-
-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change environment variable names for Language Depot #325
Conversation
First step towards changing them: ensure they live in a single place
Because sudo will strip env vars named `LD_WHATEVER`, for security reasons (e.g. if you can change the `LD_LIBRARY_PATH` env var, you can cause arbitrary code execution). So we need a name prefix that won't be stripped by sudo.
For consistency with `LFMERGE_LANGUAGE_DEPOT_REPO_URI`, we should have an `LFMERGE_` prefix in front of the environment variables used to control LfMerge.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thanks Robin.
- **LFMERGE_VERBOSE_PROGRESS**: Boolean, default `false`. Whether to log verbose progress during Send/Receive. Recommended `true` in development & staging, `false` in production. | ||
- **LFMERGE_LANGUAGE_DEPOT_REPO_URI**: Default not set. The *complete* URI to a Language Depot project, including username & password. Not useful in production, highly useful in debugging and unit test scenarios. | ||
- **LFMERGE_LANGUAGE_DEPOT_HG_PUBLIC_HOSTNAME**: Default `hg-public.languagedepot.org`. The hostname of the Language Depot instance to use for **public** projects. | ||
- **LFMERGE_LANGUAGE_DEPOT_HG_PRIVATE_HOSTNAME**: Default is the value of the `PUBLIC_HOSTNAME` string with `public` replaced with `private`. The hostname of the Language Depot instance to use for **private** projects. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rmunn I have a random comment here. My recollection is that LFMerge categorically does not deal with repositories on private.languagedepot.org and thus this variable is a relic that could be removed. If this is not the case, how does a user actually connect up LD repo in private to Language Forge currently? I don't know how that works.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Without doing a deep dive into the code, my memory is that LfMerge will try public first, then if the repo doesn't exist in public it will then try the same repo name in private. (Which is behavior inherited from FLExBridge, and therefore the same behavior that FLEx uses). Now, because of how LF presents the list of projects to Send/Receive, there's only going to be public ones available to choose from, but I believe LfMerge is capable of doing S/R from both public and private because FLExBridge can do so.
All
LD_*
env vars in LfMerge will now be namedLFMERGE_LANGUAGE_DEPOT_*
instead. This is because Linux sudo (which LfMerge uses to run as the www-data user) is configured by default to discard any environment variables whose name starts withLD_
, for security reasons. E.g., if you can mess with theLD_LIBRARY_PATH
env var used by a program executing with privilege, you can inject arbitrary code into a privileged process and get it run.So all environment variables used to tell LfMerge where to look for Language Depot now start with the
LFMERGE_LANGUAGE_DEPOT_
prefix. They are now documented in the README, and they can all be found in the MagicStrings.cs file in case I missed any in the README.