Any way to disable probing GitHub?

Question

Any way to disable probing GitHub?

Opened this issue a month ago · 7 comments

I'm using sops in a network environment where I will never ever in a million years be able to contact github.com directly. I'd like to be able to call sops -v without it complaining that it can't check what's the latest version.

Is there any environment variable perhaps that controls this behavior?

Answer 1 · 2024-10-28T11:27:18.000Z

Alright I found myself aliasing sops to sops --disable-version-check.

Answer 2 · 2024-10-28T17:23:30.000Z

Yes, if you don't want sops -v to contact GitHub, you need to pass --disable-version-check.

Answer 3 · 2024-10-28T17:25:21.000Z

What kind of REST API call is actually used to get this info? Perhaps I could emulate it from my side of the intranet

Answer 4 · 2024-10-28T17:29:52.000Z

It tries two approaches (see https://github.com/getsops/sops/blob/main/version/version.go#L136):

First it tries https://github.com/getsops/sops/releases/latest to see where this redirects to;
Then it tries the GitHub REST API.

Answer 5 · 2024-11-04T09:53:56.000Z

can we please have an environment variable for that? quite uncool that a security tool leaks my ip address without consent.

Answer 6 · 2024-11-24T22:55:03.000Z

@c33s What should the behaviour of that environment variable be? Would you like it to be an alternative to the --disable-version-check flag?

Can you check if #1684 solves your use-case? Any non-empty value to that environment variable will disable the remote version check.

Answer 7 · 2024-11-25T08:38:20.000Z

@nicklasfrahm yes #1684 is the behavior i was looking for.

still i would vote for opt-in instead of opt-out (eu gdpr): don't contact anything until i explicitly pass a --do-version-check flag or set the variable SOPS_ENABLE_VERSION_CHECK but i assume this would a different issue, would it?