From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6664521764891000832
X-Received: by 2002:a2e:8593:: with SMTP id b19mr937389lji.5.1551704893172;
        Mon, 04 Mar 2019 05:08:13 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a2e:7:: with SMTP id 7ls1938882lja.13.gmail; Mon, 04 Mar
 2019 05:08:12 -0800 (PST)
X-Google-Smtp-Source: APXvYqy/fdgt9/QkdphUhAe/x5E4UjCHiIsbCc8Eot9qhTA11sPp+XlQIYHmZbe8eiLWNV180AUI
X-Received: by 2002:a2e:9ac9:: with SMTP id p9mr1020889ljj.13.1551704892605;
        Mon, 04 Mar 2019 05:08:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1551704892; cv=none;
        d=google.com; s=arc-20160816;
        b=npv18oPcivDbV9wSlvzx7+HFBQPXj7Pn3K6yyXchuJVC9aWa0AlfAU3I068HvdTu2O
         hLMYbrXzgL50QyCP2jl+OS/UYSdbJQvyNzcMx+9ooT5e1sMF2vRct4idiHrL3dX5Vg3a
         VE4QVQucFS/S4gWxYwF+r80lcEydvfuGFLha3VPI+kldRO2DMTfdNIYZuEwU5dnYTbqB
         zrq6grn6NMTRjb/Tyg6mcZIri1zU0B93cZemP3dLpXs9Bl1XYFW1AK1UgDp5SsNuajTO
         SBrMg16GSlSYO6ZAe/ixuYIlzWdmzKryTOGXDkLr+hkIDZFdXwOlU7Y222WrocbT/Jq0
         I7mg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from;
        bh=Vx0ES/usN/S9iwXmCFICd72DFMynpPA1ZYbysQJJSqk=;
        b=ycc/W4jg3E3NRVmzPC0Txt8BkcFSNi6qZ1OkQa4R+GqkMUpiK31yoZdfsDdbcomPDw
         0nsa+lntXjWKfsFHoc1PhDCI0C0hG0uiFKHhauDm29++CjGML+uwQyqiX5VmfOXvDV0Y
         09AXWYm/YEhBahkH230Vq8bq3LXZX/q3HOoGD36mwtrX5jEDtkajK7rqjxbmdkE3tYkk
         TU2EP1E3PLLCbyKXU4GDdeijppusRHqhpaJZxZC2tZWpycHUlWiqprRTTCBZ2EA+BZfS
         5IWhJhcGJjBZfpFX/vJj6KGF2kMW8qSikpmhubVW5S1i4Ktb3KyzP/R8b+hIc3Q6xZOj
         F7DA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com
Return-Path: <claudius.heine.ext@siemens.com>
Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2])
        by gmr-mx.google.com with ESMTPS id y26si296233lfl.1.2019.03.04.05.08.12
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 04 Mar 2019 05:08:12 -0800 (PST)
Received-SPF: pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66])
	by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x24D8Amw005528
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 4 Mar 2019 14:08:10 +0100
Received: from ring.ppmd.siemens.net (linux-ses-ext02.ppmd.siemens.net [139.25.69.232])
	by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id x24D89Wq008505;
	Mon, 4 Mar 2019 14:08:10 +0100
From: claudius.heine.ext@siemens.com
To: isar-users@googlegroups.com
Cc: Harald Seiler <hws@denx.de>, Claudius Heine <ch@denx.de>
Subject: [PATCH v4 1/6] Remove all uses of subprocess.call(shell=True)
Date: Mon,  4 Mar 2019 14:07:56 +0100
Message-Id: <20190304130801.20628-2-claudius.heine.ext@siemens.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190304130801.20628-1-claudius.heine.ext@siemens.com>
References: <20190304130801.20628-1-claudius.heine.ext@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUID: yYX2bf5VZQ7A

From: Harald Seiler <hws@denx.de>

Using shell-expansion in subprocess calls has a lot of nasty
side-effects that are hard to debug should one ever surface.
This commit changes all uses of subprocess to

A) not use shell=True by giving a list of args instead of
   a command-line.
B) ensure return-codes are handled appropriately.

Furthermore, in some places the subprocess usage was changed to
be more idiomatic.

Co-authored-by: Claudius Heine <ch@denx.de>
Signed-off-by: Harald Seiler <hws@denx.de>
---
 meta/classes/base.bbclass                  | 10 ++++++----
 meta/classes/image.bbclass                 |  5 +++--
 meta/classes/isar-bootstrap-helper.bbclass |  8 +++-----
 meta/classes/isar-events.bbclass           | 13 +++++++------
 meta/classes/patch.bbclass                 | 13 +++++++++----
 5 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index 4279a68..1f415af 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -171,15 +171,17 @@ addtask clean
 do_clean[nostamp] = "1"
 python do_clean() {
     import subprocess
+    import glob
 
     for f in (d.getVar('CLEANFUNCS', True) or '').split():
         bb.build.exec_func(f, d)
 
-    dir = d.expand("${WORKDIR}")
-    subprocess.call('sudo rm -rf ' + dir, shell=True)
+    workdir = d.expand("${WORKDIR}")
+    subprocess.check_call(["sudo", "rm", "-rf", workdir])
 
-    dir = "%s.*" % bb.data.expand(d.getVar('STAMP', False), d)
-    subprocess.call('sudo rm -rf ' + dir, shell=True)
+    stamppath = bb.data.expand(d.getVar('STAMP', False), d)
+    stampdirs = glob.glob(stamppath + ".*")
+    subprocess.check_call(["sudo", "rm", "-rf"] + stampdirs)
 }
 
 # Derived from OpenEmbedded Core: meta/classes/base.bbclass
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 2514c88..34d6515 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -56,8 +56,9 @@ def get_rootfs_size(d):
     import subprocess
     rootfs_extra = int(d.getVar("ROOTFS_EXTRA", True))
 
-    output = subprocess.check_output(['sudo', 'du', '-s', '--block-size=1k',
-                                      d.getVar("IMAGE_ROOTFS", True)])
+    output = subprocess.check_output(
+        ["sudo", "du", "-s", "--block-size=1k", d.getVar("IMAGE_ROOTFS", True)]
+    )
     base_size = int(output.split()[0])
 
     return base_size + rootfs_extra * 1024
diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass
index d780b85..18081a0 100644
--- a/meta/classes/isar-bootstrap-helper.bbclass
+++ b/meta/classes/isar-bootstrap-helper.bbclass
@@ -9,11 +9,9 @@ IMAGE_TRANSIENT_PACKAGES ??= ""
 
 def get_deb_host_arch():
     import subprocess
-    host_arch = subprocess.Popen("dpkg --print-architecture",
-                                 shell=True,
-                                 env=os.environ,
-                                 stdout=subprocess.PIPE
-                                ).stdout.read().decode('utf-8').strip()
+    host_arch = subprocess.check_output(
+        ["dpkg", "--print-architecture"]
+    ).strip()
     return host_arch
 
 #Debian Distribution for SDK host
diff --git a/meta/classes/isar-events.bbclass b/meta/classes/isar-events.bbclass
index c4a6149..a178d05 100644
--- a/meta/classes/isar-events.bbclass
+++ b/meta/classes/isar-events.bbclass
@@ -16,13 +16,14 @@ python isar_handler() {
 
     basepath = tmpdir + '/work/'
 
-    with open(os.devnull, 'w') as devnull:
-        with open('/proc/mounts', 'rU') as f:
-            lines = f.readlines()
-        for line in lines:
+    with open('/proc/mounts') as f:
+        for line in f.readlines():
             if basepath in line:
-                subprocess.call('sudo umount -l ' + line.split()[1],
-                                stdout=devnull, stderr=devnull, shell=True)
+                subprocess.call(
+                    ["sudo", "umount", "-l", line.split()[1]],
+                    stdout=subprocess.DEVNULL,
+                    stderr=subprocess.DEVNULL,
+                )
 }
 
 isar_handler[eventmask] = "bb.runqueue.runQueueExitWait bb.event.BuildCompleted"
diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass
index 0bc449f..c19542d 100644
--- a/meta/classes/patch.bbclass
+++ b/meta/classes/patch.bbclass
@@ -21,10 +21,15 @@ python do_patch() {
 
             striplevel = fetcher.ud[src_uri].parm.get("striplevel") or "1"
 
-            cmd = "patch --no-backup-if-mismatch -p " + striplevel + \
-                  " --directory " + src_dir + " --input " + workdir + basename
-            bb.note(cmd)
-            if subprocess.call(cmd, shell=True) != 0:
+            cmd = [
+                "patch",
+                "--no-backup-if-mismatch",
+                "-p", striplevel,
+                "--directory", src_dir,
+                "--input", workdir + basename,
+            ]
+            bb.note(" ".join(cmd))
+            if subprocess.call(cmd) != 0:
                 bb.fatal("patching failed")
         except bb.fetch2.BBFetchException as e:
             raise bb.build.FuncFailed(e)
-- 
2.20.1