mirror of
git://git.yoctoproject.org/layerindex-web.git
synced 2025-07-19 20:59:01 +02:00
Use shell=False where possible with utils.runcmd()
It's best practice for security reasons to use shell=False and pass command line arguments as a list; it also avoids some pain with escaping, so let's use it everywhere we can (in fact we're only left with one place in layerindex/tasks.py where we now pass shell=True). Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
This commit is contained in:
Paul Eggleton
parent
ecd584f609
commit
303d7ca235
|
|
@ -50,7 +50,7 @@ def run_update_command(self, branch_name, update_command):
|
||||||
retcode = 0
|
retcode = 0
|
||||||
erroutput = None
|
erroutput = None
|
||||||
try:
|
try:
|
||||||
output = utils.runcmd(update_command, os.path.dirname(os.path.dirname(__file__)), outfile=logfile)
|
output = utils.runcmd(update_command, os.path.dirname(os.path.dirname(__file__)), outfile=logfile, shell=True)
|
||||||
except subprocess.CalledProcessError as e:
|
except subprocess.CalledProcessError as e:
|
||||||
output = e.output
|
output = e.output
|
||||||
erroutput = output
|
erroutput = output
|
||||||
|
|
|
||||||
|
|
@ -302,9 +302,9 @@ def main():
|
||||||
out = None
|
out = None
|
||||||
try:
|
try:
|
||||||
if not os.path.exists(repodir):
|
if not os.path.exists(repodir):
|
||||||
out = utils.runcmd("git clone %s %s" % (layer.vcs_url, urldir), fetchdir, logger=logger)
|
out = utils.runcmd(['git', 'clone', layer.vcs_url, urldir], fetchdir, logger=logger)
|
||||||
else:
|
else:
|
||||||
out = utils.runcmd("git fetch", repodir, logger=logger)
|
out = utils.runcmd(['git', 'fetch'], repodir, logger=logger)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error("Fetch failed: %s" % str(e))
|
logger.error("Fetch failed: %s" % str(e))
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
@ -313,10 +313,10 @@ def main():
|
||||||
if (options.actual_branch):
|
if (options.actual_branch):
|
||||||
actual_branch = options.actual_branch
|
actual_branch = options.actual_branch
|
||||||
try:
|
try:
|
||||||
out = utils.runcmd("git checkout origin/%s" % actual_branch, repodir, logger=logger)
|
out = utils.runcmd(['git', 'checkout', 'origin/%s' % actual_branch], repodir, logger=logger)
|
||||||
except subprocess.CalledProcessError:
|
except subprocess.CalledProcessError:
|
||||||
actual_branch = None
|
actual_branch = None
|
||||||
branches = utils.runcmd("git branch -r", repodir, logger=logger)
|
branches = utils.runcmd(['git', 'branch', '-r'], repodir, logger=logger)
|
||||||
for line in branches.splitlines():
|
for line in branches.splitlines():
|
||||||
if 'origin/HEAD ->' in line:
|
if 'origin/HEAD ->' in line:
|
||||||
actual_branch = line.split('-> origin/')[-1]
|
actual_branch = line.split('-> origin/')[-1]
|
||||||
|
|
@ -324,7 +324,7 @@ def main():
|
||||||
if not actual_branch:
|
if not actual_branch:
|
||||||
logger.error("Repository has no master branch nor origin/HEAD")
|
logger.error("Repository has no master branch nor origin/HEAD")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
out = utils.runcmd("git checkout origin/%s" % actual_branch, repodir, logger=logger)
|
out = utils.runcmd(['git', 'checkout', 'origin/%s' % actual_branch], repodir, logger=logger)
|
||||||
|
|
||||||
layer_paths = []
|
layer_paths = []
|
||||||
if options.subdir:
|
if options.subdir:
|
||||||
|
|
|
||||||
|
|
@ -77,7 +77,7 @@ class ImportProject:
|
||||||
def add_layer(self, layer):
|
def add_layer(self, layer):
|
||||||
self.logger.debug("Processing layer %s" % layer)
|
self.logger.debug("Processing layer %s" % layer)
|
||||||
try:
|
try:
|
||||||
git_dir = utils.runcmd("git rev-parse --show-toplevel", destdir=layer, logger=self.logger)
|
git_dir = utils.runcmd(['git', 'rev-parse', '--show-toplevel'], destdir=layer, logger=self.logger)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
self.logger.error("Cannot get root dir for layer %s: %s - Skipping." % (layer, str(e)))
|
self.logger.error("Cannot get root dir for layer %s: %s - Skipping." % (layer, str(e)))
|
||||||
return 1
|
return 1
|
||||||
|
|
@ -93,20 +93,20 @@ class ImportProject:
|
||||||
layer_name = self.get_layer_name(layer)
|
layer_name = self.get_layer_name(layer)
|
||||||
|
|
||||||
for i in [1, 2, 3]:
|
for i in [1, 2, 3]:
|
||||||
remote = utils.runcmd("git remote", destdir=git_dir, logger=self.logger)
|
remote = utils.runcmd(['git', 'remote'], destdir=git_dir, logger=self.logger)
|
||||||
if not remote:
|
if not remote:
|
||||||
self.logger.warning("Cannot find remote git for %s" % layer_name)
|
self.logger.warning("Cannot find remote git for %s" % layer_name)
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
try:
|
try:
|
||||||
git_url = utils.runcmd("git config --get remote.%s.url" % remote, destdir=git_dir, logger=self.logger)
|
git_url = utils.runcmd(['git', 'config', '--get', 'remote.%s.url' % remote], destdir=git_dir, logger=self.logger)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
self.logger.info("Cannot get remote.%s.url for git dir %s: %s" % (remote, git_dir, str(e)))
|
self.logger.info("Cannot get remote.%s.url for git dir %s: %s" % (remote, git_dir, str(e)))
|
||||||
|
|
||||||
if not os.path.exists(git_url):
|
if not os.path.exists(git_url):
|
||||||
# Assume this is remote.
|
# Assume this is remote.
|
||||||
self.logger.debug("Found git url = %s" % git_url)
|
self.logger.debug("Found git url = %s" % git_url)
|
||||||
remote_branch = utils.runcmd( "git rev-parse --abbrev-ref --symbolic-full-name @\{u\}", destdir=git_dir, logger=self.logger)
|
remote_branch = utils.runcmd(['git', 'rev-parse', '--abbrev-ref', '--symbolic-full-name', '@{u}'], destdir=git_dir, logger=self.logger)
|
||||||
if remote_branch.startswith(remote):
|
if remote_branch.startswith(remote):
|
||||||
actual_branch = remote_branch[len(remote) + 1:]
|
actual_branch = remote_branch[len(remote) + 1:]
|
||||||
break
|
break
|
||||||
|
|
|
||||||
|
|
@ -103,9 +103,9 @@ def fetch_repo(vcs_url, repodir, urldir, fetchdir, layer_name):
|
||||||
logger.info("Fetching remote repository %s" % vcs_url)
|
logger.info("Fetching remote repository %s" % vcs_url)
|
||||||
try:
|
try:
|
||||||
if not os.path.exists(repodir):
|
if not os.path.exists(repodir):
|
||||||
utils.runcmd(['git', 'clone', vcs_url, urldir], fetchdir, logger=logger, printerr=False, shell=False)
|
utils.runcmd(['git', 'clone', vcs_url, urldir], fetchdir, logger=logger, printerr=False)
|
||||||
else:
|
else:
|
||||||
utils.runcmd("git fetch -p", repodir, logger=logger, printerr=False)
|
utils.runcmd(['git', 'fetch', '-p'], repodir, logger=logger, printerr=False)
|
||||||
return (vcs_url, None)
|
return (vcs_url, None)
|
||||||
except subprocess.CalledProcessError as e:
|
except subprocess.CalledProcessError as e:
|
||||||
logger.error("Fetch of layer %s failed: %s" % (layer_name, e.output))
|
logger.error("Fetch of layer %s failed: %s" % (layer_name, e.output))
|
||||||
|
|
|
||||||
|
|
@ -231,19 +231,19 @@ def checkout_repo(repodir, commit, logger, force=False):
|
||||||
# git clone <url>
|
# git clone <url>
|
||||||
# warning: remote HEAD refers to nonexistent ref, unable to checkout.
|
# warning: remote HEAD refers to nonexistent ref, unable to checkout.
|
||||||
# So check and avoid that
|
# So check and avoid that
|
||||||
currentref = runcmd("git rev-parse HEAD", repodir, logger=logger).strip()
|
currentref = runcmd(['git', 'rev-parse', 'HEAD'], repodir, logger=logger).strip()
|
||||||
except Exception as esc:
|
except Exception as esc:
|
||||||
logger.warn(esc)
|
logger.warn(esc)
|
||||||
currentref = ''
|
currentref = ''
|
||||||
if currentref != commit:
|
if currentref != commit:
|
||||||
# Reset in case there are added but uncommitted changes
|
# Reset in case there are added but uncommitted changes
|
||||||
runcmd("git reset --hard", repodir, logger=logger)
|
runcmd(['git', 'reset', '--hard'], repodir, logger=logger)
|
||||||
# Drop any untracked files in case these cause problems (either because
|
# Drop any untracked files in case these cause problems (either because
|
||||||
# they will exist in the revision we're checking out, or will otherwise
|
# they will exist in the revision we're checking out, or will otherwise
|
||||||
# interfere with operation, e.g. stale pyc files)
|
# interfere with operation, e.g. stale pyc files)
|
||||||
runcmd("git clean -qdfx", repodir, logger=logger)
|
runcmd(['git', 'clean', '-qdfx'], repodir, logger=logger)
|
||||||
# Now check out the revision
|
# Now check out the revision
|
||||||
runcmd(['git', 'checkout', commit], repodir, logger=logger, shell=False)
|
runcmd(['git', 'checkout', commit], repodir, logger=logger)
|
||||||
|
|
||||||
def checkout_layer_branch(layerbranch, repodir, logger=None):
|
def checkout_layer_branch(layerbranch, repodir, logger=None):
|
||||||
branchname = layerbranch.get_checkout_branch()
|
branchname = layerbranch.get_checkout_branch()
|
||||||
|
|
@ -289,7 +289,7 @@ def parse_layer_conf(layerdir, data, logger=None):
|
||||||
data.expandVarref('LAYERDIR')
|
data.expandVarref('LAYERDIR')
|
||||||
|
|
||||||
child_pid = 0
|
child_pid = 0
|
||||||
def runcmd(cmd, destdir=None, printerr=True, outfile=None, logger=None, shell=True):
|
def runcmd(cmd, destdir=None, printerr=True, outfile=None, logger=None, shell=False):
|
||||||
"""
|
"""
|
||||||
execute command, raise CalledProcessError if fail
|
execute command, raise CalledProcessError if fail
|
||||||
return output if succeed
|
return output if succeed
|
||||||
|
|
|
||||||
|
|
@ -277,7 +277,7 @@ def bulk_change_patch_view(request, pk):
|
||||||
# FIXME this couples the web server and machine running the update script together,
|
# FIXME this couples the web server and machine running the update script together,
|
||||||
# but given that it's a separate script the way is open to decouple them in future
|
# but given that it's a separate script the way is open to decouple them in future
|
||||||
try:
|
try:
|
||||||
ret = utils.runcmd('%s bulkchange.py %d %s' % (sys.executable, int(pk), settings.TEMP_BASE_DIR), os.path.dirname(__file__))
|
ret = utils.runcmd([sys.executable, 'bulkchange.py', str(int(pk)), settings.TEMP_BASE_DIR], os.path.dirname(__file__), shell=False)
|
||||||
if ret:
|
if ret:
|
||||||
fn = ret.splitlines()[-1]
|
fn = ret.splitlines()[-1]
|
||||||
if os.path.exists(fn):
|
if os.path.exists(fn):
|
||||||
|
|
|
||||||
|
|
@ -78,8 +78,8 @@ def maintainers_inc_history(options, logger, maintplan, layerbranch, repodir, la
|
||||||
|
|
||||||
logger.debug('Checking maintainers.inc history for %s' % layerbranch)
|
logger.debug('Checking maintainers.inc history for %s' % layerbranch)
|
||||||
|
|
||||||
commits = utils.runcmd("git log --format='%%H' --reverse --date=rfc origin/master %s"
|
commits = utils.runcmd(['git', 'log', '--format=%H', '--reverse', '--date=rfc', 'origin/master',
|
||||||
% os.path.join(layerbranch.vcs_subdir, MAINTAINERS_INCLUDE_PATH),
|
os.path.join(layerbranch.vcs_subdir, MAINTAINERS_INCLUDE_PATH)],
|
||||||
repodir, logger=logger)
|
repodir, logger=logger)
|
||||||
|
|
||||||
no_maintainer, _ = Maintainer.objects.get_or_create(name='No maintainer')
|
no_maintainer, _ = Maintainer.objects.get_or_create(name='No maintainer')
|
||||||
|
|
@ -93,7 +93,7 @@ def maintainers_inc_history(options, logger, maintplan, layerbranch, repodir, la
|
||||||
logger.debug("Analysing commit %s ..." % (commit))
|
logger.debug("Analysing commit %s ..." % (commit))
|
||||||
|
|
||||||
(author_name, author_email, date, title) = \
|
(author_name, author_email, date, title) = \
|
||||||
get_commit_info(utils.runcmd("git show " + commit, repodir,
|
get_commit_info(utils.runcmd(['git', 'show', commit], repodir,
|
||||||
logger=logger), logger)
|
logger=logger), logger)
|
||||||
|
|
||||||
author = Maintainer.create_or_update(author_name, author_email)
|
author = Maintainer.create_or_update(author_name, author_email)
|
||||||
|
|
@ -101,7 +101,7 @@ def maintainers_inc_history(options, logger, maintplan, layerbranch, repodir, la
|
||||||
sha1=commit, layerbranch=layerbranch)
|
sha1=commit, layerbranch=layerbranch)
|
||||||
rms.save()
|
rms.save()
|
||||||
|
|
||||||
utils.runcmd("git checkout %s -f" % commit,
|
utils.runcmd(['git', 'checkout', commit, '-f'],
|
||||||
repodir, logger=logger)
|
repodir, logger=logger)
|
||||||
|
|
||||||
with open(maintainers_full_path, 'r') as f:
|
with open(maintainers_full_path, 'r') as f:
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,7 @@ def run_internal(maintplanlayerbranch, commit, commitdate, options, logger, bitb
|
||||||
else:
|
else:
|
||||||
cmdprefix = 'python3'
|
cmdprefix = 'python3'
|
||||||
|
|
||||||
bitbake_rev = utils.runcmd('git rev-list -1 --before="%s" origin/master' % str(commitdate),
|
bitbake_rev = utils.runcmd(['git', 'rev-list', '-1', '--before=%s' % str(commitdate), 'origin/master'],
|
||||||
bitbakepath, logger=logger)
|
bitbakepath, logger=logger)
|
||||||
check_rev = bitbake_map.get(bitbake_rev, None)
|
check_rev = bitbake_map.get(bitbake_rev, None)
|
||||||
if check_rev:
|
if check_rev:
|
||||||
|
|
@ -128,29 +128,29 @@ def upgrade_history(options, logger):
|
||||||
if options.commit:
|
if options.commit:
|
||||||
initial = False
|
initial = False
|
||||||
since = options.commit
|
since = options.commit
|
||||||
since_option = '%s^..%s' % (options.commit, options.commit)
|
since_option = ['%s^..%s' % (options.commit, options.commit)]
|
||||||
elif maintplanbranch.upgrade_rev and not options.fullreload:
|
elif maintplanbranch.upgrade_rev and not options.fullreload:
|
||||||
initial = False
|
initial = False
|
||||||
since = maintplanbranch.upgrade_date
|
since = maintplanbranch.upgrade_date
|
||||||
since_option = '%s..origin/master' % maintplanbranch.upgrade_rev
|
since_option = ['%s..origin/master' % maintplanbranch.upgrade_rev]
|
||||||
else:
|
else:
|
||||||
initial = True
|
initial = True
|
||||||
since = options.since
|
since = options.since
|
||||||
since_option = '--since="%s" origin/master' % since
|
since_option = ['--since=%s' % since, 'origin/master']
|
||||||
|
|
||||||
repo = git.Repo(repodir)
|
repo = git.Repo(repodir)
|
||||||
if repo.bare:
|
if repo.bare:
|
||||||
logger.error('Repository %s is bare, not supported' % repodir)
|
logger.error('Repository %s is bare, not supported' % repodir)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
commits = utils.runcmd("git log %s --format='%%H %%ct' --reverse" % since_option,
|
commits = utils.runcmd(['git', 'log'] + since_option + ['--format=%H %ct', '--reverse'],
|
||||||
repodir,
|
repodir,
|
||||||
logger=logger)
|
logger=logger)
|
||||||
commit_list = commits.split('\n')
|
commit_list = commits.split('\n')
|
||||||
|
|
||||||
bitbake_map = {}
|
bitbake_map = {}
|
||||||
# Filter out some bad commits
|
# Filter out some bad commits
|
||||||
bitbake_commits = utils.runcmd("git rev-list fef18b445c0cb6b266cd939b9c78d7cbce38663f^..39780b1ccbd76579db0fc6fb9369c848a3bafa9d^",
|
bitbake_commits = utils.runcmd(['git', 'rev-list', 'fef18b445c0cb6b266cd939b9c78d7cbce38663f^..39780b1ccbd76579db0fc6fb9369c848a3bafa9d^'],
|
||||||
bitbakepath,
|
bitbakepath,
|
||||||
logger=logger)
|
logger=logger)
|
||||||
bitbake_commit_list = bitbake_commits.splitlines()
|
bitbake_commit_list = bitbake_commits.splitlines()
|
||||||
|
|
|
||||||
|
|
@ -71,7 +71,7 @@ def send_email(maintplan, recipes, options):
|
||||||
urldir = layer.get_fetch_dir()
|
urldir = layer.get_fetch_dir()
|
||||||
repodir = os.path.join(fetchdir, urldir)
|
repodir = os.path.join(fetchdir, urldir)
|
||||||
# FIXME this assumes the correct branch is checked out
|
# FIXME this assumes the correct branch is checked out
|
||||||
topcommitdesc = utils.runcmd("git log -1 --oneline", repodir).strip()
|
topcommitdesc = utils.runcmd(['git', 'log', '-1', '--oneline'], repodir).strip()
|
||||||
commits.append('%s: %s' % (layerbranch.layer.name, topcommitdesc))
|
commits.append('%s: %s' % (layerbranch.layer.name, topcommitdesc))
|
||||||
|
|
||||||
# Render the subject as a template (to allow a bit of flexibility)
|
# Render the subject as a template (to allow a bit of flexibility)
|
||||||
|
|
|
||||||
|
|
@ -122,7 +122,7 @@ def _get_recipes_filenames(ct, repodir, layerdir, logger):
|
||||||
ct_files = []
|
ct_files = []
|
||||||
layerdir_start = os.path.normpath(layerdir) + os.sep
|
layerdir_start = os.path.normpath(layerdir) + os.sep
|
||||||
|
|
||||||
files = utils.runcmd("git log --name-only --format='%n' -n 1 " + ct,
|
files = utils.runcmd(['git', 'log', '--name-only', '--format=%n', '-n', '1', ct],
|
||||||
repodir, logger=logger)
|
repodir, logger=logger)
|
||||||
|
|
||||||
incdirs = []
|
incdirs = []
|
||||||
|
|
@ -161,7 +161,7 @@ def checkout_layer_deps(layerbranch, commit, fetchdir, logger):
|
||||||
repodir = os.path.join(fetchdir, urldir)
|
repodir = os.path.join(fetchdir, urldir)
|
||||||
if not repodir in done_repos:
|
if not repodir in done_repos:
|
||||||
if not lcommit:
|
if not lcommit:
|
||||||
lcommit = utils.runcmd('git rev-list -1 --before="%s" origin/master' % lcommitdate, repodir, logger=logger).strip()
|
lcommit = utils.runcmd(['git', 'rev-list', '-1', '--before=%s' % lcommitdate, 'origin/master'], repodir, logger=logger).strip()
|
||||||
utils.checkout_repo(repodir, lcommit, logger, force)
|
utils.checkout_repo(repodir, lcommit, logger, force)
|
||||||
done_repos.append(repodir)
|
done_repos.append(repodir)
|
||||||
|
|
||||||
|
|
@ -170,7 +170,7 @@ def checkout_layer_deps(layerbranch, commit, fetchdir, logger):
|
||||||
checkout_layer(layerbranch, commit, force=True)
|
checkout_layer(layerbranch, commit, force=True)
|
||||||
layer_urldir = str(layerbranch.layer.get_fetch_dir())
|
layer_urldir = str(layerbranch.layer.get_fetch_dir())
|
||||||
layer_repodir = os.path.join(fetchdir, layer_urldir)
|
layer_repodir = os.path.join(fetchdir, layer_urldir)
|
||||||
commitdate = utils.runcmd("git show -s --format=%ci", layer_repodir, logger=logger)
|
commitdate = utils.runcmd(['git', 'show', '-s', '--format=%ci'], layer_repodir, logger=logger)
|
||||||
|
|
||||||
for dep in layerbranch.get_recursive_dependencies():
|
for dep in layerbranch.get_recursive_dependencies():
|
||||||
checkout_layer(dep, lcommitdate=commitdate)
|
checkout_layer(dep, lcommitdate=commitdate)
|
||||||
|
|
@ -210,7 +210,7 @@ def generate_history(options, layerbranch_id, commit, logger):
|
||||||
# Branch name, need to check out detached
|
# Branch name, need to check out detached
|
||||||
bitbake_rev = 'origin/%s' % bitbake_rev
|
bitbake_rev = 'origin/%s' % bitbake_rev
|
||||||
else:
|
else:
|
||||||
bitbake_rev = utils.runcmd('git rev-list -1 --before="%s" origin/master' % commitdate, bitbakepath, logger=logger).strip()
|
bitbake_rev = utils.runcmd(['git', 'rev-list', '-1', '--before=%s' % commitdate, 'origin/master'], bitbakepath, logger=logger).strip()
|
||||||
utils.checkout_repo(bitbakepath, bitbake_rev, logger)
|
utils.checkout_repo(bitbakepath, bitbake_rev, logger)
|
||||||
sys.path.insert(0, os.path.join(bitbakepath, 'lib'))
|
sys.path.insert(0, os.path.join(bitbakepath, 'lib'))
|
||||||
|
|
||||||
|
|
@ -221,14 +221,12 @@ def generate_history(options, layerbranch_id, commit, logger):
|
||||||
|
|
||||||
if options.initial:
|
if options.initial:
|
||||||
title = options.initial
|
title = options.initial
|
||||||
info = 'No maintainer;;' + utils.runcmd("git log --format='%ad;%cd' --date=rfc -n 1 " \
|
info = 'No maintainer;;' + utils.runcmd(['git', 'log', '--format=%ad;%cd', '--date=rfc', '-n', '1', commit], destdir=repodir, logger=logger)
|
||||||
+ commit, destdir=repodir, logger=logger)
|
|
||||||
recordcommit = ''
|
recordcommit = ''
|
||||||
else:
|
else:
|
||||||
title = utils.runcmd("git log --format='%s' -n 1 " + commit,
|
title = utils.runcmd(['git', 'log', '--format=%s', '-n', '1', commit],
|
||||||
repodir, logger=logger)
|
repodir, logger=logger)
|
||||||
info = utils.runcmd("git log --format='%an;%ae;%ad;%cd' --date=rfc -n 1 " \
|
info = utils.runcmd(['git', 'log', '--format=%an;%ae;%ad;%cd', '--date=rfc', '-n', '1', commit], destdir=repodir, logger=logger)
|
||||||
+ commit, destdir=repodir, logger=logger)
|
|
||||||
recordcommit = commit
|
recordcommit = commit
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user