{{Header}}
{{#seo:
|description=todo
}}
{{intro|
todo
}}

= git symlinks =
git configuration file {{CodeSelect|inline=true|code=
~/.gitconfig
}}:

{{CodeSelect|code=
[core]
symlinks = false
}}

<code>symlinks = false</code> is more secure:

* https://nvd.nist.gov/vuln/detail/cve-2021-21300
* https://nvd.nist.gov/vuln/detail/cve-2024-32002

Use:

* Developers: Are more likely to use <code>symlinks = false</code> in <code>~/.gitconfig</code>.
* Users that build from source code: Are more likely to not use any <code>~/.gitconfig</code> file, therefore using git's default <code>symlinks = true</code>.

When not using <code>symlinks = false</code>:

* <code>find "." -type l -not -iwholename '*.git*'</code> will not detect these files as symlinks.
* These are detected as file without newline at the of file. Example:
** {{CodeSelect|inline=true|code=
file qubes/qubes-template-whonix/whonix-workstation
}}

<pre>
qubes/qubes-template-whonix/whonix-workstation: ASCII text, with no line terminators
</pre>

When using <code>symlinks = false</code>:

* <code>find "." -type l -not -iwholename '*.git*'</code> will detect these files as symlinks.
* These are detected as symlink. Example:
** {{CodeSelect|inline=true|code=
file qubes/qubes-template-whonix/whonix-workstation
}}

<pre>
qubes/qubes-template-whonix/whonix-workstation: symbolic link to whonix-gateway
</pre>

Potential issues:

* A text file versus a symbolic link can cause different build results depending on git settings, leading to bugs and/or package reproducibility issues.
* Git will translate symlink replacement text files back into symlinks when committing and pushing, meaning if you attempt to change a symlink to a real file, people who pull the repo will get a dangling symlink pointing to a very strange filename rather than getting a normal file with contents.

= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]] [[Category:Design]]