git-credential-store: support XDG_CONFIG_HOME
authorPaul Tan <pyokagan@gmail.com>
Tue, 24 Mar 2015 05:20:28 +0000 (13:20 +0800)
committerJunio C Hamano <gitster@pobox.com>
Tue, 24 Mar 2015 15:08:02 +0000 (08:08 -0700)
Add $XDG_CONFIG_HOME/git/credentials to the default credential search
path of git-credential-store. This allows git-credential-store to
support user-specific configuration files in accordance with the XDG
base directory specification[1].

[1] http://standards.freedesktop.org/basedir-spec/basedir-spec-0.7.html

~/.git-credentials has a higher precedence than
$XDG_CONFIG_HOME/git/credentials when looking up credentials. This
means that if any duplicate matching credentials are found in the xdg
file (due to ~/.git-credentials being updated by old versions of git or
outdated tools), they will not be used at all. This is to give the user
some leeway in switching to old versions of git while keeping the xdg
directory. This is consistent with the behavior of git-config.

However, the higher precedence of ~/.git-credentials means that as long
as ~/.git-credentials exist, all credentials will be written to the
~/.git-credentials file even if the user has an xdg file as having a
~/.git-credentials file indicates that the user wants to preserve
backwards-compatibility. This is also consistent with the behavior of
git-config.

To make this precedence explicit in docs/git-credential-store, add a new
section FILES that lists out the credential file paths in their order of
precedence, and explain how the ordering affects the lookup, storage and
erase operations.

Also, update the documentation for --file to briefly explain the
operations on multiple files if the --file option is not provided.

Since the xdg file will not be used unless it actually exists, to
prevent the situation where some credentials are present in the xdg file
while some are present in the home file, users are recommended to not
create the xdg file if they require compatibility with old versions of
git or outdated tools. Note, though, that "erase" can be used to
explicitly erase matching credentials from all files.

Helped-by: Matthieu Moy <Matthieu.Moy@grenoble-inp.fr>
Helped-by: Junio C Hamano <gitster@pobox.com>
Helped-by: Jeff King <peff@peff.net>
Helped-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Paul Tan <pyokagan@gmail.com>
Reviewed-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation/git-credential-store.txt
credential-store.c
index bc97071e7668ac48d07065190e88d1ce74822041..e3c8f276b14ed188284536636d259974f46d755e 100644 (file)
@@ -31,10 +31,41 @@ OPTIONS
 
 --file=<path>::
 
-       Use `<path>` to store credentials. The file will have its
+       Use `<path>` to lookup and store credentials. The file will have its
        filesystem permissions set to prevent other users on the system
        from reading it, but will not be encrypted or otherwise
-       protected. Defaults to `~/.git-credentials`.
+       protected. If not specified, credentials will be searched for from
+       `~/.git-credentials` and `$XDG_CONFIG_HOME/git/credentials`, and
+       credentials will be written to `~/.git-credentials` if it exists, or
+       `$XDG_CONFIG_HOME/git/credentials` if it exists and the former does
+       not. See also <<FILES>>.
+
+[[FILES]]
+FILES
+-----
+
+If not set explicitly with '--file', there are two files where
+git-credential-store will search for credentials in order of precedence:
+
+~/.git-credentials::
+       User-specific credentials file.
+
+$XDG_CONFIG_HOME/git/credentials::
+       Second user-specific credentials file. If '$XDG_CONFIG_HOME' is not set
+       or empty, `$HOME/.config/git/credentials` will be used. Any credentials
+       stored in this file will not be used if `~/.git-credentials` has a
+       matching credential as well. It is a good idea not to create this file
+       if you sometimes use older versions of Git that do not support it.
+
+For credential lookups, the files are read in the order given above, with the
+first matching credential found taking precedence over credentials found in
+files further down the list.
+
+Credential storage will by default write to the first existing file in the
+list. If none of these files exist, `~/.git-credentials` will be created and
+written to.
+
+When erasing credentials, matching credentials will be erased from all files.
 
 EXAMPLES
 --------
index c519f8025ee8e90322eb5af609ebb3e2c3ad87d7..d62dc29d06570f54c35aa9f55ab11e431ab1c0a9 100644 (file)
@@ -165,11 +165,16 @@ int main(int argc, char **argv)
                usage_with_options(usage, options);
        op = argv[0];
 
-       if (!file)
-               file = expand_user_path("~/.git-credentials");
-       if (file)
+       if (file) {
                string_list_append(&fns, file);
-       else
+       } else {
+               if ((file = expand_user_path("~/.git-credentials")))
+                       string_list_append_nodup(&fns, file);
+               home_config_paths(NULL, &file, "credentials");
+               if (file)
+                       string_list_append_nodup(&fns, file);
+       }
+       if (!fns.nr)
                die("unable to set up default path; use --file");
 
        if (credential_read(&c, stdin) < 0)