diff options
author | Matthias Beyer <mail@beyermatthias.de> | 2020-12-08 14:16:51 +0100 |
---|---|---|
committer | Matthias Beyer <mail@beyermatthias.de> | 2020-12-08 14:47:58 +0100 |
commit | e2bce1e321313408957938302815640b095ddec9 (patch) | |
tree | 2e1a36beae85a36b8d8b377a218c1e26c7cd1f59 /config.toml | |
parent | 25ffcbbd37a983d2031a6aa172730d6957b0a6a6 (diff) |
Implement checking of allowed environment variables
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
Diffstat (limited to 'config.toml')
-rw-r--r-- | config.toml | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/config.toml b/config.toml index 1cd9626..e68b206 100644 --- a/config.toml +++ b/config.toml @@ -125,7 +125,21 @@ maxjobs = 1 [containers] -# environment variables which are allowed during container start -# This way, errors (typos) when passing environment to a build can be prevented -allowed_env = [ "PATH" ] + +# Restrict the environment that can be passed to the containers +# +# This is a security mechansim to prevent typos when passing environment +# variables (either from package definition or from CLI) to the build jobs in +# the containers. +# +# If this is set to `true`, only the variables named in `allowed_env` will be +# allowed to be passed to the container. If a variable is not in this list, +# butido will fail with an error message. +# +check_env_names = true + +# Environment variables which are allowed to be passed to a container. +# This way, errors (typos) when passing environment to a build can be prevented. +# Double-check this list +allowed_env = [ "FOO", "BAR" ] |