On 2023/03/28 11:56:59 +0200, Stefan Sperling <stsp@stsp.name> wrote:
> On Tue, Mar 28, 2023 at 11:33:29AM +0200, Omar Polo wrote:
> > On 2023/03/28 11:18:40 +0200, Stefan Sperling <stsp@stsp.name> wrote:
> > > This improved version has been tested more thoroughly and fixes
> > > a few bugs such that gitwrapper actually works as advertised.
> > > It also makes use of unveil(2) to restrict the set of programs
> > > which can be run (even though a user who ends up running this
> > > tool probably has shell access anyway).
> > 
> > I haven't run-tested it yet but reads fine; let's get it in and
> > continue hacking in tree.
> 
> Thanks, done.
> 
> Here is a tweak we should make to ensure that native git tooling
> doesn't end up running on gotd-managed repositories accidentally
> even if the repository is listed in gotd.conf.
> 
> Ok?

Yeah, seems a good idea to abort if gotd.conf is found and has an
entry for the repo but gotsh is not available.

Alternatively, we might require GITWRAPPER_MY_SERVER_PROG to be an
absolute path in the first place so that we can avoid scraping $PATH.

ok for me whatever option you prefer.