[
https://issues.apache.org/jira/browse/CB-11528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15416144#comment-15416144
]
Shazron Abdullah commented on CB-11528:
---------------------------------------
Line:
https://github.com/apache/cordova-ios/blob/ee8e983ae4f8d85d7c05952a793667b97611dbac/bin/templates/scripts/cordova/lib/build.js#L98
> Remove verbose mode from xcrun in build.js to prevent logging of environment
> variables.
> ---------------------------------------------------------------------------------------
>
> Key: CB-11528
> URL: https://issues.apache.org/jira/browse/CB-11528
> Project: Apache Cordova
> Issue Type: Improvement
> Components: iOS
> Reporter: Meir Gottlieb
> Assignee: Shazron Abdullah
>
> During the build process for IOS, xcrun is called with the "-v" option for
> verbose output. As part of the output, xcrun prints out all the environment
> variables. This can be a security issue on CI servers because CI servers
> often provide a way to store encrypted secrets that are decrypted and put in
> environment variables during the build. When xcrun prints out all the
> environment variables, the output on the CI server is then logged containing
> the unencrypted versions of the secrets.
> Current the workaround is to use the --noSign option and then call xcrun
> directly. However, it would be nice to remove the "-v" option when calling
> "xcrun" in Cordova.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
