@@ -56,6 +56,17 @@ fn now() -> String {
5656 . to_string ( )
5757}
5858
59+ fn git ( ) -> Command {
60+ let mut cmd = Command :: new ( GIT ) ;
61+ // Disable Git config: https://git-scm.com/docs/git/2.47.0#Documentation/git.txt-GITCONFIGGLOBAL
62+ cmd. env ( "GIT_CONFIG_GLOBAL" , "/dev/null" )
63+ . env ( "GIT_CONFIG_SYSTEM" , "/dev/null" ) ;
64+ // For example, without this, the `git remote` check in `Cache::new` would fail if someone uses
65+ // `pushInsteadOf` to push with SSH instead of HTTPS for GitHub:
66+ // https://git-scm.com/docs/git-config/2.47.0#Documentation/git-config.txt-urlbasepushInsteadOf
67+ cmd
68+ }
69+
5970#[ derive( Error , Debug ) ]
6071#[ error( "invalid Git SHA" ) ]
6172struct ParseShaError ;
@@ -265,7 +276,7 @@ impl Cache {
265276
266277 let git_dir = dir. join ( CacheKey :: Git . name ( ) ) ;
267278 if fs:: exists ( & git_dir) ? {
268- let output = Command :: new ( GIT )
279+ let output = git ( )
269280 . arg ( "-C" )
270281 . arg ( & git_dir)
271282 . args ( [ "remote" , "--verbose" ] )
@@ -305,7 +316,7 @@ impl Cache {
305316 }
306317
307318 fn git ( & self ) -> Command {
308- let mut cmd = Command :: new ( GIT ) ;
319+ let mut cmd = git ( ) ;
309320 // Because we did a blobless clone, some commands that wouldn't normally need network access
310321 // might try to lazily fetch objects. We consider it a bug for subcommands other than
311322 // `fetch` to access the network (modulo `nix flake update` as used by the `checkout` and
@@ -898,7 +909,7 @@ async fn main() -> anyhow::Result<()> {
898909 if missing_git {
899910 let repo = "https://github.com/NixOS/nixpkgs.git" ;
900911 // We shouldn't need any trees or blobs, only history information.
901- let status = Command :: new ( GIT )
912+ let status = git ( )
902913 . args ( [ "clone" , "--mirror" , "--filter=tree:0" , repo] )
903914 . arg ( cache. path ( CacheKey :: Git ) )
904915 . status ( ) ?;
0 commit comments