-
Notifications
You must be signed in to change notification settings - Fork 20.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/geth, internal/flags: print envvar config source and bad names #28119
Conversation
if err := debug.Setup(ctx); err != nil { | ||
return err | ||
} | ||
flags.CheckEnvVars(ctx, app.Flags, "GETH") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
flags.CheckEnvVars(ctx, app.Flags, "GETH") | |
flags.CheckEnvVars(ctx, app.Flags, "GETH_") |
maybe?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unsure. I deliberately left it as GETH only so that if you forget the underscore or use a minus or something it still gets caught. That said, it's mostly a heuristic for now.
if ctx.Count(flag) > 0 { | ||
log.Info("Config environment variable found", "envvar", key, "shadowedby", "--"+flag) | ||
} else { | ||
log.Info("Config environment variable found", "envvar", key) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In some cases. cmd line params are sensitive (password for remote influxdb databases, password for --unlock
), but this will echo them in logs, right?
Might not be the best idea -- so far, we've been kind rightfully lax about asking people for their logs, because we know they contain nothing interesting.
Ah wait, it's only the key
, not the value? If so it's all good!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, only key for the exact reason.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…names (ethereum#28119)" This reverts commit c59e4a4.
…names (ethereum#28119)" This reverts commit c59e4a4.
One catch with env vars is that they might silently change Geth's behavior, in both directions:
Both cases would be quite tricky to debug. Further it would be a PITA for us to debug user issues when they don't share their env list, and sharing them may not be best security practice.
This PR tries to solve all 3 issues, by listing all the consumed env vars, as well as all the env vars that "seem" like GETH ones, but that are not consumed in the end.
TL;DR: