Current File : //usr/lib/python3/dist-packages/uaclient/__pycache__/security_status.cpython-312.pyc
�

��g�h���ddlmZddlmZmZddlmZddlmZddlm	Z	ddl
mZmZm
Z
mZmZddlZddlmZmZmZmZdd	lmZdd
lmZddlmZmZmZmZmZddl m!Z!dd
l"m#Z#m$Z$ddl%m&Z&m'Z'm(Z(ddl)m*Z*m+Z+m,Z,m-Z-m.Z.dZ/Gd�de�Z0d�Z1ed��d��Z2dedeejfffd�Z4dejfdejjde6fd�Z7ed��de6de6de8fd��Z9de6d e
e6efdejtde6fd!�Z;d"eejfdee6eeejte6fffd#�Z<d$e!de
e6effd%�Z=dee
e6effd&�Z>d'ee6eeejte6ffd e
e6efdee
e6effd(�Z?d$e!de
e6effd)�Z@		d>d*ee6eejffd+e6d,e8ddfd-�ZAd.�ZBd/�ZCd0e6d1e6d2e'd3e&d4eDd5eDd6e8fd7�ZEd8�ZFd$e!fd9�ZGd:�ZHd;�ZId<�ZJd=�ZKy)?�)�defaultdict)�datetime�timezone)�Enum)�	lru_cache)�choice)�Any�DefaultDict�Dict�List�TupleN)�
exceptions�	livepatch�messages�util)�_reboot_required)�_is_attached)�PreserveAptCfg�get_apt_cache_datetime�get_apt_pkg_cache�get_esm_apt_pkg_cache�get_pkg_candidate_version)�UAConfig)�ESMAppsEntitlement�ESMInfraEntitlement)�ApplicabilityStatus�ApplicationStatus�ContractStatus)�get_distro_info�get_kernel_info�get_release_info�is_current_series_lts�is_supported)�	esm-infra�esm-appsc�$�eZdZdZdZdZdZdZdZy)�UpdateStatusz2Represents the availability of a security package.�upgrade_available�upgrade_available_not_preferred�pending_attach�pending_enable�upgrade_unavailableN)	�__name__�
__module__�__qualname__�__doc__�	AVAILABLE�AVAILABLE_NOT_PREFERRED�
UNATTACHED�NOT_ENABLED�UNAVAILABLE���:/usr/lib/python3/dist-packages/uaclient/security_status.pyr'r'(s��8�#�I�?��!�J�"�K�'�Kr7r'c�@�ttj|��y)N)�printr�create_package_list_str)�packagess r8�print_package_listr=1s��	�$�
&�
&�x�
0�1r7)�maxsizec���t�j}ddj|�fdddj|�fdddj|�fd	dd
j|�fdddj|�fd	iS)N�Ubuntuz{}-security�standard-security�
UbuntuESMAppsz{}-apps-securityr%�	UbuntuESMz{}-infra-securityr$z{}-apps-updatesz{}-infra-updates)r!�series�format)rDs r8�%get_origin_information_to_service_maprF5s���
�
�
&�
&�F�	�=�'�'��/�0�2E�	�,�3�3�F�;�<�j�	�)�0�0��8�9�;�	�+�2�2�6�:�;�Z�	�(�/�/��7�8�+��r7�return�strc�D�tt�}tt�5}|jD�cgc]}|j
s�|��}}||d<t
j|�}|D] }|t||�j|��"	ddd�|Scc}w#1swY|SxYw)N�all)
r�listrrr<�current_ver�apt_pkg�DepCache� get_origin_for_installed_package�append)�result�cache�package�installed_packages�	dep_caches     r8� get_installed_packages_by_originrVAs�����
�F�	�)�	*��e�#(�>�>�
��W�5H�5H�G�
��
�+��u�
��$�$�U�+�	�)�	�G��0��)�D�
��f�W�o�	���M��
���M�s#�B�B�B�AB�B�BrSrUc��|jsy|jj}t|�dk(r/|j|�}|r|j|k(ry|j}|D]^\}}t	�j|j|jfd�}|tvr|cS|jdk(s�R|jcSy)a
    Returns the origin for a package installed in the system.

    Technically speaking, packages don't have origins - their versions do.
    We check the available versions (installed, candidate) to determine the
    most reasonable origin for the package.
    ���unknownr@�third-party)
rL�	file_list�len�get_candidate_verrF�get�origin�archive�ESM_SERVICES�	component)rSrU�available_origins�	candidater`�_�services       r8rOrOVs��������+�+�5�5������"��/�/��8�	��G�/�/�9�<��%�/�/��&�$�	���7�9�=�=�
�]�]�F�N�N�+�R�
���l�"��N��=�=�H�$��#�#�#�$�r7�pkg�versionc�,�t|d��}|r||k(Sy)z;Returns True if the package version is a candidate version.F)�check_esm_cache)r)rhri�candidate_versions   r8�_is_candidate_versionrm{s#��2�#�u�M����+�+�+�r7�service_name�ua_infoc��|dvs|drg||dvr`t|jj|j�}|rtj
jStjjS|dstjjS||dvrtjjStjjS)z�Defines the update status for a package based on the service name.

    For ESM-[Infra|Apps] packages, first checks if Pro is attached. If this is
    the case, also check for availability of the service.
    )rA�standard-updates�attached�enabled_services�entitled_services)rm�
parent_pkg�name�ver_strr'r1�valuer2r3r4r5)rnrori�is_candidates    r8�get_update_statusrz�s����@�@��
����8J�0K� K�,����#�#�W�_�_�
��
�
�"�"�(�(�	
��5�5�;�;�	
�
�:���&�&�,�,�,��w�2�3�3��'�'�-�-�-��#�#�)�)�)r7r<c��tt�}tt�5}|D�]�}|js�|j
D]�}||jkDs�d}|jD]Z\}}t�j|j|jf�}|s�8||j||jf�d}n|jdd}	|r��d|	jvs��|dj||	jf���|j|vs��||j}
|
j
D]y}||jkDs�|jD]X\}}t�j|j|jf�}|s�8||j||jf��y�{���	ddd�|S#1swY|SxYw)z�Filters a list of packages looking for available updates.

    All versions greater than the installed one are reported, based on where
    it is provided, including ESM pockets, excluding backports.
    FTr�	backportsrqN)rrKrrrL�version_listr\rFr_r`rarP�siterv)r<rQ�	esm_cacherSri�counted_as_securityr`rfrg�expected_origin�esm_packages           r8�filter_updatesr��s�����
�F�
�-�	.�,*�)��+	*�G��"�"�&�3�3��G���!4�!4�4�.3�+�)0�):�):�
&�I�F�A� E� G� K� K�%+�]�]�F�N�N�$C�!"�$�
 '� &�w�� 6� 6�����7M� N�6:� 3� %�
&�+2�*;�*;�A�*>�q�*A�� 3� +�?�3J�3J� J�"�#5�6�=�=�!(�/�*>�*>� ?��+�8�<�<�9�,�"+�G�L�L�"9�K�#.�#;�#;�
*��"�W�%8�%8�8�-4�->�->�*�	���*O�*Q�*U�*U�%+�]�]�F�N�N�$C�+"��$+�$*�7�O�$:�$:�)0�&�+�+�(>�%&�%*�*�
*�C+	*�,*�\�M�],*�\�M�s<�F7�F7�AF7�9F7�F7�!0F7�-F7�AF7�(F7�7G�cfgc� �t|�j}|ggd�}|r�t|�}t|�}|j	�t
jk(r|djd�|j�dtjk(r|djd�|j	�t
jk(r|djd�|j�dtjk(r|djd�|S)z7Returns the Pro information based on the config object.)rrrsrtrtr%rrsr$)r�is_attachedrr�contract_statusr�ENTITLEDrP�application_statusr�ENABLED)r�r�ro�infra_entitlement�apps_entitlements     r8�get_ua_infor��s���s�#�/�/�K�����G��/��4��-�c�2���+�+�-��1H�1H�H��'�(�/�/�
�;��/�/�1�!�4� �(�(�
)�
�&�'�.�.�z�:��,�,�.�.�2I�2I�I��'�(�/�/��<��0�0�2�1�5� �(�(�
)�
�&�'�.�.�{�;��Nr7c��	tj�}t	�j
}|��|��||jk(r�|j��|jjdk(r{|jj�et|jj�dkDrC|jjD�cgc]#}|jxsd|jxsdd���%c}SgS#tj$rgcYSwxYwcc}w)N�appliedrrXF)rv�patched)r�statusr�ProcessExecutionErrorr �proc_version_signature_version�kernel�state�fixesr]rvr�)�	lp_status�our_kernel_version�fixs   r8�get_livepatch_fixed_cvesr�s�����$�$�&�	�)�*�I�I�����*��)�"2�"2�2����+����%�%��2����%�%�1��	�#�#�)�)�*�Q�.�!�*�*�0�0�
���X�X�^�����0D�u�E�
�	
�
�I��%�+�+���	���
s�C�2(C:�C7�6C7�upgradable_versionsc���g}|j�D]\\}}|D]R\}}t|||�}|j|jj|j
||||jd���T�^|S)N)rSrirnr�r`�
download_size)�itemsrzrPrurvrw�size)r�ro�updatesrgr}rir`r�s        r8�create_updates_listr�s����G�!4�!:�!:�!<�����+�	�O�G�V�&�w���A�F��N�N�&�1�1�6�6�&���$+�$�$�%,�\�\�
�	
�	���Nr7c�Z�t|�}d|i}t�}|d}t|�|d<t|�}g|d<t	||�}t|d�|d<t|d�|d<t|d	�|d
<t|d�|d<t|d
�|d<t|d�|d<t|d�|d<t|d�|d<t|d�|d<t|d�|d<t|d�|d<t|�j|d<d||dt�id�S)agReturns the status of security updates on a system.

    The returned dict has a 'packages' key with a list of all installed
    packages which can receive security updates, with or without ESM,
    reflecting the availability of the update based on the Pro status.

    There is also a summary with the Ubuntu Pro information and the package
    counts.
    �uarJ�num_installed_packagesrq�main�num_main_packages�
restricted�num_restricted_packages�universe�num_universe_packages�
multiverse�num_multiverse_packagesr[�num_third_party_packagesrZ�num_unknown_packagesr$�num_esm_infra_packagesr%�num_esm_apps_packages�num_esm_infra_updates�num_esm_apps_updatesrA�num_standard_security_updates�reboot_requiredz0.1�
fixed_cves)�_schema_version�summaryr<r)r�rVr]r�r�rr�r�)r�ror��packages_by_originrTr�r�s       r8�security_status_dictr�/s����#��G��W�o�G�9�;��+�E�2��(+�,>�(?�G�$�%�(�);�<��.0��*�+�!�"5�w�?�G�#&�'9�&�'A�#B�G�� �),�-?��-M�)N�G�%�&�'*�+=�j�+I�'J�G�#�$�),�-?��-M�)N�G�%�&�*-��=�)�+�G�&�'�'*�*<�Y�*G�&H�G�"�#�(+�,>�{�,K�(L�G�$�%�'*�+=�j�+I�'J�G�#�$�'*�+>�{�+K�'L�G�#�$�&)�*=�j�*I�&J�G�"�#�/2��/�0�0�G�+�,�"2�#�!6�!F�!F�G���!���"�$<�$>�?�	�r7�
package_lists�
show_items�always_showc��t|d�}ttjj	|���dtt|��dzz}|dvrft|d�t|d�zt|d�z}ttjj|�j	||d	�
��|dvrjt|d�t|d
�zt|d�z}|s|r:ttjj|�j	||d�
��|dvrKt|d�}|s|r9ttjj|�j	||���|dvrKt|d�}|s|r9ttjj|�j	||���td�y)NrJ)�count� rY)rJr$r�r�r$�Main/Restricted)�offsetr��
repository)rJr%r�r�r%�Universe/Multiverse)rJr[r[)r�r�)rJrZrZrX)
r]r:r�SS_SUMMARY_TOTALrErH�SS_SUMMARY_ARCHIVE�	pluralize�SS_SUMMARY_THIRD_PARTY�SS_SUMMARY_UNAVAILABLE)	r�r�r��total_packagesr��packages_mr�packages_um�packages_thirdparty�packages_unknowns	         r8�_print_package_summaryr�as���
��u�-�.�N�	�(�
#�
#�
*�
*��
*�
@�A�
�C��N�+�,�q�0�
1�F��)�)��
�f�%�&��-��-�.�
/��-��,�-�
.�	�
	��'�'�1�1�+�>�E�E��!�,�
F�
�	
��(�(��
�j�)�*��-��-�.�
/��-�
�+�,�
-�	�
�+���+�+�5�5�k�B�I�I�!�%�4�J��
��+�+�!�-�
�">�?���+���/�/�9�9�'���&��.A�&�B�
��'�'��}�Y�7�8���{���/�/�9�9�$���&�!�*���
�
�"�Ir7c�.�t�j}t|�j}dj	t|j�t|j��}ttjj	|���td�y)Nz{}/{}��daterX)r!rDr�eolrErH�month�yearr:r�SS_INTERIM_SUPPORT)rD�eol_dater�s   r8�_print_interim_release_supportr��se��
�
�
&�
&�F��v�&�*�*�H��>�>�#�h�n�n�-�s�8�=�=�/A�B�D�	�(�
%�
%�
,�
,�$�
,�
7�8�	�"�Ir7c��t�j}t|�rRt|�j}ttjjt|j����yttj�y)Nr�)r!rDr#rr�r:r�SS_LTS_SUPPORTrErHr��SS_NO_SECURITY_COVERAGE)rDr�s  r8�_print_lts_supportr��s[��
�
�
&�
&�F��F��"�6�*�.�.��
�h�%�%�,�,�#�h�m�m�2D�,�E�F�
�h�.�.�/r7rgr��service_status�service_applicability�installed_updates�available_updatesr�c��t�j}t|�j}|tj
k(r6tjj||t|j���}	n5tjj||t|j���}	|r5|	dtjj|�j|��zz
}	|r5|	dtjj|�j|��zz
}	t|	�|rZ|tj k(rG|t"j$k(r4td�ttj&j|���td�y)N)r�rgr�)rgr�r�r�)r�rX�rg)r!rDr�eol_esmrr�r�SS_SERVICE_ENABLEDrErHr��SS_SERVICE_ADVERTISE�SS_SERVICE_ENABLED_COUNTSr��SS_SERVICE_ADVERTISE_COUNTSr:�DISABLEDr�
APPLICABLE�SS_SERVICE_COMMAND)
rgr�r�r�r�r�r�rD�eol_date_esm�messages
          r8�_print_service_supportr��sc���
�
&�
&�F�"�6�*�2�2�L��*�2�2�2��-�-�4�4�!���\�&�&�'�5�
���/�/�6�6��!��\�&�&�'�7�
����3��;�;�E�E��
�
�&�%��
�
�	
����3��=�=�G�G��
�
�&�%��
�
�	
��

�'�N�	��/�8�8�8�!�%8�%C�%C�C�
�b�	�
�h�)�)�0�0��0�A�B�	�"�Ir7c�R�t�}|�%ttj�td�yt	j
tj�}||z
}|jdkDr?ttjj|j���td�yy)NrXr)�days)rr:r�SS_UPDATE_UNKNOWNr�nowr�utcr��SS_UPDATE_DAYSrE)�last_apt_updater��time_since_updates   r8�_print_apt_update_callr��s���,�.�O���
�h�(�(�)�
�b�	��
�,�,�x�|�|�
$�C��o�-������!�
�h�%�%�,�,�2C�2H�2H�,�I�J�
�b�	�"r7c
�(�t|�}t|�}|j�d}|j�d}|j�d}|j�d}t	�j
}t
�}t|�d}	t�}
t|
d|
dz|
dz�d}t|
d|
dz|
dz�d}t|
�ttj�td	�t�|s/t|�r
t!�ttj"�y|t$j&k(r
t)�|	rttj*�nttj,�td	�t/dd
||t1|
d�t1|�|	��|
ds
|
ds|
dr't/dd||t1|
d�t1|�|	��|	sttj2�yy)
Nrrrr�r�r$r�r�r%rXr��rgr�r�r�r�r�r�r�)rrr��applicability_statusr!rDr"r�rVr�r�r:r�SS_HELP_CALLr�r#r��SS_NO_INTERIM_PRO_SUPPORTrr�r��SS_IS_ATTACHED�SS_IS_NOT_ATTACHEDr�r]�
SS_LEARN_MORE)
r��
esm_infra_ent�esm_apps_ent�esm_infra_status�esm_infra_applicability�esm_apps_status�esm_apps_applicabilityrD�is_ltsr�r��"security_upgradable_versions_infra�!security_upgradable_versions_appss
             r8�security_statusr�s��'��,�M�%�c�*�L�$�7�7�9�!�<��+�@�@�B�1�E��"�5�5�7��:�O�)�>�>�@��C��
�
�
&�
&�F�
"�
$�F��c�"�:�.�K�9�;��)7��6�"�
�\�
*�	+�
�[�
)�	*�*��	*�&�)7��:�&�
�\�
*�	+�
�Z�
(�	)�)��	)�%��-�.�	�(�
�
� �	�"�I�������*�,�
�h�0�0�1���,�5�5�5����
�h�%�%�&�
�h�)�)�*�	�"�I���$�'�5��0��=�>��@�A���	�:�&��l�+��j�)���,�*�"8�!�"4�Z�"@�A�!�"C�D�#�	
��
�h�$�$�%�r7c��t�}|d}|D�cgc]}|j��}}t|dd��|r{ttj
�td�ttj�t|�ttjjt|����yttj�ycc}w)Nr[T�r�r�rX�rS)rVrvr�r:r�SS_THIRD_PARTY�SS_PACKAGES_HEADERr=�SS_SHOW_HINTrEr�SS_NO_THIRD_PARTY)r��third_party_packagesrS�
package_namess    r8�list_third_party_packagesr>s���9�;��-�m�<��1E�F�g�W�\�\�F�M�F���}�$���
�h�%�%�&�
�b�	�
�h�)�)�*��=�)�
�h�#�#�*�*�6�-�3H�*�I�J�
�h�(�(�)��G��Cc��t�}|d}|D�cgc]}|j��}}t|dd��|r{ttj
�td�ttj�t|�ttjjt|����yttj�ycc}w)NrZTr	rXr
)rVrvr�r:r�SS_UNAVAILABLErr=r
rEr�SS_NO_UNAVAILABLE)r��unknown_packagesrSrs    r8�list_unavailable_packagesrRs���9�;��)�)�4��1A�B�g�W�\�\�B�M�B���y�d���
�h�%�%�&�
�b�	�
�h�)�)�*��=�)�
�h�#�#�*�*�6�-�3H�*�I�J�	�h�(�(�)��Crc
�4�t�}|d}|d|dz}||z}t�}t|�d}|D] \}}|j|j��"t�j}	t�}
t|�}t|�}|j�d}
|j�d}t|D�cgc]}|j��c}�}t|D�cgc]}|j��c}�}t|D�cgc]*}|j|vr|j|vr|j��,c}�}t|dd��|
s/t|	�r
t!�t#t$j&�y|
t(j*k(rt-�t#d�t/dd|
|t1|�t1|�d	�
�t#t$j2j5d���t#d�t|	��s|r4t#t$j6j5d���t9|�|r4t#t$j:j5d���t9|�|xs|}|rY|r!t$j<j5d��}n t$j>j5d��}t#|�t9|�|r3t#t$j@j5tC|����yyycc}wcc}wcc}w)
Nr$r�r�rTr	rXr�Fr�r�r
)"rV�setr��addrur!rDr"rrr�r��sortedrvr�r#r�r:rr�rr�r�r�r]�SS_SERVICE_HELPrE�SS_UPDATES_AVAILABLEr=�SS_UPDATES_INSTALLED�SS_FURTHER_OTHER_PACKAGES�SS_OTHER_PACKAGESr
r)r�r��infra_packages�mr_packages�all_infra_packages�
infra_updates�security_upgradable_versions�updaterfrDrr�r�rrrS�installed_package_names�available_package_names�remaining_package_names�	hint_list�msgs                     r8�list_esm_infra_packagesr,gs���9�;��'��4�N�$�V�,�/A�,�/O�O�K�'�+�5���E�M�#1�2D�#E��$� �2�-�	������&�+�+�,�-��
�
&�
&�F�
"�
$�F�'��,�M�%�c�*�L�$�7�7�9�!�<��*�?�?�A�!�D��$�%3�4�'����4���%�%2�3�'����3���%�.�	
���|�|�#:�:����$;�;�
�L�L�	
�����{�������*�,�
�h�0�0�1���,�5�5�5���
�b�	���$�'�5��n�-��m�,���
�(�
"�
"�
)�
)�+�
)�
>�?�	�"�I����"��(�/�/�6�6�{�6�K�L��6�7�"��(�/�/�6�6�{�6�K�L��6�7�+�F�/F�	�"���8�8�?�?�'�@����0�0�7�7��7�L���#�J��6�7���(�'�'�.�.�v�i�7H�.�I�J��+ ��Q	5��	4��	
s�L�#L�/Lc
�j�t�}|d}|d|dz}||z}t�}t|�d}|D] \}}|j|j��"t�}	t
|�}
|
j�d}|
j�d}t|D�
cgc]}
|
j��c}
�}t|D�
cgc]}
|
j��c}
�}t|D�
cgc]*}
|
j|vr|
j|vr|
j��,c}
�}t|dd��|	sttj�ytdd||t!|�t!|�d�	�ttj"j%d�
��td�|�r|r4ttj&j%d�
��t)|�|r4ttj*j%d�
��t)|�|xs|}|rY|r!tj,j%d�
�}n tj.j%d�
�}t|�t)|�|r3ttj0j%t3|����yyycc}
wcc}
wcc}
w)
Nr%r�r�rTr	r�Fr�r�rXr
)rVrr�rrur"rr�r�rrvr�r:rr�r�r]rrErr=rrr r
r)r�r��
apps_packages�um_packages�all_apps_packages�apps_updatesr%r&rfrr�rrrSr'r(r)r*r+s                   r8�list_esm_apps_packagesr2�s���9�;��&�z�2�M��:�&�);�L�)I�I��&��3���5�L�#1�2C�#D��$� �2�,�	�������*�*�+�,�#�
$�F�%�c�*�L�"�5�5�7��:�O�)�>�>�@��C��$�%2�3�'����3���%�%1�2�'����2���%�-�	
���|�|�#:�:����$;�;�
�L�L�	
�����z�t���
�h�0�0�1����(�&�4��m�,��l�+���
�(�
"�
"�
)�
)�*�
)�
=�>�	�"�I��"��(�/�/�6�6�z�6�J�K��6�7�"��(�/�/�6�6�z�6�J�K��6�7�+�F�/F�	�#���8�8�?�?�&�@����0�0�7�7�
�7�K���#�J��6�7���(�'�'�.�.�v�i�7H�.�I�J��-��E	4��	3��	
s�!J&�J+�'/J0)rJF)L�collectionsrrr�enumr�	functoolsr�randomr�typingr	r
rrr
rM�uaclientrrrr�5uaclient.api.u.pro.security.status.reboot_required.v1r�(uaclient.api.u.pro.status.is_attached.v1r�uaclient.aptrrrrr�uaclient.configr�uaclient.entitlementsrr�(uaclient.entitlements.entitlement_statusrrr�uaclient.systemrr r!r"r#rbr'r=rF�PackagerVrNrHrO�boolrm�Versionrzr�r�r�r�r�r�r�r��intr�r�rrrr,r2r6r7r8�<module>rDs���#�'����6�6��:�:��B���%�I���
��)��(�4�(�2��4��������t�G�O�O�,�,�-��*"�
�_�_�"�)0�)9�)9�"��"�J�4���s��S��T����*��*�
�#�s�(�^�*��_�_�*�	�	*�8=��7�?�?�#�=���d�5����#�!5�6�7�7�8�=�@�X��$�s�C�x�.��B�$�t�C��H�~�"6��0�$�S�$�u�W�_�_�c�5I�/J�*K�%K�L��
�#�s�(�^��
�$�s�C�x�.���,/�h�/�4��S��>�/�h��<��s�D����$9�9�:�<��<��<�
�	<�~�0�/�
�/��/�&�/�/�	/�
�/��
/��/�d�J&��J&�Z*�(*�*VK�rPKr7