Hello Mark,
I'm afraid I have no further idea about the original bug -- at this point I'd
need to try this code and reproduce. But..
Mark Reynolds [2021-08-26 8:54 -0400]:
> let cmd = [
> "/bin/sh",
> "-c",
> '/usr/bin/echo -e "' +
> setup_inf + '" >> ' + setup_file
> ];
> // Do not log inf file as it
> contains the DM password
This is a security issue, BTW -- The default umask is 022, thus this file will
still be world-readable on most systems.
> /*
> * Next, create the
> instance...
> */
> let cmd =
> ["dscreate", "-j", "from-file", setup_file];
Can dscreate read from stdin by any chance? In the worst case, by specifying
/dev/stdin as a file? Then you could use .input() to feed it the data,
something like
let dscreate = cockpit.spawn(...);
dscreate.input(setup_inf);
dscreate
.then(() => console.log("success"))
.catch(err => console.error(JSON.stringify(err));
This is much simpler (one spawn instead of three, safer (no writing of the
password to the file system on disk), and most probably also avoids this weird
error.
[1]
https://cockpit-project.org/guide/latest/cockpit-spawn.html#cockpit-spawn-input
> One thing I am on F34 not F33, not sure if that makes a difference or not.
> And I am on Cockpit 250...
Same here.
Pitti
_______________________________________________
cockpit-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
