mirror of
https://github.com/bitcoin/bitcoin.git
synced 2026-03-16 16:32:47 +00:00
fab73e213d
The shell scripts are inherently unsafe, because they will install new software packages, modify global configuration settings, write to the root / or $HOME, and possibly modify the git repo. The only safe way to run them is through the CI system itself, that is the ci_exec python function. The ci_exec funtion ensures that the user has set up a sandbox externally and set DANGER_RUN_CI_ON_HOST=1 at their own risk, or that a sandbox was set up with the given container_id, in which case it is safe to set DANGER_RUN_CI_ON_HOST=1 for that sandbox. Also, it is safe to set DANGER_RUN_CI_ON_HOST=1 when building the sandbox image in ci/test_imagefile. Then, the two shell scripts can reject early if unsafe execution is detected.