HEX

File: //proc/self/root/lib/python3/dist-packages/uaclient/entitlements/__pycache__/repo.cpython-38.pyc
U

��Jh�i�@s�ddlZddlZddlZddlZddlmZddlmZmZm	Z	m
Z
mZmZddl
mZmZmZmZmZmZmZmZmZmZddlmZddlmZmZmZddlmZe� �Z!e�"e�#e$��Z%dZ&Gd	d
�d
ej'�Z(dS)�N)�exists)�Any�Dict�List�Optional�Tuple�Union)
�api�apt�contract�event_logger�
exceptions�http�messages�secret_manager�system�util)�base)�ApplicationStatus�CanDisableFailure�CanDisableFailureReason)�status_cache_filez<^linux-image-([\d]+[.-][\d]+[.-][\d]+-[\d]+-[A-Za-z0-9_-]+)$cs8eZdZdZdZdZdZdZdZdZ	dZ
eee
edfd�dd	��Zeed�d
d��Zeed�dd
��Zeeed�dd��Zeeed�dd��Zeeed�dd��Zeeed�dd��Zed�dd�Zed�dd�Zeejed�dd���ZdCeeeeefd��fdd�
Z e
d�dd �Z!e"j#ed!�d"d#�Z$e
d�d$d%�Z%e"j#d&�d'd(�Z&e"j#d&�d)d*�Z'e"j#d&�d+d,�Z(d-d.�Z)d/d0�Z*ee+ee,j-fd�d1d2�Z.d3d4�Z/dDe0ee1fe0ee1feed5��fd6d7�
Z2dEe"j#eeeedd8�d9d:�Z3e"j#dd!�d;d<�Z4dFeeed=�d>d?�Z5dGe"j#ed@�dAdB�Z6�Z7S)H�RepoEntitlementz1/etc/apt/sources.list.d/ubuntu-{name}.{extension}z$/etc/apt/preferences.d/ubuntu-{name}z	{}/ubuntuNFT)�returncCsdS�N���selfrr�</usr/lib/python3/dist-packages/uaclient/entitlements/repo.py�repo_pin_priority;sz!RepoEntitlement.repo_pin_prioritycCs.d}t��j}|tjkrd}|jj|j|d�S)NZsources�list)�name�	extension)r�get_release_info�seriesr
ZSERIES_NOT_USING_DEB822�repo_file_tmpl�formatr!)rr"r$rrr�	repo_file?s


zRepoEntitlement.repo_filecCs
|jdS)Nz {})�
repo_url_tmplrrrr�repo_policy_check_tmplGsz&RepoEntitlement.repo_policy_check_tmplcCs<g}|j�di�}|r8|�di�}t�|�dg��}|}|S)zdebs to install on enablement�entitlement�
directives�additionalPackages)�entitlement_cfg�get�copy)r�packagesr*r+Zadditional_packagesrrrr0Ks
�zRepoEntitlement.packagescCs|j�di��di��d�S)Nr*r+�aptURL�r-r.rrrr�apt_url\s���zRepoEntitlement.apt_urlcCs|j�di��di��dg�S)Nr*r+ZaptSnapshotURLsr2rrrr�
snapshot_urlsds���zRepoEntitlement.snapshot_urlscCs|j�di��di��d�S)Nr*r+�suitesr2rrrr�
apt_suitesls���zRepoEntitlement.apt_suitescCsz|j�d�}|sv|jjd}|jd�di�}|�d�s`t�|j�}|�||j�}|r`|�d�}|sv|}t	�
d|j�|S)NZ
resourceTokenZmachineTokenr*�obligationsZenableByDefaultzWNo resourceToken present in contract for service %s. Using machine token as credentials)r-r.�machine_token_file�
machine_tokenrZUAContractClient�cfgZget_resource_machine_accessr!�LOGZwarning�title)r�tokenr9r7ZclientZmachine_accessrrr�get_resource_tokents0�
�
�
�z"RepoEntitlement.get_resource_tokencCs tjt|j�d�}t�|�|S)z%Check if system needs to be rebooted.)Zinstalled_pkgs)rZ
should_reboot�setr0�eventZneeds_reboot)rZreboot_requiredrrr�_check_for_reboot�s
�
z!RepoEntitlement._check_for_rebootcCsdSrrrrrr�
repo_key_file�szRepoEntitlement.repo_key_file)�ignore_dependent_servicesrcsVt�j|d�\}}|dkr"||fS|jsN|jrNdttjtjj	|j
|j
d��fS||fS)N)rCF��entitlement_namer<)�super�can_disable�origin�purgerrZNO_PURGE_WITHOUT_ORIGINrZREPO_PURGE_FAIL_NO_ORIGINr&r<)rrC�result�reason��	__class__rrrG�s �
���
zRepoEntitlement.can_disablecCs.|jdk	ot|j�dk}|js"|s&dSdSdS)Nr��)r0�len�access_only)rZwill_installrrr�enable_steps�s
zRepoEntitlement.enable_steps)�progressrcCsh|�tjj|jd��|�|�|jrZ|jrZt|j	�dkrd|�
dtjjd�|j	�d��n
|�
|�dS)z�Enable specific entitlement.

        @return: True on success, False otherwise.
        @raises: UbuntuProError on failure to install suggested packages
        ��servicer�info� �r0T)rSrZCONFIGURING_APT_ACCESSr&r<�setup_apt_configZsupports_access_onlyrQrPr0�emitZSKIPPING_INSTALLING_PACKAGES�join�install_packages)rrSrrr�_perform_enable�s�

��
zRepoEntitlement._perform_enablecCs|js
dSdSdS)NrNrO)rIrrrr�
disable_steps�szRepoEntitlement.disable_steps)rScCs�|jr�|jr�|�dtj�|�dd�t�|j�}|�||�sBdSg}g}|D]6}tj||jd�}|rz|�	|t
|�f�qN|�	|�qN|�|||�s�dSt|d�r�|�
�|�|�|jr�|jr�|�tjj|jd��|�|�|�|�dS)NrV�F)Zexclude_origin�remove_packages�r<T)rIrHrZrZPURGE_EXPERIMENTALr
Z get_installed_packages_by_origin�purge_kernel_checkZget_remote_versions_for_package�append�max�prompt_for_purge�hasattrr`�remove_apt_configrSZPURGING_PACKAGESr&r<�execute_reinstall�execute_removal)rrSZrepo_origin_packages�packages_to_reinstall�packages_to_remove�packageZalternativesrrr�_perform_disable�sH��
��

�

z RepoEntitlement._perform_disablecs�g�|D]&}t�t|j�}|r��|�d��q�r�|��sDt���|�	dt
jj|j
d��|�	dd����t��j}|�	dt
jj|d��t��}�fdd�|D�}|s�|�	dt
j�dS|�	d	tjd
t
jifg�dS)a*
        Checks if the purge operation involves a kernel.

        When package called 'linux-image-*' is in the package list, warn the
        user that a kernel is being removed. Then, show the user what the
        current kernel is.

        If the current kernel is to be removed, and there are no other valid
        Ubuntu Kernels installed in the system, return False to abort the
        operation.

        If there is another Ubuntu kernel - besides the one installed - then
        prompt the user for confirmation before proceeding.
        �rVrTrW)Zkernel_versioncsg|]}|�kr|�qSrr)�.0�version�Zlinux_image_versionsrr�
<listcomp>4s�z6RepoEntitlement.purge_kernel_check.<locals>.<listcomp>F�message_operation�msgT)�re�search�
RE_KERNEL_PKGr!rc�groupZis_interactiver
Z#NonInteractiveKernelPurgeDisallowedrZrZPURGE_KERNEL_REMOVALr&r<r[rZget_kernel_infoZ
uname_releaseZPURGE_CURRENT_KERNELZget_installed_ubuntu_kernelsZPURGE_NO_ALTERNATIVE_KERNELr�prompt_for_confirmationZPURGE_KERNEL_CONFIRMATION)r�package_listrSrl�mZcurrent_kernelZinstalled_kernelsZalternative_kernelsrrqrrb	sF�
��
����
z"RepoEntitlement.purge_kernel_checkcCs�d}|r6|�dtj�|�dt�dd�|D���d}|rh|�dtj�|�dt�dd�|D���d}|r�|�dtjdtjifg�dS)	NFrVcSsg|]
}|j�qSr�r!�rorlrrrrrVsz4RepoEntitlement.prompt_for_purge.<locals>.<listcomp>TcSsg|]\}}|j�qSrr|)rorl�_rrrrr`srsrt)rZrZWARN_PACKAGES_REMOVALrZcreate_package_list_strZWARN_PACKAGES_REINSTALLryZPROCEED_YES_NO)rrkrjrS�promptrrrreJs8�������	z RepoEntitlement.prompt_for_purgecs8t����fdd�|D�}|r4t�|tjj|d��dS)Ncsg|]}|j�kr|j�qSrr|r}�Zinstalled_packagesrrrrws
�z3RepoEntitlement.execute_removal.<locals>.<listcomp>rX)r
�get_installed_packages_namesZpurge_packagesrZUNINSTALLING_PACKAGES_FAILEDr&)rrkZ	to_removerr�rriqs
���zRepoEntitlement.execute_removalcs,t����fdd�|D�}|r(t�|�dS)Ncs*g|]"\}}|j�krd�|j|j��qS)z{}={})r!r&Zver_str)rorlrpr�rrrr�s
�z5RepoEntitlement.execute_reinstall.<locals>.<listcomp>)r
r�Zreinstall_packages)rrjZto_reinstallrr�rrh�s
�z!RepoEntitlement.execute_reinstallc
Cstjtjj|jd�f}|j}|�di��di�}|�d�}|sTtjtjj|jd�fS|�d�}|sxtjtj	j|jd�fSt
jtjd�}|D]8}t
�|j�||�|�}|r�tjtjj|jd�f}q�q�|jr�|jD]*}	t
�|	�s�tjtjj|j|	d�fSq�|S)Nrar*r+r1r5)Z	error_msg)rUrl)r�DISABLEDrZSERVICE_NOT_CONFIGUREDr&r<r-r.ZNO_APT_URL_FOR_SERVICEZNO_SUITES_FOR_SERVICEr
Zget_apt_cache_policyZAPT_POLICY_FAILEDrurvr)ZENABLEDZSERVICE_IS_ACTIVE�check_packages_are_installedr0Zis_installedZ SERVICE_DISABLED_MISSING_PACKAGEr!)
rZcurrent_statusr-r+�repo_url�repo_suitesZpolicyZsuiteZ
service_matchrlrrr�application_status�sN��
�
���

��
z"RepoEntitlement.application_statuscCsF|j}tdd�t�|����d�D��r,dS|s4dSt|t�|�k�S)z�Check if apt url delta should be applied.

        :param apt_url: string containing the apt url to be used.

        :return: False if apt url is already found on the source file.
                 True otherwise.
        css|]}|�d�VqdS)�#N)�
startswith)ro�linerrr�	<genexpr>�s�z<RepoEntitlement._check_apt_url_is_applied.<locals>.<genexpr>�
FT)r'�allrZ	load_file�strip�split�bool)rr3Zapt_filerrr�_check_apt_url_is_applied�s�z)RepoEntitlement._check_apt_url_is_applied)�orig_access�deltas�allow_enablerc
s6t��|||�rdS|�di�}|�di�}|�d�}|�d�}t��}|rZ|rZ|��}	n|��\}	}
|	tjkrtdS|�	|�s�t
�d|j|�t
�tjj|jd��|�di�}|�di��d�}|r�t�|j||j�|�t���|�t���|�r2t
�d	|�t
�tjjd
�|�d��|jt��|d�dS)
a1Process any contract access deltas for this entitlement.

        :param orig_access: Dictionary containing the original
            resourceEntitlement access details.
        :param deltas: Dictionary which contains only the changed access keys
        and values.
        :param allow_enable: Boolean set True if allowed to perform the enable
            operation. When False, a message will be logged to inform the user
            about the recommended enabled service.

        :return: True when delta operations are processed; False when noop.
        Tr*r+r1r,Fz.New aptURL, updating %s apt sources list to %srTz%New additionalPackages, installing %r�, rX)rz)rF�process_contract_deltasr.r�readZ"_check_application_status_on_cacher�rr�r�r;rVr!r@rZREPO_UPDATING_APT_SOURCESr&r
�remove_auth_apt_repor'r4rgr	�ProgressWrapperrYZ REPO_REFRESH_INSTALLING_PACKAGESr[r\)
rr�r�r�Zdelta_entitlementZdelta_directivesZ
delta_apt_urlZdelta_packagesZstatus_cacher�r~Zorig_entitlementZold_urlrLrrr��sV




������z'RepoEntitlement.process_contract_deltas)rSrz�cleanup_on_failurercCs�|s
|j}|sdS|�d|j�d��z|�|�Wn*tjk
r^|rX|�t�	���YnX|�
tjj
|jd��|jr�ddi}ddd	g}nd}g}ztj|||d
�Wn<tjk
r�|r�t�d�
|j��|�t�	���YnXdS)z�Install contract recommended packages for the entitlement.

        :param package_list: Optional package list to use instead of
            self.packages.
        :param cleanup_on_failure: Cleanup apt files if apt install fails.
        NrsZpre_installraZDEBIAN_FRONTENDZnoninteractivez--allow-downgradesz$-o Dpkg::Options::="--force-confdef"z$-o Dpkg::Options::="--force-confold")r0�apt_options�override_env_varsz.Apt install failed, removing apt config for {})r0rZZ	messagingr.Z_update_sources_listr
�UbuntuProErrorrgr	r�rSrZINSTALLING_SERVICE_PACKAGESr&r<�apt_noninteractiver
�run_apt_install_commandr;rVr!)rrSrzr�r�r�rrrr\!sJ
���
��z RepoEntitlement.install_packagesc	Csdd}d}d}|jjs|jjrNt�d|jjtj�}t�d|jjtj�}tjj	}n@|jj
s^|jjr�t�d|jj
tj�}t�d|jjtj�}tjj}tj
|||d�|j}|j}|d�di�}|��}|�d�}	|	s�tj|jd��|�d	�}
|
s�tj|jd��|�d
�}|�stj|jd��|j�r^|j�s:tj|j|jd��|jj|jd�}t�||
|j|j�g}
ttj��sx|
� d
�ttj!��s�|
� d�|
�r�|�"dt#j$jd�%|
�d��ztj&|
d�Wn(tj'k
�r�|�(t)�*���YnXt�+||j,�|
�|||j-|j.|j/�|�0t#j1j|jd��zt�2|�Wn,tj'k
�r^|j(t)�*�dd��YnXdS)z�Setup apt config based on the resourceToken and directives.
        Also sets up apt proxy if necessary.

        :raise UbuntuProError: on failure to setup any aspect of this apt
           configuration
        NrZhttps)�
http_proxy�https_proxyZproxy_scoper*r+�aptKey�rEr1r5rDr|zapt-transport-httpszca-certificatesrVr�rXF)�run_apt_update)3r:Zglobal_apt_http_proxyZglobal_apt_https_proxyrZvalidate_proxyZPROXY_VALIDATION_APT_HTTP_URLZPROXY_VALIDATION_APT_HTTPS_URLr
Z
AptProxyScopeZGLOBALZua_apt_http_proxyZua_apt_https_proxyZUACLIENTZsetup_apt_proxyr'r-r.r>r
ZRepoNoAptKeyr!�MissingAptURLDirectiveZRepoNoSuitesrrHZRepoPinFailNoOriginr<�repo_pref_file_tmplr&Zadd_ppa_pinningrZAPT_METHOD_HTTPS_FILErcZCA_CERTIFICATES_FILErZrZINSTALLING_PACKAGESr[r�r�rgr	r�Zadd_auth_apt_repor(rBr4�check_updates_pocketrSZAPT_UPDATING_LISTZupdate_sources_list)rrSr�r�Zscope�
repo_filenameZresource_cfgr+r=r�r�r��repo_pref_fileZprerequisite_pkgsrrrrY\s���
���


��

��
�
z RepoEntitlement.setup_apt_config)�override_snapshot_urlscCs�|dk	r|}n|j}|��}|j�di��di��d�}|j�|�}z|�d�\}}Wntk
rrd}|}YnXtj	�
|�|g|D]}|r�t�|||�q�dS)Nr*r+r1�:Zbearer)
r4r>r-r.r(r&r��
ValueErrorrZsecretsZ
add_secretr
Zadd_apt_auth_conf_entry)rr�r4Zcredentialsr�ZusernameZpasswordZurlrrr�update_apt_auth�s*���
zRepoEntitlement.update_apt_auth)rSr�c	Cs�t��j}|j}|j��|j�di�}|�di�}|�d�}|sPtj	|jd��|j
�|�}|�t
jj|jd��t�|||j|j�t�||�|jr�|jj|jd�}t�|�|r�|�t
j�t��dS)z�Remove any repository apt configuration files.

        :param run_apt_update: If after removing the apt update
            command after removing the apt files.
        r*r+r1r�rar|N)rr#r$r'r8Zentitlementsr!r.r
r�r(r&rSrZREMOVING_APT_CONFIGURATIONr<r
r�r4rBZremove_apt_list_filesrr�Zensure_file_absentZAPT_UPDATING_LISTSZrun_apt_update_command)	rrSr�r$r�r*Zaccess_directivesr�r�rrrrg�s6

�
��
z!RepoEntitlement.remove_apt_config)F)F)NT)N)T)8�__name__�
__module__�__qualname__r%r�r(rHr�r�Zsupports_purger��propertyr�int�strrr'r)rr0rr3r4r6r>r�rA�abc�abstractmethodrBrrrGrRr	r�r]r^rmrbrerirhrrZNamedMessager�r�rrr�r\rYr�rg�
__classcell__rrrLrr$s���
	,E�'�1�

�H�
�;h�
���r))r�r/Zloggingru�os.pathr�typingrrrrrrZuaclientr	r
rrr
rrrrrZuaclient.entitlementsrZ(uaclient.entitlements.entitlement_statusrrrZuaclient.files.state_filesrZget_event_loggerr@Z	getLoggerZreplace_top_level_logger_namer�r;rwZ
UAEntitlementrrrrr�<module>s 0