Skip to content

Strip GIT_DIR and friends from internal git subprocess calls#19042

Closed
BootstrapperSBL wants to merge 1 commit intoastral-sh:mainfrom
BootstrapperSBL:fix/git-dir-env-leak
Closed

Strip GIT_DIR and friends from internal git subprocess calls#19042
BootstrapperSBL wants to merge 1 commit intoastral-sh:mainfrom
BootstrapperSBL:fix/git-dir-env-leak

Conversation

@BootstrapperSBL
Copy link
Copy Markdown

@BootstrapperSBL BootstrapperSBL commented Apr 18, 2026

Fixes #19008.

git bisect run (and git rebase --exec) injects GIT_DIR into the
process environment before calling the user's command. When that command
is uv, the variable leaks into every git subprocess uv spawns,
directing them at the bisected repo instead of uv's own cache.

fetch_with_cli and fetch_lfs already stripped these five env vars
individually. The other call sites — open, init, rev_parse,
to_short_id, both clone variants, reset, and submodule update
did not.

Changes

Introduce a git_cmd() helper:

fn git_cmd() -> Result<ProcessBuilder> {
    let mut cmd = ProcessBuilder::new(GIT.as_ref()?);
    cmd.env_remove(EnvVars::GIT_DIR)
        .env_remove(EnvVars::GIT_WORK_TREE)
        .env_remove(EnvVars::GIT_INDEX_FILE)
        .env_remove(EnvVars::GIT_OBJECT_DIRECTORY)
        .env_remove(EnvVars::GIT_ALTERNATE_OBJECT_DIRECTORIES);
    Ok(cmd)
}

All call sites now go through git_cmd(). The per-call env_remove
chains in fetch_with_cli and fetch_lfs are removed since the helper
covers them.

Before / After

Before: GIT_DIR=/bisected-repo/.git uv lock (with a git dependency) fails — uv's internal git rev-parse, git clone, etc. hit the wrong repo.

After: same command succeeds — git_cmd() strips the variable before each subprocess is spawned.

Test

Added lock_sdist_git_with_git_dir_env (behind #[cfg(feature = "test-git")]) that runs uv lock with GIT_DIR=/nonexistent in the environment and expects success.

Strip GIT_DIR and friends from internal git subprocess calls (astral-…
cdd9eb4 
…sh#19008)

`git bisect run` sets `GIT_DIR` (and related env vars) in the process
environment. When uv is invoked as the bisect command it inherits those
variables, and they leak into every `git` subprocess uv spawns — causing
those operations to hit the bisected repo's index instead of uv's cache.

`fetch_with_cli` and `fetch_lfs` already stripped these variables
individually, but the other eight `ProcessBuilder::new(GIT…)` call
sites did not.

Introduce a `git_cmd()` helper that creates a `ProcessBuilder` with
`GIT_DIR`, `GIT_WORK_TREE`, `GIT_INDEX_FILE`, `GIT_OBJECT_DIRECTORY`,
and `GIT_ALTERNATE_OBJECT_DIRECTORIES` always removed, and replace all
call sites with it.  The fetch helpers now use `git_cmd()` too, so the
per-call `env_remove` chains there can be dropped.

Fixes astral-sh#19008
@EliteTK EliteTK mentioned this pull request Apr 21, 2026
Merged
@EliteTK EliteTK closed this in 83d15da Apr 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

uv git dependency fetch breaks when GIT_DIR is set in environment

1 participant

@BootstrapperSBL