search

and3rson / clay

Awesome standalone command line player for Google Play Music.
GNU General Public License v3.0
157 stars 11 forks source link

Unsafe load() call disabled by Gentoo. See bug #659348 #55

Open guitmz opened 5 years ago

guitmz commented 5 years ago

I have installed clay just now in my Gentoo system and upon the first run I got the error message. Full error:

λ ~/ clay
Traceback (most recent call last):
  File "/home/guitmz/.local/bin/clay", line 11, in <module>
    load_entry_point('clay-player==1.1.0', 'console_scripts', 'clay')()
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 489, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 2843, in load_entry_point
    return ep.load()
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 2434, in load
    return self.resolve()
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 2440, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/home/guitmz/.local/lib64/python3.6/site-packages/clay/app.py", line 16, in <module>
    from clay.player import player
  File "/home/guitmz/.local/lib64/python3.6/site-packages/clay/player.py", line 20, in <module>
    from clay.settings import settings
  File "/home/guitmz/.local/lib64/python3.6/site-packages/clay/settings.py", line 198, in <module>
    settings = _Settings()  # pylint: disable=invalid-name
  File "/home/guitmz/.local/lib64/python3.6/site-packages/clay/settings.py", line 53, in __init__
    self._load_config()
  File "/home/guitmz/.local/lib64/python3.6/site-packages/clay/settings.py", line 86, in _load_config
    self._config = yaml.load(settings_file.read())
  File "/usr/lib64/python3.6/site-packages/yaml/__init__.py", line 109, in load
    raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348")
RuntimeError: Unsafe load() call disabled by Gentoo. See bug #659348

Relevant Gentoo bug report https://bugs.gentoo.org/659348

It looks trivial to fix this issue (but I haven't really tried yet). Replacing yaml.load() calls with yaml.safe_load() should do it. Let me know your thoughts on this one.

I also recommend replacing yaml.dump() with yaml.safe_dump()

Thanks

ValentijnvdBeek commented 5 years ago

Hi Guilherme,

I just took a look and you seem to be right. Following your recommended fix works fine and didn't break anything. I included a patch file at the end including the fix but I am afraid you'll have to apply the patch yourself. I am not the owner of Clay so I can't release the new version and I am afraid that it will take another 99 years for him to appear underneath an Inuit village frozen in ice so he can team up with two teenagers to take down a fascist regime.

Good luck,

Valentijn