Commit Graph

1155 Commits

Author SHA1 Message Date
Deepak Singhal
bf428fd9a7
DNX(J2/J2c/J2c+): Reserve Non-ECMP Fec Resource for Non-ECMP Route Nexthops/NBR Entries (#13076)
Why I did it
On DNX (J2/J2c/J2c+) platforms, Single Path Nexthops and ECMp Nexthop resources(FECs) are shared. BRCM SAI do not have partition of this resource, and hence more single path Nexthop entries, causes ECMP programming to fail in scaled setup.

How I did it
Broadcom provided SAI changes to reserve resources for single path nexthop entries(More details in CSP: https://brcmsemiconductor-csm.wolkenservicedesk.com/wolken-support/allcases/request-details?requestId=CS00012251649).
Along with SAI changes, they provided configurable Macro/flag to reserve NON_ECMP entries.
This PR is to add that flag in various sai.profile files wherever applicable.

PS: We are reserving 3072 single path Nexthop entries on each Linecard. Calculation is as follows.
Max Slots per chassis: 8
Max No of Ports(each LC): 64
MyIP/Subnet Entries per port: 4(v4/v6)
Nbr Entries Per port: 2(v4/v6)

Total Non_ECMP Count: 8x64x(4+2) = 3072

How to verify it
Without this change, the ECMP group count will be shown as Max_count in 'crm show resources all' command, and with this change the ECMP group count will be decreased by 24(3072/128).
2022-12-16 16:43:43 -08:00
Song Yuan
1fd2395f29
Fix port index for multi-asic (#13042)
Port indexes of front panel ports are not contiguous in multi-asic because we didn't distiguish between
front panel and internal ports, e.g., recycle ports. Fix this by assigning index to front panel port first
and then internal ports.
2022-12-16 09:12:36 -08:00
vaibhav-dahiya
0eb852c4a4 Revert "[Arista] Disable pcie checking on x86_64-arista_7050cx3_32s (#12900)"
This reverts commit dd87a791b4.
2022-12-15 22:56:19 -08:00
Maxime Lorrillere
298de5abef
Fix missing system_ref_core_clock_khz (#12663)
Add missing system_ref_core_clock_khz in Arista-7800R3A-36D2-C36 and Arista-7800R3A-36D2-C72
2022-12-13 22:20:16 -08:00
kenneth-arista
570e6fb28f
Add aggregate port_config.ini for Wolverine SKU (#12951)
Add missing aggregate port_config.ini needed by sonic-mgmt

Concatenate the ASIC specific port_config.ini from device/arista/x86_64-arista_7800r3a_36d2_lc/Arista-7800R3A-36D2-C36/[01] to create the aggregate file.
2022-12-13 22:02:14 -08:00
wenyiz2021
8a8d83b814
[arista] Add platform.json for arista chassis LC5 (#12949)
Add components all LCs
add platform.json for new sku LC5
mark thermal controllable to false to skip setter function of high/low threshold
2022-12-09 13:45:22 -08:00
Mai Bui
51a1eb112b
[device/celestica] Mitigation for command injection vulnerability (#11740)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [PR (#12065)](https://github.com/sonic-net/sonic-buildimage/pull/12065) needs to merge first.
#### Why I did it
1. `eval()` - not secure against maliciously constructed input, can be dangerous if used to evaluate dynamic content. This may be a code injection vulnerability.
2. `subprocess()` - when using with `shell=True` is dangerous. Using subprocess function without a static string can lead to command injection.
3. `os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
4. `is` operator - string comparison should not be used with reference equality.
5. `globals()` - extremely dangerous because it may allow an attacker to execute arbitrary code on the system
#### How I did it
1. `eval()` - use `literal_eval()`
2. `subprocess()` - use `shell=False` instead. use an array string. Ref: [https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation](https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation)
3. `os` - use with `subprocess`
4. `is` - replace by `==` operator for value equality
5. `globals()` - avoid the use of globals()
2022-12-09 10:30:20 -05:00
byu343
dd87a791b4
[Arista] Disable pcie checking on x86_64-arista_7050cx3_32s (#12900)
This change is to disable the pcie firmware check done by Broadcom SAI. The change is needed for the Arista platform x86_64-arista_7050cx3_32s; otherwise, the check will fail, blocking the initialization.

There was a pcie firmware check added in brcm SDK and certain Arista hardwares do not compliant with the check, so we added the disable_pcie_firmware_check originally for x86_64-arista_7060dx4_32. For x86_64-arista_7050cx3_32s, it was able to pass the check but some firmware change done in August made it fail.
2022-12-07 01:28:26 -08:00
Ikki Zhu
ad49100985
Seastone: fix platform fan psu and temperature issues (#12567)
Why I did it:
Fix multiple seastone platform issues caused by sonic kernel upgrade.

How I did it:
Get gpio base id with new label path in gpio sys fs.

How to verify it:
After the change, show platform fan/psustatus/temperature works well.
2022-12-05 09:44:55 -08:00
Jing Kan
272f61d0f1
[Arista 720DT] Create SKU alias Arista-720DT-G48S4 (#12905) 2022-12-02 18:53:02 +08:00
Mai Bui
2b3e884209
[nokia] Replace os.system and remove subprocess with shell=True (#12100)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
`subprocess.Popen()` and `subprocess.run()` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
`getstatusoutput` is dangerous because it contains `shell=True` in the implementation
#### How I did it
Replace `os` by `subprocess`, use with `shell=False`
Remove unused functions
2022-12-01 12:12:50 -05:00
Junchao-Mellanox
7d38b459e4
[Mellanox] Add device files for SN5600 (#12831)
- Why I did it
Add device files for new platform SN5600

- How I did it
Add device files for new platform SN5600

- How to verify it
Manual test
2022-11-30 19:47:50 +02:00
Mai Bui
0bd3be32e6
[device/marvell] Mitigation for security vulnerability (#11876)
#### Why I did it
`os` and `commands` modules are not secure against maliciously constructed input
`getstatusoutput` is detected without a static string, uses `shell=True`
#### How I did it
Eliminate the use of `os` and `commands`
Use `subprocess` instead
2022-11-30 00:06:28 -08:00
Neetha John
c323037815
Update ECN settings for storage backend (#12855)
Signed-off-by: Neetha John <nejo@microsoft.com>

Why I did it
ECN parameters need to be updated for storage backend

How I did it
Included the check for storage backend devices to update qos configs

How to verify it
Verified that the new ecn settings are applied on storage backend device.
Verified that the old ecn settings are applied for storage frontend, non storage frontend/backend devices
2022-11-29 10:19:06 -08:00
Mai Bui
95bb7f3b78
[device/ragile] Mitigation for security vulnerability (#11744)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
The [xml.etree.ElementTree](https://docs.python.org/3/library/xml.etree.elementtree.html#module-xml.etree.ElementTree) module is not secure against maliciously constructed data.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
`subprocess.getstatusoutput` is dangerous because include shell=True in the implementation
#### How I did it
Remove xml. Use [lxml](https://pypi.org/project/lxml/) XML parsers package that prevent potentially malicious operation.
Replace `os` by `subprocess`
Use command as an array instead of string
Use `getstatusoutput_noshell` in `sonic_py_common` lib
2022-11-29 11:54:37 -05:00
Aravind Mani
724a285569
[DPB] Dell Z9332f port breakout changes (#12789) 2022-11-28 22:16:51 -08:00
andywongarista
e7f4da5823
[Arista] Enable ipv6 128b lpm on 720DT-48S (#12832)
Why I did it
Added to allow test_crm_route to pass; the test tries to add a /126 ipv6 route and this change is required in order for the count of available routes to be updated correctly.
2022-11-29 11:20:50 +08:00
bingwang-ms
818f275957
Add missing flags in qos template file (#12793) 2022-11-23 09:08:38 +08:00
Mai Bui
2f6b34a637
[device/juniper] Mitigation for security vulnerability (#11838)
Signed-off-by: maipbui maibui@microsoft.com
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
`commands` module is not secure
command injection in `getstatusoutput` being used without a static string
#### How I did it
Eliminate `commands` module, use `subprocess` module only
Convert Python 2 to Python 3
2022-11-22 10:46:12 -05:00
Bohan Yang
16a15e9ae0
[Arista]Add media_settings.json for x86_64-arista_7800r3a_36d2_lc (#12444)
Why I did it
TX FIR tuning should be done based on the type of inserted transceiver

How I did it
Add media_settings.json which contains the tuning data for 100G optic and 400G optic.

How to verify it
Tested against x86_64-arista_7800r3a_36d2_lc
2022-11-21 14:50:34 -08:00
bingwang-ms
f402e6b5c6
Apply separated DSCP_TO_TC_MAP and TC_TO_QUEUE_MAP to uplink ports on dualtor (#12730)
Why I did it
The PR is to apply separated DSCP_TO_TC_MAP and TC_TO_QUEUE_MAP to uplink ports on dualtor.
The traffic with DSCP 2 and DSCP 6 from T1 is treated as lossless traffic.

DSCP    TC    Queue
2      2     2
6      6     6
Traffic with DSCP 2 or DSCP 6 from downlink is still treated as lossy traffic as before.

How I did it
Define DSCP_TO_TC_MAP|AZURE_UPLINK and TC_TO_QUEUE_MAP|AZURE_UPLINK.

How to verify it
Verified by UT
Verified by coping the new template to a testbed, and rendering a config_db.json
2022-11-21 11:42:28 -08:00
Samuel Angebault
b05d2e3729
[Arista] Update platform.json for 7060CX-32S (#12783)
Why I did it
Some sonic-mgmt platform_tests/api were failing on the 7060CX-32S

How I did it
Added the missing metadata in platform.json and platform_components.json
This is purely test data and does not impact our API implementation.

How to verify it
Run platform_tests / api and expect 100% pass rate.
2022-11-21 09:19:24 -08:00
Samuel Angebault
46bd5f695c
[Arista] Update platform.json for 7260CX3-64 (#12757)
Why I did it
Some sonic-mgmt platform_tests/api were failing on the 7260CX3-64

How I did it
Added the missing metadata in platform.json and platform_components.json
This is purely test data and does not impact our API implementation.

How to verify it
Run platform_tests/api and expect 100% passrate.
2022-11-19 12:45:37 -08:00
Neetha John
dc21c9605e
[Profile separation] MMU infrastructure update for TD2 (#12626)
Signed-off-by: Neetha John <nejo@microsoft.com>

Why I did it
There is a need to have separate profiles on compute and storage and this infra update will help achieve that

How I did it
Moved buffer pool/profile and qos definitions on TD2 to a common folder and all TD2 hwsku's will reference that folder
2022-11-17 12:58:11 -08:00
wenyiz2021
fecc7c6a1d
[Arista] [platform] Add thermal info in platform.json (#12714)
add 1 more thermal entry
2022-11-17 11:05:16 -08:00
Samuel Angebault
4d62689914
[Arista] Add pcie.yaml to 7280CR3-32D4 variants (#12700) 2022-11-14 13:29:30 -08:00
wenyiz2021
39ebf80f1b
[arista] [chassis] Add psu/thermal info in platform.json for sup (#12667)
update psu info in platform.json on sup
2022-11-14 11:03:52 -08:00
Ying Xie
a544a07931
Enable Dx010 LPM (#12642)
Why I did it
DX010 platform has limited routing table size.

How I did it
Enabling LPM.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-11-09 08:15:41 -08:00
wenyiz2021
f581a77a64
[Chassis] [Arista] correct platform.json for sup and LC6 names (#12627)
add platform.json separately for LC6 that has different name, bc of supporting macsec
Signed-off-by: Wenyi Zhang <wenyizhang@microsoft.com>
2022-11-08 12:56:39 -08:00
judyjoseph
c259c996b4
Use the macsec_enabled flag in platform to enable macsec feature state (#11998)
* Use the macsec_enabled flag in platform to enable macesc feature state
* Add macsec supported metadata in DEVICE_RUNTIME_METADATA
2022-11-08 11:03:38 -08:00
arlakshm
c4be3a51aa
[chassis][Arista] add supervisor to the platform_env.conf (#12615)
Why I did it
Fixes #12614

How I did it
In the container_checker the database_chassis is added to expected container if device is supervisor
To detect the device is superviso, add supervisor=1 to the platform_env.conf of 7808 sup platform

How to verify it
run container_checker monit check
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2022-11-07 15:30:02 -08:00
Mai Bui
5b0c4ec1e6
[device/accton] Replace os.system and remove subprocess with shell=True (#11985)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess.Popen()` and `subprocess.run()` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
Replace `os` by `subprocess`
Remove unused functions
2022-11-07 10:31:32 -05:00
roman_savchuk
a31a4e7f82
Revert "[Barefoot] Add xon_offset to pg_profile_lookup.ini (#12073)" (#12568)
Why I did it
This changes should go with updated SDE for BFN. Without update we do see orchagent core dump.

How I did it
Revert changes

How to verify it
Deploy topology. No core dump appears
2022-11-02 09:10:07 +08:00
Vivek
a68ce12dd6
[Mellanox] [SKU] Added Mellanox-SN4700-A96C8V8 SKU (#12347)
- Why I did it
A new SKU for MSN4700 Platform i.e. Mellanox-SN4700-V16A96

Requirements:

Breakout:
Port 1-24: 4x25G(4)[10G,1G]
Port 25-28: 2x100G[200G,50G,40G,25G,10G,1G]
Port 29-32: 2x200G[100G,50G,40G,25G,10G,1G]
Downlinks: 96 (1-24) + 4 (25-28)
Uplinks: 4 (29-32)
Shared Headroom: Enabled
Over Subscribe Ratio: 1:4
Default Topology: T0
Default Cable Length for T1: 5m
VxLAN source port range set: No
Static Policy Based Hashing Supported: No

Additional Details:
QoS params: The default ones defined in qos_config.j2 will be applied
Small Packet Percentage: Used 50% for traditional buffer model Note: For dynamic model, the value defined in LOSSLESS_TRAFFIC_PATTERN|AZURE|small_packet_percentage is used
SKU was drafted under the assumption that the downlink ports uses xcvr's that will only support the first 4 lanes of the physical port they are connected to. Hence for the ports 1-24, the last four lanes are not used
Cable Lengths used for generating buffer_defaults_{t0,t1}.j2 values

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2022-10-20 09:50:07 +03:00
Mariusz Stachura
bdebcffa5c
[Barefoot] Add xon_offset to pg_profile_lookup.ini (#12073)
- Why I did it
Barefoot uses hysteresis, instead of 'xon-threshold'. 'xon' is only
supported in static mode, so there is a need to add this attribute
to every mode in PG profile init file

- How I did it
'xon_offset' was added to pg_profile_lookup.ini

- How to verify it
Install and basic sanity tests including traffic.
Checked with:
pfcwd/test_pfc_config.py pfcwd/test_pfcwd_all_port_storm.py
pfcwd/test_pfcwd_function.py pfcwd/test_pfcwd_war_reboot.py
pfc_asym/test_pfc_asym.py

Signed-off-by: Mariusz Stachura <mariusz.stachura@intel.com>

Signed-off-by: Mariusz Stachura <mariusz.stachura@intel.com>
2022-10-20 14:01:30 +08:00
Mariusz Stachura
9f88d03c2b
[QoS] Support dynamic headroom calculation for Barefoot platforms (#11708)
Signed-off-by: Mariusz Stachura <mariusz.stachura@intel.com>

What I did
Adding the dynamic headroom calculation support for Barefoot platforms.

Why I did it
Enabling dynamic mode for barefoot case.

How I verified it
The community tests are adjusted and pass.
2022-10-19 09:36:56 -07:00
Mai Bui
6f67a3ac6a
[device/quanta] Mitigation for security vulnerability (#11867)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
`shell=True` is dangerous because this call will spawn the command using a shell process
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
#### How I did it
`os` - use with `subprocess`
Use `shell=False` with shell features
- redirection: [https://stackoverflow.com/questions/4965159/how-to-redirect-output-with-subprocess-in-python/6482200#6482200?newreg=53afb91b3ebd47c5930be627fcdf2930](https://stackoverflow.com/questions/4965159/how-to-redirect-output-with-subprocess-in-python/6482200#6482200?newreg=53afb91b3ebd47c5930be627fcdf2930)
- `|` operator: [https://docs.python.org/2/library/subprocess.html#replacing-shell-pipeline](https://docs.python.org/2/library/subprocess.html#replacing-shell-pipeline)
2022-10-19 10:05:36 -04:00
andywongarista
34b6cc0de2
[Arista] Fix content of platform.json for DCS-7050CX3-32S (#12082)
* Fix platform.json for 7050cx3

* Add platform_components.json

* Mark thermals as not controllable
2022-10-18 18:38:28 -07:00
vmittal-msft
cca17ce104
Updated config files to disable DLR_INIT capability (#12401) 2022-10-18 10:13:07 -07:00
Vivek
bc8ee7a105
[Mellanox] [SKU] Mellanox-SN4700-V48C32 SKU added (#12250)
A new SKU for MSN4700 Platform i.e. Mellanox-SN4700-V48C32

Requirements:
Breakout:
Port 1-24: 2x200G
Port 25-32: 4x100G
Downlinks: 48 (1-24)
Uplinks: 32 (25-32)
Shared Headroom: Enabled
Over Subscribe Ratio: 1:8
Default Topology: T1
Default Cable Length for T1: 300m
VxLAN source port range set: No
Static Policy Based Hashing Supported: No
Additional Details:
QoS params: The default ones defined in qos_config.j2 will be applied
Small Packet Percentage: Used 50% for traditional buffer model Note: For dynamic model, the value defined in LOSSLESS_TRAFFIC_PATTERN|AZURE|small_packet_percentage is used
Cable Lengths used for generating buffer_defaults_{t0,t1}.j2 values

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2022-10-18 12:11:02 +03:00
Sambath Kumar Balasubramanian
7ba1d25757
Add 36 port 100g sku for x86_64-arista_7800r3a_36d series of linecards. (#11813)
Add 36 port 100g sku for x86_64-arista_7800r3a_36d series of linecards.
2022-10-17 11:15:19 -07:00
Sudharsan Dhamal Gopalarathnam
629343e0b7
[Mellanox]Adding SKU Mellanox-SN2700-D44C10 (#12396)
#### Why I did it
To add new SKU Mellanox-SN2700-D44C10 with following requirements:

| Port configuration | Value |
| ------  |--------- |
 | Breakout mode for each port  |**Defined in port mapping** |
| Speed of the port |  **Defined in Port mapping** |
| Auto-negotiation enable/disable | **No setting required** |
| FEC mode | **No setting required** |
|Type of transceiver used | **Not needed**|

 Buffer configuration | Value
------  |---------
 Shared headroom | **Enabled**
 Shared headroom pool factor  |  **2**
 Dynamic Buffer | **Disable**
 In static buffer scenario how many uplinks and downlinks? | **44 x50G and 2x100G Downlinks 8x100G uplinks**
 2km cable support required? | **No**

Switch configuration | Value
------  |---------
 Warmboot enabled? | **yes**
 Should warmboot be added to SAI profile when enabled? | **yes**
 Is VxLAN source port range set? | **No**
 Should Vxlan source port range be added to SAI profile when set. | **No**
 Is Static Policy Based Hashing enabled? | **No**

Port Mapping

| Ports  | Mode      |
| ------  |--------- |
| 1,2      | 1x100G |
|  3-6    | 2x50G   | 
| 7-10   | 1x100G |
| 11-22 | 2x50G   |
| 23-26 | 1x100G | 
| 27-32 | 2x50G   |

Number of Uplinks / Downlinks:
TO topology: **44 x50G and 2x100G Downlinks 8x100G uplinks**.

#### How I did it
Defined the SKU as per requirements

#### How to verify it
Load the SKU and verify if all links come up and traffic passes.
2022-10-14 22:12:28 -07:00
Mai Bui
ea101a90d5
[device/delta] Mitigation for command injection vulnerability (#11865)
#### Why I did it
`os` execution functions are not secure against maliciously constructed input.
#### How I did it
Use `subprocess` module
2022-10-13 21:11:51 -07:00
Bohan Yang
fad4034000
Add 36 port 400g SKU for x86_64-arista_7800r3a_36d series of Linecards. (#11872)
Add 36 port 400g SKU for x86_64-arista_7800r3a_36d series of Linecards.
2022-10-13 20:36:44 -07:00
Mai Bui
f1826586b0
Replace eval (#12103)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`eval()` - not secure against maliciously constructed input, can be dangerous if used to evaluate dynamic content. This may be a code injection vulnerability.
#### How I did it
`eval()` - use `literal_eval()`
2022-10-11 10:17:09 -04:00
henry huang
cb707b7969
fixed nokia platform m0 asic mismatch (#12148)
changed the platform device name under nokia directory; we now need to specify marvell armhf/arm64 to provide more accurate platform identity. otherwise onie discovery won't recognize the asic being installed.

Why I did it
when we load images using onie discovery, the process was failing because of marvell ASIC mismatch

How I did it
replace the platform asic with marvell-armhf under 7215

How to verify it
load a new image using http server and verify that the image can be loaded successfully
2022-10-11 15:04:07 +08:00
Marty Y. Lok
9d37b63824
[Nokia] Update Nokia platform IXR7250E device data (#11611)
Signed-off-by: mlok <marty.lok@nokia.com>
2022-10-10 18:49:26 -07:00
Andriy Kokhan
304c6c80c4
[BFN] Reworked BFN platform thermals plugin (#11723)
* [BFN] Updated platform.json for wedge100bf_65x

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>

* Reworked BFN platform thermal logic

* Implemented PSU thermal APIs

* Updated platform.json for accton_wedge100bf_32x

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>

* Updated BFN platform plugins initialization flow

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>
2022-10-11 09:12:28 +08:00
byu343
9b2b8e3e86
Add gearbox taps to vs gearbox_config.json (#11480)
Why I did it
For the change to support gearbox taps by gearbox_config.json (sonic-net/sonic-swss#2158), I need to add tests to sonic-swss/tests/test_gearbox.py to satisfy the test coverage of the change. The existing code in test_gearbox.py has already used brcm_gearbox_vs and here is to add some gearbox tap value to its gearbox_config.json, for the added tests in sonic-swss/tests/test_gearbox.py.

How I did it
How to verify it
This change itself will not affect existing code.
2022-10-10 13:35:06 -07:00
Mai Bui
3cd9b2e1b5
[device/centec] Replace os.system and remove subprocess with shell=True (#12024)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess.Popen()` and `subprocess.run()` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
Replace `os` by `subprocess`, remove `shell=True`
Remove unused functions
2022-10-07 10:48:25 -04:00