From 14f6f09993d0963f7c3e1b723aec0edeb819e3ca Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Sat, 5 Dec 2020 20:19:53 +0100
Subject: [PATCH] Do not write the env explicitly in the command to avoid
 leaking secrets in ps -ef...

---
 src/yunohost/hook.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/yunohost/hook.py b/src/yunohost/hook.py
index c505a2d30..039737737 100644
--- a/src/yunohost/hook.py
+++ b/src/yunohost/hook.py
@@ -396,17 +396,13 @@ def _hook_exec_bash(path, args, chdir, env, return_format, loggers):
     # use xtrace on fd 7 which is redirected to stdout
     cmd = 'BASH_XTRACEFD=7 /bin/bash -x "{script}" {args} 7>&1'
 
-    # prepend environment variables
-    cmd = '{0} {1}'.format(
-        ' '.join(['{0}={1}'.format(k, shell_quote(v))
-                  for k, v in env.items()]), cmd)
     command.append(cmd.format(script=cmd_script, args=cmd_args))
 
     logger.debug("Executing command '%s'" % ' '.join(command))
 
     returncode = call_async_output(
         command, loggers, shell=False, cwd=chdir,
-        stdinfo=stdinfo
+        stdinfo=stdinfo, env=env
     )
 
     raw_content = None