ci: virgl: make crosvm-runner pass variables in a secure way
crosvm-runner.sh
was using export -p
to create an environment script
for the virtualized system, but this command will dump every declared
environment variable in the system, which includes Gitlab's CI variables
with sensitive data, such as passwords and auth tokens.
Replacing export -p
to generate-env.sh
, which only exports the
necessary variables for Mesa CI jobs.
Extra changes:
- Stop changing ${PWD} variable programmatically in scripts. ${PWD} is a
variable used by most prolific coreutils and bash commands, such as
cd
andpwd
, besides it is set by subshells [1]; changing this variable may lead to complex situations. As drop-in replacement for ${PWD}, use ${DEQP_BIN_DIR} to flag that there is a special folder where dEQP should be run. - Double quote path and array variables. See: https://github.com/koalaman/shellcheck/wiki/SC2086
- Do not export variables directly from commands output. See: https://github.com/koalaman/shellcheck/wiki/SC2155
[1] One might think that $PWD
inside the subshell would be set to test
, but it isn't.
$ cd /tmp
$ export PWD=test; bash -c 'echo $PWD'
/tmp