buildworker: start: fix leaking BUILDWORKER_TLS env variable
authorPetr Štetiar <ynezz@true.cz>
Sat, 28 Sep 2024 17:12:55 +0000 (17:12 +0000)
committerPetr Štetiar <ynezz@true.cz>
Sat, 28 Sep 2024 17:17:50 +0000 (17:17 +0000)
I've noticed leakage of BUILDWORKER_TLS environment variable in build
logs, so lets fix it in a generic way via new
`cleanup_buildworker_env_variables()` by using Bash's parameter
expansion and unset all environment variables starting with BUILDWORKER_
prefix.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
docker/buildworker/files/start.sh

index 1034407cd370c60625043ba12e9f3180977ae1ae..5e0147a61f97df7eb1d34b2d49e69254b33b62e2 100644 (file)
@@ -1,5 +1,11 @@
 #!/usr/bin/env bash
 
+cleanup_buildworker_env_variables() {
+       for var in "${!BUILDWORKER_@}"; do
+               unset "$var"
+       done
+}
+
 [ -n "$BUILDWORKER_NAME" ] || {
        echo "Please supply a name via --env BUILDWORKER_NAME=XXX" >&2
        exit 1
@@ -24,7 +30,6 @@ rm -f /builder/buildbot.tac
 echo "$BUILDWORKER_ADMIN" > /builder/info/admin
 echo "$BUILDWORKER_DESCRIPTION" > /builder/info/host
 
-unset BUILDWORKER_ADMIN BUILDWORKER_DESCRIPTION BUILDWORKER_MASTER BUILDWORKER_NAME BUILDWORKER_PASSWORD
-
+cleanup_buildworker_env_variables
 rm -f /builder/twistd.pid
 exec /opt/venv/bin/buildbot-worker start --nodaemon /builder