enhance motion startup logging and update "safety" workflow #2983
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Print motion path and version in debug log when detection and when starting motion. Print error code when motion failed to start. Align variable names and avoid unused variables. Signed-off-by: MichaIng <micha@dietpi.com>
Safety "check" has been superseded by "scan": https://docs.safetycli.com/safety-docs/safety-cli-3/migrating-from-safety-cli-2.x-to-safety-cli-3.x#switching-to-the-new-scan-command But it requires to create an account and authenticate. Until we decide whether we want to create a motionEye account for this, and when we know how to authenticate non-interactively, we stick with "check": pyupio/safety#525 Ignore disputed CVE-2018-20225. pip (intentioanlly) pulls the latest version of a module from PyPI, if an older version is available in "extra" indexes added via "extra-index-url" config/arg. If the module does not exist on PyPI at all, an attacker could upload one with the same name, injecting an unintended module into the user's project. This is of course naturally true when installing one module with multiple indexes, same as when installing an APT package with multiple APT repositories present. "extra"-index-url is not meant to override, but extend the indexes. To enforce a different index, and mitigate this potential risk for modules not uploaded to PyPI, use "index-url" arg/config instead. Remove obsolete workaround. Signed-off-by: MichaIng <micha@dietpi.com>
Fix error log when ffmpeg executable could NOT print version. Add executable path to debug log. Quote motion executable path, which is not assured to work in shell without quotation. Align variable and structuring code comments. Signed-off-by: MichaIng <micha@dietpi.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I would actually like to append the
motion/ffmpegcommand's output to the error message, when obtaining the version fails. If these commands fail, either the binary is broken, or a linked library, or the CLI has changed. In every case, it would be helpful to have that error in motionEye logs.The exception does not include the command's STDERR.
utils.call_subprocessredirects SDTERR to/dev/nullby default. So we could passstderr=subprocess.PIPEand appendoutputto the error message. But better would be probably to store/access STDERR separately, to append only that one to the error message, while parsing only STDOUT for the actual version string.While this can be merged, I'll run some more tests regarding this, and am open for suggestions, of course.