From ad92c624216f8c129290fc24240ddc9adeb70c33 Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Sat, 3 Sep 2016 14:47:36 -0700
Subject: [PATCH] env: remove problematic Git environment variables

There are several Git environment variables that should not be set when
running Girocco.  Normally they will not be.  However, be extra paranoid
and make sure they're unset just in case.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
---
 Girocco/Config.pm |  7 +++++++
 jobd/gc.sh        |  1 +
 jobd/update.sh    |  1 +
 shlib.sh          | 13 +++++++++++++
 taskd/clone.sh    |  1 +
 5 files changed, 23 insertions(+)

diff --git a/Girocco/Config.pm b/Girocco/Config.pm
index cf2529f..5a977df 100644
--- a/Girocco/Config.pm
+++ b/Girocco/Config.pm
@@ -879,6 +879,13 @@ $ENV{'GIT_USER_AGENT'} = $git_client_ua if defined($git_client_ua);
 delete $ENV{'GIT_HTTP_USER_AGENT'};
 $ENV{'GIT_HTTP_USER_AGENT'} = $git_client_ua if defined($git_client_ua);
 delete $ENV{'GIT_CONFIG_PARAMETERS'};
+delete $ENV{'GIT_ALTERNATE_OBJECT_DIRECTORIES'};
+delete $ENV{'GIT_CONFIG'};
+delete $ENV{'GIT_DIR'};
+delete $ENV{'GIT_GRAFT_FILE'};
+delete $ENV{'GIT_INDEX_FILE'};
+delete $ENV{'GIT_OBJECT_DIRECTORY'};
+delete $ENV{'GIT_NAMESPACE'};
 
 # Guarantee a sane umask for Girocco
 
diff --git a/jobd/gc.sh b/jobd/gc.sh
index 275e917..5d5775e 100755
--- a/jobd/gc.sh
+++ b/jobd/gc.sh
@@ -19,6 +19,7 @@ quiet=; [ -n "$show_progress" ] || quiet=-q
 
 umask 002
 [ "$cfg_permission_control" != "Hooks" ] || umask 000
+clean_git_env
 
 pidactive() {
 	if _result="$(kill -0 "$1" 2>&1)"; then
diff --git a/jobd/update.sh b/jobd/update.sh
index c69fac9..813757d 100755
--- a/jobd/update.sh
+++ b/jobd/update.sh
@@ -99,6 +99,7 @@ git_bzr_fetch() (
 
 umask 002
 [ "$cfg_permission_control" != "Hooks" ] || umask 000
+clean_git_env
 
 proj="${1%.git}"
 cd "$cfg_reporoot/$proj.git"
diff --git a/shlib.sh b/shlib.sh
index af98afe..04ac095 100644
--- a/shlib.sh
+++ b/shlib.sh
@@ -187,6 +187,19 @@ fi
 [ -z "$var_big_file_threshold" ] ||
 	git_add_config "core.bigFileThreshold=$var_big_file_threshold"
 
+# Extra GIT variables that generally ought to be cleared, but whose clearing
+# could potentially interfere with the correct operation of hook scripts so
+# they are segregated into a separate function for use as appropriate
+clean_git_env() {
+	unset GIT_ALTERNATE_OBJECT_DIRECTORIES
+	unset GIT_CONFIG
+	unset GIT_DIR
+	unset GIT_GRAFT_FILE
+	unset GIT_INDEX_FILE
+	unset GIT_OBJECT_DIRECTORY
+	unset GIT_NAMESPACE
+}
+
 # We cannot use a git() {} or nc_openbsd() {} function to redirect git
 # and nc_openbsd to the desired executables because when using
 # "ENV_VAR=xxx func" the various /bin/sh implementations behave in various
diff --git a/taskd/clone.sh b/taskd/clone.sh
index cbe3481..7578541 100755
--- a/taskd/clone.sh
+++ b/taskd/clone.sh
@@ -8,6 +8,7 @@ set -e
 
 umask 002
 [ "$cfg_permission_control" != "Hooks" ] || umask 000
+clean_git_env
 
 # darcs fast-export | git fast-import with error handling
 git_darcs_fetch() (
-- 
2.11.4.GIT