%PDF- %PDF- Mini Shell
Mini Shell

Direktori : /lib/python3/dist-packages/uaclient/entitlements/__pycache__/
Current File : //lib/python3/dist-packages/uaclient/entitlements/__pycache__/livepatch.cpython-312.pyc
�

�Hcfy7���ddlZddlmZmZmZmZddlmZmZm	Z	m
Z
mZmZm
Z
mZmZddlmZmZddlmZddlmZddgZd	d
d�Zej2�Zej6ej8e��ZGd�d
e�Zd�Z y)�N)�Any�Dict�Optional�Tuple)	�api�event_logger�
exceptions�http�	livepatch�messages�snap�system�util)�EntitlementWithMessage�
UAEntitlement)�ApplicationStatus)�StaticAffordanceg�?g�?z)Invalid Auth-Token provided to livepatch.z2Your running kernel is not supported by Livepatch.)zUnknown Auth-Tokenzunsupported kernelc	���eZdZejj
ZdZejZ	ejZejZ
dZdZdZdZedeedffd��Zedeedffd��Zdefd�Zdefd	�Zd
ej8defd�Z		dd
ej8ded
edefd�Zd
ej8fd�Z dee!e"ejFffd�Z$deee"ejFffd�Z%d�Z&	dde'e(e)fde'e(e)fdedef�fd�
Z*�xZ+S)�LivepatchEntitlementrFT�return.c��ddlm}ddlm}t	|t
j�t	|t
j�fS)Nr��FIPSEntitlement)�RealtimeKernelEntitlement)�uaclient.entitlements.fipsr�uaclient.entitlements.realtimerrr�LIVEPATCH_INVALIDATES_FIPS�REALTIME_LIVEPATCH_INCOMPATIBLE)�selfrrs   �A/usr/lib/python3/dist-packages/uaclient/entitlements/livepatch.py�incompatible_servicesz*LivepatchEntitlement.incompatible_services,s=��>�L�
#���!D�!D�
�
#�)��8�8�
�	
�	
�c���ddlm}||j�}t|j	�dt
jk(��tjj|j��d�dftj�fd�dffS)Nrr)�titlec�*�tj�S�N)r�is_container�r"r �<lambda>z9LivepatchEntitlement.static_affordances.<locals>.<lambda>Ks���+�+�-�r"Fc����Sr&r()�is_fips_enableds�r r)z9LivepatchEntitlement.static_affordances.<locals>.<lambda>Ps����r")rr�cfg�bool�application_statusr�ENABLEDr�"SERVICE_ERROR_INSTALL_ON_CONTAINER�formatr$�!LIVEPATCH_ERROR_WHEN_FIPS_ENABLED)rr�fips_entr+s   @r �static_affordancesz'LivepatchEntitlement.static_affordances;s����	?�"�4�8�8�,����'�'�)�!�,�0A�0I�0I�I�
���;�;�B�B��*�*�C��.��
��:�:�'��
�

�
	
r"c��y)N�r(�rs r �enable_stepsz!LivepatchEntitlement.enable_stepsU���r"c��y)N�r(r7s r �
disable_stepsz"LivepatchEntitlement.disable_stepsXr9r"�progressc�L�|jtj�tj�sD|jdtjjd���tj�tj�sF|jdtjjd���	tjd�tj |�	tj"d�t)j*d|j,j.t(j0�}t)j*d
|j,j2t(j4�}tj6||tj8��t;j<�sF|jdtjjd���	tjd�t;jB||�|jE|dd��S#tj$rR}tjd|��|jdtjjd���Yd	}~���d	}~wwxYw#tj$rU}tjd
|��t$j'tjjd���Yd	}~���d	}~wwxYw#tj$r$}tj>tA|����d	}~wwxYw)zYEnable specific entitlement.

        @return: True on success, False otherwise.
        �info�snapd)�packagesz
snapd snapz!Failed to install snapd as a snap��exc_infozsnap install snapd��commandNzFailed to refresh snapd snapzsnap refresh snapdr
�https)�
http_proxy�https_proxy�retry_sleepszcanonical-livepatch snapzcanonical-livepatch��	error_msgT)�process_directives�
process_token)#r=r�INSTALLING_LIVEPATCHr
�is_snapd_installed�emit�INSTALLING_PACKAGESr1�
install_snapd�is_snapd_installed_as_a_snap�install_snapr	�ProcessExecutionError�LOG�warning�EXECUTING_COMMAND_FAILED�run_snapd_wait_cmd�refresh_snap�eventr?r
�validate_proxyr,rG�PROXY_VALIDATION_SNAP_HTTP_URLrH�PROXY_VALIDATION_SNAP_HTTPS_URL�configure_snap_proxy�SNAP_INSTALL_RETRIESr�is_livepatch_installed�ErrorInstallingLivepatch�str�configure_livepatch_proxy�setup_livepatch_config)rr=�erGrHs     r �_perform_enablez$LivepatchEntitlement._perform_enable[s���
	���(�7�7�8��&�&�(��M�M���4�4�;�;�W�;�M�
�
��� ��0�0�2��M�M���,�,�3�3�\�3�J�
�	
��!�!�'�*�	
����)�	����g�&��(�(��D�H�H�'�'��)L�)L�
�
��)�)��T�X�X�)�)�4�+O�+O�
��	
�!�!�!�#��2�2�	
�
�/�/�1��M�M���,�,�3�3�7�4��
�
L��!�!�"7�8�	�+�+�J��D��*�*���T�+�
�	
��]�3�3�
����?�!��L��
�
���5�5�<�<� 4�=�����
���/�/�	��K�K�6��K�C��J�J��1�1�8�8�0�9��
�
��	��8�3�3�
L� �9�9�C��F�K�K��
L�sJ�=H�(J�K,�I>�,AI9�9I>�K)�A
K$�$K)�,L#�?L�L#rLrMc	�Z�|jtj�|jjj
j
|j�}|r	t|�|r�|j
d�}|s9tj#d|j$�|jj&d}|j)�\}}|t*j,k7r[tj/d	�|jdtj0�	t3j4t6j8d
g�	t3j4t6j8d|gd�
�yy#tj$rc}tjt|�|��|jdtjj!t|����Yd}~yd}~wwxYw#tj$r*}tjt|�|��Yd}~yd}~wwxYw#tj$r}}tj:}	t<j?�D]\}
}|
t|�vs�|	|z
}	n|	tj:k(r|	t|�z
}	|jd|	�Yd}~yd}~wwxYw)aProcesss configuration setup for livepatch directives.

        :param process_directives: Boolean set True when directives should be
            processsed.
        :param process_token: Boolean set True when token should be
            processsed.
        rBr?rJNF�
resourceTokenzHNo specific resourceToken present. Using machine token as %s credentials�machineTokenz&Disabling livepatch before re-enabling�disable�enableT��capture) r=r�SETTING_UP_LIVEPATCHr,�machine_token_file�entitlements�get�name�process_config_directivesr	rUrV�errorrcrP�LIVEPATCH_UNABLE_TO_CONFIGUREr1�debugr$�
machine_tokenr.r�DISABLEDr?�LIVEPATCH_DISABLE_REATTACHr�subpr�
LIVEPATCH_CMD�LIVEPATCH_UNABLE_TO_ENABLE�
ERROR_MSG_MAP�items)rr=rLrM�entitlement_cfgrf�livepatch_tokenr.�_details�msg�
error_message�
print_messages            r rez+LivepatchEntitlement.setup_livepatch_config�s6��	���(�7�7�8��(�(�5�5�B�B�F�F��I�I�
���

�)�/�:��-�1�1�/�B�O�"��	�	�&��J�J��
#'�(�(�"8�"8��"H��+/�+B�+B�+D�(���!�%6�%?�%?�?����A�B��
�
�f�h�&I�&I�J�!��K�K��!8�!8�)� D�E�
�����,�,�h��H� ����U�3�3�
��	�	�#�a�&�1�	�-��
�
���:�:�A�A�"%�a�&�B�����
��0"�7�7�!��I�I�c�!�f�q�I�1� ��!���3�3�	
��9�9��4A�4G�4G�4I��0�M�=�$��A��.��}�,�����(�=�=�=��3�q�6�M�C��
�
�f�c�*���	
�sO�E!�%G�7(H�!G�4AG�G�H�- H�H�J*�-7J%�%;J%�%J*c��tj�sytjdg}|jtj
j
dj|����tj|d��y)zYDisable specific entitlement

        @return: True on success, False otherwise.
        Trk� rDrm)
rrar|r=r�EXECUTING_COMMANDr1�joinrr{)rr=�cmds   r �_perform_disablez%LivepatchEntitlement._perform_disable�sc��
�/�/�1���&�&�	�2������&�&�-�-�c�h�h�s�m�-�D�	
�	���C��&�r"c��tjdf}tj�s tjt
jfS	tj�}|� tjt
jfS|S#tj$rD}tjt
jj|j��fcYd}~Sd}~wwxYw)N)�livepatch_error)rr/rraryr�LIVEPATCH_NOT_ENABLED�statusr	rU�WARNING� LIVEPATCH_CLIENT_FAILURE_WARNINGr1�stderr�+LIVEPATCH_APPLICATION_STATUS_CLIENT_FAILURE)rr��livepatch_statusrfs    r r.z'LivepatchEntitlement.application_status�s���$�+�+�T�2���/�/�1�%�.�.��0N�0N�O�O�	�(�/�/�1���#�"�*�*��D�D��
��
���/�/�	�!�)�)��9�9�@�@�$%�H�H�A���
��	�s�B�C�9C�C�Cc�*�tj�}|tjjk(rKt	j
�}dtjj|j|j��fS|tjjk(rKt	j
�}dtjj|j|j��fS|tjjk(rdtjfSy)NT)�version�arch)FN)r�on_supported_kernel�LivepatchSupport�UNSUPPORTEDr�get_kernel_infor�LIVEPATCH_KERNEL_NOT_SUPPORTEDr1�
uname_release�uname_machine_arch�
KERNEL_EOL�LIVEPATCH_KERNEL_EOL�KERNEL_UPGRADE_REQUIRED�!LIVEPATCH_KERNEL_UPGRADE_REQUIRED)r�support�kernel_infos   r �enabled_warning_statusz+LivepatchEntitlement.enabled_warning_status
s����/�/�1���i�0�0�<�<�<� �0�0�2�K���7�7�>�>�'�5�5�$�7�7�?���
��i�0�0�;�;�;� �0�0�2�K���-�-�4�4�'�5�5�$�7�7�5���
��i�0�0�H�H�H���:�:��
�r"c��tj�tjjk(r$t	j
�stjSyr&)rr�r�r�rr'r�*LIVEPATCH_KERNEL_NOT_SUPPORTED_DESCRIPTIONr7s r �status_description_overridez0LivepatchEntitlement.status_description_override*s=���)�)�+��)�)�5�5�
6��'�'�)��F�F�F�r"�orig_access�deltas�allow_enablec����t�
|�|||�ry|jdi�}|jdi�jdd�}|r(|jt	j
��\}}|S|j
�\}}|tjk(ry|jdi�}	tddg�}
t|
j|	��}t|jd	d��}t||g�rxtjd
�tjt j"j%|j&���|j)t	j
�||��Sy)
a1Process any contract access deltas for this entitlement.

        :param orig_access: Dictionary containing the original
            resourceEntitlement access details.
        :param deltas: Dictionary which contains only the changed access keys
        and values.
        :param allow_enable: Boolean set True if allowed to perform the enable
            operation. When False, a message will be logged to inform the user
            about the recommended enabled service.

        :return: True when delta operations are processed; False when noop.
        T�entitlement�obligations�enableByDefaultF�
directives�caCerts�remoteServerrizANew livepatch directives or token. running setup_livepatch_config)�service)r=rLrM)�super�process_contract_deltasrrrlr�ProgressWrapperr.rry�setr-�intersection�anyrVr?r[r�#SERVICE_UPDATING_CHANGED_DIRECTIVESr1rsre)rr�r�r��delta_entitlement�process_enable_default�enable_success�_r.�delta_directives�supported_deltasrLrM�	__class__s             �r r�z,LivepatchEntitlement.process_contract_deltas3sm���$�7�*�;���M��"�J�J�}�b�9��!2�!6�!6�}�b�!I�!M�!M��u�"
��"� $���C�,?�,?�,A� B��N�A�!�!� $� 7� 7� 9���A��!2�!;�!;�;��,�0�0��r�B���	�>�:�;��!��)�)�*:�;�
���V�Z�Z���?�@�
��"�M�2�3��H�H�)�
�
�J�J��<�<�C�C� �I�I�D��
�
�.�.��,�,�.�#5�+�/��
�
r")TT)F),�__name__�
__module__�__qualname__r�urls�LIVEPATCH_HOME_PAGE�help_doc_urlrs�LIVEPATCH_TITLEr$�LIVEPATCH_DESCRIPTION�description�LIVEPATCH_HELP_TEXT�	help_text�#affordance_check_kernel_min_version�affordance_check_kernel_flavor�affordance_check_series�affordance_check_arch�propertyrrr!rr4�intr8r<rr�r-rgrer�rr�NamedMessager.r�r�rrcrr��
__classcell__)r�s@r rrs�����=�=�4�4�L��D��$�$�E��0�0�K��,�,�I�*/�'�%*�"�"��!��
�
�u�-C�S�-H�'I�
��
��
�E�*:�C�*?�$@�
��
�2�c���s��D
��(;�(;�D
��D
�R$(�"�	?��%�%�?�!�?��	?�

�?�B��)<�)<���	� �(�8�+@�+@�"A�A�	B��4�	�t�X�h�3�3�4�4�	5��@�#�	6��#�s�(�^�6��S�#�X��6��	6�

�6�6r"rc��|sy|jdi�jdi�}|jd�}|r7tjtjddj|�gd��|jd	d
�}|j
d�r|dd}|r8tjtjdd
j|�gd��yy)a�Process livepatch configuration directives.

    We process caCerts before remoteServer because changing remote-server
    in the canonical-livepatch CLI performs a PUT against the new server name.
    If new caCerts were required for the new remoteServer, this
    canonical-livepatch client PUT could fail on unmatched old caCerts.

    @raises: ProcessExecutionError if unable to configure livepatch.
    Nr�r�r��configzca-certs={}Trmr���/���zremote-server={})rrrr{rr|r1�endswith)r,r��ca_certs�
remote_servers    r rtrtls����������+�/�/��b�A�J��~�~�i�(�H������'�'���$�$�X�.�
�
�
	
��N�N�>�2�6�M����c�"�%�c�r�*�
������'�'��"�)�)�-�8�
�
�
	
�r")!�logging�typingrrrr�uaclientrrr	r
rrr
rr�uaclient.entitlements.baserr�(uaclient.entitlements.entitlement_statusr�uaclient.typesr�LIVEPATCH_RETRIESr~�get_event_loggerr[�	getLogger�replace_top_level_logger_namer�rVrrtr(r"r �<module>r�s����-�-�
�
�
�M�F�+��#�J��F�N��
�
	&��%�%�'���g���:��:�:�8�D�E��K�=�K�\
"
r"
Zerion Mini Shell 1.0