diff --git a/client/tools/mgr-push/mgr-push.changes.mackdk.avoid-executing-commands-from-PATH b/client/tools/mgr-push/mgr-push.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/client/tools/mgr-push/mgr-push.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands diff --git a/client/tools/mgr-push/rhnpush_config.py b/client/tools/mgr-push/rhnpush_config.py index 059d240213dd..315f94902021 100644 --- a/client/tools/mgr-push/rhnpush_config.py +++ b/client/tools/mgr-push/rhnpush_config.py @@ -38,11 +38,11 @@ class rhnpushConfigParser: _instance = None def get_ca_bundle_path(self): - if os.system("grep -iq '^ID_LIKE=.*suse' /etc/os-release") == 0: + if os.system("/usr/bin/grep -iq '^ID_LIKE=.*suse' /etc/os-release") == 0: return '/etc/ssl/ca-bundle.pem' - if os.system("grep -iq '^ID_LIKE=.*rhel' /etc/os-release") == 0: + if os.system("/usr/bin/grep -iq '^ID_LIKE=.*rhel' /etc/os-release") == 0: return '/etc/pki/tls/certs/ca-bundle.crt' - if os.system("grep -iq '^ID_LIKE=.*debian' /etc/os-release") == 0: + if os.system("/usr/bin/grep -iq '^ID_LIKE=.*debian' /etc/os-release") == 0: return '/etc/ssl/certs/ca-certificates.crt' def __init__(self, filename=None, ensure_consistency=False): diff --git a/python/spacewalk/satellite_tools/repo_plugins/yum_src.py b/python/spacewalk/satellite_tools/repo_plugins/yum_src.py index 82e7fbe1a2c0..d15b8544d2ca 100644 --- a/python/spacewalk/satellite_tools/repo_plugins/yum_src.py +++ b/python/spacewalk/satellite_tools/repo_plugins/yum_src.py @@ -154,7 +154,7 @@ def __synchronize_gpg_keys(self): # which are not needed and can cause issues when importing into the RPMDB os.system( # pylint: disable-next=consider-using-f-string - "gpg -q --batch --no-options --no-default-keyring --no-permission-warning --keyring {} --export --export-options export-clean -a > {}".format( + "/usr/bin/gpg -q --batch --no-options --no-default-keyring --no-permission-warning --keyring {} --export --export-options export-clean -a > {}".format( SPACEWALK_GPG_KEYRING, f.name ) ) @@ -199,7 +199,7 @@ def __synchronize_gpg_keys(self): # We delete this key from the RPM database to allow importing the newer version. os.system( # pylint: disable-next=consider-using-f-string - "rpm --dbpath {} -e gpg-pubkey-{}-{}".format( + "/usr/bin/rpm --dbpath {} -e gpg-pubkey-{}-{}".format( REPOSYNC_ZYPPER_RPMDB_PATH, key, zypper_gpg_keys[key] ) ) @@ -958,12 +958,12 @@ def _prep_zypp_repo_url(self, url, uln_repo): sys.stdout.write(str(msg) + "\n") os.system( # pylint: disable-next=consider-using-f-string - 'awk \'BEGIN {{c=0;}} /BEGIN CERT/{{c++}} {{ print > "{0}/cert." c ".pem"}}\' < {1}'.format( + '/usr/bin/awk \'BEGIN {{c=0;}} /BEGIN CERT/{{c++}} {{ print > "{0}/cert." c ".pem"}}\' < {1}'.format( _ssl_capath, self.sslcacert ) ) # pylint: disable-next=consider-using-f-string - os.system("c_rehash {} 2&>1 /dev/null".format(_ssl_capath)) + os.system("/usr/bin/c_rehash {} 2&>1 /dev/null".format(_ssl_capath)) query_params["ssl_capath"] = _ssl_capath if self.sslclientcert: query_params["ssl_clientcert"] = self.sslclientcert diff --git a/python/spacewalk/satellite_tools/reposync.py b/python/spacewalk/satellite_tools/reposync.py index 69db1d42944e..0c51d07beee4 100644 --- a/python/spacewalk/satellite_tools/reposync.py +++ b/python/spacewalk/satellite_tools/reposync.py @@ -521,7 +521,7 @@ def __init__( CFG.set("DEBUG", log_level) rhnLog.initLOG(log_path, log_level) # os.fchown isn't in 2.4 :/ - os.system("chgrp " + CFG.httpd_group + " " + log_path) + os.system("/usr/bin/chgrp " + CFG.httpd_group + " " + log_path) # pylint: disable-next=consider-using-f-string log2disk(0, "Command: %s" % str(sys.argv)) diff --git a/python/spacewalk/spacewalk-backend.changes.mackdk.avoid-executing-commands-from-PATH b/python/spacewalk/spacewalk-backend.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/python/spacewalk/spacewalk-backend.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands diff --git a/spacewalk/admin/salt-secrets-config.py b/spacewalk/admin/salt-secrets-config.py index 9030288043dc..8620c2e7ba7d 100755 --- a/spacewalk/admin/salt-secrets-config.py +++ b/spacewalk/admin/salt-secrets-config.py @@ -144,7 +144,7 @@ ] ): os.system( - "openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out /etc/salt/pki/api/salt-api.crt -keyout /etc/salt/pki/api/salt-api.key -subj '/CN=localhost'" + "/usr/bin/openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out /etc/salt/pki/api/salt-api.crt -keyout /etc/salt/pki/api/salt-api.key -subj '/CN=localhost'" ) os.chown( "/etc/salt/pki/api/salt-api.crt", diff --git a/spacewalk/admin/spacewalk-admin.changes.mackdk.avoid-executing-commands-from-PATH b/spacewalk/admin/spacewalk-admin.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/spacewalk/admin/spacewalk-admin.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands diff --git a/susemanager/src/mgr-create-bootstrap-repo b/susemanager/src/mgr-create-bootstrap-repo index a36d4ea1f264..b1e4bab1446e 100755 --- a/susemanager/src/mgr-create-bootstrap-repo +++ b/susemanager/src/mgr-create-bootstrap-repo @@ -794,7 +794,7 @@ def create_repo(label, options, mgr_bootstrap_data, additional=[]): log(err, 2) return 1 else: - os.system("createrepo -s sha256 %s" % destdirtmp) + os.system("/usr/bin/createrepo -s sha256 %s" % destdirtmp) # ensure venv-enabled-{ARCH}.txt doesn't exist in repo with no salt bundle package # create venv-enabled-{ARCH}.txt for repos with salt bundle package for file_path in glob.glob(os.path.join(destdirtmp, "venv-enabled-*.txt")): diff --git a/susemanager/susemanager.changes.mackdk.avoid-executing-commands-from-PATH b/susemanager/susemanager.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/susemanager/susemanager.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands diff --git a/utils/spacewalk-sync-setup b/utils/spacewalk-sync-setup index 11b78ec44603..878700fbbdf8 100755 --- a/utils/spacewalk-sync-setup +++ b/utils/spacewalk-sync-setup @@ -387,7 +387,7 @@ def gen_slave_template(slave_session, master_session, master, filename, dflt_mas master_ca_cert_path = '/usr/share/rhn/' + master + '_RHN-ORG-TRUSTED-SSL-CERT' slave_setup.set(master, 'cacert', master_ca_cert_path) - wget_cmd = 'wget -q -O ' + master_ca_cert_path + ' http://' + master + '/pub/RHN-ORG-TRUSTED-SSL-CERT' + wget_cmd = '/usr/bin/wget -q -O ' + master_ca_cert_path + ' http://' + master + '/pub/RHN-ORG-TRUSTED-SSL-CERT' logging.info("About to wget master CA cert: [" + wget_cmd + "]") try: os.system(wget_cmd) diff --git a/utils/spacewalk-utils.changes.mackdk.avoid-executing-commands-from-PATH b/utils/spacewalk-utils.changes.mackdk.avoid-executing-commands-from-PATH new file mode 100644 index 000000000000..6d01454e939f --- /dev/null +++ b/utils/spacewalk-utils.changes.mackdk.avoid-executing-commands-from-PATH @@ -0,0 +1 @@ +- Use absolute paths when invoking external commands