ci: clear S3_JWT_FILE_SCRIPT as it also contains the S3_JWT
This whole thing of dumping the env var in a file and unsetting it so that it wouldn't be visible in an env dump anymore? Yeah, we kinda failed here 😅 Note: setting it to an empty string instead of unsetting it allows for redundant `eval "$S3_JWT_FILE_SCRIPT"` calls without failing over an unset variable. Reported-by: @alatiera Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/35050>
This commit is contained in:
Eric Engestrom
committed by
Marge Bot
Marge Bot
parent
701d26be9d
commit
0a52d00393
@@ -87,6 +87,7 @@ variables:
|
||||
S3_JWT_FILE: /s3_jwt
|
||||
S3_JWT_FILE_SCRIPT: |-
|
||||
echo -n '${S3_JWT}' > '${S3_JWT_FILE}' &&
|
||||
S3_JWT_FILE_SCRIPT= &&
|
||||
unset CI_JOB_JWT S3_JWT # Unsetting vulnerable env variables
|
||||
S3_HOST: s3.freedesktop.org
|
||||
# This bucket is used to fetch ANDROID prebuilts and images
|
||||
|
||||
Reference in New Issue
Block a user