Various commits to enable no-shell or safe-shell usage, more to come.

This commit is contained in:
Michael DeHaan 2014-03-12 16:44:03 -04:00
parent 60a7f57300
commit 6010e74839
6 changed files with 29 additions and 22 deletions

View file

@ -352,7 +352,10 @@ def get_add_ppa_signing_key_callback(module):
def _run_command(command): def _run_command(command):
module.run_command(command, check_rc=True) module.run_command(command, check_rc=True)
return _run_command if not module.check_mode else None if module.check_mode:
return _run_command
else:
return None
def main(): def main():

View file

@ -72,14 +72,17 @@ author: Franck Cuny
def _is_package_installed(module, name, locallib, cpanm): def _is_package_installed(module, name, locallib, cpanm):
cmd = "" cmd = ""
if locallib: if locallib:
cmd = "PERL5LIB={locallib}/lib/perl5".format(locallib=locallib) os.environ["PERL5LIB"] = "%s/lib/perl5" % locallib
cmd = "{cmd} perl -M{name} -e '1'".format(cmd=cmd, name=name) cmd = "%s perl -M%s -e '1'" % (cmd, name)
res, stdout, stderr = module.run_command(cmd, check_rc=False) res, stdout, stderr = module.run_command(cmd, check_rc=False)
installed = True if res == 0 else False if res == 0
return installed return True
else
return False
def _build_cmd_line(name, from_path, notest, locallib, mirror, cpanm): def _build_cmd_line(name, from_path, notest, locallib, mirror, cpanm):
# this code should use "%s" like everything else and just return early but not fixing all of it now.
# don't copy stuff like this
if from_path: if from_path:
cmd = "{cpanm} {path}".format(cpanm=cpanm, path=from_path) cmd = "{cpanm} {path}".format(cpanm=cpanm, path=from_path)
else: else:
@ -111,21 +114,20 @@ def main():
required_one_of=[['name', 'from_path']], required_one_of=[['name', 'from_path']],
) )
cpanm = module.get_bin_path('cpanm', True) cpanm = module.get_bin_path('cpanm', True)
name = module.params['name']
name = module.params['name']
from_path = module.params['from_path'] from_path = module.params['from_path']
notest = module.boolean(module.params.get('notest', False)) notest = module.boolean(module.params.get('notest', False))
locallib = module.params['locallib'] locallib = module.params['locallib']
mirror = module.params['mirror'] mirror = module.params['mirror']
changed = False changed = False
installed = _is_package_installed(module, name, locallib, cpanm) installed = _is_package_installed(module, name, locallib, cpanm)
if not installed: if not installed:
out_cpanm = err_cpanm = '' out_cpanm = err_cpanm = ''
cmd = _build_cmd_line(name, from_path, notest, locallib, mirror, cpanm) cmd = _build_cmd_line(name, from_path, notest, locallib, mirror, cpanm)
rc_cpanm, out_cpanm, err_cpanm = module.run_command(cmd, check_rc=False) rc_cpanm, out_cpanm, err_cpanm = module.run_command(cmd, check_rc=False)
@ -137,7 +139,6 @@ def main():
module.exit_json(changed=changed, binary=cpanm, name=name) module.exit_json(changed=changed, binary=cpanm, name=name)
# import module snippets # import module snippets
from ansible.module_utils.basic import * from ansible.module_utils.basic import *

View file

@ -89,7 +89,7 @@ def get_rubygems_path(module):
return module.get_bin_path('gem', True) return module.get_bin_path('gem', True)
def get_rubygems_version(module): def get_rubygems_version(module):
cmd = [get_rubygems_path(module), '--version'] cmd = [ get_rubygems_path(module), '--version' ]
(rc, out, err) = module.run_command(cmd, check_rc=True) (rc, out, err) = module.run_command(cmd, check_rc=True)
match = re.match(r'^(\d+)\.(\d+)\.(\d+)', out) match = re.match(r'^(\d+)\.(\d+)\.(\d+)', out)

View file

@ -53,6 +53,7 @@ EXAMPLES = '''
- macports: name=foo state=inactive - macports: name=foo state=inactive
''' '''
import pipes
def update_package_db(module, port_path): def update_package_db(module, port_path):
""" Updates packages list. """ """ Updates packages list. """
@ -68,7 +69,7 @@ def query_package(module, port_path, name, state="present"):
if state == "present": if state == "present":
rc, out, err = module.run_command("%s installed | grep -q ^.*%s" % (port_path, name)) rc, out, err = module.run_command("%s installed | grep -q ^.*%s" % (pipes.quote(port_path), pipes.quote(name)), use_unsafe_shell=True)
if rc == 0: if rc == 0:
return True return True
@ -76,7 +77,8 @@ def query_package(module, port_path, name, state="present"):
elif state == "active": elif state == "active":
rc, out, err = module.run_command("%s installed %s | grep -q active" % (port_path, name)) rc, out, err = module.run_command("%s installed %s | grep -q active" % (pipes.quote(port_path), pipes.quote(name)), use_unsafe_shell=True)
if rc == 0: if rc == 0:
return True return True

View file

@ -51,6 +51,7 @@ EXAMPLES = '''
- opkg: name=foo,bar state=absent - opkg: name=foo,bar state=absent
''' '''
import pipes
def update_package_db(module, opkg_path): def update_package_db(module, opkg_path):
""" Updates packages list. """ """ Updates packages list. """
@ -66,7 +67,7 @@ def query_package(module, opkg_path, name, state="present"):
if state == "present": if state == "present":
rc, out, err = module.run_command("%s list-installed | grep -q ^%s" % (opkg_path, name)) rc, out, err = module.run_command("%s list-installed | grep -q ^%s" % (pipes.quote(opkg_path), pipes.quote(name)), use_unsafe_shell=True)
if rc == 0: if rc == 0:
return True return True

View file

@ -100,7 +100,7 @@ def query_package(module, name, state="installed"):
def update_package_db(module): def update_package_db(module):
cmd = "pacman -Syy > /dev/null" cmd = "pacman -Syy"
rc, stdout, stderr = module.run_command(cmd, check_rc=False) rc, stdout, stderr = module.run_command(cmd, check_rc=False)
if rc != 0: if rc != 0:
@ -120,7 +120,7 @@ def remove_packages(module, packages):
if not query_package(module, package): if not query_package(module, package):
continue continue
cmd = "pacman -%s %s --noconfirm > /dev/null" % (args, package) cmd = "pacman -%s %s --noconfirm" % (args, package)
rc, stdout, stderr = module.run_command(cmd, check_rc=False) rc, stdout, stderr = module.run_command(cmd, check_rc=False)
if rc != 0: if rc != 0:
@ -148,7 +148,7 @@ def install_packages(module, packages, package_files):
else: else:
params = '-S %s' % package params = '-S %s' % package
cmd = "pacman %s --noconfirm > /dev/null" % (params) cmd = "pacman %s --noconfirm" % (params)
rc, stdout, stderr = module.run_command(cmd, check_rc=False) rc, stdout, stderr = module.run_command(cmd, check_rc=False)
if rc != 0: if rc != 0: