Commit Graph

6881 Commits

Author SHA1 Message Date
StormLiangMS
65f3447e1d
[submodule advance 202211] advance dhcp relay for 202211 #13348
advance dhcp relay for 202211

4bf1868 - (HEAD, origin/master, origin/HEAD, master) fix relay-reply dhcpv6 packet counter issue (add support for a7050 qx32 platform #29) (2 weeks ago) [jcaiMR]
9b30690 - fix handleSwssNotification crash in dhcp6relay (Add libnl-nf-3-200 to docker-team #28) (4 weeks ago) [jcaiMR]
047afb7 - Fix multiple vlan issue (Failure trying to run: chroot /sonic-buildimage/fsroot mount -t proc proc /proc #27) (4 weeks ago) [jcaiMR]
ff6bec3 - Made the Error log informative (add python-tenjin as build dependency for p4-switch #22) (5 weeks ago) [Vivek]
2fbe729 - disable cfg dynamic change (p4: fix build dependency for python-p4c-bm #25) (6 weeks ago) [jcaiMR]
13d0805 - Use github code scanning instead of LGTM (Removed sx-libnl from Mellanox containers dependencies. #26) (6 weeks ago) [Liu Shilong]
1e846f6 - Fix packet range check for relay-reply packets (update sonic-swss and p4-switch submodule to fix docker sonic p4 bug #21) (7 weeks ago) [kellyyeh]
4d19e13 - Add unittest infrastructure (Cavium customization for docker containers #5) (8 weeks ago) [kellyyeh]
7f4fdab - fix packet range check issue (Makefile: add build dependency for python-p4c-bm #20) (9 weeks ago) [jcaiMR]
257ecdf - Add client packet UDP header length check (change port_config.ini directory for s6000 #19) (2 months ago) [kellyyeh]
2023-01-13 09:25:46 +08:00
Liu Shilong
72a2db455d
[build] Fix sonic-host-services dependency deepdiff version issue (#13335)
Why I did it
sonic_host_services depends on deepdiff.
But latest deepdiff version has error.

How I did it
pin deepdiff to previous version.

How to verify it
2023-01-12 13:17:50 +08:00
mssonicbld
7524e91aa1
The FAN driver framework module complies with s3ip sysfs specification (#12888) (#13212)
Why I did it
Provide a Fan driver framework that complies with s3ip sysfs specification

How I did it
1、 The framework module provides register and unregister interface and implementation.
2、 The framework will help you create the sysfs node

How to verify it
A demo driver base on this framework will display the sysfs node wich conform to the s3ip sysfs specification

Co-authored-by: tianshangfei <31125751+tianshangfei@users.noreply.github.com>
2023-01-09 14:24:41 +08:00
mssonicbld
ab0533e646
two platforms supporting S3IP SYSFS (TCS8400, TCS9400) (#12386) (#13210)
Why I did it
Add two platform that support s3IP framework

How I did it
Add two platforms supporting S3IP SYSFS (TCS8400, TCS9400)

How to verify it
Manual test

Co-authored-by: tianshangfei <31125751+tianshangfei@users.noreply.github.com>
2023-01-09 11:40:35 +08:00
mssonicbld
1e522ff3a9
Add ECMP calculator tool (#12482) (#13301) 2023-01-09 00:48:56 +08:00
Liu Shilong
e89456b3d9 [action] Keep 'request for xxx branch' label when finished auto-cherry-pick. (#13107)
Why I did it
To keep 'Request for xxx branch' label when finished auto-cherry-pick.

How I did it
Change logic in post cherry pick action.

How to verify it
2023-01-09 00:40:12 +08:00
StormLiangMS
57c347d3be
[submodule advance] advance sonic-platform-daemons submodule for 202211 branch (#13203)
Why I did it
advance sonic-platform-daemons submodule for 202211 branch

a35b57d - (HEAD, origin/202211) Remove TODO comments which are no longer needed (Support centec platform #325) (3 days ago) [Junchao-Mellanox]
3a3726b - [thermalctld] fix some redundant removal of state DB tables (configurations are re-generated across reboots #315) (3 days ago) [vdahiya12]
c5afac0 - Add new fields to status/dom_sensor/pm tables in STATE_DB for CMIS/C-CMIS (Combine alias_map.json with port_config.ini #304) (3 days ago) [longhuan-cisco]
1a338d4 - Create TRANSCEIVER_DOM_THRESHOLD table in state DB (Fix the reference in docker-snmp-sv2 to deprecated alias_map.json #320) (3 days ago) [mihirpat1]
7c77907 - Remove the argument that is causing the xcvrd to crash (ingrasys-s9100: Add ingrasys switch s9100 #318) (3 days ago) [Vivek]
5a70e7f - [ycabled] fix minor appl_db retrieving logic for update (dockers/docker-snmp-sv2/config.sh still references deprecated alias_map.json file #319) (3 days ago) [vdahiya12]
b669533 - Use github code scanning instead of LGTM (Consolidate device-specific files; install as a Debian package #316) (3 days ago) [Liu Shilong]
d3c6739 - Pass grid parameter while calling set_laser_freq ([swss]: update sonic-swss to fix buffer configuration on mlnx platform #317) (3 days ago) [mihirpat1]
778f843 - [PSU daemon] Support PSU power threshold checking (Add get_graph service to fetch minigraph automatically #288) (9 days ago) [Stephen Sun]
707a720 - [chassisd] update chassisd to write fabric and lc asics on sep erate table (ingrasys-s9100: Add ingrasys switch s9100 #311) (8 weeks ago) [arlakshm]
e8c5657 - [ycabled] fix exception-handling logic for ycabled (Move sysDescription to /etc/snmp #306) (8 weeks ago) [vdahiya12]
905874d - [ycabled] move swsscommon API's from subroutines to call them exactly once per task_worker/thread (Disable BCM54616S MII isolate mode #303) (9 weeks ago) [vdahiya12]
510d330 - Fix typo in xcvrd ([platform] Add support configurations files for DCS-7060CX-32S #313) (9 weeks ago) [Junchao-Mellanox]
9ae551f - [ycabled] add support for detach mode in 'active-active' topology (minigraph.py crashed when no png is in the minigraph #309) (2 months ago) [vdahiya12]
How I did it
How to verify it
2023-01-08 17:49:55 +08:00
Zain Budhwani
0db69530b0 Fix rsyslog_plugin UT with timestamp formatter (#13241)
#### Why I did it

Timestamp formatter inside UT was failing due to new year change

#### How I did it

Use a const stored year that will used as expected value

#### How to verify it

Run UT
2023-01-05 16:37:04 +08:00
Yutong Zhang
c199814fb1
Improve the display of pipeline. (#13127)
The display of azure pipeline is not specific now, such as when the step Run test fails, the display of itself shows successful, but the display of step Kvmdump shows fails, but actually, the step Kvmdump doesn't fail. I improve the display of azure pipeline in this pr, each step has its own success or failure, and is shown in azure pipeline.

Why I did it
The display of azure pipeline is not specific now, such as when the step Run test fails, the display of itself shows successful, but the display of step Kvmdump shows fails, but actually, the step Kvmdump doesn't fail. I improve the display of azure pipeline in this pr, each step has its own success or failure, and is shown in azure pipeline.

How I did it
Each step has its own signature of success or failure.
Using the chain of responsibility pattern to manage all status.
Modify the expected-state in each step.
2023-01-04 17:12:23 +08:00
Richard.Yu
fb6f0b53ba
[SAIServer]Upgrade SAI server init script (#13175) (#13227)
Why I did it
why
In order to apply different config across different platform, and use the code with a unified format, reuse syncd init script to init saiserver.

How I did it
how
Reuse syncd init script

How to verify it
Test
Test in DUT s6000 and dx010 with sonic 202205
2023-01-03 16:03:05 +08:00
mssonicbld
79b0890c53
The user framework module complies with s3ip sysfs specification (#12894) (#13215) 2023-01-01 12:35:32 +08:00
mssonicbld
684b07f172
The demo driver complies with s3ip sysfs specification,which use the s3ip kernel framework (#12895) (#13214) 2023-01-01 12:35:11 +08:00
mssonicbld
4ac8359854
The CPLD and FPGA driver framework module complies with s3ip sysfs specification (#12891) (#13218) 2023-01-01 12:34:50 +08:00
mssonicbld
313406a290
The build project of s3ip frameworkk (#12896) (#13213) 2023-01-01 12:32:42 +08:00
mssonicbld
967cc38356
The PSU driver module complies with s3ip sysfs specification (#12887) (#13211) 2023-01-01 12:32:36 +08:00
mssonicbld
fe5732a4cc
The slot and switch_rootsysfs driver framework module complies with s3ip sysfs specification (#12893) (#13216) 2023-01-01 12:28:41 +08:00
mssonicbld
5489913baf
The Sensor driver framework module complies with s3ip sysfs specification (#12890) (#13219) 2023-01-01 12:27:55 +08:00
mssonicbld
29e7348c7b
The Transceiver driver framework module complies with s3ip sysfs specification (#12889) (#13220) 2023-01-01 12:26:52 +08:00
mssonicbld
8552b92b98
The LED and watchdog driver framework module complies with s3ip sysfs specification (#12892) (#13217) 2023-01-01 12:24:31 +08:00
StormLiangMS
f6ff26b03f
[submodule advance] advance sonic-platform-common submodule for 202211 branch #13204
Why I did it
advance sonic-platform-common submodule for 202211 branch

75d7664 - (HEAD, origin/202211) Use github code scanning instead of LGTM ([platform]: add port_config.ini for dell z9100 #328) (4 hours ago) [Liu Shilong]
How I did it
How to verify it
2023-01-01 09:02:57 +08:00
Dror Prital
81cc5e8c06
[202211][submodule] Advance sonic-swss pointer (#13195)
Update sonic-swss submodule pointer to include the following:
* 782a2ef Align watermark flow with port configuration ([#2525](https://github.com/sonic-net/sonic-swss/pull/2525))
* dca78d8 [Fdbsyncd] Bug Fix for remote MAC move to local MAC and Fix for Static MAC advertisement in EVPN. ([#2521](https://github.com/sonic-net/sonic-swss/pull/2521))
* 28aa309 [fpm] Fix FpmLink to read all netlink messages from FPM message ([#2492](https://github.com/sonic-net/sonic-swss/pull/2492))

Signed-off-by: dprital <drorp@nvidia.com>
2022-12-29 09:08:50 +02:00
mssonicbld
4981fbc4f0
[ci/build]: Upgrade SONiC package versions (#13194) 2022-12-28 22:56:28 +08:00
Liu Shilong
60365bfcb7
Fix sonic slave pipeline to set correct tag on sonic slave image. (#13177) (#13186)
Why I did it
Currently sonic-slave-* tag is confusing. Set correct tag on sonic-slave-* image.
Fix job name to fit the build.

How I did it
build amd image in amd64:
sonic-slave-bullseye:cfe29bff67c
sonic-slave-bullseye:latest
sonic-slave-bullseye:master

build armhf image in amd64:
sonic-slave-bullseye-march-armhf:33614806dc3
sonic-slave-bullseye-march-armhf:latest
sonic-slave-bullseye-march-armhf:master

build arm64 image in amd64:
sonic-slave-bullseye-march-arm64:f3b1b16c801
sonic-slave-bullseye-march-arm64:latest
sonic-slave-bullseye-march-arm64:master

build arm64 image in arm64:
sonic-slave-bullseye:75cb326c9a7
sonic-slave-bullseye-arm64:latest
sonic-slave-bullseye:master

build armhf image in armhf:
sonic-slave-bullseye:64d178951fc
sonic-slave-bullseye-armhf:latest
sonic-slave-bullseye:master

How to verify it
2022-12-28 16:33:47 +08:00
mssonicbld
5a93494e2d
[ci/build]: Upgrade SONiC package versions (#13170) 2022-12-25 23:04:55 +08:00
Richard.Yu
515f798628
[202211][Submodule][SAI-Redis]Advance SAI Redis head pointer (#13158)
Why I did it
[202211][Submodule][SAI-Redis]Advance SAI Redis head pointer

How I did it
changes

sonic-net/sonic-sairedis@9a5c443
sonic-net/sonic-sairedis@99b789d
sonic-net/sonic-sairedis@9deef02
[202211][Submodule][SAI]Advance SAI head pointer sonic-sairedis#1186 sonic-net/sonic-sairedis@a995edf
remove useless parameter --skip_error=-2, which remove from [202211][Submodule][SAI]Advance SAI head pointer sonic-sairedis#1186
How to verify it
local image build
2022-12-25 10:18:15 +08:00
mssonicbld
5726918bff
[ci/build]: Upgrade SONiC package versions (#13161) 2022-12-25 07:58:49 +08:00
Liu Shilong
ac904cee9e [build] Fix unexpected warnings: No names found, cannot describe anything. (#12963)
Why I did it
In PR check pipelines, there are too many duplicated warnings:
fatal: No names found, cannot describe anything.
SONIC_IMAGE_VERSION will not change in one build. We don't need to calculate in every reference. We just need calculate one time, then record it.
In Makefile, '=' will calculate again and again when it is referred.

How I did it
Fix it in Makefile.

How to verify it
Check this PR's check pipeline result.
2022-12-22 20:51:58 +08:00
Liu Shilong
9bec8bd198 [build] Add retry when make SONiC image to improve success rate. (#12325)
Why I did it
Makefile needs some dependencies from the Internet. It will fail for network related issue.
Retries will fix most of these issues.

How I did it
Add retries when running commands which maybe related with networking.

How to verify it
2022-12-21 16:36:18 +08:00
xumia
025a8455cd [Build] Fix the docker image docker-dhcp-relay:latest not found issue (#13048)
Why I did it
It is to fix the broadcom build failure, it is caused by the build image docker-dhcp-relay:latest not found.

2022-12-14T00:09:57.5464893Z [ FAIL LOG START ] [ target/docker-dhcp-relay.gz-load ]
2022-12-14T00:09:57.5466036Z Attempting docker image lock for docker-dhcp-relay load
2022-12-14T00:09:57.5467113Z Obtained docker image lock for docker-dhcp-relay load
2022-12-14T00:09:57.5468206Z Loading docker image target/docker-dhcp-relay.gz
2022-12-14T00:09:57.5469361Z Loaded image: docker-dhcp-relay:internal.65852159-11ad82a07a
2022-12-14T00:09:57.5470686Z Tagging docker image docker-dhcp-relay:latest as docker-dhcp-relay-sonic:latest
2022-12-14T00:09:57.5471997Z Error response from daemon: No such image: docker-dhcp-relay:latest
2022-12-14T00:09:57.5473122Z [  FAIL LOG END  ] [ target/docker-dhcp-relay.gz-load ]
2022-12-14T00:09:57.5539792Z make: *** [slave.mk:1180: target/docker-dhcp-relay.gz-load] Error 1
2022-12-14T00:09:57.5540958Z make: *** Waiting for unfinished jobs....
The image had been built succeeded

2022-12-13T17:01:59.9046935Z [ finished ] [ target/docker-eventd.gz ] 
2022-12-13T17:02:00.4947165Z [ building ] [ target/docker-dhcp-relay.gz ] 
2022-12-13T17:02:00.6688627Z /sonic/dockers/docker-dhcp-relay/cli-plugin-tests /sonic
2022-12-13T17:02:41.1123955Z /sonic
2022-12-13T17:07:04.1786069Z [ finished ] [ target/docker-dhcp-relay.gz ] 
But it was tagged by another value:

Obtained docker image lock for docker-dhcp-relay save
Tagging docker image docker-dhcp-relay-sonic:latest as docker-dhcp-relay:internal.65852159-11ad82a07a
Saving docker image docker-dhcp-relay:internal.65852159-11ad82a07a
Released docker image lock for docker-dhcp-relay save
Removing docker image docker-dhcp-relay-sonic:latest
Untagged: docker-dhcp-relay-sonic:latest
target/docker-dhcp-relay.gz
File /dpkg_cache/docker-dhcp-relay.gz-2ddfa01a109ca69b7621f1a-450bae36026d9dee62646f2.tgz saved in cache 
[ CACHE::SAVED ] /dpkg_cache/docker-dhcp-relay.gz-2ddfa01a109ca69b7621f1a-450bae36026d9dee62646f2.tgz
How I did it
When the feature SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD not enabled, always save as the latest tag, not use the specify version.
The version is dynamic, it is changed when a new commit checked in, but the image of docker-dhcp-relay is not necessary to change.
2022-12-16 06:32:09 +08:00
Saikrishna Arcot
3d3b3e1232 [build]: Fix docker load image tag not being the expected tag (#12959)
PR #12829 modified the docker tagging scheme such that optional docker
containers would be tagged with the SONiC image version. However, the
docker-image-load macro wasn't updated for these changes. Update it
here.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-12-15 00:45:00 +08:00
mssonicbld
eabd881e4f
[ci/build]: Upgrade SONiC package versions (#13018) 2022-12-11 23:10:49 +08:00
mssonicbld
8b551f7964
[ci/build]: Upgrade SONiC package versions (#13016) 2022-12-11 00:38:22 +08:00
Stepan Blyshchak
0cd4c380e4 [dockers] save extension dockers with an image tag (#12829)
Fixes: #11521

- Why I did it
When build SONiC dockers, SONiC build system tags all of them with latest tag. This is Ok for all built-in dockers because we will also tag them with image version tag in sonic_debian_extension.j2 script. On the other hand, some of these dockers are SONiC packages and they are installed by sonic-package-manager which creates a only one tag whcih is recorded in the corresponding .gz file. This leads to having these dockers tagged only with latest tag. This change saves the tag as an image version string in .gz file, so that these dockers have version identification in their tag.

- How I did it
I modified slave.mk to save the version tag instead of latest tag.

- How to verify it
I verified this change by running show version

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
2022-12-10 10:33:21 +08:00
Junchao-Mellanox
dd88006589 [Mellanox] Add device files for SN5600 (#12831)
- Why I did it
Add device files for new platform SN5600

- How I did it
Add device files for new platform SN5600

- How to verify it
Manual test
2022-12-10 10:33:21 +08:00
Yutong Zhang
1500c2d41c fix merge conflict 2022-12-10 10:33:21 +08:00
Michael Li
f753a8ba04 Reload BCM SDK kmods on syncd start to handle syncd restart issues (#12804)
Why I did it
There is an issue on the Arista PikeZ platform (using T3.X2: BCM56274) while running SONiC. If the 'syncd' container in SONiC is restarted, the expected behaviour is that syncd will automatically restart/recover; however it does not and always fails at create_switch due to BCM SDK kmod DMA operation cancellation getting stuck.

Sep 16 22:19:44.855125 pkz208 ERR syncd#syncd: [none] SAI_API_SWITCH:platform_process_command:428 Platform command "init soc" failed, rc = -1. Sep 16 22:19:44.855206 pkz208 INFO syncd#supervisord: syncd CMIC_CMC0_PKTDMA_CH4_DESC_COUNT_REQ:0x33#015 Sep 16 22:19:44.855264 pkz208 CRIT syncd#syncd: [none] SAI_API_SWITCH:platformInit:1909 initialization command "init soc" failed, rc = -1 (Internal error). Sep 16 22:19:44.855403 pkz208 CRIT syncd#syncd: [none] SAI_API_SWITCH:sai_driver_init:642 Error initializing driver, rc = -1. ... Sep 16 22:19:44.855891 pkz208 CRIT syncd#syncd: [none] SAI_API_SWITCH:brcm_sai_create_switch:1173 initializing SDK failed with error Operation failed (0xfffffff5).

Reloading the BCM SDK kmods allows the switch init to continue properly.

How I did it
If BCM SDK kmods are loaded, unload and load them again on syncd docker start script.

How to verify it
Steps to reproduce:

In SONiC, run 'docker ps' to see current running containers; 'syncd' should be present.
Run 'docker stop syncd'
Wait ~1 minute.
Run 'docker ps' to see that syncd is missing.
Check logs to see messages similar to the above.

Signed-off-by: Michael Li <michael.li@broadcom.com>
2022-12-10 10:33:21 +08:00
Mai Bui
c3c37f46ef [device/marvell] Mitigation for security vulnerability (#11876)
#### Why I did it
`os` and `commands` modules are not secure against maliciously constructed input
`getstatusoutput` is detected without a static string, uses `shell=True`
#### How I did it
Eliminate the use of `os` and `commands`
Use `subprocess` instead
2022-12-10 10:33:21 +08:00
Liu Shilong
a5db29924f [action] Add github action to merge mssonicbld's PRs which can be merged (#12564)
* [action] Add github action to scan auto-mergeable PRs
2022-12-10 10:33:21 +08:00
Neetha John
93ca0caaa9 Update ECN settings for storage backend (#12855)
Signed-off-by: Neetha John <nejo@microsoft.com>

Why I did it
ECN parameters need to be updated for storage backend

How I did it
Included the check for storage backend devices to update qos configs

How to verify it
Verified that the new ecn settings are applied on storage backend device.
Verified that the old ecn settings are applied for storage frontend, non storage frontend/backend devices
2022-12-10 10:33:21 +08:00
Mai Bui
6759ad27b5 [device/ragile] Mitigation for security vulnerability (#11744)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
The [xml.etree.ElementTree](https://docs.python.org/3/library/xml.etree.elementtree.html#module-xml.etree.ElementTree) module is not secure against maliciously constructed data.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
`subprocess.getstatusoutput` is dangerous because include shell=True in the implementation
#### How I did it
Remove xml. Use [lxml](https://pypi.org/project/lxml/) XML parsers package that prevent potentially malicious operation.
Replace `os` by `subprocess`
Use command as an array instead of string
Use `getstatusoutput_noshell` in `sonic_py_common` lib
2022-12-10 10:33:21 +08:00
Junchao-Mellanox
5ecf4aa096 [YANG] Support syslog rate limit configuration (#12488)
- Why I did it
Change YANG model to support syslog rate limit configuration feature

- How I did it
modified sonic-syslog.yang and sonic-feature.yang to support the new added configuration schema

- How to verify it
Unit test
2022-12-10 10:33:21 +08:00
Kebo Liu
28f8da80ea [Mellanox] Add support to Mellanox Spectrum-4 ASIC Firmware compiling and upgrade (#12844)
- Why I did it
Add support for compiling Spectrum-4 ASIC firmware to the SONiC image
Add support for Spectrum-4 ASIC firmware upgrade

- How I did it
Update Mellanox fw make files to include Spectrum-4 ASIC firmware binaries.
Update firmware upgrade scripts to be able to detect Spectrum-4 ASIC.

- How to verify it
Run regression tests

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2022-12-10 10:33:21 +08:00
ganglv
28c8d4c88d [sonic-gnmi] Support GNMI native write (#10948)
Why I did it
Provide GNMI native write interface for configuration.

How I did it
Add configuration parameters for GNMI native write.

How to verify it
Check build pipeline.
2022-12-10 10:33:21 +08:00
ganglv
93ae2b3d92 Update submodule for sonic-gnmi (#12860)
Why I did it
Submodule update for sonic-gnmi
Incorporates:

8226e46 Upgrade pipeline to use bullseye. (sonic-net/sonic-gnmi#58)
ae72767 Add gnmi_dump tool for debug and unit test (sonic-net/sonic-gnmi#60)
6b0253a Add conditional check for split (sonic-net/sonic-gnmi#55)
99bfa8f Remove LOGLEVEL DB since is no longer used (sonic-net/sonic-gnmi#56)
54806a8 Support new gnmi config interface in telemetry container. (sonic-net/sonic-gnmi#7)

How I did it
Move submodule

How to verify it
Check build pipeline.
2022-12-10 10:33:21 +08:00
Aravind Mani
df8c893a9b [DPB] Dell Z9332f port breakout changes (#12789) 2022-12-10 10:33:21 +08:00
andywongarista
85700117db [Arista] Enable ipv6 128b lpm on 720DT-48S (#12832)
Why I did it
Added to allow test_crm_route to pass; the test tries to add a /126 ipv6 route and this change is required in order for the count of available routes to be updated correctly.
2022-12-10 10:33:21 +08:00
ganglv
2039fc50cc Update sonic-swss-common submodule (#12850)
Why I did it
Submodule update for sonic-swss-common
Incorporates:

5d481da Install swsscommon.i with libswsscommon-dev (#717)

How I did it
I have updated sonic-swss-common repo, this PR is used to update submodule.

How to verify it
Build image, install libswsscommon-dev, and check /usr/share/swss.
2022-12-10 10:33:21 +08:00
Mai Bui
5238bd78af [ruijie] Replace os.system and remove subprocess with shell=True (#12107)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
1. `getstatusoutput` is used without a static string and it uses `shell=True`
2. `subprocess()` - when using with `shell=True` is dangerous. Using subprocess function without a static string can lead to command injection.
3. `os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
#### How I did it
1. use `getstatusoutput` without shell=True
2. `subprocess()` - use `shell=False` instead. use an array string. Ref: [https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation](https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation)
3. `os` - use with `subprocess`
2022-12-10 10:33:21 +08:00
Vivek
48d4c0aa1e [Bullseye] Upgrade sonic-sdk image to bullseye (#12649)
- Why I did it
Upgrade the app-extension developer environments (sonic-sdk & sonic-sdk-bullseye) to bullseye

- How to verify it
Built an app-extension using these images and verified if it is up and running.

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
2022-12-10 10:33:21 +08:00
Lior Avramov
f3821c6d2f [Mellanox] Add SDK hash calculator debian and update SDK makefile to compile it (#12840)
- Why I did it
Add SDK hash calculator Debian and update SDK makefile to compile it.

- How I did it
SDK hash calculator Debian will be used by ECMP calculator (PR #12482)

- How to verify it
Compile sonic-buildimage and verify SDK hash calculator Debian exist in target folder.
2022-12-10 10:33:21 +08:00