All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/2] layerindex: don't use shell=True when cloning
@ 2018-11-23 15:01 Ross Burton
  2018-11-23 15:01 ` [PATCH 2/2] fetch: don't use shell=True when listing ar files Ross Burton
  0 siblings, 1 reply; 2+ messages in thread
From: Ross Burton @ 2018-11-23 15:01 UTC (permalink / raw)
  To: bitbake-devel

Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 bitbake/lib/bblayers/layerindex.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bitbake/lib/bblayers/layerindex.py b/bitbake/lib/bblayers/layerindex.py
index 9f02a9da2ef..b2ff2268ea6 100644
--- a/bitbake/lib/bblayers/layerindex.py
+++ b/bitbake/lib/bblayers/layerindex.py
@@ -28,7 +28,7 @@ class LayerIndexPlugin(ActionPlugin):
         layerdir = os.path.join(repodir, subdir)
         if not os.path.exists(repodir):
             if fetch_layer:
-                result = subprocess.call('git clone %s %s' % (url, repodir), shell = True)
+                result = subprocess.call(['git', 'clone', url, repodir])
                 if result:
                     logger.error("Failed to download %s" % url)
                     return None, None, None
-- 
2.11.0



^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [PATCH 2/2] fetch: don't use shell=True when listing ar files
  2018-11-23 15:01 [PATCH 1/2] layerindex: don't use shell=True when cloning Ross Burton
@ 2018-11-23 15:01 ` Ross Burton
  0 siblings, 0 replies; 2+ messages in thread
From: Ross Burton @ 2018-11-23 15:01 UTC (permalink / raw)
  To: bitbake-devel

Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 bitbake/lib/bb/fetch2/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py
index 572b71a9655..8d05f0c3d82 100644
--- a/bitbake/lib/bb/fetch2/__init__.py
+++ b/bitbake/lib/bb/fetch2/__init__.py
@@ -1469,7 +1469,7 @@ class FetchMethod(object):
                 else:
                     cmd = 'rpm2cpio.sh %s | cpio -id' % (file)
             elif file.endswith('.deb') or file.endswith('.ipk'):
-                output = subprocess.check_output('ar -t %s' % file, preexec_fn=subprocess_setup, shell=True)
+                output = subprocess.check_output(['ar', '-t', file], preexec_fn=subprocess_setup)
                 datafile = None
                 if output:
                     for line in output.decode().splitlines():
-- 
2.11.0



^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-11-23 15:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-23 15:01 [PATCH 1/2] layerindex: don't use shell=True when cloning Ross Burton
2018-11-23 15:01 ` [PATCH 2/2] fetch: don't use shell=True when listing ar files Ross Burton

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.