%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/aptdaemon/worker/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/aptdaemon/worker/aptworker.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Provides AptWorker which processes transactions."""
# Copyright (C) 2008-2009 Sebastian Heinlein <devel@glatzor.de>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

__author__ = "Sebastian Heinlein <devel@glatzor.de>"

__all__ = ("AptWorker")

import contextlib
import errno
import glob
import logging
import netrc
import os
import re
import shutil
import stat
import sys
import tempfile
import time
import traceback
try:
    from urllib.parse import urlsplit, urlunsplit
except ImportError:
    from urlparse import urlsplit, urlunsplit

try:
    from configparser import ConfigParser
except ImportError:
    from ConfigParser import ConfigParser

import apt
import apt.auth
import apt.cache
import apt.debfile
import apt_pkg
import aptsources
import aptsources.distro
from aptsources.sourceslist import SourcesList
from gi.repository import GObject, GLib

from . import BaseWorker
from ..enums import *
from ..errors import *
from .. import lock
from ..utils import set_euid_egid
from ..progress import (
    DaemonOpenProgress,
    DaemonInstallProgress,
    DaemonAcquireProgress,
    DaemonAcquireRepoProgress,
    DaemonDpkgInstallProgress,
    DaemonDpkgReconfigureProgress,
    DaemonDpkgRecoverProgress,
    DaemonForkProgress)

log = logging.getLogger("AptDaemon.Worker")

# Just required to detect translatable strings. The translation is done by
# core.Transaction.gettext
_ = lambda s: s

_POPCON_PATH = "/etc/popularity-contest.conf"
_POPCON_DEFAULT = """# Config file for Debian's popularity-contest package.
#
# To change this file, use:
#        dpkg-reconfigure popularity-contest
#
# You can also edit it by hand, if you so choose.
#
# See /usr/share/popularity-contest/default.conf for more info
# on the options.
MY_HOSTID="%(host_id)s"
PARTICIPATE="%(participate)s"
USE_HTTP="yes"
"""


def trans_only_installs_pkgs_from_high_trust_repos(trans,
                                                   whitelist=set()):
    """Return True if this transaction only touches packages in the
    aptdaemon repoisotry high trust repository whitelist
    """
    # the transaction *must* be simulated before
    if not trans.simulated:
        return False
    # we never allow unauthenticated ones
    if trans.unauthenticated:
        return False
    # paranoia: wrong role
    if trans.role not in (ROLE_INSTALL_PACKAGES, ROLE_COMMIT_PACKAGES):
        return False
    # if there is anything touched that is not a install bail out
    for enum in (PKGS_REINSTALL, PKGS_REMOVE, PKGS_PURGE, PKGS_DOWNGRADE,
                 PKGS_UPGRADE):
        if trans.packages[enum]:
            return False
    # paranoia(2): we must want to install something
    if not trans.packages[PKGS_INSTALL]:
        return False
    # we only care about the name, not the version
    pkgs = [pkg.split("=")[0] for pkg in trans.packages[PKGS_INSTALL]]
    # if the install packages matches the whitelisted set we are good
    return set(pkgs) == set(trans.high_trust_packages)


def read_high_trust_repository_dir(whitelist_cfg_d):
    """Return a set of (origin, component, pkgname-regexp) from a
    high-trust-repository-whitelist.d directory
    """
    whitelist = set()
    for path in glob.glob(os.path.join(whitelist_cfg_d, "*.cfg")):
        whitelist |= _read_high_trust_repository_whitelist_file(path)
    return whitelist


def _read_high_trust_repository_whitelist_file(path):
    """Read a individual high-trust-repository whitelist file and return
       a set of tuples (origin, component, pkgname-regexp)
    """
    parser = ConfigParser()
    whitelist = set()
    try:
        parser.read(path)
    except Exception as e:
        log.error("Failed to read repository whitelist '%s' (%s)" % (path, e))
        return whitelist
    for section in parser.sections():
        origin = parser.get(section, "origin")
        component = parser.get(section, "component")
        pkgnames = parser.get(section, "pkgnames")
        whitelist.add((origin, component, pkgnames))
    return whitelist


class AptWorker(BaseWorker):

    """Worker which processes transactions from the queue."""

    NATIVE_ARCH = apt_pkg.get_architectures()[0]

    # the basedir under which license keys can be stored
    LICENSE_KEY_ROOTDIR = "/opt/"

    def __init__(self, chroot=None, load_plugins=True):
        """Initialize a new AptWorker instance."""
        BaseWorker.__init__(self, chroot, load_plugins)
        self._cache = None

        # Change to a given chroot
        if self.chroot:
            apt_conf_file = os.path.join(chroot, "etc/apt/apt.conf")
            if os.path.exists(apt_conf_file):
                apt_pkg.read_config_file(apt_pkg.config, apt_conf_file)
            apt_conf_dir = os.path.join(chroot, "etc/apt/apt.conf.d")
            if os.path.isdir(apt_conf_dir):
                apt_pkg.read_config_dir(apt_pkg.config, apt_conf_dir)
            apt_pkg.config["Dir"] = chroot
            apt_pkg.config["Dir::State::Status"] = os.path.join(
                chroot, "var/lib/dpkg/status")
            apt_pkg.config.clear("DPkg::Post-Invoke")
            apt_pkg.config.clear("DPkg::Options")
            apt_pkg.config["DPkg::Options::"] = "--root=%s" % chroot
            apt_pkg.config["DPkg::Options::"] = ("--log=%s/var/log/dpkg.log" %
                                                 chroot)
            status_file = apt_pkg.config.find_file("Dir::State::status")
            lock.frontend_lock.path = os.path.join(os.path.dirname(status_file),
                                                 "lock-frontend")
            lock.status_lock.path = os.path.join(os.path.dirname(status_file),
                                                 "lock")
            archives_dir = apt_pkg.config.find_dir("Dir::Cache::Archives")
            lock.archive_lock.path = os.path.join(archives_dir, "lock")
            lists_dir = apt_pkg.config.find_dir("Dir::State::lists")
            lock.lists_lock.path = os.path.join(lists_dir, "lock")
            apt_pkg.init_system()

        # a set of tuples of the type (origin, component, pkgname-regexp)
        # that on install will trigger a different kind of polkit
        # authentication request (see LP: #1035207), useful for e.g.
        # webapps/company repos
        self._high_trust_repositories = read_high_trust_repository_dir(
            os.path.join(apt_pkg.config.find_dir("Dir"),
                         "etc/aptdaemon/high-trust-repository-whitelist.d"))
        log.debug(
            "using high-trust whitelist: '%s'" % self._high_trust_repositories)

        self._status_orig = apt_pkg.config.find_file("Dir::State::status")
        self._status_frozen = None
        if load_plugins:
            self._load_plugins(["modify_cache_after", "modify_cache_before",
                                "get_license_key"])

    def _call_plugins(self, name, resolver=None):
        """Call all plugins of a given type."""
        if not resolver:
            # If the resolver of the original task isn't available we create
            # a new one and protect the already marked changes
            resolver = apt.cache.ProblemResolver(self._cache)
            for pkg in self._cache.get_changes():
                resolver.clear(pkg)
                resolver.protect(pkg)
                if pkg.marked_delete:
                    resolver.remove(pkg)
        if name not in self.plugins:
            log.debug("There isn't any registered %s plugin" % name)
            return False
        for plugin in self.plugins[name]:
            log.debug("Calling %s plugin: %s", name, plugin)
            try:
                plugin(resolver, self._cache)
            except Exception as error:
                log.critical("Failed to call %s plugin:\n%s" % (plugin, error))
        return True

    def _run_transaction(self, trans):
        """Run the worker"""
        try:
            lock.wait_for_lock(trans)
            # Prepare the package cache
            if (trans.role == ROLE_FIX_INCOMPLETE_INSTALL or
                    not self.is_dpkg_journal_clean()):
                self.fix_incomplete_install(trans)
            # Process transaction which don't require a cache
            if trans.role == ROLE_ADD_VENDOR_KEY_FILE:
                self.add_vendor_key_from_file(trans, **trans.kwargs)
            elif trans.role == ROLE_ADD_VENDOR_KEY_FROM_KEYSERVER:
                self.add_vendor_key_from_keyserver(trans, **trans.kwargs)
            elif trans.role == ROLE_REMOVE_VENDOR_KEY:
                self.remove_vendor_key(trans, **trans.kwargs)
            elif trans.role == ROLE_ADD_REPOSITORY:
                self.add_repository(trans, **trans.kwargs)
            elif trans.role == ROLE_ENABLE_DISTRO_COMP:
                self.enable_distro_comp(trans, **trans.kwargs)
            elif trans.role == ROLE_RECONFIGURE:
                self.reconfigure(trans, trans.packages[PKGS_REINSTALL],
                                 **trans.kwargs)
            elif trans.role == ROLE_CLEAN:
                self.clean(trans)
            # Check if the transaction has been just simulated. So we could
            # skip marking the changes a second time.
            elif (trans.role in (ROLE_REMOVE_PACKAGES, ROLE_INSTALL_PACKAGES,
                                 ROLE_UPGRADE_PACKAGES, ROLE_COMMIT_PACKAGES,
                                 ROLE_UPGRADE_SYSTEM,
                                 ROLE_FIX_BROKEN_DEPENDS) and
                  self.marked_tid == trans.tid):
                self._apply_changes(trans)
                trans.exit = EXIT_SUCCESS
                return False
            else:
                self._open_cache(trans)
            # Process transaction which can handle a broken dep cache
            if trans.role == ROLE_FIX_BROKEN_DEPENDS:
                self.fix_broken_depends(trans)
            elif trans.role == ROLE_UPDATE_CACHE:
                self.update_cache(trans, **trans.kwargs)
            # Process the transactions which require a consistent cache
            elif trans.role == ROLE_ADD_LICENSE_KEY:
                self.add_license_key(trans, **trans.kwargs)
            elif self._cache and self._cache.broken_count:
                raise TransactionFailed(ERROR_CACHE_BROKEN,
                                        self._get_broken_details(trans))
            if trans.role == ROLE_PK_QUERY:
                self.query(trans)
            elif trans.role == ROLE_INSTALL_FILE:
                self.install_file(trans, **trans.kwargs)
            elif trans.role in [ROLE_REMOVE_PACKAGES, ROLE_INSTALL_PACKAGES,
                                ROLE_UPGRADE_PACKAGES, ROLE_COMMIT_PACKAGES]:
                self.commit_packages(trans, *trans.packages)
            elif trans.role == ROLE_UPGRADE_SYSTEM:
                self.upgrade_system(trans, **trans.kwargs)
        finally:
            lock.release()

    def commit_packages(self, trans, install, reinstall, remove, purge,
                        upgrade, downgrade, simulate=False):
        """Perform a complex package operation.

        Keyword arguments:
        trans - the transaction
        install - list of package names to install
        reinstall - list of package names to reinstall
        remove - list of package names to remove
        purge - list of package names to purge including configuration files
        upgrade - list of package names to upgrade
        downgrade - list of package names to upgrade
        simulate -- if True the changes won't be applied
        """
        log.info("Committing packages: %s, %s, %s, %s, %s, %s",
                 install, reinstall, remove, purge, upgrade, downgrade)
        with self._cache.actiongroup():
            resolver = apt.cache.ProblemResolver(self._cache)
            self._mark_packages_for_installation(install, resolver)
            self._mark_packages_for_installation(reinstall, resolver,
                                                 reinstall=True)
            self._mark_packages_for_removal(remove, resolver)
            self._mark_packages_for_removal(purge, resolver, purge=True)
            self._mark_packages_for_upgrade(upgrade, resolver)
            self._mark_packages_for_downgrade(downgrade, resolver)
            self._resolve_depends(trans, resolver)
        self._check_obsoleted_dependencies(trans, resolver)
        if not simulate:
            self._apply_changes(trans)

    def _resolve_depends(self, trans, resolver):
        """Resolve the dependencies using the given ProblemResolver."""
        self._call_plugins("modify_cache_before", resolver)
        try:
            resolver.resolve()
        except SystemError:
            raise TransactionFailed(ERROR_DEP_RESOLUTION_FAILED,
                                    self._get_broken_details(trans, now=False))
        if self._call_plugins("modify_cache_after", resolver):
            try:
                resolver.resolve()
            except SystemError:
                details = self._get_broken_details(trans, now=False)
                raise TransactionFailed(ERROR_DEP_RESOLUTION_FAILED, details)

    def _get_high_trust_packages(self):
        """ Return a list of packages that come from a high-trust repo """
        def _in_high_trust_repository(pkgname, pkgorigin):
            for origin, component, regexp in self._high_trust_repositories:
                if (origin == pkgorigin.origin and
                        component == pkgorigin.component and
                        re.match(regexp, pkgname)):
                    return True
            return False
        # loop
        from_high_trust_repo = []
        for pkg in self._cache.get_changes():
            if pkg.marked_install:
                for origin in pkg.candidate.origins:
                    if _in_high_trust_repository(pkg.name, origin):
                        from_high_trust_repo.append(pkg.name)
                        break
        return from_high_trust_repo

    def _get_unauthenticated(self):
        """Return a list of unauthenticated package names """
        unauthenticated = []
        for pkg in self._cache.get_changes():
            if (pkg.marked_install or
                    pkg.marked_downgrade or
                    pkg.marked_upgrade or
                    pkg.marked_reinstall):
                trusted = False
                for origin in pkg.candidate.origins:
                    trusted |= origin.trusted
                if not trusted:
                    unauthenticated.append(pkg.name)
        return unauthenticated

    def _mark_packages_for_installation(self, packages, resolver,
                                        reinstall=False):
        """Mark packages for installation."""
        for pkg_name, pkg_ver, pkg_rel in [self._split_package_id(pkg)
                                           for pkg in packages]:
            pkg_name, sep, auto_marker = pkg_name.partition("#")
            from_user = (auto_marker != "auto")
            try:
                pkg = self._cache[pkg_name]
            except KeyError:
                raise TransactionFailed(ERROR_NO_PACKAGE,
                                        _("Package %s isn't available"),
                                        pkg_name)
            if reinstall:
                if not pkg.is_installed:
                    raise TransactionFailed(ERROR_PACKAGE_NOT_INSTALLED,
                                            _("Package %s isn't installed"),
                                            pkg.name)
                if pkg_ver and pkg.installed.version != pkg_ver:
                    raise TransactionFailed(ERROR_PACKAGE_NOT_INSTALLED,
                                            _("The version %s of %s isn't "
                                              "installed"),
                                            pkg_ver, pkg_name)
            else:
                # Fail if the user requests to install the same version
                # of an already installed package.
                if (pkg.is_installed and
                    # Compare version numbers
                    pkg_ver and pkg_ver == pkg.installed.version and
                    # Optionally compare the origin if specified
                    (not pkg_rel or
                     pkg_rel in [origin.archive for
                                 origin in pkg.installed.origins])):
                        raise TransactionFailed(
                            ERROR_PACKAGE_ALREADY_INSTALLED,
                            _("Package %s is already installed"), pkg_name)

            if pkg_ver:
                try:
                    pkg.candidate = pkg.versions[pkg_ver]
                except KeyError:
                    raise TransactionFailed(ERROR_NO_PACKAGE,
                                            _("The version %s of %s isn't "
                                              "available."), pkg_ver, pkg_name)
            elif pkg_rel:
                self._set_candidate_release(pkg, pkg_rel)

            pkg.mark_install(False, False, from_user)
            resolver.clear(pkg)
            resolver.protect(pkg)

    def enable_distro_comp(self, trans, component):
        """Enable given component in the sources list.

        Keyword arguments:
        trans -- the corresponding transaction
        component -- a component, e.g. main or universe
        """
        trans.progress = 101
        trans.status = STATUS_COMMITTING
        old_umask = os.umask(0o022)
        try:
            sourceslist = SourcesList()
            distro = aptsources.distro.get_distro()
            distro.get_sources(sourceslist)
            distro.enable_component(component)
            sourceslist.save()
        finally:
            os.umask(old_umask)

    def add_repository(self, trans, src_type, uri, dist, comps, comment,
                       sourcesfile):
        """Add given repository to the sources list.

        Keyword arguments:
        trans -- the corresponding transaction
        src_type -- the type of the entry (deb, deb-src)
        uri -- the main repository uri (e.g. http://archive.ubuntu.com/ubuntu)
        dist -- the distribution to use (e.g. karmic, "/")
        comps -- a (possible empty) list of components (main, restricted)
        comment -- an (optional) comment
        sourcesfile -- an (optinal) filename in sources.list.d
        """
        trans.progress = 101
        trans.status = STATUS_COMMITTING

        if sourcesfile:
            if not sourcesfile.endswith(".list"):
                sourcesfile += ".list"
            dir = apt_pkg.config.find_dir("Dir::Etc::sourceparts")
            sourcesfile = os.path.join(dir, os.path.basename(sourcesfile))
        else:
            sourcesfile = None
        # Store any private login information in a separate auth.conf file
        if re.match("(http|https|ftp)://\S+?:\S+?@\S+", uri):
            uri = self._store_and_strip_password_from_uri(uri)
            auth_conf_path = apt_pkg.config.find_file("Dir::etc::netrc")
            if not comment:
                comment = "credentials stored in %s" % auth_conf_path
            else:
                comment += "; credentials stored in %s" % auth_conf_path
        try:
            sources = SourcesList()
            entry = sources.add(src_type, uri, dist, comps, comment,
                                file=sourcesfile)
            if entry.invalid:
                # FIXME: Introduce new error codes
                raise RepositoryInvalidError()
        except:
            log.exception("adding repository")
            raise
        else:
            sources.save()

    def _store_and_strip_password_from_uri(self, uri, auth_conf_path=None):
        """Extract the credentials from an URI. Store the password in
        auth.conf and return the URI without any password information.
        """
        try:
            res = urlsplit(uri)
        except ValueError as error:
            log.warning("Failed to urlsplit '%s'", error)
            return uri
        netloc_public = res.netloc.replace("%s:%s@" % (res.username,
                                                       res.password),
                                           "")
        machine = netloc_public + res.path
        # find auth.conf
        if auth_conf_path is None:
            auth_conf_path = apt_pkg.config.find_file("Dir::etc::netrc")

        # read all "machine"s from the auth.conf "netrc" file
        netrc_hosts = {}
        netrc_hosts_as_text = ""
        if os.path.exists(auth_conf_path):
                netrc_hosts = netrc.netrc(auth_conf_path).hosts
                with open(auth_conf_path, "rb") as f:
                    netrc_hosts_as_text = f.read().decode("UTF-8")

        # the new entry
        new_netrc_entry = "\nmachine %s login %s password %s\n" % (
            machine, res.username, res.password)
        # if there is the same machine already defined, update it
        # using a regexp this will ensure order/comments remain
        if machine in netrc_hosts:
            sub_regexp = r'machine\s+%s\s+login\s+%s\s+password\s+%s' % (
                re.escape(machine),
                re.escape(netrc_hosts[machine][0]),
                re.escape(netrc_hosts[machine][2]))
            replacement = 'machine %s login %s password %s' % (
                machine, res.username, res.password)
            # this may happen if e.g. the order is unexpected
            if not re.search(sub_regexp, netrc_hosts_as_text):
                log.warning("can not replace existing netrc entry for '%s' "
                            "prepending it instead" % machine)
                netrc_hosts_as_text = new_netrc_entry + netrc_hosts_as_text
            else:
                netrc_hosts_as_text = re.sub(
                    sub_regexp, replacement, netrc_hosts_as_text)
        else:
            netrc_hosts_as_text += new_netrc_entry

        # keep permssion bits of the file
        mode = 0o640
        try:
            mode = os.stat(auth_conf_path)[stat.ST_MODE]
        except OSError as e:
            if e.errno != errno.ENOENT:
                raise
        # write out, tmp file first plus rename to be atomic
        try:
            auth_conf_tmp = tempfile.NamedTemporaryFile(
                dir=os.path.dirname(auth_conf_path),
                prefix=os.path.basename(auth_conf_path),
                delete=False)
            auth_conf_tmp.write(netrc_hosts_as_text.encode('UTF-8'))
            auth_conf_tmp.close()
            os.rename(auth_conf_tmp.name, auth_conf_path)
            # and restore permissions (or set default ones)
            os.chmod(auth_conf_path, mode)
        except OSError as error:
            log.warning("Failed to write auth.conf: '%s'" % error)

        # Return URI without user/pass
        return urlunsplit((res.scheme, netloc_public, res.path, res.query,
                           res.fragment))

    def add_vendor_key_from_keyserver(self, trans, keyid, keyserver):
        """Add the signing key from the given (keyid, keyserver) to the
        trusted vendors.

        Keyword argument:
        trans -- the corresponding transaction
        keyid - the keyid of the key (e.g. 0x0EB12F05)
        keyserver - the keyserver (e.g. keyserver.ubuntu.com)
        """
        log.info("Adding vendor key from keyserver: %s %s", keyid, keyserver)
        # Perform some sanity checks
        try:
            res = urlsplit(keyserver)
        except ValueError:
            raise TransactionFailed(ERROR_KEY_NOT_INSTALLED,
                                    # TRANSLATORS: %s is the URL of GnuPG
                                    #             keyserver
                                    _("The keyserver URL is invalid: %s"),
                                    keyserver)
        if res.scheme not in ["hkp", "ldap", "ldaps", "http", "https"]:
            raise TransactionFailed(ERROR_KEY_NOT_INSTALLED,
                                    # TRANSLATORS: %s is the URL of GnuPG
                                    #             keyserver
                                    _("Invalid protocol of the server: %s"),
                                    keyserver)
        try:
            int(keyid, 16)
        except ValueError:
            raise TransactionFailed(ERROR_KEY_NOT_INSTALLED,
                                    # TRANSLATORS: %s is the id of a GnuPG key
                                    #             e.g. E08ADE95
                                    _("Invalid key id: %s"), keyid)
        trans.status = STATUS_DOWNLOADING
        trans.progress = 101
        with DaemonForkProgress(trans) as progress:
            progress.run(apt.auth.add_key_from_keyserver, keyid, keyserver)
        if progress._child_exit != 0:
            # TRANSLATORS: The first %s is the key id and the second the server
            raise TransactionFailed(ERROR_KEY_NOT_INSTALLED,
                                    _("Failed to download and install the key "
                                      "%s from %s:\n%s"),
                                    keyid, keyserver, progress.output)

    def add_vendor_key_from_file(self, trans, path):
        """Add the signing key from the given file to the trusted vendors.

        Keyword argument:
        path -- absolute path to the key file
        """
        log.info("Adding vendor key from file: %s", path)
        trans.progress = 101
        trans.status = STATUS_COMMITTING
        with DaemonForkProgress(trans) as progress:
            progress.run(apt.auth.add_key_from_file, path)
        if progress._child_exit != 0:
            raise TransactionFailed(ERROR_KEY_NOT_INSTALLED,
                                    _("Key file %s couldn't be installed: %s"),
                                    path, progress.output)

    def remove_vendor_key(self, trans, fingerprint):
        """Remove repository key.

        Keyword argument:
        trans -- the corresponding transaction
        fingerprint -- fingerprint of the key to remove
        """
        log.info("Removing vendor key: %s", fingerprint)
        trans.progress = 101
        trans.status = STATUS_COMMITTING
        try:
            int(fingerprint, 16)
        except ValueError:
            raise TransactionFailed(ERROR_KEY_NOT_REMOVED,
                                    # TRANSLATORS: %s is the id of a GnuPG key
                                    #             e.g. E08ADE95
                                    _("Invalid key id: %s"), fingerprint)
        with DaemonForkProgress(trans) as progress:
            progress.run(apt.auth.remove_key, fingerprint)
        if progress._child_exit != 0:
            raise TransactionFailed(ERROR_KEY_NOT_REMOVED,
                                    _("Key with fingerprint %s couldn't be "
                                      "removed: %s"),
                                    fingerprint, progress.output)

    def install_file(self, trans, path, force, simulate=False):
        """Install local package file.

        Keyword argument:
        trans -- the corresponding transaction
        path -- absolute path to the package file
        force -- if installing an invalid package is allowed
        simulate -- if True the changes won't be committed but the debfile
                    instance will be returned
        """
        log.info("Installing local package file: %s", path)
        # Check if the dpkg can be installed at all
        trans.status = STATUS_RESOLVING_DEP
        deb = self._check_deb_file(trans, path, force)
        # Check for required changes and apply them before
        (install, remove, unauth) = deb.required_changes
        self._call_plugins("modify_cache_after")
        if simulate:
            return deb
        with self._frozen_status():
            if len(install) > 0 or len(remove) > 0:
                self._apply_changes(trans, fetch_range=(15, 33),
                                    install_range=(34, 63))
            # Install the dpkg file
            deb_progress = DaemonDpkgInstallProgress(trans, begin=64, end=95)
            res = deb.install(deb_progress)
            trans.output += deb_progress.output
            if res:
                raise TransactionFailed(ERROR_PACKAGE_MANAGER_FAILED,
                                        trans.output)

    def _mark_packages_for_removal(self, packages, resolver, purge=False):
        """Mark packages for installation."""
        for pkg_name, pkg_ver, pkg_rel in [self._split_package_id(pkg)
                                           for pkg in packages]:
            try:
                pkg = self._cache[pkg_name]
            except KeyError:
                raise TransactionFailed(ERROR_NO_PACKAGE,
                                        _("Package %s isn't available"),
                                        pkg_name)
            if not pkg.is_installed and not pkg.installed_files:
                raise TransactionFailed(ERROR_PACKAGE_NOT_INSTALLED,
                                        _("Package %s isn't installed"),
                                        pkg_name)
            if pkg.essential is True:
                raise TransactionFailed(ERROR_NOT_REMOVE_ESSENTIAL_PACKAGE,
                                        _("Package %s cannot be removed."),
                                        pkg_name)
            if pkg_ver and pkg.installed != pkg_ver:
                raise TransactionFailed(ERROR_PACKAGE_NOT_INSTALLED,
                                        _("The version %s of %s is not "
                                          "installed"), pkg_ver, pkg_name)
            pkg.mark_delete(False, purge)
            resolver.clear(pkg)
            resolver.protect(pkg)
            resolver.remove(pkg)

    def _check_obsoleted_dependencies(self, trans, resolver=None):
        """Mark obsoleted dependencies of to be removed packages
        for removal.
        """
        if not trans.remove_obsoleted_depends:
            return
        if not resolver:
            resolver = apt.cache.ProblemResolver(self._cache)
        installed_deps = set()
        with self._cache.actiongroup():
            for pkg in self._cache.get_changes():
                if pkg.marked_delete:
                    installed_deps = self._installed_dependencies(
                        pkg.name, installed_deps)
            for dep_name in installed_deps:
                if dep_name in self._cache:
                    pkg = self._cache[dep_name]
                    if pkg.is_installed and pkg.is_auto_removable:
                        pkg.mark_delete(False)
            # do an additional resolver run to ensure that the autoremove
            # never leaves the cache in an inconsistent state, see bug
            # LP: #659111 for the rational, essentially this may happen
            # if a package is marked install during problem resolving but
            # is later no longer required. the resolver deals with that
            self._resolve_depends(trans, resolver)

    def _installed_dependencies(self, pkg_name, all_deps=None):
        """Recursively return all installed dependencies of a given package."""
        # FIXME: Should be part of python-apt, since it makes use of non-public
        #       API. Perhaps by adding a recursive argument to
        #       apt.package.Version.get_dependencies()
        if not all_deps:
            all_deps = set()
        if pkg_name not in self._cache:
            return all_deps
        cur = self._cache[pkg_name]._pkg.current_ver
        if not cur:
            return all_deps
        for sec in ("PreDepends", "Depends", "Recommends"):
            try:
                for dep in cur.depends_list[sec]:
                    dep_name = dep[0].target_pkg.name
                    if dep_name not in all_deps:
                        all_deps.add(dep_name)
                        all_deps |= self._installed_dependencies(dep_name,
                                                                 all_deps)
            except KeyError:
                pass
        return all_deps

    def _mark_packages_for_downgrade(self, packages, resolver):
        """Mark packages for downgrade."""
        for pkg_name, pkg_ver, pkg_rel in [self._split_package_id(pkg)
                                           for pkg in packages]:
            try:
                pkg = self._cache[pkg_name]
            except KeyError:
                raise TransactionFailed(ERROR_NO_PACKAGE,
                                        _("Package %s isn't available"),
                                        pkg_name)
            if not pkg.is_installed:
                raise TransactionFailed(ERROR_PACKAGE_NOT_INSTALLED,
                                        _("Package %s isn't installed"),
                                        pkg_name)
            auto = pkg.is_auto_installed

            if pkg_ver:
                if pkg.installed and pkg.installed.version < pkg_ver:
                    # FIXME: We need a new error enum
                    raise TransactionFailed(ERROR_NO_PACKAGE,
                                            _("The former version %s of %s "
                                              "is already installed"),
                                            pkg.installed.version, pkg.name)
                elif pkg.installed and pkg.installed.version == pkg_ver:
                    raise TransactionFailed(ERROR_PACKAGE_ALREADY_INSTALLED,
                                            _("The version %s of %s "
                                              "is already installed"),
                                            pkg.installed.version, pkg.name)
                try:
                    pkg.candidate = pkg.versions[pkg_ver]
                except KeyError:
                    raise TransactionFailed(ERROR_NO_PACKAGE,
                                            _("The version %s of %s isn't "
                                              "available"), pkg_ver, pkg_name)
            else:
                raise TransactionFailed(ERROR_NO_PACKAGE,
                                        _("You need to specify a version to "
                                          "downgrade %s to"),
                                        pkg_name)

            pkg.mark_install(False, False, True)
            pkg.mark_auto(auto)
            resolver.clear(pkg)
            resolver.protect(pkg)

    def _mark_packages_for_upgrade(self, packages, resolver):
        """Mark packages for upgrade."""
        for pkg_name, pkg_ver, pkg_rel in [self._split_package_id(pkg)
                                           for pkg in packages]:
            try:
                pkg = self._cache[pkg_name]
            except KeyError:
                raise TransactionFailed(ERROR_NO_PACKAGE,
                                        _("Package %s isn't available"),
                                        pkg_name)
            if not pkg.is_installed:
                raise TransactionFailed(ERROR_PACKAGE_NOT_INSTALLED,
                                        _("Package %s isn't installed"),
                                        pkg_name)
            auto = pkg.is_auto_installed

            if pkg_ver:
                if (pkg.installed and
                    apt_pkg.version_compare(pkg.installed.version,
                                            pkg_ver) == 1):
                    raise TransactionFailed(ERROR_PACKAGE_UPTODATE,
                                            _("The later version %s of %s "
                                              "is already installed"),
                                            pkg.installed.version, pkg.name)
                elif (pkg.installed and
                      apt_pkg.version_compare(pkg.installed.version,
                                              pkg_ver) == 0):
                    raise TransactionFailed(ERROR_PACKAGE_UPTODATE,
                                            _("The version %s of %s "
                                              "is already installed"),
                                            pkg.installed.version, pkg.name)
                try:
                    pkg.candidate = pkg.versions[pkg_ver]
                except KeyError:
                    raise TransactionFailed(ERROR_NO_PACKAGE,
                                            _("The version %s of %s isn't "
                                              "available."), pkg_ver, pkg_name)

            elif pkg_rel:
                self._set_candidate_release(pkg, pkg_rel)

            pkg.mark_install(False, False, True)
            pkg.mark_auto(auto)
            resolver.clear(pkg)
            resolver.protect(pkg)

    @staticmethod
    def _set_candidate_release(pkg, release):
        """Set the candidate of a package to the one from the given release."""
        # FIXME: Should be moved to python-apt
        # Check if the package is provided in the release
        for version in pkg.versions:
            if [origin for origin in version.origins
                    if origin.archive == release]:
                break
        else:
            raise TransactionFailed(ERROR_NO_PACKAGE,
                                    _("The package %s isn't available in "
                                      "the %s release."), pkg.name, release)
        pkg._pcache.cache_pre_change()
        pkg._pcache._depcache.set_candidate_release(pkg._pkg, version._cand,
                                                    release)
        pkg._pcache.cache_post_change()

    def update_cache(self, trans, sources_list):
        """Update the cache.

        Keyword arguments:
        trans -- the corresponding transaction
        sources_list -- only update the repositories found in the sources.list
                        snippet by the given file name.
        """

        def compare_pathes(first, second):
            """Small helper to compare two pathes."""
            return os.path.normpath(first) == os.path.normpath(second)

        log.info("Updating cache")

        progress = DaemonAcquireRepoProgress(trans, begin=10, end=90)
        if sources_list and not sources_list.startswith("/"):
            dir = apt_pkg.config.find_dir("Dir::Etc::sourceparts")
            sources_list = os.path.join(dir, sources_list)
        if sources_list:
            # For security reasons (LP #722228) we only allow files inside
            # sources.list.d as basedir
            basedir = apt_pkg.config.find_dir("Dir::Etc::sourceparts")
            system_sources = apt_pkg.config.find_file("Dir::Etc::sourcelist")
            if "/" in sources_list:
                sources_list = os.path.abspath(sources_list)
                # Check if the sources_list snippet is in the sourceparts
                # directory
                common_prefix = os.path.commonprefix([sources_list, basedir])
                if not (compare_pathes(common_prefix, basedir) or
                        compare_pathes(sources_list, system_sources)):
                    raise AptDaemonError("Only alternative sources.list files "
                                         "inside '%s' are allowed (not '%s')" %
                                         (basedir, sources_list))
            else:
                sources_list = os.path.join(basedir, sources_list)
        try:
            self._cache.update(progress, sources_list=sources_list)
        except apt.cache.FetchFailedException as error:
            # ListUpdate() method of apt handles a cancelled operation
            # as a failed one, see LP #162441
            if trans.cancelled:
                raise TransactionCancelled()
            else:
                raise TransactionFailed(ERROR_REPO_DOWNLOAD_FAILED,
                                        str(error))
        except apt.cache.FetchCancelledException:
            raise TransactionCancelled()
        except apt.cache.LockFailedException:
            raise TransactionFailed(ERROR_NO_LOCK)
        self._open_cache(trans, begin=91, end=95)

    def upgrade_system(self, trans, safe_mode=True, simulate=False):
        """Upgrade the system.

        Keyword argument:
        trans -- the corresponding transaction
        safe_mode -- if additional software should be installed or removed to
                     satisfy the dependencies the an updates
        simulate -- if the changes should not be applied
        """
        log.info("Upgrade system with safe mode: %s" % safe_mode)
        trans.status = STATUS_RESOLVING_DEP
        # FIXME: What to do if already uptotdate? Add error code?
        self._call_plugins("modify_cache_before")
        try:
            self._cache.upgrade(dist_upgrade=not safe_mode)
        except SystemError as excep:
            raise TransactionFailed(ERROR_DEP_RESOLUTION_FAILED, str(excep))
        self._call_plugins("modify_cache_after")
        self._check_obsoleted_dependencies(trans)
        if not simulate:
            self._apply_changes(trans)

    def fix_incomplete_install(self, trans):
        """Run dpkg --configure -a to recover from a failed installation.

        Keyword arguments:
        trans -- the corresponding transaction
        """
        log.info("Fixing incomplete installs")
        trans.status = STATUS_CLEANING_UP
        with self._frozen_status():
            with DaemonDpkgRecoverProgress(trans) as progress:
                progress.run()
        trans.output += progress.output
        if progress._child_exit != 0:
            raise TransactionFailed(ERROR_PACKAGE_MANAGER_FAILED,
                                    trans.output)

    def reconfigure(self, trans, packages, priority):
        """Run dpkg-reconfigure to reconfigure installed packages.

        Keyword arguments:
        trans -- the corresponding transaction
        packages -- list of packages to reconfigure
        priority -- the lowest priority of question which should be asked
        """
        log.info("Reconfiguring packages")
        with self._frozen_status():
            with DaemonDpkgReconfigureProgress(trans) as progress:
                progress.run(packages, priority)
        trans.output += progress.output
        if progress._child_exit != 0:
            raise TransactionFailed(ERROR_PACKAGE_MANAGER_FAILED,
                                    trans.output)

    def fix_broken_depends(self, trans, simulate=False):
        """Try to fix broken dependencies.

        Keyword arguments:
        trans -- the corresponding transaction
        simualte -- if the changes should not be applied
        """
        log.info("Fixing broken depends")
        trans.status = STATUS_RESOLVING_DEP
        try:
            self._cache._depcache.fix_broken()
        except SystemError:
            raise TransactionFailed(ERROR_DEP_RESOLUTION_FAILED,
                                    self._get_broken_details(trans))
        if not simulate:
            self._apply_changes(trans)

    def _open_cache(self, trans, begin=1, end=5, quiet=False, status=None):
        """Open the APT cache.

        Keyword arguments:
        trans -- the corresponding transaction
        start -- the begin of the progress range
        end -- the end of the the progress range
        quiet -- if True do no report any progress
        status -- an alternative dpkg status file
        """
        self.marked_tid = None
        trans.status = STATUS_LOADING_CACHE
        if not status:
            status = self._status_orig
        apt_pkg.config.set("Dir::State::status", status)
        apt_pkg.init_system()
        progress = DaemonOpenProgress(trans, begin=begin, end=end,
                                      quiet=quiet)
        try:
            if not isinstance(self._cache, apt.cache.Cache):
                self._cache = apt.cache.Cache(progress)
            else:
                self._cache.open(progress)
        except SystemError as excep:
            raise TransactionFailed(ERROR_NO_CACHE, str(excep))

    def is_dpkg_journal_clean(self):
        """Return False if there are traces of incomplete dpkg status
        updates."""
        status_updates = os.path.join(os.path.dirname(self._status_orig),
                                      "updates/")
        for dentry in os.listdir(status_updates):
            if dentry.isdigit():
                return False
        return True

    def _apply_changes(self, trans, fetch_range=(15, 50),
                       install_range=(50, 90)):
        """Apply previously marked changes to the system.

        Keyword arguments:
        trans -- the corresponding transaction
        fetch_range -- tuple containing the start and end point of the
                       download progress
        install_range -- tuple containing the start and end point of the
                         install progress
        """
        changes = self._cache.get_changes()
        if not changes:
            return
        # Do not allow to remove essential packages
        for pkg in changes:
            if pkg.marked_delete and (pkg.essential is True or
                                      (pkg.installed and
                                       pkg.installed.priority == "required") or
                                      pkg.name == "aptdaemon"):
                raise TransactionFailed(ERROR_NOT_REMOVE_ESSENTIAL_PACKAGE,
                                        _("Package %s cannot be removed"),
                                        pkg.name)
        # Check if any of the cache changes get installed from an
        # unauthenticated repository""
        if not trans.allow_unauthenticated and trans.unauthenticated:
            raise TransactionFailed(ERROR_PACKAGE_UNAUTHENTICATED,
                                    " ".join(sorted(trans.unauthenticated)))
        if trans.cancelled:
            raise TransactionCancelled()
        trans.cancellable = False
        fetch_progress = DaemonAcquireProgress(trans, begin=fetch_range[0],
                                               end=fetch_range[1])
        inst_progress = DaemonInstallProgress(trans, begin=install_range[0],
                                              end=install_range[1])
        with self._frozen_status():
            try:
                # This was backported as 
                if "allow_unauthenticated" in apt.Cache.commit.__doc__:
                    self._cache.commit(fetch_progress, inst_progress,
                                       allow_unauthenticated=trans.allow_unauthenticated)
                else:
                    self._cache.commit(fetch_progress, inst_progress)
            except apt.cache.FetchFailedException as error:
                raise TransactionFailed(ERROR_PACKAGE_DOWNLOAD_FAILED,
                                        str(error))
            except apt.cache.FetchCancelledException:
                raise TransactionCancelled()
            except SystemError as excep:
                # Run dpkg --configure -a to recover from a failed transaction
                trans.status = STATUS_CLEANING_UP
                with DaemonDpkgRecoverProgress(trans, begin=90, end=95) as pro:
                    pro.run()
                output = inst_progress.output + pro.output
                trans.output += output
                raise TransactionFailed(ERROR_PACKAGE_MANAGER_FAILED,
                                        "%s: %s" % (excep, trans.output))
            else:
                trans.output += inst_progress.output

    @contextlib.contextmanager
    def _frozen_status(self):
        """Freeze the status file to allow simulate operations during
        a dpkg call."""
        frozen_dir = tempfile.mkdtemp(prefix="aptdaemon-frozen-status")
        shutil.copy(self._status_orig, frozen_dir)
        self._status_frozen = os.path.join(frozen_dir, "status")
        try:
            yield
        finally:
            shutil.rmtree(frozen_dir)
            self._status_frozen = None

    def query(self, trans):
        """Process a PackageKit query transaction."""
        raise NotImplementedError

    def _simulate_transaction(self, trans):
        depends = [[], [], [], [], [], [], []]
        unauthenticated = []
        high_trust_packages = []
        skip_pkgs = []
        size = 0
        installs = reinstalls = removals = purges = upgrades = upgradables = \
            downgrades = []

        # Only handle transaction which change packages
        # FIXME: Add support for ROLE_FIX_INCOMPLETE_INSTALL
        if trans.role not in [ROLE_INSTALL_PACKAGES, ROLE_UPGRADE_PACKAGES,
                              ROLE_UPGRADE_SYSTEM, ROLE_REMOVE_PACKAGES,
                              ROLE_COMMIT_PACKAGES, ROLE_INSTALL_FILE,
                              ROLE_FIX_BROKEN_DEPENDS]:
            return depends, 0, 0, [], []

        # If a transaction is currently running use the former status file
        if self._status_frozen:
            status_path = self._status_frozen
        else:
            status_path = self._status_orig
        self._open_cache(trans, quiet=True, status=status_path)
        if trans.role == ROLE_FIX_BROKEN_DEPENDS:
            self.fix_broken_depends(trans, simulate=True)
        elif self._cache.broken_count:
            raise TransactionFailed(ERROR_CACHE_BROKEN,
                                    self._get_broken_details(trans))
        elif trans.role == ROLE_UPGRADE_SYSTEM:
            for pkg in self._iterate_packages():
                if pkg.is_upgradable:
                    upgradables.append(pkg)
            self.upgrade_system(trans, simulate=True, **trans.kwargs)
        elif trans.role == ROLE_INSTALL_FILE:
            deb = self.install_file(trans, simulate=True, **trans.kwargs)
            skip_pkgs.append(deb.pkgname)
            try:
                # Sometimes a thousands comma is used in packages
                # See LP #656633
                size = int(deb["Installed-Size"].replace(",", "")) * 1024
                # Some packages ship really large install sizes e.g.
                # openvpn access server, see LP #758837
                if size > sys.maxsize:
                    raise OverflowError("Size is too large: %s Bytes" % size)
            except (KeyError, AttributeError, ValueError, OverflowError):
                if not trans.kwargs["force"]:
                    msg = trans.gettext("The package doesn't provide a "
                                        "valid Installed-Size control "
                                        "field. See Debian Policy 5.6.20.")
                    raise TransactionFailed(ERROR_INVALID_PACKAGE_FILE, msg)
            try:
                pkg = self._cache[deb.pkgname]
            except KeyError:
                trans.packages = [[deb.pkgname], [], [], [], [], []]
            else:
                if pkg.is_installed:
                    # if we failed to get the size from the deb file do nor
                    # try to get the delta
                    if size != 0:
                        size -= pkg.installed.installed_size
                    trans.packages = [[], [deb.pkgname], [], [], [], []]
                else:
                    trans.packages = [[deb.pkgname], [], [], [], [], []]
        else:
            # FIXME: ugly code to get the names of the packages
            (installs, reinstalls, removals, purges,
             upgrades, downgrades) = [[re.split("(=|/)", entry, 1)[0]
                                       for entry in lst]
                                      for lst in trans.packages]
            self.commit_packages(trans, *trans.packages, simulate=True)

        changes = self._cache.get_changes()
        changes_names = []
        # get the additional dependencies
        for pkg in changes:
            if (pkg.marked_upgrade and pkg.is_installed and
                    pkg.name not in upgrades):
                pkg_str = "%s=%s" % (pkg.name, pkg.candidate.version)
                depends[PKGS_UPGRADE].append(pkg_str)
            elif pkg.marked_reinstall and pkg.name not in reinstalls:
                pkg_str = "%s=%s" % (pkg.name, pkg.candidate.version)
                depends[PKGS_REINSTALL].append(pkg_str)
            elif pkg.marked_downgrade and pkg.name not in downgrades:
                pkg_str = "%s=%s" % (pkg.name, pkg.candidate.version)
                depends[PKGS_DOWNGRADE].append(pkg_str)
            elif pkg.marked_install and pkg.name not in installs:
                pkg_str = "%s=%s" % (pkg.name, pkg.candidate.version)
                depends[PKGS_INSTALL].append(pkg_str)
            elif pkg.marked_delete and pkg.name not in removals:
                pkg_str = "%s=%s" % (pkg.name, pkg.installed.version)
                depends[PKGS_REMOVE].append(pkg_str)
            # FIXME: add support for purges
            changes_names.append(pkg.name)
        # get the unauthenticated packages
        unauthenticated = self._get_unauthenticated()
        high_trust_packages = self._get_high_trust_packages()
        # Check for skipped upgrades
        for pkg in upgradables:
            if pkg.marked_keep:
                pkg_str = "%s=%s" % (pkg.name, pkg.candidate.version)
                depends[PKGS_KEEP].append(pkg_str)

        # apt.cache.Cache.required_download requires a clean cache. Under some
        # strange circumstances it can fail (most likely an interrupted
        # debconf question), see LP#659438
        # Running dpkg --configure -a fixes the situation
        try:
            required_download = self._cache.required_download
        except SystemError as error:
            raise TransactionFailed(ERROR_INCOMPLETE_INSTALL, str(error))

        required_space = size + self._cache.required_space

        return (depends, required_download, required_space, unauthenticated,
                high_trust_packages)

    def _check_deb_file(self, trans, path, force):
        """Perform some basic checks for the Debian package.

        :param trans: The transaction instance.

        :returns: An apt.debfile.Debfile instance.
        """
        # This code runs as root for simulate and simulate requires no
        # authentication - so we need to ensure we do not leak information
        # about files here (LP: #1449587, CVE-2015-1323)
        with set_euid_egid(trans.uid, trans.gid):
            if not os.path.isfile(path):
                raise TransactionFailed(ERROR_UNREADABLE_PACKAGE_FILE, path)

        try:
            deb = apt.debfile.DebPackage(path, self._cache)
        except IOError:
            raise TransactionFailed(ERROR_UNREADABLE_PACKAGE_FILE, path)
        except Exception as error:
            raise TransactionFailed(ERROR_INVALID_PACKAGE_FILE, str(error))
        try:
            ret = deb.check()
        except Exception as error:
            raise TransactionFailed(ERROR_DEP_RESOLUTION_FAILED, str(error))
        if not ret:
            raise TransactionFailed(ERROR_DEP_RESOLUTION_FAILED,
                                    deb._failure_string)
        return deb

    def clean(self, trans):
        """Clean the download directories.

        Keyword arguments:
        trans -- the corresponding transaction
        """
        # FIXME: Use pkgAcquire.Clean(). Currently not part of python-apt.
        trans.status = STATUS_CLEANING_UP
        archive_path = apt_pkg.config.find_dir("Dir::Cache::archives")
        for dir in [archive_path, os.path.join(archive_path, "partial")]:
            for filename in os.listdir(dir):
                if filename == "lock":
                    continue
                path = os.path.join(dir, filename)
                if os.path.isfile(path):
                    log.debug("Removing file %s", path)
                    os.remove(path)

    def add_license_key(self, trans, pkg_name, json_token, server_name):
        """Add a license key data to the given package.

        Keyword arguemnts:
        trans -- the coresponding transaction
        pkg_name -- the name of the corresponding package
        json_token -- the oauth token as json
        server_name -- the server to use (ubuntu-production, ubuntu-staging)
        """
        # set transaction state to downloading
        trans.status = STATUS_DOWNLOADING
        try:
            license_key, license_key_path = (
                self.plugins["get_license_key"][0](trans.uid, pkg_name,
                                                   json_token, server_name))
        except Exception as error:
            logging.exception("get_license_key plugin failed")
            raise TransactionFailed(ERROR_LICENSE_KEY_DOWNLOAD_FAILED,
                                    str(error))
        # ensure stuff is good
        if not license_key_path or not license_key:
            raise TransactionFailed(ERROR_LICENSE_KEY_DOWNLOAD_FAILED,
                                    _("The license key is empty"))

        # add license key if we have one
        self._add_license_key_to_system(pkg_name, license_key,
                                        license_key_path)

    def _add_license_key_to_system(self, pkg_name, license_key,
                                   license_key_path):
        # fixup path
        license_key_path = os.path.join(apt_pkg.config.find_dir("Dir"),
                                        license_key_path.lstrip("/"))

        # Check content of the key
        if (license_key.strip().startswith("#!") or
                license_key.startswith("\x7fELF")):
            raise TransactionFailed(ERROR_LICENSE_KEY_INSTALL_FAILED,
                                    _("The license key is not allowed to "
                                      "contain executable code."))
        # Check the path of the license
        license_key_path = os.path.normpath(license_key_path)
        license_key_path_rootdir = os.path.join(
            apt_pkg.config["Dir"], self.LICENSE_KEY_ROOTDIR.lstrip("/"),
            pkg_name)
        if not license_key_path.startswith(license_key_path_rootdir):
            raise TransactionFailed(ERROR_LICENSE_KEY_INSTALL_FAILED,
                                    _("The license key path %s is invalid"),
                                    license_key_path)
        if os.path.lexists(license_key_path):
            raise TransactionFailed(ERROR_LICENSE_KEY_INSTALL_FAILED,
                                    _("The license key already exists: %s"),
                                    license_key_path)
        # Symlink attacks!
        if os.path.realpath(license_key_path) != license_key_path:
            raise TransactionFailed(ERROR_LICENSE_KEY_INSTALL_FAILED,
                                    _("The location of the license key is "
                                      "unsecure since it contains symbolic "
                                      "links. The path %s maps to %s"),
                                    license_key_path,
                                    os.path.realpath(license_key_path))
        # Check if the directory already exists
        if not os.path.isdir(os.path.dirname(license_key_path)):
            raise TransactionFailed(ERROR_LICENSE_KEY_INSTALL_FAILED,
                                    _("The directory where to install the key "
                                      "to doesn't exist yet: %s"),
                                    license_key_path)
        # write it
        log.info("Writing license key to '%s'" % license_key_path)
        old_umask = os.umask(18)
        try:
            with open(license_key_path, "w") as license_file:
                license_file.write(license_key)
        except IOError:
            raise TransactionFailed(ERROR_LICENSE_KEY_INSTALL_FAILED,
                                    _("Failed to write key file to: %s"),
                                    license_key_path)
        finally:
            os.umask(old_umask)

    def _iterate_mainloop(self):
        """Process pending actions on the main loop."""
        while GLib.main_context_default().pending():
            GLib.main_context_default().iteration()

    def _iterate_packages(self, interval=1000):
        """Itarte von the packages of the cache and iterate on the
        GObject main loop time for more responsiveness.

        Keyword arguments:
        interval - the number of packages after which we iterate on the
            mainloop
        """
        for enum, pkg in enumerate(self._cache):
            if not enum % interval:
                self._iterate_mainloop()
            yield pkg

    def _get_broken_details(self, trans, now=True):
        """Return a message which provides debugging information about
        broken packages.

        This method is basically a Python implementation of apt-get.cc's
        ShowBroken.

        Keyword arguments:
        trans -- the corresponding transaction
        now -- if we check currently broken dependecies or the installation
               candidate
        """
        msg = trans.gettext("The following packages have unmet dependencies:")
        msg += "\n\n"
        for pkg in self._cache:
            if not ((now and pkg.is_now_broken) or
                    (not now and pkg.is_inst_broken)):
                continue
            msg += "%s: " % pkg.name
            if now:
                version = pkg.installed
            else:
                version = pkg.candidate
            indent = " " * (len(pkg.name) + 2)
            dep_msg = ""
            for dep in version.dependencies:
                or_msg = ""
                for base_dep in dep.or_dependencies:
                    if or_msg:
                        or_msg += "or\n"
                        or_msg += indent
                    # Check if it's an important dependency
                    # See apt-pkg/depcache.cc IsImportantDep
                    # See apt-pkg/pkgcache.cc IsCritical()
                    if not (base_dep.rawtype in ["Depends", "PreDepends",
                                                 "Obsoletes", "DpkgBreaks",
                                                 "Conflicts"] or
                            (apt_pkg.config.find_b("APT::Install-Recommends",
                                                   False) and
                            base_dep.rawtype == "Recommends") or
                            (apt_pkg.config.find_b("APT::Install-Suggests",
                                                   False) and
                             base_dep.rawtype == "Suggests")):
                        continue
                    # Get the version of the target package
                    try:
                        pkg_dep = self._cache[base_dep.name]
                    except KeyError:
                        dep_version = None
                    else:
                        if now:
                            dep_version = pkg_dep.installed
                        else:
                            dep_version = pkg_dep.candidate
                    # We only want to display dependencies which cannot
                    # be satisfied
                    if dep_version and not apt_pkg.check_dep(base_dep.version,
                                                             base_dep.relation,
                                                             version.version):
                        break
                    or_msg = "%s: %s " % (base_dep.rawtype, base_dep.name)
                    if base_dep.version:
                        or_msg += "(%s %s) " % (base_dep.relation,
                                                base_dep.version)
                    if self._cache.is_virtual_package(base_dep.name):
                        or_msg += trans.gettext("but it is a virtual package")
                    elif not dep_version:
                        if now:
                            or_msg += trans.gettext("but it is not installed")
                        else:
                            or_msg += trans.gettext("but it is not going to "
                                                    "be installed")
                    elif now:
                        # TRANSLATORS: %s is a version number
                        or_msg += (trans.gettext("but %s is installed") %
                                   dep_version.version)
                    else:
                        # TRANSLATORS: %s is a version number
                        or_msg += (trans.gettext("but %s is to be installed") %
                                   dep_version.version)
                else:
                    # Only append an or-group if at least one of the
                    # dependencies cannot be satisfied
                    if dep_msg:
                        dep_msg += indent
                    dep_msg += or_msg
                    dep_msg += "\n"
            msg += dep_msg
        return msg

    def is_reboot_required(self):
        """If a reboot is required to get all changes into effect."""
        return os.path.exists(os.path.join(apt_pkg.config.find_dir("Dir"),
                                           "var/run/reboot-required"))

    def set_config(self, option, value, filename=None):
        """Write a configuration value to file."""
        if option in ["AutoUpdateInterval", "AutoDownload",
                      "AutoCleanInterval", "UnattendedUpgrade"]:
            self._set_apt_config(option, value, filename)
        elif option == "PopConParticipation":
            self._set_popcon_pariticipation(value)

    def _set_apt_config(self, option, value, filename):
        config_writer = ConfigWriter()
        cw.set_value(option, value, filename)
        apt_pkg.init_config()

    def _set_popcon_participation(self, participate):
        if participate in [True, 1, "yes"]:
            value = "yes"
        else:
            value = "no"
        if os.path.exists(_POPCON_PATH):
            # read the current config and replace the corresponding settings
            # FIXME: Check if the config file is a valid bash script and
            #        contains the host_id
            with open(_POPCON_PATH) as conf_file:
                old_config = conf_file.read()
            config = re.sub(r'(PARTICIPATE=*)(".+?")',
                            '\\1"%s"' % value,
                            old_config)
        else:
            # create a new popcon config file
            m = md5()
            m.update(open("/dev/urandom", "r").read(1024))
            config = _POPCON_DEFAULT % {"host_id": m.hexdigest(),
                                        "participate": value}

        with open(_POPCON_PATH, "w") as conf_file:
            conf_file.write(config)

    def get_config(self, option):
        """Return a configuration value."""
        if option == "AutoUpdateInterval":
            key = "APT::Periodic::Update-Package-Lists"
            return apt_pkg.config.find_i(key, 0)
        elif option == "AutoDownload":
            key = "APT::Periodic::Download-Upgradeable-Packages"
            return apt_pkg.config.find_b(key, False)
        elif option == "AutoCleanInterval":
            key = "APT::Periodic::AutocleanInterval"
            return apt_pkg.config.find_i(key, 0)
        elif option == "UnattendedUpgrade":
            key = "APT::Periodic::Unattended-Upgrade"
            return apt_pkg.config.find_b(key, False)
        elif option == "GetPopconParticipation":
            return self._get_popcon_pariticipation()

    def _get_popcon_participation(self):
        # FIXME: Use a script to evaluate the configuration:
        #       #!/bin/sh
        #       . /etc/popularitiy-contest.conf
        #       . /usr/share/popularitiy-contest/default.conf
        #       echo $PARTICIAPTE $HOST_ID
        if os.path.exists(_POPCON_PATH):
            with open(_POPCON_PATH) as conf_file:
                config = conf_file.read()
            match = re.match("\nPARTICIPATE=\"(yes|no)\"", config)
            if match and match[0] == "yes":
                return True
        return False

    def get_trusted_vendor_keys(self):
        """Return a list of trusted GPG keys."""
        return [key.keyid for key in apt.auth.list_keys()]


# vim:ts=4:sw=4:et

Zerion Mini Shell 1.0