From 5f8c706128387b1258bd65010e4e06ef662283d9 Mon Sep 17 00:00:00 2001
From: Todd Gamblin <tgamblin@llnl.gov>
Date: Wed, 28 Dec 2022 00:44:11 -0800
Subject: Consolidate how Spack uses `git` (#34700)

Local `git` tests will fail with `fatal: transport 'file' not allowed` when using git 2.38.1 or higher, due to a fix for `CVE-2022-39253`.

This was fixed in CI in #33429, but that doesn't help the issue for anyone's local environment. Instead of fixing this with git config in CI, we should ensure that the tests run anywhere.

- [x] Introduce `spack.util.git`.
- [x] Use `spack.util.git.get_git()` to get a git executable, instead of `which("git")` everywhere.
- [x] Make all `git` tests use a `git` fixture that goes through `spack.util.git.get_git()`.
- [x] Add `-c protocol.file.allow=always` to all `git` invocations under `pytest`.
- [x] Revert changes from #33429, which are no longer needed.
---
 .github/workflows/setup_git.ps1 | 4 ----
 .github/workflows/setup_git.sh  | 4 ----
 2 files changed, 8 deletions(-)

(limited to '.github')

diff --git a/.github/workflows/setup_git.ps1 b/.github/workflows/setup_git.ps1
index b403ff5ef1..836b7f8a2c 100644
--- a/.github/workflows/setup_git.ps1
+++ b/.github/workflows/setup_git.ps1
@@ -4,10 +4,6 @@ git config --global user.email "spack@example.com"
 git config --global user.name "Test User"
 git config --global core.longpaths true
 
-# See https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85 (CVE-2022-39253)
-# This is needed to let some fixture in our unit-test suite run
-git config --global protocol.file.allow always
-
 if ($(git branch --show-current) -ne "develop")
 {
     git branch develop origin/develop
diff --git a/.github/workflows/setup_git.sh b/.github/workflows/setup_git.sh
index ee555ff71a..4eb416720b 100755
--- a/.github/workflows/setup_git.sh
+++ b/.github/workflows/setup_git.sh
@@ -2,10 +2,6 @@
 git config --global user.email "spack@example.com"
 git config --global user.name "Test User"
 
-# See https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85 (CVE-2022-39253)
-# This is needed to let some fixture in our unit-test suite run
-git config --global protocol.file.allow always
-
 # create a local pr base branch
 if [[ -n $GITHUB_BASE_REF ]]; then
     git fetch origin "${GITHUB_BASE_REF}:${GITHUB_BASE_REF}"
-- 
cgit v1.2.3-60-g2f50