AlexIndustrial/mesa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: clear S3_JWT_FILE_SCRIPT as it also contains the S3_JWT

Browse Source 
This whole thing of dumping the env var in a file and unsetting it so
that it wouldn't be visible in an env dump anymore?  Yeah, we kinda
failed here 😅

Note: setting it to an empty string instead of unsetting it allows for
redundant `eval "$S3_JWT_FILE_SCRIPT"` calls without failing over an
unset variable.

Reported-by: @alatiera
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/35050>
This commit is contained in:
Eric Engestrom
2025-05-19 11:56:34 +02:00
committed by Marge Bot
parent 701d26be9d
commit 0a52d00393
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitlab-ci.yml
View File

@@ -87,6 +87,7 @@ variables:
S3_JWT_FILE: /s3_jwt S3_JWT_FILE: /s3_jwt
S3_JWT_FILE_SCRIPT: |- S3_JWT_FILE_SCRIPT: |-
echo -n '${S3_JWT}' > '${S3_JWT_FILE}' && echo -n '${S3_JWT}' > '${S3_JWT_FILE}' &&
S3_JWT_FILE_SCRIPT= &&
unset CI_JOB_JWT S3_JWT # Unsetting vulnerable env variables unset CI_JOB_JWT S3_JWT # Unsetting vulnerable env variables
S3_HOST: s3.freedesktop.org S3_HOST: s3.freedesktop.org
# This bucket is used to fetch ANDROID prebuilts and images # This bucket is used to fetch ANDROID prebuilts and images