[elbe-devel] [PATCH 2/3] elbepack: rfs: construct debootstrap command without shell

Thomas Weißschuh thomas.weissschuh at linutronix.de
Thu Feb 6 12:01:31 CET 2025 

Avoid quoting and special character issues by building the command from
a list of arguments instead of a string that will need to be tokenized
by a shell afterwards.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh at linutronix.de>
Reviewed-by: John Ogness <john.ogness at linutronix.de>
---
 elbepack/rfs.py | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/elbepack/rfs.py b/elbepack/rfs.py
index c538be111f7e4357750342450fc162c69deed902..353a94c99b75b7abdaa20af3a0140db15ff44ecd 100644
--- a/elbepack/rfs.py
+++ b/elbepack/rfs.py
@@ -159,39 +159,37 @@ class BuildEnv:
             self.rfs.fname('/cdrom/targetrepo'), hostsysroot=self.hostsysroot)
 
         keyring = False
-        strapcmd = 'debootstrap'
+        strapcmd = ['debootstrap']
 
         # Should we use a special bootstrap variant?
         if self.xml.has('target/debootstrap/variant'):
-            strapcmd += f" --variant={self.xml.text('target/debootstrap/variant')}"
+            strapcmd.extend(['--variant', self.xml.text('target/debootstrap/variant')])
 
         # Should we include additional packages into bootstrap?
         if self.xml.has('target/debootstrap/include'):
-            strapcmd += f" --include=\"{self.xml.text('target/debootstrap/include')}\""
+            strapcmd.extend(['--include', self.xml.text('target/debootstrap/include')])
 
         # Should we exclude some packages from bootstrap?
         if self.xml.has('target/debootstrap/exclude'):
-            strapcmd += f" --exclude=\"{self.xml.text('target/debootstrap/exclude')}\""
+            strapcmd.extend(['--exclude', self.xml.text('target/debootstrap/exclude')])
 
         if cross:
-            strapcmd += ' --foreign'
+            strapcmd.append('--foreign')
 
         if self.xml.has('project/noauth'):
-            strapcmd += ' --no-check-gpg'
+            strapcmd.append('--no-check-gpg')
         elif self.xml.has('project/mirror/cdrom'):
-            keyring_file = self.rfs.fname('/elbe.keyring')
-            strapcmd += f' --keyring="{keyring_file}"'
+            strapcmd.extend(['--keyring', self.rfs.fname('/elbe.keyring')])
             keyring = True
         else:
             primary_key = self.xml.get_primary_key(self.rfs.fname('/cdrom/targetrepo'),
                                                    hostsysroot=self.hostsysroot)
             debootstrap_key_path = self.import_debootstrap_key(primary_key)
             if debootstrap_key_path:
-                strapcmd += f' --keyring="{debootstrap_key_path}"'
+                strapcmd.extend(['--keyring', debootstrap_key_path])
                 keyring = True
 
-        strapcmd += f' --arch={arch}'
-        strapcmd += f' "{suite}" "{self.rfs.path}" "{primary_mirror}"'
+        strapcmd.extend(['--arch', arch, suite, self.rfs.path, primary_mirror])
 
         return strapcmd, keyring
 

-- 
2.48.1

More information about the elbe-devel mailing list