[
https://issues.apache.org/jira/browse/CB-11528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shazron Abdullah reassigned CB-11528:
-------------------------------------
Assignee: Shazron Abdullah
> Remove verbose mode from xcrun in build.js to prevent logging of environment
> variables.
> ---------------------------------------------------------------------------------------
>
> Key: CB-11528
> URL: https://issues.apache.org/jira/browse/CB-11528
> Project: Apache Cordova
> Issue Type: Improvement
> Components: iOS
> Reporter: Meir Gottlieb
> Assignee: Shazron Abdullah
>
> During the build process for IOS, xcrun is called with the "-v" option for
> verbose output. As part of the output, xcrun prints out all the environment
> variables. This can be a security issue on CI servers because CI servers
> often provide a way to store encrypted secrets that are decrypted and put in
> environment variables during the build. When xcrun prints out all the
> environment variables, the output on the CI server is then logged containing
> the unencrypted versions of the secrets.
> Current the workaround is to use the --noSign option and then call xcrun
> directly. However, it would be nice to remove the "-v" option when calling
> "xcrun" in Cordova.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
