foundation for 'trust' model

.github/workflows/ci.yml

@@ -61,7 +61,7 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: install
-          args: "gitoxide cargo-smart-release"
+          args: "--force gitoxide cargo-smart-release"
 
   lint:
     runs-on: ubuntu-latest

Cargo.toml

@@ -146,8 +146,10 @@ members = [
     "git-packetline",
     "git-mailmap",
     "git-note",
+    "git-sec",
     "git-submodule",
     "git-transport",
+    "git-credentials",
     "git-protocol",
     "git-pack",
     "git-odb",

Makefile

@@ -89,6 +89,8 @@ check: ## Build all code in suitable configurations
 	cd git-object && cargo check --all-features \
                   && cargo check --features verbose-object-parsing-errors
 	cd git-index && cargo check --features serde1
+	cd git-credentials && cargo check --features serde1
+	cd git-sec && cargo check --features serde1
 	cd git-revision && cargo check --features serde1
 	cd git-attributes && cargo check --features serde1
 	cd git-glob && cargo check --features serde1

README.md

@@ -121,6 +121,8 @@ Crates that seem feature complete and need to see some more use before they can
   * [git-attributes](https://github.com/Byron/gitoxide/blob/main/crate-status.md#git-attributes)
   * [git-quote](https://github.com/Byron/gitoxide/blob/main/crate-status.md#git-quote)
 * **idea**
+  * [git-credentials](https://github.com/Byron/gitoxide/blob/main/crate-status.md#git-credentials)
+  * [git-sec](https://github.com/Byron/gitoxide/blob/main/crate-status.md#git-sec)
   * [git-note](https://github.com/Byron/gitoxide/blob/main/crate-status.md#git-note)
   * [git-date](https://github.com/Byron/gitoxide/blob/main/crate-status.md#git-date)
   * [git-pathspec](https://github.com/Byron/gitoxide/blob/main/crate-status.md#git-pathspec)

crate-status.md

@@ -233,6 +233,13 @@ A mechanism to associate metadata with any object, and keep revisions of it usin
 
 ### git-date
 * [ ] parse git dates
+
+### git-credentials
+* [x] launch git credentials helpers with a given action
+
+### git-sec
+
+Provides a trust model to share across gitoxide crates. It helps configuring how to interact with external processes, among other things.
 
 ### git-glob
 * [x] parse pattern

etc/check-package-size.sh

@@ -4,7 +4,7 @@ set -eu -o pipefail
 
 function enter () {
   local dir="${1:?need directory to enter}"
-  echo $'  in' $dir
+  echo -n $'  in' $dir $'\t→\t'
   cd $dir
 }
 
@@ -36,6 +36,11 @@ echo "in root: gitoxide CLI"
 (enter git-traverse && indent cargo diet -n --package-size-limit 10KB)
 (enter git-url && indent cargo diet -n --package-size-limit 15KB)
 (enter git-validate && indent cargo diet -n --package-size-limit 5KB)
+(enter git-date && indent cargo diet -n --package-size-limit 5KB)
+(enter git-note && indent cargo diet -n --package-size-limit 5KB)
+(enter git-sec && indent cargo diet -n --package-size-limit 5KB)
+(enter git-tix && indent cargo diet -n --package-size-limit 5KB)
+(enter git-credentials && indent cargo diet -n --package-size-limit 5KB)
 (enter git-object && indent cargo diet -n --package-size-limit 25KB)
 (enter git-commitgraph && indent cargo diet -n --package-size-limit 25KB)
 (enter git-pack && indent cargo diet -n --package-size-limit 115KB)

git-config/Cargo.toml

@@ -15,6 +15,8 @@ include = ["src/**/*", "LICENSE-*", "README.md", "CHANGELOG.md"]
 
 [dependencies]
 git-features = { version = "^0.20.0", path = "../git-features"}
+git-sec = { version = "^0.1.0", path = "../git-sec" }
+
 dirs = "4"
 nom = { version = "7", default_features = false, features = [ "std" ] }
 memchr = "2"

git-config/src/lib.rs

@@ -59,12 +59,65 @@ pub mod fs;
 pub mod parser;
 pub mod values;
 
-// mod de;
-// mod ser;
-// mod error;
-// pub use de::{from_str, Deserializer};
-// pub use error::{Error, Result};
-// pub use ser::{to_string, Serializer};
+mod permissions {
+    use crate::Permissions;
+
+    impl Permissions {
+        /// Allow everything which usually relates to a fully trusted environment
+        pub fn all() -> Self {
+            use git_sec::Permission::*;
+            Permissions {
+                system: Allow,
+                global: Allow,
+                user: Allow,
+                repository: Allow,
+                worktree: Allow,
+                env: Allow,
+                includes: Allow,
+            }
+        }
+
+        /// If in doubt, this configuration can be used to safely load configuration from sources which is usually trusted,
+        /// that is system and user configuration. Do load any configuration that isn't trusted as it's now owned by the current user.
+        pub fn secure() -> Self {
+            use git_sec::Permission::*;
+            Permissions {
+                system: Allow,
+                global: Allow,
+                user: Allow,
+                repository: Deny,
+                worktree: Deny,
+                env: Allow,
+                includes: Deny,
+            }
+        }
+    }
+}
+
+/// Configure security relevant options when loading a git configuration.
+#[derive(Copy, Clone, Ord, PartialOrd, PartialEq, Eq, Debug, Hash)]
+#[cfg_attr(feature = "serde1", derive(serde::Serialize, serde::Deserialize))]
+pub struct Permissions {
+    /// How to use the system configuration.
+    /// This is defined as `$(prefix)/etc/gitconfig` on unix.
+    pub system: git_sec::Permission,
+    /// How to use the global configuration.
+    /// This is usually `~/.gitconfig`.
+    pub global: git_sec::Permission,
+    /// How to use the user configuration.
+    /// Second user-specific configuration path; if `$XDG_CONFIG_HOME` is not
+    /// set or empty, `$HOME/.config/git/config` will be used.
+    pub user: git_sec::Permission,
+    /// How to use the repository configuration.
+    pub repository: git_sec::Permission,
+    /// How to use worktree configuration from `config.worktree`.
+    // TODO: figure out how this really applies and provide more information here.
+    pub worktree: git_sec::Permission,
+    /// How to use the configuration from environment variables.
+    pub env: git_sec::Permission,
+    /// What to do when include files are encountered in loaded configuration.
+    pub includes: git_sec::Permission,
+}
 
 #[cfg(test)]
 pub mod test_util;

git-credentials/CHANGELOG.md

@@ -0,0 +1,29 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 0.0.0 (2022-04-15)
+
+An empty crate without any content to reserve the name for the gitoxide project.
+
+### Commit Statistics
+
+<csr-read-only-do-not-edit/>
+
+ - 1 commit contributed to the release.
+ - 0 commits where understood as [conventional](https://www.conventionalcommits.org).
+ - 1 unique issue was worked on: [#386](https://github.com/Byron/gitoxide/issues/386)
+
+### Commit Details
+
+<csr-read-only-do-not-edit/>
+
+<details><summary>view details</summary>
+
+ * **[#386](https://github.com/Byron/gitoxide/issues/386)**
+    - add frame for git-credentials crate ([`be7a9cf`](https://github.com/Byron/gitoxide/commit/be7a9cf776f958ac7228457bb4e1415f86f8e575))
+</details>
+

git-credentials/Cargo.toml

@@ -0,0 +1,26 @@
+[package]
+name = "git-credentials"
+version = "0.1.0"
+repository = "https://github.com/Byron/gitoxide"
+license = "MIT/Apache-2.0"
+description = "A WIP crate of the gitoxide project to interact with git credentials helpers"
+authors = ["Sebastian Thiel <sebastian.thiel@icloud.com>"]
+edition = "2018"
+
+[lib]
+doctest = false
+
+[features]
+## Data structures implement `serde::Serialize` and `serde::Deserialize`.
+serde1 = ["serde", "bstr/serde1", "git-sec/serde1"]
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+git-sec = { version = "^0.1.0", path = "../git-sec" }
+quick-error = "2.0.0"
+serde = { version = "1.0.114", optional = true, default-features = false, features = ["derive"] }
+bstr = { version = "0.2.13", default-features = false, features = ["std"]}
+
+[package.metadata.docs.rs]
+all-features = true