HcfedddlmZddlmZmZddlmZddlmZddlm Z ddl m Z m Z m Z mZmZddlZddlmZmZmZmZdd lmZdd lmZdd lmZmZmZmZdd lm Z dd l!m"Z"m#Z#ddl$m%Z%m&Z&m'Z'ddl(m)Z)m*Z*m+Z+m,Z,m-Z-dZ.GddeZ/dZ0eddZ1de deejdffdZ3dejddejhde5fdZ6de5de e5e fde5fdZ7deejdde e5eeejpe5fffd Z9d!e de e5e ffd"Z:dee e5e ffd#Z;d$e e5eeejpe5ffde e5e fdee e5e ffd%Zddfd*Z?d+Z@d,ZAd-e5d.e5d/e&d0e%d1eBd2eBd3e>fd4ZCd5ZDd!e fd6ZEd7ZFd8ZGd9ZHd:ZIy)<) defaultdict)datetimetimezone)Enum) lru_cache)choice)Any DefaultDictDictListTupleN) exceptions livepatchmessagesutil)_reboot_required) _is_attached)PreserveAptCfgget_apt_cache_datetimeget_apt_pkg_cacheget_esm_apt_pkg_cache)UAConfig)ESMAppsEntitlementESMInfraEntitlement)ApplicabilityStatusApplicationStatusContractStatus)get_distro_infoget_kernel_infoget_release_infois_current_series_lts is_supported) esm-infraesm-appsc eZdZdZdZdZdZdZy) UpdateStatusz2Represents the availability of a security package.upgrade_availablepending_attachpending_enableupgrade_unavailableN)__name__ __module__ __qualname____doc__ AVAILABLE UNATTACHED NOT_ENABLED UNAVAILABLE:/usr/lib/python3/dist-packages/uaclient/security_status.pyr&r&'s8#I!J"K'Kr4r&c@ttj|y)N)printrcreate_package_list_str)packagess r5print_package_listr:/s $ & &x 01r4)maxsizec tj}ddj|fdddj|fdddj|fd dd j|fddd j|fd iS) NUbuntuz {}-securitystandard-security UbuntuESMAppsz{}-apps-securityr$ UbuntuESMz{}-infra-securityr#z{}-apps-updatesz{}-infra-updates)r seriesformat)rAs r5%get_origin_information_to_service_maprC3s   & &F =''/02E ,33F;> W5H5HG  +u $$U+ ) G 0)D fWo   M   Ms#BBBABBBrPrRc|jsy|jj}t|dk(r/|j|}|r|j|k(ry|j}|D]^\}}t j |j |jfd}|tvr|cS|j dk(sR|jcSy)a Returns the origin for a package installed in the system. Technically speaking, packages don't have origins - their versions do. We check the available versions (installed, candidate) to determine the most reasonable origin for the package. unknownr= third-party) rI file_listlenget_candidate_verrCgetoriginarchive ESM_SERVICES component)rPrRavailable_origins candidater]_services r5rLrLTs   ++55  "//8 G//9<%//&$ 79== ]]FNN +R  l "N ==H $## #$ r4 service_nameua_infoc |dvs |dr!||dvrtjjS|dstjjS||dvrtjjStj jS)zDefines the update status for a package based on the service name. For ESM-[Infra|Apps] packages, first checks if Pro is attached. If this is the case, also check for availability of the service. )r>standard-updatesattachedenabled_servicesentitled_services)r&r/valuer0r1r2)rerfs r5get_update_statusrmys @@  8J0K K%%+++ : &&,,,w233''---  # # ) ))r4r9ctt}tt5}|D]}|js|j D]}||jkDsd}|j D]Z\}}tj|j|jf}|s8||j||jfd}n|j dd} |rd| jvs|dj|| jf|j|vs||j} | j D]y}||jkDs|j D]X\}}tj|j|jf}|s8||j||jfy{ ddd|S#1swY|SxYw)zFilters a list of packages looking for available updates. All versions greater than the installed one are reported, based on where it is provided, including ESM pockets, excluding backports. FTr backportsrhN)rrHrrrI version_listrYrCr\r]r^rMsitename) r9rN esm_cacherPversioncounted_as_securityr]rcrdexpected_origin esm_packages r5filter_updatesrxs F - .,*)+ *G""&33G!4!44.3+)0):): &IFA E G K K%+]]FNN$C!"$ ' &w 6 67M N6: 3 % &+2*;*;A*>q*A 3 +?3J3J J"#56==!(/*>*> ?+8<<9,"+GLL"9K#.#;#; *"W%8%88-4->->* *O*Q*U*U%+]]FNN$C+"$+$*7O$:$:)0&++(>%&%** *C+ *,*\ M],*\ Ms<F7F7AF79F7F7!0F7-F7AF7(F77Gcfgc t|j}|ggd}|rt|}t|}|j t j k(r|djd|jdtjk(r|djd|j t j k(r|djd|jdtjk(r|djd|S)z7Returns the Pro information based on the config object.)rirjrkrkr$rrjr#) r is_attachedrrcontract_statusrENTITLEDrMapplication_statusrENABLED)ryr{rfinfra_entitlementapps_entitlements r5 get_ua_inforss#//KG /4-c2  + + -1H1H H ' ( / / ;  / / 1! 4 (( ) & ' . .z :  , , ..2I2I I ' ( / / <  0 0 21 5 (( ) & ' . .{ ; Nr4c tj}t j }||||j k(r|j|jjdk(r{|jjet|jjdkDrC|jjDcgc]#}|jxsd|jxsdd%c}SgS#tj$rgcYSwxYwcc}w)NappliedrrUF)rrpatched) rstatusrProcessExecutionErrorrproc_version_signature_versionkernelstatefixesrZrrr) lp_statusour_kernel_versionfixs r5get_livepatch_fixed_cvesrs$$& )*II  * )"2"2 2    +    % % 2    % % 1  ##)) *Q .!**00 XX^ 0Du E  I%  + +  sC2(C:C76C7upgradable_versionsc g}|jD][\}}t||}|D]E\}}|j|jj|j ||||j dG]|S)N)rPrtrerr] download_size)itemsrmrM parent_pkgrrver_strsize)rrfupdatesrdrprrtr]s r5create_updates_listrsG!4!:!:!< "7G4+ OGV NN&1166&$+$$%,\\     Nr4cZt|}d|i}t}|d}t||d<t|}g|d<t ||}t|d|d<t|d|d<t|d |d <t|d |d <t|d |d<t|d|d<t|d|d<t|d|d<t|d|d<t|d|d<t|d|d<t |j |d<d||dtidS)agReturns the status of security updates on a system. The returned dict has a 'packages' key with a list of all installed packages which can receive security updates, with or without ESM, reflecting the availability of the update based on the Pro status. There is also a summary with the Ubuntu Pro information and the package counts. uarGnum_installed_packagesrhmainnum_main_packages restrictednum_restricted_packagesuniversenum_universe_packages multiversenum_multiverse_packagesrXnum_third_party_packagesrWnum_unknown_packagesr#num_esm_infra_packagesr$num_esm_apps_packagesnum_esm_infra_updatesnum_esm_apps_updatesr>num_standard_security_updatesreboot_requiredz0.1 fixed_cves)_schema_versionsummaryr9r)rrSrZrxrrrr)ryrfrpackages_by_originrQrrs r5security_status_dictrs#GWoG9;+E2(+,>(?G $%();<.0*+!"5w?G#&'9&'A#BG  ),-? -M)NG %&'*+=j+I'JG #$),-? -M)NG %&*-=)+G &''**{,K(LG $%'*+=j+I'JG #$'*+>{+K'LG #$&)*=j*I&JG "#/2/00G +,"2#!6!F!FG !"$<$>?  r4 package_lists show_items always_showct|d}ttjj |dtt |dzz}|dvrft|dt|dzt|dz}ttj j|j ||d |d vrjt|d t|d zt|dz}|s|r:ttj j|j ||d |dvrKt|d}|s|r9ttjj|j |||dvrKt|d}|s|r9ttjj|j ||tdy)NrG)count rV)rGr#rrr#Main/Restricted)offsetr repository)rGr$rrr$Universe/Multiverse)rGrXrX)rr)rGrWrWrU) rZr7rSS_SUMMARY_TOTALrBrESS_SUMMARY_ARCHIVE pluralizeSS_SUMMARY_THIRD_PARTYSS_SUMMARY_UNAVAILABLE) rrrtotal_packagesr packages_mr packages_umpackages_thirdpartypackages_unknowns r5_print_package_summaryrKs u-.N ( # # * * * @A CN+,q0 1F))  f% &- -. /- ,- .    ' ' 1 1+ > E E!, F  ((  j) *- -. /- +, -  + ++55kBII!%4J ++!- ">? + //99'&.A&B  ''}Y78 { //99$&!*  "Ir4c.tj}t|j}dj t |j t |j}ttjj |tdy)Nz{}/{}daterU) r rAreolrBrEmonthyearr7rSS_INTERIM_SUPPORT)rAeol_daters r5_print_interim_release_supportrse   & &Fv&**H >>#hnn-s8==/A BD ( % % , ,$ , 78 "Ir4ctj}t|rRt|j}t t jjt|jyt t jy)Nr) r rAr"rrr7rSS_LTS_SUPPORTrBrErSS_NO_SECURITY_COVERAGE)rArs r5_print_lts_supportrs[   & &FF"6*.. h%%,,#hmm2D,EF h../r4rdrservice_statusservice_applicabilityinstalled_updatesavailable_updatesr{ctj}t|j}|tj k(r6t jj||t|j} n5t jj||t|j} |r5| dt jj|j|zz } |r5| dt jj|j|zz } t| |rZ|tj k(rG|t"j$k(r4tdtt j&j|tdy)N)rrdr)rdrrr)rrUrd)r rAreol_esmrrrSS_SERVICE_ENABLEDrBrErSS_SERVICE_ADVERTISESS_SERVICE_ENABLED_COUNTSrSS_SERVICE_ADVERTISE_COUNTSr7DISABLEDr APPLICABLESS_SERVICE_COMMAND) rdrrrrrr{rA eol_date_esmmessages r5_print_service_supportrsc  & &F"6*22L*222--44!\&&'5  //66!\&&'7  3;;EE  &%     3==GG  &%      'N  /88 8 !%8%C%C C b  h))000AB "Ir4cRt}|%ttjtdyt j t j}||z }|jdkDr?ttjj|jtdyy)NrUr)days) rr7rSS_UPDATE_UNKNOWNrnowrutcrSS_UPDATE_DAYSrB)last_apt_updatertime_since_updates r5_print_apt_update_callrs,.O h(() b  ,,x|| $Co-! h%%,,2C2H2H,IJ b "r4c Dt|jd}t|jd}t|jd}t|jd}t j }t }t|d}t}t|d|dz|dzd} t|d|dz|dzd} t|ttjtd t|s/t|r t!ttj"y|t$j&k(r t)|rttj*nttj,td t/dd ||t1|dt1| | |ds |ds|dr't/dd ||t1|dt1| | |sttj2yy) Nrrirrr#rrr$rUrrdrrrrrr{r)rr~applicability_statusrr rAr!rrSrxrr7r SS_HELP_CALLrr"rSS_NO_INTERIM_PRO_SUPPORTrrrSS_IS_ATTACHEDSS_IS_NOT_ATTACHEDrrZ SS_LEARN_MORE) ryesm_infra_statusesm_infra_applicabilityesm_apps_statusesm_apps_applicabilityrAis_ltsr{r"security_upgradable_versions_infra!security_upgradable_versions_appss r5security_statusrs*3/BBDQG1#6KKM )-@@B1EO/4IIKAN   & &F " $Fc":.K9;)76" \ * + [ ) ** *& )7:& \ * + Z ( )) )% -. (    "I    * , h001,555 h%%& h))* "I$'50=>@A :& l + j ),*"8!"4Z"@A!"CD#   h$$% r4ct}|d}|Dcgc]}|j}}t|dd|r{ttj tdttj t|ttjjt|yttjycc}w)NrXTrrrUrP) rSrrrr7rSS_THIRD_PARTYSS_PACKAGES_HEADERr: SS_SHOW_HINTrBrSS_NO_THIRD_PARTY)rthird_party_packagesrP package_namess r5list_third_party_packagesr's9;-m<1EFgW\\FMF}$ h%%& b  h))*=) h##**6-3H*IJ h(()GCct}|d}|Dcgc]}|j}}t|dd|r{ttj tdttj t|ttjjt|yttjycc}w)NrWTrrUr) rSrrrr7rSS_UNAVAILABLErr:rrBrSS_NO_UNAVAILABLE)runknown_packagesrPrs r5list_unavailable_packagesr ;s9;))41ABgW\\BMByd h%%& b  h))*=) h##**6-3H*IJ h(()Crc ,t}|d}|d|dz}||z}t}t|d}|D] \}}|j|j"t j } t} t|jd} t|jd} t|D cgc]} | jc} }t|D cgc]} | jc} }t|D cgc]*} | j|vr| j|vr | j,c} }t|dd| s/t| r tt!t"j$y| t&j(k(rt+t!dt-dd| | t/|t/|d t!t"j0j3d t!dt| s|r4t!t"j4j3d t7||r4t!t"j8j3d t7||xs|}|rY|r!t"j:j3d }n t"j<j3d }t!|t7||r3t!t"j>j3tA| yyycc} wcc} wcc} w) Nr#rrrTrrUrFrrr)!rSsetrxaddrr rAr!rr~rsortedrrrr"rr7rrrrrrrZSS_SERVICE_HELPrBSS_UPDATES_AVAILABLEr:SS_UPDATES_INSTALLEDSS_FURTHER_OTHER_PACKAGESSS_OTHER_PACKAGESrr)ryrinfra_packages mr_packagesall_infra_packages infra_updatessecurity_upgradable_versionsupdatercrArrrrPinstalled_package_namesavailable_package_namesremaining_package_names hint_listmsgs r5list_esm_infra_packagesr!Ps9;' 4N$V,/A,/OOK'+5EM#12D#E$ 2- &++,-  & &F " $F*3/BBDQG1#6KKM %%34'4%%23'3%. ||#:: $;; LL {    * , h001,555 b $'5n-m, ( " " ) )+ ) >? "I   " (//66{6K L 6 7 " (//66{6K L 6 7+F/F "88??'@0077 7L #J 6 7  (''..vi7H.I J + Q 5 4 s<LL /Lc xt}|d}|d|dz}||z}t}t|d}|D] \}}|j|j"t } t |jd} t |jd} t|D cgc]} | jc} } t|D cgc]} | jc} }t|D cgc]*} | j| vr| j|vr | j,c} }t|dd| sttjytdd| | t!|t!|d ttj"j%d td |r|r4ttj&j%d t)|| r4ttj*j%d t)| |xs| }|rY|r!tj,j%d }n tj.j%d }t|t)||r3ttj0j%t3| yyycc} wcc} wcc} w) Nr$rrrTrrFrrrUr)rSrrxrrr!rr~rrrrrr7rrrrZrrBrr:rrrrr)ryr apps_packages um_packagesall_apps_packages apps_updatesrrrcrrrrPrrrrr s r5list_esm_apps_packagesr's9;&z2M:&);L)II& 35L#12C#D$ 2, **+,# $F(-@@B1EO/4IIKAN$%23'3%%12'2%- ||#:: $;; LL zt  h001(&4m,l+ ( " " ) )* ) => "I " (//66z6J K 6 7 " (//66z6J K 6 7+F/F  #88??&@0077 7K #J 6 7  (''..vi7H.I J -E 4 3 s(J- J2./J7)rGF)J collectionsrrrenumr functoolsrrandomrtypingr r r r r rJuaclientrrrr5uaclient.api.u.pro.security.status.reboot_required.v1r(uaclient.api.u.pro.status.is_attached.v1r uaclient.aptrrrruaclient.configruaclient.entitlementsrr(uaclient.entitlements.entitlement_statusrrruaclient.systemrrr r!r"r_r&r:rCPackagerSrKrErLrmVersionrxrrrrboolrrrintrrrrr r!r'r3r4r5r9s#'66::B %I ) (4(2 4tGOO,,-*" __")0)9)9""J*C*$sCx.*S*"=7??#=d5#!56778=@X$sCx.B$tCH~"60$S$uW__c5I/J*K%KL #s(^ $sCx.,/h/4S>/h<sD$99:<<< <~0/ //&// /  /  //d I&I&X*(**UKpOKr4