It allows retaining the version number in the downloaded artifact's name when the version to be downloaded is dynamically determined ('latest').
So far, the behavior was to overwrite the version string in the artifact name with 'latest' which leaves no trace of what version the downloaded artifact has. E.g., you cannot use this information for further processing like transferring it to an RPM that is built from the artifact.
This fulfills feature request ansible/ansible#22337
Fix 'module' object is not callable
* rhn_register: fix Python 3 compatibility
* rhn_register: update requirements
* rhn_register: add unit tests
* Add missing method name
* use a dedicated line for XML related requirements
* rhn_register: drop support for Python 2.4
* rhn_register unit tests: fix Python 3 compatibility
* refactor in order to check order of the requests
* add option for path to pear executable
this is useful if you have multiple versions of PHP installed at once,
using SCL PHP RPMs from Red Hat or some other method
* update version number
* improve wording
DNF's base.group_install() function accepts a string as its first
argument. Prior to DNF-2, compatibility code existed which allowed this
function to accept a base.comps.Group object instead. That is no longer
possible.
Pass "group.id" to base.group_install() instead of "group" to work
around this.
* Implement state='dist-upgrade'
Implements `zypper dist-upgrade` for the zypper module. This follows
how `zypper upgrade` is invoked, except `state='dist-upgrade'`.
Setting name to anything other than '*' would cause the module to error
out. `dist-upgrade` affects all packages and would not make sense to
apply to a specific package.
* Implement option extra_args
Add option to append additional arguments to zypper command. This
should be able to accommodate other options that are not (yet) covered
by zypper module.
Arguments are given as if written in the command line, complete with
dashes.
* Use atomic_move rather than writing in place in redhat_subscription and redhat utils
* Change status to curated
* Put curated in the proper field
* Add RETURN doc section
* Disable yum plugins when unregistering
* Change back to community supported
* Alphabetize imports
* Fix the editable condition into pip module (#19028)
* Add editable to tests
Default changed to False, so now editable: True is needed explicitly in
tests
* apk: Fix failure when both install and upgrade in same command
If name list contains an installed package that needs upgrade plus a new package, apk command would fail due to missing space character.
* Simplify fix by concatenating lists
* openwrt_init: clearly state that python is required
As python isn't installed by default on OpenWrt/LEDE,
clearly state that python is required
Signed-off-by: Etienne CHAMPETIER <echampetier@anevia.com>
* opkg: clearly state that python is required
As python isn't installed by default on OpenWrt/LEDE,
clearly state that python is required
Signed-off-by: Etienne CHAMPETIER <echampetier@anevia.com>
* Mutually reference Windows and non-Windows modules
To make it easier for Windows or non-Windows users to find the relevant
module information, we are mutually referencing both variants in their
documentation.
We are also adding a special note if a module works on both Windows and
non-Windows targets.
* Mutually reference Windows and non-Windows modules
To make it easier for Windows or non-Windows users to find the relevant
module information, we are mutually referencing both variants in their
documentation.
We are also adding a special note if a module works on both Windows and
non-Windows targets.
* Replace 'look at' with 'use', as requested
ci_complete
* openbsd_pkg: Handle versionless names with branch.
This makes package names such as "openldap-server--%openldap" work.
Problem reported by Landry Breuil.
While here fix cornercase check for versionless packages and add some
more debug output to packet parsing.
Fixes#25910.
* openbsd_pkg: Split up lines to pass build checks.
===
The test ansible-test sanity --test pep8 failed with the following errors:
lib/ansible/modules/packaging/os/openbsd_pkg.py:383:161: E501 line too long (292 > 160 characters)
lib/ansible/modules/packaging/os/openbsd_pkg.py:398:161: E501 line too long (198 > 160 characters)
===
* Fix proposal for bug 25151
* Fix proposal for bug 25151 - pip module, pyvenv validation
* Graceful fail when virtualenv_python is defined and virtualenv_command uses the venv module
* Making sure that venv is being used as a modue "-m venv"
* Updating syntax in validations
* Updating syntax in validations - fixing stupid typo "[)"
* Raising an error if virtualenv_command is pyvenv or venv and virtualenv_python is used
* trailing whitespace gone, pyvenv, venv validation and docs update
* cleaning whitespaces from blank lines
* apt: include arch in check for installed packages on multi-arch systems
Thanks: Stefan Löwen <stefan.loewen@gmail.com>
Fixes: #24673
* add an integration test for apt's multi-arch handling
- Removed alias autoclean from autoremove.
- Added independent execution of apt-get autoclean/autoremove
- Continued to support --auto-remove as a flag to install/remove
Fixes#22222#24718
* apk: Allow update and upgrade in same task
* apk: Add repository option
* apk: Add available option
* apk: Add stdout and stderr output where possible
* apk: Add packages return with list of changed packages
Output of `yum check-update` can contain lines with long package names and long
repository label names, which will be broken into multiple lines, which need to
be sanitized. The solution to this has been fixed and refactored in 2.3 in form
of parse_check_update(), but it still contains subtle bug, which makes such
multi-lines invisible to later logic (such packages aren't included in
parse_check_update()) output. The problem is caused by using '\1' in re.sub(),
instead of proper r'\1', which literally puts unicode symbol \1 into resulting
output.
This allow users to write better playbooks by replacing
- shell: dnf autoremove -y
with
- dnf: autoremove=yes
Fixes#18815
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
This fix makes it so that the module works as expected when
`server_hostname` is provided. It was being silently ignored
previously. I suppose this may also fix similar behavior with
`server_insecure`, but I did not check that explicitly.
* Added Composer Command global
Added a parameter to run composer commands globally. The `working_dir`
parameter is only required if `global_command` is `False`.
Fixes#24052
* Added Composer Command global
Added a parameter to run composer commands globally. The `working_dir`
parameter is only required if `global_command` is `False`.
Fixes#24052
We fail-fast and display 'stderr' in case 'pacman' returns with 'rc != 0'.
There is no point computing 'module._diff' in such case anyway.
Fixes#23910
(cherry picked from commit 8c6a2a848cf6a6d6522c8f5be56decf8df1ed6ab)
Regex patterns were not being escaped properly so package names
containing characters that could be interpreted as regex symbols
were causing failures.
Fixes: #19714
We invoke /usr/bin/apt inside of the ansible module. When that command
exits, it doesn't always include a helpful error message. Include the
exit code so that user's have all the information we can gice them as to
why apt failed.
Addresses #19128
* rpm_key: Decode bytes to string to work with Python 3 (#20326)
The read() method will return bytes we need to then decode() those bytes
to a string before trying to match() it using the re module.
* Make the rpm_key pgp regex more robust on both py2 and py3
Changes to the metadata format were approved here:
https://github.com/ansible/proposals/issues/54
* Update documentation to the new metadata format
* Changes to metadata-tool to account for new metadata
* Add GPL license header
* Add upgrade subcommand to upgrade metadata version
* Change default metadata to the new format
* Fix exclusion of non-modules from the metadata report
* Fix ansible-doc for new module metadata
* Exclude metadata version from ansible-doc output
* Fix website docs generation for the new metadata
* Update metadata schema in valiate-modules test
* Update the metadata in all modules to the new version
* fix module doc fields
* More module docs corrections
* More module docs corrections
* More module docs corrections
* More module docs corrections
* correct aliases
* Review comments
* Must quote ':'
* More authors
* Use suboptions:
* restore type: bool
* type should be in the same place
* More tidyups
* authors
* Use suboptions
* revert
* remove duplicate author
* More issues post rebase
* include upgraded packages in pacman upgrade action
* display upgraded packages as diff output for pacman upgrade
* document the packages return key
* add --diff support for installing, removing and checking packages
* include package versions in pacman diff output
If a key has expired it will not be added by this module, so check for "expired" in the list of keys.
Example output with expired key:
pub 1024D/5072E1F5 2003-02-03 [expired: 2017-02-16]
uid MySQL Release Engineering <mysql-build@oss.oracle.com>
* Subscibe to pools matched by id before name matches.
If the pools regex matches any pool ids, then subscribe only to those pools.
If there are no pool id matches, then attempt to match the regexp and pool names.
If there are pool name matches, subscribe to those pools.
Fixes#19466, https://github.com/ansible/ansible-modules-core/issues/3898 (partially)
* Add pool id/name matches to 'to keep' list
use subscribe() to use the pools-first logic on update
* #19587: refactor to PEP8
* Issue: #19587: add skip_broken option to yum module
PNTSYSOPS-1901 - internal reference
Signed-off-by: Veaceslav Mindru <vmindru@redhat.com> <mindruv@gmail.com>
* Issue: #19587: fix line break, attempt to make readble
things at line 646 look ugly ..
trying to make them look a bit more human readble
though the entire approach should be rewriten
PNTSYSOPS-1901 - internal reference
Signed-off-by: Veaceslav Mindru <vmindru@redhat.com> <mindruv@gmail.com>
* #19587: fixing typo, skip-broken has to be passed as list
* PR: #21475: peer review changes
relates to: revert comment deletion https://github.com/ansible/ansible/pull/21475#discussion_r101574146
relates to: remove irelevant var https://github.com/ansible/ansible/pull/21475#discussion_r101573388
relates to: reformat https://github.com/ansible/ansible/pull/21475#discussion_r101572840
Signed-off-by: Veaceslav Mindru <vmindru@redhat.com> <mindruv@gmail.com>
* PR: #21475: peer review changes
relates to: https://github.com/ansible/ansible/pull/21475#discussion_r101573736
Signed-off-by: Veaceslav Mindru <vmindru@redhat.com> <mindruv@gmail.com>
* Issue: #21475: fixing typo in the Man section
Signed-off-by: Veaceslav Mindru <vmindru@redhat.com> <mindruv@gmail.com>
* PR: #21475 - Peer review: revert variable a
Relates to: https://github.com/ansible/ansible/pull/21475#pullrequestreview-22404868
Signed-off-by: Veaceslav Mindru <vmindru@redhat.com> <mindruv@gmail.com>
* Issue: 19587 - small correction
Signed-off-by: Veaceslav Mindru <vmindru@redhat.com> <mindruv@gmail.com>
* Marks metadata files as outdated
Eliminates time records of the metadata and mirrorlists download
for each repository. This forces yum to revalidate the cache for
each repository the next time it is used.
* Command arguments in two separate strings to be compatible if run_command implementation changes. Doc explains a little better what is that parameter doing
The usage of type 'path' for the path option makes the use
of expanduser redundant. This patch removes the expanduser
call because the path type is already used for the path
option
* Avoid having module documentation links to itself
A lot of modules use M(own_module) in their documentation causing a link
in the documentation to itself.
* Make note more clear now
* Add swupd plugin
Add support for ClearLinux update manager (swupd)
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
* swupd: Document RETURN values
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
* swupd: Add a meaningful description for failures
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
* swupd: Clarify documentation
Provide more information about the options supported by the module
since some concepts are new for people not used to clearlinux/swupd
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
* Fix 'yum skips updates' bug
When the 'yum check-update' output is parsed, the regex used
to stitch wrapped lines together would fail on the first package.
It would fail because there is an empty line before the first
package, and this triggered the regex. To avoid a more complicated
regex, preprocess the check-update output to strip out any
empty lines.
The regex is also updated to include a group on the non whitespace
match to be used in the sub.
Add test cases based on info provided in the bug reports.
Fixes#20608
Fixes#20754.
Details: UbuntuSourcesList.add_source() had a quick check for PPAs being
already present in the source lists. The check was looking for the PPAs
URL to be present in self.repo_urls, which should contain all valid and
enabled repositories.
The enabled check in repo_urls was incorrect. It was checking the tuple's
2nd item (which means "valid") and ignoring the 3rd item (which means
"enabled").
self.files contains tuples (line_number, valid, enabled, source_line,
comment_text). Ideally it would be using named tuples instead of
indexing, to avoid bugs like that, but Python 2.4 didn't have named
tuples, so we can't do that (yet).
* Make unused redhat_subscriptions do something
rhsm_baseurl/server_insecure were module params that were
never used previously. Hook them up for register options.
* pep8/style cleanups
* Set a module scope SUBMAN_CMD before we ref it as a global
* move ansible imports to top, remove '*' imports
* remove redhat_subscriptions from pep8 legacy
* the `only_update` param description was kinda vague:
* either install if not installed
* or upgrade if installed
* or both!?
* as a result, remove the "install" statement from this sentence
Resolves:
Related:
Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>
* Update validate-modules
* Validates ANSIBLE_METADATA
* Ensures imports happen after documentation vars
* Some pep8 cleanup
* Clean up some left over unneeded code
* Update modules for new module guidelines and validate-modules checks
* Update imports for ec2_vpc_route_table and ec2_vpc_nat_gateway
* Remove monkeypatching of rhn config in rhn_register
rhn_register.Rhn() was doing some complicated monkeypatching of
the up2date_client.config.Config() class to add a default config
value. Since that was only used in one place, remove the monkeypatch
and handle the single default case.
That case was 'server_url' option, so replace it with a Rhn.server_url
property. Also handle the error case when no server url is provided.
* refactoring
* flatten some indention levels
* add 'enable_eus' to module doc
* set enable_eus var and use it directly
* style/pep8/etc cleanups
* some import cleanups
types was unused, os/re were from module_utils * import
* remove * import from module_utils.redhat
* remove * imports from module_utils.base
* remove unused Rhn._subscribe method
* cleanup pep8 style stuff
* remove a unused default mutable arg from Rhn.subscribe
Rhn.subscribe() only gets called in one place, and thats
with channels from module_params which default to [] and
are typed as a list.
* Set ansible_os_family to 'ClearLinux'
* Set ansible_distribution to 'ClearLinux'
* Add swupd.py plugin
Fixes#20824
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
`force` option is not unique for non-activationkey registrations and it should
be parsed separately; it is possible to register host with activation key and
force such process.
* redhat_subscription: enforce the need for org_id when AK is used
also update the documentation to reflect that
Fixes: #20542
* redhat_subscription: check for existence of subscription-manager
* Reenable yum install root tests
No need for sos to test installroot. Something with less deps works
just as well.
* Fix yum installroot.
Fix module import to use fail_json when the modules aren't installed.
Remove wildcard imports
* Lsat task is supposed to remove sos so make that happen
This PR improves the documentation so that it is clear that this module does
not clean the repository metadata cache on removal, and add an example
notification handler to the removal example as an extra reminder.
This fixes#19730
* Add --installroot to YUM and DNF modules, issue #11310
This continues ansible-modules-core#1558, and
ansible-modules-core#1669
Allow specifying installroot for the yum and dnf modules
to install and remove packages in a location other than /.
* Remove empty aliases
* Simpler installroot set default logic
This commit also adds the module to DEFAULT_SQUASH_ACTIONS which is
possible with this change.
The module still calls the pkg_* tools once per name internally, so the only
difference is less invocations of the module itself when using with_items.
Previously, packages were installed one at a time in a loop. This caused
a couple of problems.
First, it was a performance issue - pacman would have to perform all of
its checks once per package. This is unnecessarily costly, especially
when you're trying to install several related packages at the same time.
Second, if a package you're trying to install depends on a virtual
package that is provided by several different packages (such as the
"libgl" package on Arch) and you aren't also installing something that
provides that virtual package at the same time, pacman will produce an
interactive prompt to allow the user to select a relevant package. This
is obviously incompatible with how ansible operates. Yes, this problem
could be avoided by installing packages in a different order, but the
order of installation shouldn't matter, and there may be situations
where it is not possible to control the order of installation.
With this refactoring, all of the above problems are avoided. The code
will now work out all of the packages that need to be installed from any
configured repositories and any packages that need to be installed from
local files, and then install all the repository packages in one go and
then all of the local file packages in one go.
It's possible to compress packages using several different compression
methods, or not compressed at all. Previously, the pacman module only
supported files compressed using xz. This update ensures that all
compression types currently supported by pacman are supported by the
ansible pacman module.
The list of supported compression methods at the time of writing can be
found here:
https://git.archlinux.org/pacman.git/tree/scripts/makepkg.sh.in#n747
* added alpha version of the 'sorcery' module
* fully conforming YAML
* use bundled check for executables
* - codex_list(): use commands instead of checksums to get sorcery version and verify codex equality - renamed: - manage_depends() -> match_depends() - tocast -> cast_queue, todispel -> dispel_queue, needs_recast -> depends_ok - SORCERY_LOG -> SORCERY_LOG_DIR, SORCERY_STATE -> SORCERY_STATE_DIR - removed: - SORCERY_VERSION_FILE - CODEX - added commentary to match_depends() and manage_spells() - fixed bug about dropped dependency line for previously existed dependency - fixed bug about not fixing depends for the 'latest' state - simplified several code constructions
* cleaned up some docs
* do not use separate message for Codex update, rely on the 'changed' status instead
* use built-in list conversion (_check_type_list()) for spells
* corrected spell name extraction from list in match_depends()
* avoid non-matching dependencies line duplication in depends file
* added more complex playbook example
* tiny stylistic fix for docs
* replaced ternary construction with a regular statement
* replaced yet another ternary construction with a regular statement
* enable Python 2.4 compatibility by splitting try-finally block
* enable Python 2.4 compatibility by replacing 'with' statement with try-except+try-finally blocks
* unify spells' assign
* replaced one regex with startswith()
* go Ansible 2.1
* added dummy RETURN template
* go Ansible 2.2
* better clarify permissions' requirements
* - updated copyright years - fixed rebuild command bug - re-used run_command_environ_update dict for env var management
* handle Python 3.5
* Revert "handle Python 3.5"
This reverts commit 33a5a0eb64c1193318298e111f063cdd5f93b73a.
* handle Python 3.5 (2nd try)
* go Ansible 2.3
* clarity++
Allow installation of PPA repositories on non-Ubuntu Debian derived
distribution targets (e.g. neon, Mint, Debian itself) by removing the
specific check for UbuntuDistribution before allowing PPA: format
sources. This fixes the addition of PPA repositories under KDE neon (as
the codenames match the base Ubuntu distribution).
To make the functionality also useful under Mint and Debian which have
different codenames to their Ubuntu upstream / downstream releases, add
a 'codename' option to override the default used in the PPA source
entry.
* Add 'on the remote server' to `file` parameter description
* Add example showing how to use the `file` parameter, with specific
language about the file's location being on the 'remote server'
* apt: If the cache object fails to lost due to a corrupt file, try to update the cache until it is fixed.
* Append -q to the update parameters
* Remove unused variable
* Use a string that doesn't rely on internationalization
* Use py24 exception style
* Use get_exception
Fixes#2951
builddep only requires a source package to be in the repos but our code
was checking for a binary package before running buiddep. Reversing the
order makes it work correctly.
Fixes#4519
* Only change to short IDs for delete
If the user specifies long IDs, use them for all commands except for
deleting a key. Need to use short IDs there because of an upstream
apt_key bug. Fixed in apt_key 1.10 (fix is present in Ubuntu 16.04 but
not Ubuntu 14.0 or some Debians).
Fixes#5237
* Check that apt-key really erased the key
When erasing a key, apt-key does not understand how to process subkeys.
This update explicitly checks that the key_id is no longer present and
throws an error if it is. It also hints at subkeys being a possible
problem in the error message and the documentation.
Fixes#5119
* Fix apt_key check mode with long ids
apt-key can be given a key id longer than 16 chars to more accurately
define what key to download. However, we can use a maximum of 16
chars to verify whether a key is installed or not. So we need to use
different lengths for the id depending on what we're doing with it.
Fixes#2622
Also:
* Some style cleanups
* Use get_bin_path to find the path to apt-key and then use that when
invoking apt-key
* Return a nice user error message if the key was not found on the
keyserver
* Make file and keyring parameters type='path' so envars and tilde are
expanded
The implementation is fairly simple, we force the rc= parameter to not be zero so that the check in _executor/task_result.py_ correctly determines that it failed. Without this change Ansible would report the task to be ok (despite failed=True and msg=Some_error_message) although Ansible stops and the summary output reports a failed task.
This fixes#4214, #4384 and also relates to ansible/ansible#12070, ansible/ansible#16006, ansible/ansible##16597, ansible/ansible#17208 and ansible/ansible#17252
This change is in response to issue #1497 where the apt module would not properly updating the apt cache in some situations and never returned a state change on cache update when the module was used without or without an item to be installed or upgraded.
The change simply allows the apt module to update the cache when update_cache option is used without or without a set cache_valid_time.
If cache_valid_time is set and the on disk mtime for apt cache is ">" the provided amount of seconds, which now has a default of 0, the apt cache will be updated. Additionally if no upgrade, package, or deb is installed or changed but the apt cache is updated the module will return a changed state which will help users to know that the state of the environment has changed due to a task operation, even if it was only an apt cache update.
fixes#1497
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
* Pip: handle parsing different pip commands
* Pip: use 'pip list' when available
* Pip: explicitly check which command is used
* Pip: add error checking when fetching packages
Rather than just checking whether a package with the right
name is installed, use `local_nvra` to check whether the
version/release/arch differs too.
Remove `local_name` as it is a shortcut too far.
Fixes#3807Fixes#4529
- Use range instead of xrange.
- Use python3-apt package for python 3.
- Eliminate unsupported for/else/raise usage.
- Use list on dict.items when modifying dict.
- Update requirements documentation.
Also made non-intrustive style fixes (adding blank lines).
Importing a (sign only) subkey with apt_key module always fails,
however the actual keyring gets created and contains the correct keys.
Apparently the all_keys function skips the subkeys, hence the problem.
Fixes#4365
During check_mode (`--check`), the variable change could be
used uninitialized, yielding this error:
`UnboundLocalError: local variable 'changed' referenced before assignment`
This changeset simply initializes it to False.
Change the file mode arg to 'raw' ala file args
Following the file_common_args model, change the
type of the 'mode' arg here to type='raw' with no
default arg value.
The default mode for file creation is the module
constant DEFAULT_SOURCES_PER, and is used if no
mode os specified.
A default mode of 0644 (and not specified as int or str)
would get converted to an octal 420, resulting in the
sources file being created with mode '0420' instead of '0644'
Fixes#16370
Fix KeyError: 'prepared' while installing dependencies using deb=<file>.deb
This error shows up when --diff was not passed by and the deb files has dependencies not yet installed.
Closes#3752.
packaging/language/pip.py:
virtualenv option:
Mention that virtualenv is created if it does not exist.
(Explicit is better than implicit.)
Mention other relevant options.
notes:
initialized -> created
Wrap long lines.
Since fetch_url already take care of the exception, the try/except
clause is no longer working, so replace it with proper status
checking, thus permitting to remove urlib2 from the import list.
for install, remove, deb_install, and upgrade.
Since apt has very commonly familiar output, just use the normal output
from apt-get or aptitude -- trimmed to the interesting parts -- to show
to the user if she specified --diff on the CLI.
Uses the recent support for the `diff['prepared]` key.
Fixesansible/ansible#10239
'server_insecure' maps to the subscription-manager config
(/etc/rhsm/rhsm.conf) value for 'insecure' key in the
'server' stanza. The 'insecure' configures if the https connection
to 'server_hostname' is verified as having been issued by
a CA in 'ca_cert_dir' trust store.
Previous documentation indicating it disables https and
enables http was inaccurate. Connection to server_hostname
always uses https.
This is useful for packages that bootstrap their own apt-key setup - only
the initial installation will require overriding. Notable examples are the
Dropbox and Google Chrome packages.
(Setting force=yes is far too strong: I only want to bypass
authentication!)
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
The returned list of diffs aims to simulate how a file system diff would
look before and after writing the sources list files.
n.b. Ternary conditional is due to failing integration test for
python 2.4
This mirrors a nearly identical change made to apt_repository.py.
Also removes the use of apt-get --force-yes as it can be dangerous
and should not be necessary (apt_repository.py does not use it).
Repeating the explanation from the apt_respository change below:
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to thoroughly inspect for a security audit.
In this case, the '&&' can be replaced by doing 2 calls to run_command.
The old method left settings in the environment. The new method takes
care of clearing them after use. In this module, the old method was
also setting the environment too late to affect all the command line
tools which lead to a bug.
Fixes https://github.com/ansible/ansible/issues/14264
On systems with restrictive umasks, the pip module won't allow you to
install pip packages that are usable by everyone on the system. This
commit adds a umask option to optionally override the umask on a
per-package basis.
Since there is no shell escape of the password parameter, a password with
a single quote (or even worst, a single quote and a pipe) could have
unattended consequences. Also, the less we use use_unsafe_shell=True, the
better.
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to toroughly inspect for a security audit.
In this case, the '&&' can be replaced by doing 2 calls to run_command.
