URL: https://github.com/freeipa/freeipa/pull/5710 Author: flo-renaud Title: #5710: client install: do not capture sudo -V stdout Action: opened
PR body: """ ### client install: do not capture sudo -V stdout ipa-client-install is checking if the sudo command is available by calling 'sudo -V'. The call is currently using subprocess.popen which redirects the output to the default stdout. Use ipautil.run instead of subprocess.popen as this does not capture stdout (the command output is just logged in the debug file). Fixes: https://pagure.io/freeipa/issue/8767 ### ipatests: check that the output of sudo -V is not displayed During client installation, the installer calls sudo -V to check if sudo command is installed. The output must not be displayed in stdout. Related: https://pagure.io/freeipa/issue/8767 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5710/head:pr5710 git checkout pr5710
From d6aedae84d6b810d1dacb27c352a07be21101005 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Tue, 13 Apr 2021 10:14:27 +0200 Subject: [PATCH 1/2] client install: do not capture sudo -V stdout ipa-client-install is checking if the sudo command is available by calling 'sudo -V'. The call is currently using subprocess.popen which redirects the output to the default stdout. Use ipautil.run instead of subprocess.popen as this does not capture stdout (the command output is just logged in the debug file). Fixes: https://pagure.io/freeipa/issue/8767 --- ipaclient/install/client.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 9bdfbddafb2..03b443c2ba5 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -24,7 +24,6 @@ import SSSDConfig import shutil import socket -import subprocess import sys import tempfile import textwrap @@ -2205,7 +2204,7 @@ def install_check(options): # available. if options.conf_sudo: try: - subprocess.Popen(['sudo', '-V']) + ipautil.run(['sudo', '-V']) except FileNotFoundError: logger.info( "The sudo binary does not seem to be present on this " From 98910fa873a6738057ec121e575198f6a10c946d Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Tue, 13 Apr 2021 10:28:26 +0200 Subject: [PATCH 2/2] ipatests: check that the output of sudo -V is not displayed During client installation, the installer calls sudo -V to check if sudo command is installed. The output must not be displayed in stdout. Related: https://pagure.io/freeipa/issue/8767 --- ipatests/test_integration/test_installation.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index a5ff17a0d1e..274343822d2 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -1561,6 +1561,7 @@ class TestInstallWithoutSudo(IntegrationTest): num_clients = 1 num_replicas = 1 no_sudo_str = "The sudo binary does not seem to be present on this" + sudo_version_str = "Sudo version" @classmethod def install(cls, mh): @@ -1622,3 +1623,4 @@ def test_install_sudo_on_client(self): assert tasks.is_package_installed(self.clients[0], pkg) result = tasks.install_client(self.master, self.clients[0]) assert self.no_sudo_str not in result.stderr_text + assert self.sudo_version_str not in result.stdout_text
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
