Hcf.s ddlZddlZddlmZmZmZmZmZmZm Z ddl m Z m Z m Z mZmZddlmZmZddlmZddlmZmZddlmZmZddlmZmZmZmZdd l m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4dd l5m6Z6dd l5m7Z8dd l9m:Z:dd l9m7Z;dd lZ>ddl?m@Z@mAZAddlBmCZCmDZDmEZEddlFmGZGddlHmIZIddlJmKZKddlLmMZMmNZNmOZOddlPmQZQddlRmSZSddlTmUZUddlVmWZWGddZXdZYdZZde+fdZ[de-fdZ\d e]d!e^d"eGfd#Z_d e]d!e^d$e^d"eGfd%Z` dKd&ee]d'e]d(ead)ead*ee]d+e]f d,Zbd"eGd-e]d+e^fd.ZcdLd/Zdd"eGfd0Zed"eGd+e^fd1Zfd2ee]d+e]fd3Zgd"eGd!e^d+e^fd4Zhd"eGd+e^fd5Zid"eGd6e]d+e^fd7Zjd6e]d"eGd!e^d+e^fd8Zk dMd'ed9e]d:e]fd;ZldeXd?e0fd@Znd>eXd?e1fdAZod>eXd?e/fdBZpd>eXd?e$fdCZqd>eXd?e%fdDZrd>eXd?e&fdEZsd>eXd?e*fdFZtd>eXd?e(fdGZud>eXd?e'fdHZvde+d!e^d"eGd+eeeeffdIZwdJZxy)NN)DictList NamedTupleOptionalSetTupleUnion)apt exceptionsmessagessystemutil)attach_with_tokenenable_entitlement_by_name) _initiate)MagicAttachRevokeOptions_revoke)MagicAttachWaitOptions_wait)CVE_OR_USN_REGEX FixStatusUnfixedPackagestatus_message)ESM_APPS_POCKETESM_INFRA_POCKETSTANDARD_UPDATES_POCKETFixPlanAptUpgradeStepFixPlanAttachStepFixPlanEnableStepFixPlanNoOpAlreadyFixedStepFixPlanNoOpLivepatchFixStepFixPlanNoOpStatusFixPlanNoOpStep FixPlanResult FixPlanStepFixPlanUSNResultFixPlanWarning"FixPlanWarningFailUpdatingESMCache&FixPlanWarningPackageCannotBeInstalled#FixPlanWarningSecurityIssueNotFixedNoOpAlreadyFixedDataNoOpLivepatchFixDataUSNAdditionalData)CVEFixPlanOptions)_plan)USNFixPlanOptions)ContractExpiryStatus _is_attached)NAME USAGE_TMPL)CLOUD_TYPE_TO_TITLEPRO_CLOUD_URLSget_cloud_type)UAConfig)PRINT_WRAP_WIDTH)entitlement_factory)ApplicabilityStatusCanEnableFailureUserFacingStatus)notices)Notice) PRO_HOME_PAGE)colorize_commandscjeZdZdededeedefdZdZ ddeed ed e efd Z d eed efdZ y) FixContexttitledry_run affected_pkgscfgcd|_g|_t|_tj |_||_||_||_ ||_ d|_ d|_ d|_ y)NrTF) pkg_index unfixed_pkgssetinstalled_pkgsrSYSTEM_NON_VULNERABLE fix_statusrDrFrErGshould_print_pkg_header warn_package_cannot_be_installedfixed_by_livepatch)selfrDrErFrGs 2/usr/lib/python3/dist-packages/uaclient/cli/fix.py__init__zFixContext.__init__Qs_!e#99 * '+$05-"'cZ|jrtjjt |jj t |jdj t|j}ttj|tddyy)N, )countpkgs F)widthsubsequent_indentreplace_whitespace) rFr SECURITY_AFFECTED_PKGS pluralizelenformatjoinsortedprinttextwrapfillr9)rRmsgs rSprint_fix_headerzFixContext.print_fix_headerds   11;;D&&'f$,,-YYvd&8&89:   *&,',   rUN source_pkgsstatuspocketc |jrDtt|||jt |j |r t |ndyy)N)pkg_listrjrInum_pkgs pocket_source)rOrd_format_packages_messagerIr`rFget_pocket_description)rRrirjrks rSprint_pkg_headerzFixContext.print_pkg_headerusJ  ' ' ((!"nn !3!34:@.v6d   (rUrYunfixed_reasonc^|D](}|jjt||*y)N)pkgrs)rJappendr)rRrYrsrus rSadd_unfixed_packageszFixContext.add_unfixed_packagess/ C    $ $3~F  rUN) __name__ __module__ __qualname__strboolrr8rTrhrrrrwrUrSrCrCPs{(((Cy (  (&*!% #Y &cCrUrCc|jdtj}|jtt |y)Nfixhelp)action) add_parserr CLI_ROOT_FIX set_defaults action_fix fix_parser) subparsers parser_fixs rSrrs6&&u83H3H&IJ:.zrUctjtd|_d|_t j |_t j|j_ |jdt j|jddt j|jd dt j|S) z1Build or extend an arg parser for fix subcommand.z"fix |)namecommandrsecurity_issuerz --dry-run store_true)rrz --no-related)r4rar3usageprogr CLI_FIX_DESC description CLI_FLAGS _optionalsrD add_argument CLI_FIX_ISSUECLI_FIX_DRY_RUNCLI_FIX_NO_RELATED)parsers rSrrs$$ ?FLFK!..F&00F (x/E/EF Lx/G/G |(2M2M MrUcvecdj|jj|jdj|jjg}t dj |y)N{issue}: {description}issuerz! - https://ubuntu.com/security/{} )rarDupperrrdrb)rliness rSprint_cve_headerrs^ ''))//# (  ,22399??3DE  E $))E rUfix_planc|j}dj|jj|jg}|j }t |tr|jry|jtj|jD]J}|jdjtjjj|LnP|jrD|jtj|jD]}|jd|zt!dj#|y)Nrrz - {})rz - r)target_usn_planrarDrradditional_data isinstancer-associated_cvesrvr SECURITY_FOUND_CVESurlsSECURITY_CVE_PAGEassociated_launchpad_bugsSECURITY_FOUND_LAUNCHPAD_BUGSrdrb)r target_usnrrrlp_bugs rSprint_usn_headerrs))J ''""((* 8N8N (  E !00O/#45  * * LL55 6&66  NN 77>>3>G   6 6 LL?? @)CC - UV^, - $))E rUrrErGctt|g|}|jjdj}|rN|j rBt jtj|jxsd|j t|jjdtt|jjd||\}}|S)N)cvesoptionsrGrunexpected-error named_msg)cve_planr. cves_datarerrorrgr AnonymousUbuntuProErrorr NamedMessagecoderrdexecute_fix_plan)rrErGrrrj_s rSfix_cvers!'78cH    # #A & , ,E 00++ 00%))  X'',,Q/0 G !3!3!8!8!;WcJIFA MrU no_relatedc tt|g|}|jjdjj }|rN|j rBtjtj|jxsd|j t|jjdtdtjj|zt!|jjdj||\}}|t"j$t"j&fvr|S|jjdj(}|r|r|Stdtj*jdj-d |D ztdtj.zi} |D]J} td j| j0t!| ||| | j0<tLttj2t5||tj6 d } |D]} | | j0\} } t5| | j0tj8 | t"j:k(r.tdtj<jdzd} | t"j>k(s| D]>}|j@stdj|jB|j@@d} | r,tdtjDj|z|S)N)usnsrrrrr)issue_idz - c34K|]}|jywrx)rD).0usns rS zfix_usn.. s$L3SYY$Ls) related_usnsz- {})contextF- fix operation operationTz - {}: {})#usn_planr0 usns_datarrrrgr rr rrrrdSECURITY_FIXING_REQUESTED_USNrarrrMSYSTEM_NOT_AFFECTEDrelated_usns_planSECURITY_RELATED_USNSrbSECURITY_FIXING_RELATED_USNSrDSECURITY_USN_SUMMARY_handle_fix_status_messageFIX_ISSUE_CONTEXT_REQUESTEDFIX_ISSUE_CONTEXT_RELATEDSYSTEM_VULNERABLE_UNTIL_REBOOTENABLE_REBOOT_REQUIRED_TMPLSYSTEM_STILL_VULNERABLErsruSECURITY_RELATED_USN_ERROR)rrErrGrrtarget_usn_statusrrrelated_usn_statusrelated_usn_planfailure_on_related_usnrjrJ unfixed_pkgs rSfix_usnrs2!'78cH    # #A & 6 6 <   &* " Y66 6+  --$++'OO[-G-G &* "1*4 1188'9   rUrmrjrIrnroreturnc v|syg}g}|D]9}|dz }|jdj|||j|;tjdjddj |zdzdj t |t d }d j|t||S) z;Format the packages and status to an user friendly message.z{}/{}z{} {}:(rW)rZr[r\z{} {})rvrarerfrbrcr9r) rmrjrIrnro msg_indexsrc_pkgssrc_pkg msg_headers rSrprpGs IH!Q  8<= !  $))I& & ,diix8H.I  J ??:~fm'L MMrUtokencttdd|gg t||dy#tj$r}t|j Yd}~yd}~wwxYw)ztAttach to an Ubuntu Pro subscription with a given token. :return: True if attach performed without errors. proattachT)r allow_enableNF)rdrArr UbuntuProErrorrg)rGrerrs rS_run_ua_attachrcsT  eXu56 78#U>  $ $ cggs)AAAct\}}|tjvrQttj j tj|tj|yy)z:Alert the user when running Pro on cloud with PRO support.)rDcloud_specific_urlN) r7r6keysrdr SECURITY_USE_PRO_TMPLrar5get) cloud_typers rS*_inform_ubuntu_pro_existence_if_applicablerqsa"$MJ^((**  * * 1 1)--j9#1#5#5j#A 2  +rUcttjt|}tdtjj |j zt|j} t||}tdtjzt!||j"S#tj$rC}ttjt|j}t|||d}~wwxYw)N)rGr) user_code) magic_tokenr)rdr CLI_MAGIC_ATTACH_INITrCLI_MAGIC_ATTACH_SIGN_INrarrrrr MagicAttachTokenErrorCLI_MAGIC_ATTACH_FAILEDrrCLI_MAGIC_ATTACH_PROCESSINGrcontract_token)rG initiate_resp wait_options wait_resperevoke_optionss rS_perform_magic_attachr }s ( ( ()#&M   + + 2 2#-- 3  *m6I6IJL ,C8  $55 56 #y77 88  + + h../1%++  C0s3 B22D>DDc.tttjt j tj gd}|dk(ry|dk(r t|S|dk(r0ttjtd}t||Sy) zZPrompt for attach to a subscription or token. :return: True if attach performed. )sac valid_choicesrFrr> T) rrdr *SECURITY_UPDATE_NOT_INSTALLED_SUBSCRIPTIONrprompt_choicesSECURITY_FIX_ATTACH_PROMPTr PROMPT_ENTER_TOKENinputr)rGchoicers rS_prompt_for_attachrs /0 ( = =>  ++%F} }$S)) } h))*d c5)) rUrJc t|}tjtjj |j |djt|tdS)zFormat the list of unfixed packages into an message. :returns: A string containing the message output for the unfixed packages. rW)rnrYrZr) r`rerfr SECURITY_PKG_STILL_AFFECTEDr_rarbrcr9)rJnum_pkgs_unfixeds rS_format_unfixed_packages_msgrsb <( ==,,66  &%6,/0     rUct|j}|r:|tjjk(r|rt t jyyy)zuCheck if the Ubuntu Pro subscription is expired. :returns: True if subscription is expired and not renewed. FT)r2contract_statusr1EXPIREDvaluerdr (SECURITY_DRY_RUN_UA_EXPIRED_SUBSCRIPTION)rGrEcontract_expiry_statuss rS_check_subscription_is_expiredr&sG *#.>> "&:&B&B&H&H H  (CC D rUcddl}ddlm}tt t j tjt jjtddg}|dk(rjt t jtd}t td d gg|j|j!d d |t#||Sy)zdPrompt for attach a new subscription token to the user. :return: True if attach performed. rN)cli)urlrrrrrdetachTr() assume_yesraF)argparseuaclientr(rrdr %SECURITY_UPDATE_NOT_INSTALLED_EXPIREDrrSECURITY_FIX_RENEW_PROMPTrar@PROMPT_EXPIRED_ENTER_TOKENrrA action_detach Namespacer)rGr-r(rrs rS_prompt_for_new_tokenr4s .0 ( 8 89  **11m1DCjF} h112d  %!2 345    $u  =s c5)) rUservicecttjj|t j tj j|ddg}|dk(rjttdd|ggt||d\}}|s=|;t|tr+|jt|jj|Sy ) zMPrompt for enable a pro service. :return: True if enable performed. r5r rrrenableT)rGrr,F) rdr SECURITY_SERVICE_DISABLEDrarrSECURITY_FIX_ENABLE_PROMPTrArrr<messagerg)rGr5rretreasons rS_prompt_for_enabler>s  ( , , 3 3G 3 DE  ++2272CCjF } %7!; <=>0'd V "6#34~~)fnn(() rUc<t||}||}|r|j\}}|tjk(ry|j \}}|t j k(r|r7tdtjj|jzyt||jryttjj|jyttjj|jy)zQ Verify if the Ubuntu Pro subscription has the required service enabled. )rGrTrr7F)r:user_facing_statusr=ACTIVEapplicability_statusr; APPLICABLErdr 'SECURITY_DRY_RUN_UA_SERVICE_NOT_ENABLEDrarr>SECURITY_UA_SERVICE_NOT_ENABLED SECURITY_UA_SERVICE_NOT_ENTITLED)r5rGrEent_clsent ent_statusrrBs rS)_handle_subscription_for_required_servicerJ s  "c8G #,C ..0 A )00 0"%":":"<a #6#A#A AFFMM #N !#sxx0<<CC #D  99@@HHA  rUrrc|tjk(rc|r"tjj ||}n tj j |}t tj|y|tjk(rc|r"tjj ||}n tjj |}t tj|y|tjk(rc|r"tjj ||}n tjj |}t tj|y|r"tjj ||}n tjj |}t tj|y)N)rrr)rrMr %SECURITY_ISSUE_RESOLVED_ISSUE_CONTEXTraSECURITY_ISSUE_RESOLVEDrdrhandle_unicode_charactersr'SECURITY_ISSUE_UNAFFECTED_ISSUE_CONTEXTSECURITY_ISSUE_UNAFFECTEDr)SECURITY_ISSUE_NOT_RESOLVED_ISSUE_CONTEXTSECURITY_ISSUE_NOT_RESOLVED)rjrrrgs rSrr9sv000 @@GGHC22999IC d,,S12 900 0 BBIIJC44;;(;KC d,,S12 9;; ; DDKKLC66==H=MC d,,S12 DDKKLC66==H=MC d,,S12rUrkc|tk(rtjS|tk(rtjS|t k(rtj S|Srx)rr 'SECURITY_UBUNTU_STANDARD_UPDATES_POCKETrSECURITY_UA_INFRA_POCKETrSECURITY_UA_APPS_POCKET)rks rSrqrq^sE ((??? # #000 ? "/// rU fix_contextstepc|j|jjd|jjd|_t j j|jj|jj}td|z|j|jjg|d|_ tj|_y)NreleasedrirjrkF)packageversionrrYrsT)rrdatarelated_source_packagesrkrOr FIX_CANNOT_INSTALL_PACKAGErabinary_packagebinary_package_versionrdrwsource_packagerPrrrN)rXrYwarn_msgs rS)_execute_package_cannot_be_installed_steprgis  II55yy! +0K'2299 (( 00:H $/$$ii&& '%48K0&>>KrUc|j|jj|jj|xjt |jjz c_|j |jjt|jjtj|_ y)N)rirjr_) rrr`source_packagesrjrIr`rwrrrrNrXrYs rS&_execute_security_issue_not_fixed_steprks  II--yy!S!:!:;;$$ YY & &%dii&6&67%'>>KrUctjrttjytdtj zdzy)Nr)rwe_are_currently_rootrdr CLI_FIX_FAIL_UPDATING_ESM_CACHE(CLI_FIX_FAIL_UPDATING_ESM_CACHE_NON_ROOTrjs rS%_execute_fail_updating_esm_cache_steprps6 !!# h667 dXFFFMNrUcP|j|jjd|jj|xjt |jjz c_|jj s;|jsttjtj|_ ytjsp|j sdttj"tj$|_ |j'|jjtj"ytt)gdgdzt+|jj zg|j rtj|_ y t-j.t-j0gd|jj zddi tj|_ d |_|j:j=|jj y#t2$rg}t5|d t7|}t|tj$|_ |j'|jj|Yd}~yd}~wwxYw) Nr[r\r_)r updatez&&)r install--only-upgrade-y)zapt-getrsrtruDEBIAN_FRONTENDnoninteractive)cmdoverride_env_varsrgT)rrr`rirkrIr`binary_packagesrPrdr SECURITY_UPDATE_INSTALLEDrrMrNrrmrESECURITY_APT_NON_ROOTrrwrArcr run_apt_update_commandrun_apt_command Exceptiongetattrr|rOrLrr)rXrYr rgs rS_execute_apt_upgrade_steprs  II--yy! S!:!:;; 99 $ $;; (44 5!*!@!@   % % ' 0C0C h,,-!*!B!B ((**#99 )   '<=2234  !*!@!@  ""$ >ii''(02BC '<AJ  J%c|jjdk(rtnt}|j |jj d|d|_t|jjs|jrtdtjznPt|js:tj |_|j%|jj tj&j)|jjyt+|j|jr|jrttj,nt/|jsotj |_|j%|jj tj0j)|jjytj2|_y) N esm-infrar[r\Frr7r_)rGrE)r`required_servicerrrrrirOr2rG is_attachedrErdr SECURITY_DRY_RUN_UA_NOT_ATTACHEDrrrrNrwSECURITY_UA_SERVICE_REQUIREDrar&r$r4$SECURITY_UA_SERVICE_WITH_EXPIRED_SUBrMrXrYrks rS_execute_attach_steprs 99 % % 4     II--! +0K'   ( 4 4    $BBB C%koo6)2)J)J &0022#+#H#H#O#O $ : :$P$1  ' OO[%8%8     (CC D&{7%.%F%FK "  , ,YY..'LLSS II66 T  -  &<!> @rUct|jtrPttj j |j|jjd|_ yy)N)rr^T) rr`r,rdr CVE_FIXED_BY_LIVEPATCHrarD patch_versionrQrjs rS%_execute_noop_fixed_by_livepatch_stepr1sY$))12  + + 2 2!'' // 3  *. &3rUcHt|jtr|j|jjd|jj t tj|xjt|jjz c_ yy)Nr[r\) rr`r+rrrirkrdr r{rIr`rjs rS _execute_noop_already_fixed_stepr>sx$))12$$ 1199## % h001TYY%>%>!??3rUc @g|j|j}t|j||jxsg|}|j t |dD]^}t|tr t||t|tr t||t|tr t||t|tr+t|||j t"j$k7rnt|t&r+t)|||j t"j$k7rnt|t*r+t-|||j t"j$k7rnYt|t.r t1||t|t2r t5||t|t6sSt9||at;|j<r]t;t?tAtC|j<Dcgc]}|jDc}t"jF|_|j t"j$k(rtIjJ|jLret"jN|_tPjRjUd}t;|tWjXtZj\d|j^s ta|j |j|j |j<fScc}w)N)rDrErFrGc|jSrx)order)xs rSz"execute_fix_plan..[s rU)key)rLrr)1planwarningsrCrDaffected_packagesrhrcrr)rgr*rkr(rprrrNrrMrrrrr#rr!rr rrdrJrlistrKrurr should_rebootrLrr rrar>addr?ENABLE_REBOOT_REQUIREDrQr)rrErG full_planrXrYr reboot_msgs rSrrKs    I nn006B  K   "y&78@ dB C 5k4 H d? @ 2; E d> ? 1+t D d1 2 %k4 8%%)H)HH d- . d 3%%)H)HH d- . d 3%%)H)HH dO , +K > d7 8 1+t D d7 8 ,[$ ?9@< G (0;/G/G +(OO  "+!B!B  )"A"AA  0J0J K!*!I!I 99@@%A  j  ) )%  ) )";#9#98>>J  " "K$<$< ==7s:Lc tjt|js t j |j|j rttjd|jjvr-t|j|j |}|jSt|j|j |j|}|jS)NrLr)rematchrrr InvalidSecurityIssueIdFormatrErdr SECURITY_DRY_RUN_WARNINGlowerrrr exit_code)argsrGkwargsrjs rSrrs 88$d&9&9 :55%%   || h//0 ##))++,,dllC@       t    rUrx)rN)r)yrretypingrrrrrrr r.r r r r ruaclient.actionsrr+uaclient.api.u.pro.attach.magic.initiate.v1r)uaclient.api.u.pro.attach.magic.revoke.v1rr'uaclient.api.u.pro.attach.magic.wait.v1rr'uaclient.api.u.pro.security.fix._commonrrrr/uaclient.api.u.pro.security.fix._common.plan.v1rrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-+uaclient.api.u.pro.security.fix.cve.plan.v1r.r/r+uaclient.api.u.pro.security.fix.usn.plan.v1r0r(uaclient.api.u.pro.status.is_attached.v1r1r2uaclient.cli.constantsr3r4uaclient.clouds.identityr5r6r7uaclient.configr8uaclient.defaultsr9uaclient.entitlementsr:(uaclient.entitlements.entitlement_statusr;r<r=uaclient.filesr>uaclient.files.noticesr?uaclient.messages.urlsr@uaclient.statusrArCrrrrr|r}rrintrprrr rrr&r4r>rJrrqrgrkrprrrrrrrrr~rUrSrs] =<JA ,JIII4 %.5 #)0-<<~ &-/4C$X&dd"&d48d?GdX$( N3iN NN N C= N  N8      9x96H.tCyS&4D$xD6Hst<) ))*.) )Z68"3 "3!$"3/2"3J3?? 0?2 ? ?#F ? OO#EO;A;A ;A|,=,= ,=^++ +B??#2? . .#> . @ @#> @O>O>&*O>19O> 9d>* *+O>drU