ci: virgl: make crosvm-runner pass variables in a secure way (!14626) · Merge requests · Mesa / mesa

Guilherme Gallo requested to merge gallo/mesa:ci-fix-crosvm-env-setup into main Jan 19, 2022

crosvm-runner.sh was using export -p to create an environment script for the virtualized system, but this command will dump every declared environment variable in the system, which includes Gitlab's CI variables with sensitive data, such as passwords and auth tokens.

Replacing export -p to generate-env.sh, which only exports the necessary variables for Mesa CI jobs.

Extra changes:

Stop changing ${PWD} variable programmatically in scripts. ${PWD} is a variable used by most prolific coreutils and bash commands, such as cd and pwd, besides it is set by subshells [1]; changing this variable may lead to complex situations. As drop-in replacement for ${PWD}, use ${DEQP_BIN_DIR} to flag that there is a special folder where dEQP should be run.
Double quote path and array variables. See: https://github.com/koalaman/shellcheck/wiki/SC2086
Do not export variables directly from commands output. See: https://github.com/koalaman/shellcheck/wiki/SC2155

[1] One might think that $PWD inside the subshell would be set to test, but it isn't.

$ cd /tmp
$ export PWD=test; bash -c 'echo $PWD'
/tmp

Admin message

ci: virgl: make crosvm-runner pass variables in a secure way

Merge request reports