Skip to content

Adjust update to honor custom SSH command #21822

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sfc-gh-ksmogor wants to merge 3 commits into
base: main
Choose a base branch
from
+6 −2
Open

Adjust update to honor custom SSH command #21822

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2be9a78
Include GIT_SSH_COMMAND in FILTERED ENVS
sfc-gh-ksmogor Mar 24, 2026
e4ecefc
Add BatchMode only when default ssh is used.
sfc-gh-ksmogor Mar 24, 2026
25e4516
Fix style
sfc-gh-ksmogor Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion Library/Homebrew/cmd/update.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -618,7 +618,11 @@ EOS
fi

export GIT_TERMINAL_PROMPT="0"
export GIT_SSH_COMMAND="${GIT_SSH_COMMAND:-ssh} -oBatchMode=yes"
# Set GIT_SSH_COMMAND only when user haven't set custom SSH command
if [[ -z "${GIT_SSH_COMMAND}" ]] && ! git config --get core.sshCommand &>/dev/null
Copy link
Copy Markdown
Member

@MikeMcQuaid MikeMcQuaid Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is worth checking if this command is actually a non-empty string and valid?

then
export GIT_SSH_COMMAND="ssh -oBatchMode=yes"
fi

if [[ -n "${HOMEBREW_GIT_NAME}" ]]
then
Expand Down
2 changes: 1 addition & 1 deletion bin/brew
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,7 @@ PATH="/usr/bin:/bin:/usr/sbin:/sbin"
FILTERED_ENV=()
ENV_VAR_NAMES=(
HOME SHELL PATH TERM TERMINFO TERMINFO_DIRS COLUMNS DISPLAY LOGNAME USER CI SSH_AUTH_SOCK SUDO_ASKPASS
http_proxy https_proxy ftp_proxy no_proxy all_proxy HTTPS_PROXY FTP_PROXY ALL_PROXY
http_proxy https_proxy ftp_proxy no_proxy all_proxy HTTPS_PROXY FTP_PROXY ALL_PROXY GIT_SSH_COMMAND
Copy link
Copy Markdown
Member

@carlocab carlocab Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we want to pass this variable through transparently. Can we use USED_BY_HOMEBREW_VARS above instead?

You'll also need to make sure this interacts properly with HOMEBREW_SSH_CONFIG_PATH:

brew/Library/Homebrew/brew.sh

Lines 1093 to 1097 in c437bf7

# Use this configuration file instead of ~/.ssh/config when fetching git over SSH.
if [[ -n "${HOMEBREW_SSH_CONFIG_PATH}" ]]
then
export GIT_SSH_COMMAND="ssh -F${HOMEBREW_SSH_CONFIG_PATH}"
fi

Copy link
Copy Markdown
Author

@sfc-gh-ksmogor sfc-gh-ksmogor Mar 26, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I read the USED_BY_HOMEBREW_VARS and it looks fine to use this mechanism.

I also would like to understand how to treat the config and additional flags. Because from my understanding of the current code, it looks like -oBatchMode=yes and -F/config/path options are treated independently (as decorators). So it looks like the custom ssh command should be ready for decorating by those two options. Is it fine to assume that for brew users? Anyone wanted to use custom ssh command has to expect that brew will add some flags to it before passing it to git.

I can change all places that use plain ssh to fill GIT_SSH_COMMAND. Those places will use value from HOMEBREW_GIT_SSH_COMMAND or from global git config.

Copy link
Copy Markdown
Member

@MikeMcQuaid MikeMcQuaid Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I read the USED_BY_HOMEBREW_VARS and it looks fine to use this mechanism.

To be more explicit: we're telling you we don't want to do that.

I can change all places that use plain ssh to fill GIT_SSH_COMMAND.

This seems overkill. Let's keep this change as tightly scoped as possible.

)
# Filter all but the specific variables.
for VAR in "${ENV_VAR_NAMES[@]}" "${!HOMEBREW_@}"
Expand Down
Loading