inx
1bc109ae64
Explicitly inject `gpg.ssh.program=ssh-keygen` during blind injection. Leaving this unset would allow global configuration (potentially malicious) to bleed into the ephemeral session. Setting it to empty string causes Git to crash. Using the system default `ssh-keygen` ensures both stability and isolation. |
||
|---|---|---|
| scripts | ||
| src | ||
| tests | ||
| .gitignore | ||
| Cargo.toml | ||
| LICENSE | ||
| README.md | ||
Gosh (Git Operations SHell)
Gosh is a lightweight, secure, and idempotent wrapper for Git, written in Rust. It solves the chaos of managing multiple Git identities (Work vs. Personal) by strictly isolating configurations and preventing accidental identity leaks.
🚀 Features
- 🛡️ Fail-Safe Security: Uses "Blind Injection" to forcibly wipe global identity keys before applying a profile. If your profile lacks a key, Gosh fails securely rather than falling back to your global
~/.gitconfig. - ⚡ Ephemeral Execution: Run commands like
gosh work commitwithout modifying any files on disk. Perfect for one-off fixes. - 💾 Persistent Switching: Permanently bind a repository to an identity using Git's native
[include]directive. - 🛠️ Zero Config Setup: Automatically handles
cloneandinitsetup, applying the correct identity immediately. - 📂 Portable Profiles: Profiles are stored in
~/.config/gosh/profiles/, designed to be synced via a private Git repository.
📦 Installation
From Source
cargo install --path .
📖 Usage
1. Management: Create Identities
Gosh manages identities as "Profiles".
# Syntax: gosh -c <Name> <Email> <ProfileID>
gosh -c "Alice Work" "alice@company.com" "work"
gosh -c "Alice Hobby" "alice@gmail.com" "personal"
# List all profiles
gosh -l
# Edit a profile (e.g., to add signingkey or sshCommand)
gosh -e work
2. Workflow A: Setup New Projects (Recommended)
When you clone or init a repository, Gosh automatically sets up the local config.
# Clones the repo and immediately binds it to the "work" profile
gosh work clone git@github.com:company/backend.git
# Inside the repo, you can now just use standard git
cd backend
git config user.email # Output: alice@company.com
3. Workflow B: One-off Commands (Exec Mode)
Run a command with a specific identity without modifying the repository config.
# Temporarily commit as "personal" in a work repo (e.g., fixing a typo)
gosh personal commit -m "Fix typo"
# Verification
gosh personal config user.email
4. Workflow C: Switch Identity (Persistent)
Change the identity bound to an existing repository.
cd my-repo
gosh work
# If the repo has "dirty" config (manually set user.name), force overwrite it:
gosh work -f
⚙️ Configuration
Gosh follows the XDG Base Directory specification.
- Config File:
~/.config/gosh/gosh.toml - Profiles:
~/.config/gosh/profiles/*.gitconfig
On the first run, Gosh will automatically create these directories and a default configuration file.
Environment Variables
GOSH_CONFIG_PATH: Override the config directory (Useful for NixOS or testing).GOSH_MOCKING=1: Dry-run mode. Prints the constructedgitcommand to stderr instead of executing it.
🔒 Security Design: Blind Injection
In Exec Mode, Gosh does not read your local configuration to decide what to override. Instead, it aggressively injects empty values for sensitive keys before applying your profile.
Example command generated by Gosh:
git \
-c user.name="" \ # 1. Wipe potential leaks
-c user.email="" \
-c user.signingkey="" \
-c commit.gpgsign=false \
-c include.path=~/.config/gosh/profiles/work.gitconfig \ # 2. Apply Profile
commit ...
This ensures that if your "work" profile is missing a GPG key, Git will error out ("Secret key not available") rather than silently using your personal GPG key from ~/.gitconfig.
📦 Build Artifacts
Use a machine running Linux to build artifacts for all targets. rustup, cross, and podman/docker are required.
Run build.sh to build artifacts for all targets.