Hi, On Thu, Apr 13, 2023 at 07:54:13PM +0000, Philippe Lafontaine via lists.yoctoproject.org wrote: > Greeting, > > I have a recipe that fetch a pre-built binary from a build machine using an > access token. Every developer will have different access token, for obvious > reason. Therefore, the token cannot be hard coded in the recipe. > > Our current build setup uses a docker container (crops/poky). Our current > solution looks like this: > > The host OS has an environment variable containing the access token. This > token is then shared with the docker container. > > Once the yocto environment is source we: > > export ="$BB_ENV_PASSTHROUGH_ADDITIONS PRIVATE_TOKEN_GIT" > > where PRIVATE_TOKEN_GIT is the access token > While this strategy does work. We were wondering if there was a better way of > doing this.
The environment variables and thus secrets are easily leaking into build logs so I would not use them. Instead, I would use .netrc for git and anything using curl (http fetcher). subversion caches passwords into ~/.subversion directory once the password has been given once. In CI, these can be deployed automatically using ansible etc and developers should setup these for their own machines. Hope this helps, -Mikko
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#59711): https://lists.yoctoproject.org/g/yocto/message/59711 Mute This Topic: https://lists.yoctoproject.org/mt/98248615/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
