bash 将环境变量从 Fastlane 传递给 shell 脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34855316/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Passing an environment variable to a shell script from Fastlane
提问by Lorenzo B
I'm running Fastlane(a continuous build tool for iOS) in order to execute a custom shell script for decrypting a file.
我正在运行Fastlane(适用于 iOS 的连续构建工具)以执行用于解密文件的自定义 shell 脚本。
This is the command.
这是命令。
sh "./decrypt.sh ENV['ENCRYPTION_P12']"
I cannot figured out a way to pass the environment variable to that script. Obviously, if I hardcode the pwd into the script, it works correctly.
我想不出将环境变量传递给该脚本的方法。显然,如果我将密码硬编码到脚本中,它就可以正常工作。
sh "./decrypt.sh mypwd"
Any suggestions?
有什么建议?
回答by Charles Duffy
Expanding From Within The Immediate Shell
从直接壳内扩展
Assuming that sh, here, is a fastlane command that invokes a shell command with the given argument as script text:
假设sh这里是一个 fastlane 命令,它使用给定的参数作为脚本文本调用 shell 命令:
# as a fastlane directive
sh './decrypt.sh "$ENCRYPTION_P12"'
Note that if this were being literally invoked as a command line for /bin/sh, it would need a -cargument:
请注意,如果这是作为 的命令行直接调用的/bin/sh,则它需要一个-c参数:
# in other contexts
sh -c './decrypt.sh "$ENCRYPTION_P12"'
Note that this absolutely depends on ENCRYPTION_P12being an environment variable -- that is, exported to the environment by the system by which it was set.
请注意,这绝对取决于ENCRYPTION_P12是一个环境变量——也就是说,export由设置它的系统将其添加到环境中。
Expanding from Within The Invoked Script
从调用的脚本内部扩展
That said, if it isan environment variable, you have a better option: Just use it.
也就是说,如果它是一个环境变量,你有一个更好的选择:直接使用它。
That is, inside decrypt.sh, you can refer to "$ENCRYPTION_P12"without needing to set it explicitly, as the shell implicitly imports all environment variables as shell variables -- and they're passed down to child processes without any explicit actions needed.
也就是说,在 inside 中decrypt.sh,您可以引用而"$ENCRYPTION_P12"无需显式设置它,因为 shell 将所有环境变量隐式导入为 shell 变量——并且它们被传递给子进程而无需任何显式操作。
Things to Avoid: Shell Injection Attacks
需要避免的事情:Shell 注入攻击
Finally, an aside: The dangerous way to do this would have been something like:
最后,顺便说一句:这样做的危险方法是这样的:
# INSECURE: DO NOT DO THIS
sh "./decrypt.sh #{ENV['ENCRYPTION_P12']}"
or
或者
# STILL INSECURE
sh "./decrypt.sh \"#{ENV['ENCRYPTION_P12'}\""
or
或者
# STILL INSECURE
sh "./decrypt.sh '#{ENV['ENCRYPTION_P12'}'"
...thereby substituting the value into your generated string at the Ruby level. This is dangerous, however, as that string is parsed as code -- meaning that contents of ENCRYPTION_P12could then be leveraged in shell attacks.
...从而在 Ruby 级别将值替换为生成的字符串。然而,这是危险的,因为该字符串被解析为代码——这意味着ENCRYPTION_P12可以在 shell 攻击中利用 的内容。
For instance, consider the case (given below in bash syntax):
例如,考虑这种情况(下面以 bash 语法给出):
# this will make any of the above do Very Evil Things
ENCRYPTION_P12=$'$(rm -rf ~)\'$(rm -rf ~)\''
...for which both rms will execute if directly substituted into generated shell script (as opposed to expanded during parameter expansion -- '${foo}'-- which takes place afterthe expansion phases which make this dangerous have already passed).
...rm如果直接替换到生成的 shell 脚本中,两个s 都将执行(而不是在参数扩展期间扩展 -- '${foo}'--在扩展阶段之后发生,这使得危险已经过去)。
回答by Tommy Dorsey
The fastlane specific answer is https://docs.fastlane.tools/advanced/#shell-values
fastlane 的具体答案是https://docs.fastlane.tools/advanced/#shell-values
or, from within your Fastfile:
decrypted = sh("./decrypt" ENV[ENCRYPTION_P12])
或者,从您的 Fastfile 中:
decrypted = sh("./decrypt" ENV[ENCRYPTION_P12])
