o ϴfe@sddlmZddlmZmZddlmZddlmZddlm Z ddl m Z m Z m Z mZmZddlZddlmZmZmZmZdd lmZdd lmZdd lmZmZmZmZdd lm Z dd l!m"Z"m#Z#ddl$m%Z%m&Z&m'Z'ddl(m)Z)m*Z*m+Z+m,Z,m-Z-dZ.GdddeZ/ddZ0eddddZ1de deej2ffddZ3dej2dej4de5fddZ6d e5d!e e5e fde5fd"d#Z7d$eej2de e5eeej8e5fffd%d&Z9d'e de e5e ffd(d)Z:dee e5e ffd*d+Z;d,e e5eeej8e5ffd!e e5e fdee e5e ffd-d.Zddfd6d7Z?d8d9Z@d:d;ZAde&d?e%d@eBdAeBdBe>fdCdDZCdEdFZDd'e fdGdHZEdIdJZFdKdLZGdMdNZHdOdPZIdS)R) defaultdict)datetimetimezone)Enum) lru_cache)choice)Any DefaultDictDictListTupleN) exceptions livepatchmessagesutil)_reboot_required) _is_attached)PreserveAptCfgget_apt_cache_datetimeget_apt_pkg_cacheget_esm_apt_pkg_cache)UAConfig)ESMAppsEntitlementESMInfraEntitlement)ApplicabilityStatusApplicationStatusContractStatus)get_distro_infoget_kernel_infoget_release_infois_current_series_lts is_supported) esm-infraesm-appsc@s eZdZdZdZdZdZdZdS) UpdateStatusz2Represents the availability of a security package.upgrade_availablepending_attachpending_enableupgrade_unavailableN)__name__ __module__ __qualname____doc__ AVAILABLE UNATTACHED NOT_ENABLED UNAVAILABLEr1r1:/usr/lib/python3/dist-packages/uaclient/security_status.pyr$'s r$cCstt|dS)N)printrcreate_package_list_str)packagesr1r1r2print_package_list/sr6)maxsizec CsRtj}dd|fddd|fddd|fd dd |fddd |fd iS) NUbuntuz {}-securitystandard-security UbuntuESMAppsz{}-apps-securityr# UbuntuESMz{}-infra-securityr"z{}-apps-updatesz{}-infra-updates)rseriesformat)r<r1r1r2%get_origin_information_to_service_map3sr>returnstrcCsvtt}tt)}dd|jD}||d<t|}|D] }|t|||qWd|S1s4wY|S)NcSsg|]}|jr|qSr1) current_ver.0packager1r1r2 Es z4get_installed_packages_by_origin..all) rlistrrr5apt_pkgDepCache get_origin_for_installed_packageappend)resultcacheinstalled_packages dep_cacherDr1r1r2 get_installed_packages_by_origin?s"      rPrDrOcCs|jsdS|jj}t|dkr ||}|r|j|krdS|j}|D]!\}}t|j|jfd}|tvr9|S|jdkrC|j Sq"dS)a Returns the origin for a package installed in the system. Technically speaking, packages don't have origins - their versions do. We check the available versions (installed, candidate) to determine the most reasonable origin for the package. unknownr8 third-party) rA file_listlenget_candidate_verr>getoriginarchive ESM_SERVICES component)rDrOavailable_origins candidaterY_servicer1r1r2rJTs$       rJ service_nameua_infocCsP|dvs|dr||dvrtjjS|dstjjS||dvr$tjjStjjS)zDefines the update status for a package based on the service name. For ESM-[Infra|Apps] packages, first checks if Pro is attached. If this is the case, also check for availability of the service. )r9standard-updatesattachedenabled_servicesentitled_services)r$r-valuer.r/r0)rarbr1r1r2get_update_statusys  rhr5c Cs>tt}tt}|D]}|jr|jD]C}||jkrVd}|jD]\}}t|j |j f}|r=|| ||j fd}nq|jdd} |sVd| j vrV|d || j fq|j |vr||j } | jD]'}||jkr|jD]\}}t|j |j f}|r|| ||j fnqnqdq Wd|S1swY|S)zFilters a list of packages looking for available updates. All versions greater than the installed one are reported, based on where it is provided, including ESM pockets, excluding backports. FTr backportsrcN)rrGrrrA version_listrUr>rXrYrZrKsitename) r5rL esm_cacherDversioncounted_as_securityrYr_r`expected_origin esm_packager1r1r2filter_updatessZ           ..rrcfgcCst|j}|ggd}|rQt|}t|}|tjkr#|dd|dt j kr3|dd|tjkrA|dd|dt j krQ|dd|S)z7Returns the Pro information based on the config object.)rdrerfrfr#rrer") r is_attachedrrcontract_statusrENTITLEDrKapplication_statusrENABLED)rsrtrbinfra_entitlementapps_entitlementr1r1r2 get_ua_infos*   r{cCszt}Wn tjygYSwtj}|durF|durF||jkrF|jdurF|jjdkrF|jjdurFt |jjdkrFdd|jjDSgS)NappliedrcSs"g|] }|jpd|jp ddqS)rQFrlpatchedr})rCfixr1r1r2rEsz,get_livepatch_fixed_cves..) rstatusr ProcessExecutionErrorrproc_version_signature_versionkernelstatefixesrV) lp_statusour_kernel_versionr1r1r2get_livepatch_fixed_cvess"     rupgradable_versionsc CsRg}|D] \}}t||}|D]\}}||jj|j||||jdqq|S)N)rDrnrarrY download_size)itemsrhrK parent_pkgrlver_strsize)rrbupdatesr`rjrrnrYr1r1r2create_updates_lists   rcCst|}d|i}t}|d}t||d<t|}g|d<t||}t|d|d<t|d|d<t|d |d <t|d |d <t|d |d<t|d|d<t|d|d<t|d|d<t|d|d<t|d|d<t|d|d<t|j|d<d||dtidS)agReturns the status of security updates on a system. The returned dict has a 'packages' key with a list of all installed packages which can receive security updates, with or without ESM, reflecting the availability of the update based on the Pro status. There is also a summary with the Ubuntu Pro information and the package counts. uarFnum_installed_packagesrcmainnum_main_packages restrictednum_restricted_packagesuniversenum_universe_packages multiversenum_multiverse_packagesrTnum_third_party_packagesrSnum_unknown_packagesr"num_esm_infra_packagesr#num_esm_apps_packagesnum_esm_infra_updatesnum_esm_apps_updatesr9num_standard_security_updatesreboot_requiredz0.1 fixed_cves)_schema_versionsummaryr5r)r{rPrVrrrrrr)rsrbrpackages_by_originrNrrr1r1r2security_status_dicts:   rrFF package_lists show_items always_showc CsBt|d}ttjj|ddtt|d}|dvr=t|dt|dt|d}ttj|j||d d |d vret|d t|d t|d}|sW|rettj|j||dd |dvrt|d}|ss|rttj|j||d|dvrt|d}|s|rttj |j||dtddS)NrF)count rR)rFr"rrr"Main/Restricted)offsetr repository)rFr#rrr#Universe/Multiverse)rFrTrT)rr)rFrSrSrQ) rVr3rSS_SUMMARY_TOTALr=r@SS_SUMMARY_ARCHIVE pluralizeSS_SUMMARY_THIRD_PARTYSS_SUMMARY_UNAVAILABLE) rrrtotal_packagesr packages_mr packages_umpackages_thirdpartypackages_unknownr1r1r2_print_package_summaryKsn            rcCsHtj}t|j}dt|jt|j}tt j j|dtddS)Nz{}/{}daterQ) rr<reolr=r@monthyearr3rSS_INTERIM_SUPPORT)r<eol_daterr1r1r2_print_interim_release_supports   rcCsDtj}t|rt|j}ttjjt |j ddSttj dS)Nr) rr<r!rrr3rSS_LTS_SUPPORTr=r@rSS_NO_SECURITY_COVERAGE)r<rr1r1r2_print_lts_supports  rr`rservice_statusservice_applicabilityinstalled_updatesavailable_updatesrtc Cstj}t|j}|tjkrtjj||t |j d} n tj j||t |j d} |r7| dtj |j|d7} |rG| dtj |j|d7} t| |rd|tjkrd|tjkrdtdttjj|dtddS)N)rr`r)r`rrr)rrQr`)rr<reol_esmrrxrSS_SERVICE_ENABLEDr=r@rSS_SERVICE_ADVERTISESS_SERVICE_ENABLED_COUNTSrSS_SERVICE_ADVERTISE_COUNTSr3DISABLEDr APPLICABLESS_SERVICE_COMMAND) r`rrrrrrtr< eol_date_esmmessager1r1r2_print_service_supportsF         rcCsft}|durttjtddSttj}||}|jdkr1ttj j |jdtddSdS)NrQr)days) rr3rSS_UPDATE_UNKNOWNrnowrutcrSS_UPDATE_DAYSr=)last_apt_updatertime_since_updater1r1r2_print_apt_update_calls    rc Cst|}t|}|d}|d}|d}|d}tj}t}t|d} t} t | d| d| dd} t | d| d| dd} t | t t j t d t|spt|ritt t jdS|tjkrxt| rt t jnt t jt d tdd ||t| dt| | d | ds| ds| drtdd ||t| dt| | d | st t jdSdS) Nrrdrrr"rrr#rQrr`rrrrrrtr)rrrwapplicability_statusrr<r r{rPrrrr3r SS_HELP_CALLrr!rSS_NO_INTERIM_PRO_SUPPORTrrrSS_IS_ATTACHEDSS_IS_NOT_ATTACHEDrrV SS_LEARN_MORE) rs esm_infra_ent esm_apps_entesm_infra_statusesm_infra_applicabilityesm_apps_statusesm_apps_applicabilityr<is_ltsrtr"security_upgradable_versions_infra!security_upgradable_versions_appsr1r1r2security_statuss              rcCzt}|d}dd|D}t|ddd|r6ttjtdttjt|ttjjt |ddSttj dS)NrTcSg|]}|jqSr1rlrBr1r1r2rE+z-list_third_party_packages..TrrrQrD) rPrr3rSS_THIRD_PARTYSS_PACKAGES_HEADERr6 SS_SHOW_HINTr=rSS_NO_THIRD_PARTY)rthird_party_packages package_namesr1r1r2list_third_party_packages(s  rcCr)NrScSrr1rrBr1r1r2rE?rz-list_unavailable_packages..TrrQr) rPrr3rSS_UNAVAILABLErr6rr=rSS_NO_UNAVAILABLE)runknown_packagesrr1r1r2list_unavailable_packages<s  rc st}|d}|d|d}||}t}t|d}|D] \}}||jqtj} t} t|} t |} | d} | d}t dd|Dt dd|Dt fdd|D}t |dd d | syt| rrtttjdS| tjkrttd tdd | |t|t|d dttjjddtd t| srttjjddtrttjjddtpƈ}|r|rtjjdd}ntjjdd}t|t||rttjjt |ddSdSdS)Nr"rrrcSrr1rrBr1r1r2rEirz+list_esm_infra_packages..cSrr1rrBr1r1r2rElrc&g|]}|jvr|jvr|jqSr1rrBavailable_package_namesinstalled_package_namesr1r2rEo   TrrQrFrrr)!rPsetrraddrrr<r rrrwrsortedrr!rr3rrrrrrrVSS_SERVICE_HELPr=SS_UPDATES_AVAILABLEr6SS_UPDATES_INSTALLEDSS_FURTHER_OTHER_PACKAGESSS_OTHER_PACKAGESrr)rsrinfra_packages mr_packagesall_infra_packages infra_updatessecurity_upgradable_versionsupdater_r<rrrrrremaining_package_names hint_listmsgr1rr2list_esm_infra_packagesQs          rc st}|d}|d|d}||}t}t|d}|D] \}}||jqt} t|} | d} | d} t dd|Dt dd|Dt fdd|D} t |dd d | sjt t j dStdd | | t|t|d d t t jjddt d|rԈrt t jjddtrt t jjddtp}| r|rt jjdd}nt jjdd}t |t| |rt t jjt|ddSdSdS)Nr#rrrcSrr1rrBr1r1r2rErz*list_esm_apps_packages..cSrr1rrBr1r1r2rErcrr1rrBrr1r2rErTrrFrrrQr)rPrrrrrr rrwrrrr3rrrrVr r=r r6r r r rr)rsr apps_packages um_packagesall_apps_packages apps_updatesrrr_rrrrrrrr1rr2list_esm_apps_packagess~         r)rFF)J collectionsrrrenumr functoolsrrandomrtypingrr r r r rHuaclientr rrr5uaclient.api.u.pro.security.status.reboot_required.v1r(uaclient.api.u.pro.status.is_attached.v1r uaclient.aptrrrruaclient.configruaclient.entitlementsrr(uaclient.entitlements.entitlement_statusrrruaclient.systemrrrr r!r[r$r6r>PackagerPrIr@rJrhVersionrrr{rrrboolrrrintrrrrrrrr1r1r1r2s           % @!  4 ?  2M Y