restricts this sub-environment to the intended target: straight and its use of git. Fix: #6320
2022-04-21 20:00:50 +02:00 · 2022-04-21 20:00:50 +02:00 · fbfc635300
commit fbfc635300
parent 8c03fa0e3d
2 changed files with 9 additions and 3 deletions
--- a/bin/doom
+++ b/bin/doom
@ -2,9 +2,6 @@
 :; set -e # -*- mode: emacs-lisp; lexical-binding: t -*-
 :; case "$EMACS" in *term*) EMACS=emacs ;; *) EMACS="${EMACS:-emacs}" ;; esac
 :; $EMACS --version >/dev/null 2>&1 || { >&2 echo "Can't find emacs in your PATH"; exit 1; }
-:; unset GIT_CONFIG
-:; export GIT_CONFIG_NOSYSTEM=1
-:; export GIT_CONFIG_GLOBAL="${DOOMGITCONFIG:-/dev/null}"
 :; $EMACS --no-site-file --script "$0" -- "$@" || __DOOMCODE=$?
 :; [ "${__DOOMCODE:-0}" -eq 128 ] && { sh "`$EMACS -Q --batch --eval '(princ temporary-file-directory)'`/doom.sh" "$0" "$@" && true; __DOOMCODE=$?; }
 :; exit $__DOOMCODE
--- a/core/cli/lib/straight-hacks.el
+++ b/core/cli/lib/straight-hacks.el
@ -118,3 +118,12 @@ However, in batch mode, print to stdout instead of stderr."
    (and (string-match-p "^\\(Cloning\\|\\(Reb\\|B\\)uilding\\) " msg)
         (not (string-suffix-p "...done" msg))
         (doom--print (doom--format (concat "> " msg))))))
+
+(defadvice! doom--straight-ignore-gitconfig-a (fn &rest args)
+  "Prevent user and system git configuration from interfering with git calls."
+  :around #'straight--process-call
+  (letenv! (("GIT_CONFIG" nil)
+            ("GIT_CONFIG_NOSYSTEM" "1")
+            ("GIT_CONFIG_GLOBAL" (or (getenv "DOOMGITCONFIG")
+                                     "/dev/null")))
+    (apply fn args)))