fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-01-11 08:00:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ci: clear S3_JWT_FILE_SCRIPT as it also contains the S3_JWT
Some checks are pending
macOS-CI / macOS-CI (dri) (push) Waiting to run
Details
macOS-CI / macOS-CI (xlib) (push) Waiting to run
Details

Browse source 
This whole thing of dumping the env var in a file and unsetting it so
that it wouldn't be visible in an env dump anymore?  Yeah, we kinda
failed here 😅

Note: setting it to an empty string instead of unsetting it allows for
redundant `eval "$S3_JWT_FILE_SCRIPT"` calls without failing over an
unset variable.

Reported-by: @alatiera
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/35050>
This commit is contained in:
Eric Engestrom 2025-05-19 11:56:34 +02:00 committed by Marge Bot
parent 701d26be9d
commit 0a52d00393
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitlab-ci.yml
View file

@ -87,6 +87,7 @@ variables:
S3_JWT_FILE: /s3_jwt
S3_JWT_FILE_SCRIPT: |-
echo -n '${S3_JWT}' > '${S3_JWT_FILE}' &&
S3_JWT_FILE_SCRIPT= &&
unset CI_JOB_JWT S3_JWT # Unsetting vulnerable env variables
S3_HOST: s3.freedesktop.org
# This bucket is used to fetch ANDROID prebuilts and images