Skip to content

Move git wrapper binary outside of DATA_DIR #18439

New issue
New issue
Open
Open
Move git wrapper binary outside of DATA_DIR#18439
Labels
Waiting for: TriageAssigned automatically for any new issue, needs attention from a Weblate member.
@Trayshar

Description

@Trayshar
Trayshar
opened on Mar 9, 2026

Describe the problem

Currently, the SSH Wrapper used by Weblate is stored inside the data dir:

weblate/weblate/vcs/ssh.py

Lines 76 to 78 in 5eb1031

def ssh_file(filename: str) -> Path:
"""Generate full path to SSH configuration file."""
return data_path("ssh") / filename

weblate/weblate/vcs/ssh.py

Lines 412 to 418 in 5eb1031

def path(self) -> Path:
"""
Calculates unique wrapper path.
It is based on template and DATA_DIR settings.
"""
return ssh_file(f"bin-{self.digest}")

I disagree with that design decision, as now the data dir contains executable code (cannot be mounted as noexec) and since this file is not data and must not be persisted across deployments.

Solution brainstorm

I believe it should be moved to cache. Might not be a trivial change, since migration code would be required.

Describe alternatives you have considered

No response

Screenshots

No response

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Waiting for: TriageAssigned automatically for any new issue, needs attention from a Weblate member.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions