[
https://issues.apache.org/jira/browse/CB-11528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15417987#comment-15417987
]
ASF subversion and git services commented on CB-11528:
------------------------------------------------------
Commit 172349d634a015b6aebb02ec5c17b53dcbf9eabf in cordova-ios's branch
refs/heads/master from [~shazron]
[ https://git-wip-us.apache.org/repos/asf?p=cordova-ios.git;h=172349d ]
CB-11528 - Remove verbose mode from xcrun in build.js to prevent logging of
environment variables.
> Remove verbose mode from xcrun in build.js to prevent logging of environment
> variables.
> ---------------------------------------------------------------------------------------
>
> Key: CB-11528
> URL: https://issues.apache.org/jira/browse/CB-11528
> Project: Apache Cordova
> Issue Type: Improvement
> Components: iOS
> Reporter: Meir Gottlieb
> Assignee: Shazron Abdullah
>
> During the build process for IOS, xcrun is called with the "-v" option for
> verbose output. As part of the output, xcrun prints out all the environment
> variables. This can be a security issue on CI servers because CI servers
> often provide a way to store encrypted secrets that are decrypted and put in
> environment variables during the build. When xcrun prints out all the
> environment variables, the output on the CI server is then logged containing
> the unencrypted versions of the secrets.
> Current the workaround is to use the --noSign option and then call xcrun
> directly. However, it would be nice to remove the "-v" option when calling
> "xcrun" in Cordova.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
