Meir Gottlieb created CB-11528:
----------------------------------
Summary: Remove verbose mode from xcrun in build.js to prevent
logging of environment variables.
Key: CB-11528
URL: https://issues.apache.org/jira/browse/CB-11528
Project: Apache Cordova
Issue Type: Improvement
Components: iOS
Reporter: Meir Gottlieb
During the build process for IOS, xcrun is called with the "-v" option for
verbose output. As part of the output, xcrun prints out all the environment
variables. This can be a security issue on CI servers because CI servers often
provide a way to store encrypted secrets that are decrypted and put in
environment variables during the build. When xcrun prints out all the
environment variables, the output on the CI server is then logged containing
the unencrypted versions of the secrets.
Current the workaround is to use the --noSign option and then call xcrun
directly. However, it would be nice to remove the "-v" option when calling
"xcrun" in Cordova.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
