allow git_ssl_no_verify env variable in build pods#9875
Merged
openshift-bot merged 1 commit intoopenshift:masterfrom Jul 20, 2016
Merged
allow git_ssl_no_verify env variable in build pods#9875openshift-bot merged 1 commit intoopenshift:masterfrom
openshift-bot merged 1 commit intoopenshift:masterfrom
Conversation
Contributor
Author
|
@liggitt bump |
Contributor
|
did we end up letting webhooks set envvars? |
Contributor
Author
|
yes but not against the privileged pod, they are subjected to the same whitelist rules this is modifying. |
Contributor
Author
|
@liggitt anything else? |
Contributor
|
did we already give them control over injecting a .gitconfig file that controlled this clone? If so, this seems fine |
Contributor
Author
|
yeah, they can provide a gitconfig via the git clone secret. |
Contributor
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/6537/) (Image: devenv-rhel7_4628) |
Contributor
Author
|
[merge] |
Contributor
|
Evaluated for origin merge up to 7049217 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This will allow users to control whether our git clone does ssl verification or not, by setting a buildconfig env variable.
@liggitt ptal, i don't think there are any security risks (other than the ones users are signing themselves up for if they set this) to letting users control this env variable within our privileged builder pod, but a sanity check would be good.