Skip to content
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions stellar-core/debian/rules
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,13 @@ override_dh_autoreconf:

# dh_make generated override targets
# This is example for Cmake (See https://bugs.debian.org/641051 )
# TOKEN should be set by caller if accessing a private repo
override_dh_auto_configure:
mkdir -p $(HOME)

Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a trailing whitespace on this otherwise empty line. This should be removed to maintain code cleanliness and avoid potential issues with whitespace-sensitive tools.

Suggested change

Copilot uses AI. Check for mistakes.
echo "https://stellar-jenkins-readonly:$(TOKEN)@github.com" > ~/.git-credentials
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The hardcoded path /.git-credentials uses the tilde () instead of the HOME variable. This is inconsistent with line 39 which uses $(HOME), and may not expand correctly in all shell contexts within a Makefile. The path should be $(HOME)/.git-credentials for consistency and reliability.

Suggested change
echo "https://stellar-jenkins-readonly:$(TOKEN)@github.com" > ~/.git-credentials
echo "https://stellar-jenkins-readonly:$(TOKEN)@github.com" > $(HOME)/.git-credentials

Copilot uses AI. Check for mistakes.
git config --global credential.helper store
Comment on lines +41 to +42
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The TOKEN variable is used without any validation or fallback handling. If TOKEN is not set or is empty, this will create a malformed git credential URL with an empty password field (https://stellar-jenkins-readonly:@github.com). Consider adding a conditional check to only configure git credentials when TOKEN is actually provided, or at minimum document that TOKEN must be set before running this target.

Suggested change
echo "https://stellar-jenkins-readonly:$(TOKEN)@github.com" > ~/.git-credentials
git config --global credential.helper store
if [ -n "$$TOKEN" ]; then \
echo "https://stellar-jenkins-readonly:$$TOKEN@github.com" > ~/.git-credentials; \
git config --global credential.helper store; \
fi

Copilot uses AI. Check for mistakes.
Comment on lines +41 to +42
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Storing credentials in plaintext in ~/.git-credentials poses a security risk. The git credential store helper saves credentials unencrypted on disk. While this may be acceptable for a CI/CD environment with ephemeral build containers, the credentials will persist in the file system. Consider documenting the security implications, using environment-specific credential helpers, or ensuring this runs only in isolated build environments. Additionally, ensure the credentials file is properly cleaned up after the build.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The git config command sets the credential helper globally (--global flag). This modifies the global git configuration for the user running the build, which could have unintended side effects if the build environment is reused or shared. Consider using --local instead to limit the configuration to the current repository, or use GIT_CONFIG_GLOBAL environment variable to point to a build-specific config file within $(HOME).

Suggested change
git config --global credential.helper store
git config --file "$(HOME)/gitconfig" credential.helper store

Copilot uses AI. Check for mistakes.

./install-rust.sh
./configure $(DEB_CONFIGURE_OPTS) $(DEB_CONFIGURE_OPTS_APPEND)

Expand Down