0x1949 Team - FAZEMRX - MANAGER

Edit File: livepatch.py

import datetime import enum import json import logging import re from functools import lru_cache from typing import List, Optional, Tuple from uaclient import event_logger, exceptions, messages, system, util from uaclient.data_types import ( BoolDataValue, DataObject, Field, IncorrectTypeError, StringDataValue, data_list, ) from uaclient.files import state_files from uaclient.http import serviceclient HTTP_PROXY_OPTION = "http-proxy" HTTPS_PROXY_OPTION = "https-proxy" LIVEPATCH_CMD = "/snap/bin/canonical-livepatch" LIVEPATCH_API_V1_KERNELS_SUPPORTED = "/v1/api/kernels/supported" event = event_logger.get_event_logger() LOG = logging.getLogger(util.replace_top_level_logger_name(__name__)) @enum.unique class LivepatchSupport(enum.Enum): SUPPORTED = object() KERNEL_UPGRADE_REQUIRED = object() KERNEL_EOL = object() UNSUPPORTED = object() UNKNOWN = object() class LivepatchPatchFixStatus(DataObject): fields = [ Field("name", StringDataValue, required=False, dict_key="Name"), Field("patched", BoolDataValue, required=False, dict_key="Patched"), ] def __init__( self, name: Optional[str], patched: Optional[bool], ): self.name = name self.patched = patched class LivepatchPatchStatus(DataObject): fields = [ Field("state", StringDataValue, required=False, dict_key="State"), Field( "fixes", data_list(LivepatchPatchFixStatus), required=False, dict_key="Fixes", ), Field("version", StringDataValue, required=False, dict_key="Version"), ] def __init__( self, state: Optional[str], fixes: Optional[List[LivepatchPatchFixStatus]], version: Optional[str], ): self.state = state self.fixes = fixes self.version = version class LivepatchStatusStatus(DataObject): fields = [ Field("kernel", StringDataValue, required=False, dict_key="Kernel"), Field( "livepatch", LivepatchPatchStatus, required=False, dict_key="Livepatch", ), Field( "supported", StringDataValue, required=False, dict_key="Supported", ), ] def __init__( self, kernel: Optional[str], livepatch: Optional[LivepatchPatchStatus], supported: Optional[str], ): self.kernel = kernel self.livepatch = livepatch self.supported = supported class LivepatchStatus(DataObject): fields = [ Field( "status", data_list(LivepatchStatusStatus), required=False, dict_key="Status", ), ] def __init__( self, status: Optional[List[LivepatchStatusStatus]], ): self.status = status def status() -> Optional[LivepatchStatusStatus]: if not is_livepatch_installed(): LOG.debug("canonical-livepatch is not installed") return None try: out, _ = system.subp( [LIVEPATCH_CMD, "status", "--verbose", "--format", "json"] ) except exceptions.ProcessExecutionError as e: # only raise an error if there is a legitimate problem, not just lack # of enablement if "Machine is not enabled" in e.stderr: LOG.warning(e.stderr) return None LOG.warning( "canonical-livepatch returned error when checking status:\n%s", exc_info=e, ) raise e try: status_json = json.loads(out) except json.JSONDecodeError as e: LOG.warning( "JSONDecodeError while parsing livepatch status, returning None. " 'output was: "%s"', out, exc_info=e, ) return None try: status_root = LivepatchStatus.from_dict(status_json) except IncorrectTypeError: LOG.warning( "canonical-livepatch status returned unexpected structure: %s", out, ) return None if status_root.status is None or len(status_root.status) < 1: LOG.debug("canonical-livepatch has no status") return None return status_root.status[0] def _convert_str_to_livepatch_support_status( status_str: Optional[str], ) -> Optional[LivepatchSupport]: if status_str == "supported": return LivepatchSupport.SUPPORTED if status_str == "kernel-upgrade-required": return LivepatchSupport.KERNEL_UPGRADE_REQUIRED if status_str == "kernel-end-of-life": return LivepatchSupport.KERNEL_EOL if status_str == "unsupported": return LivepatchSupport.UNSUPPORTED if status_str == "unknown": return LivepatchSupport.UNKNOWN return None class UALivepatchClient(serviceclient.UAServiceClient): cfg_url_base_attr = "livepatch_url" def is_kernel_supported( self, version: str, flavor: str, arch: str, codename: str, build_date: Optional[datetime.datetime], ) -> Optional[LivepatchSupport]: query_params = { "kernel-version": version, "flavour": flavor, "architecture": arch, "codename": codename, "build-date": ( build_date.isoformat() if build_date is not None else "unknown" ), } headers = self.headers() try: response = self.request_url( LIVEPATCH_API_V1_KERNELS_SUPPORTED, query_params=query_params, headers=headers, ) except Exception as e: LOG.warning("error while checking livepatch supported kernels API") LOG.warning(e) return None if response.code != 200: LOG.warning("livepatch supported kernels API was unsuccessful") LOG.warning(response.body) return None api_supported_val = response.json_dict.get("Supported") if api_supported_val is None or isinstance(api_supported_val, bool): # old version, True means supported, None means unsupported if api_supported_val: return LivepatchSupport.SUPPORTED return LivepatchSupport.UNSUPPORTED # new version, value is a string return _convert_str_to_livepatch_support_status(api_supported_val) def _on_supported_kernel_cli() -> Optional[LivepatchSupport]: try: lp_status = status() except exceptions.ProcessExecutionError: return None if lp_status is None: return None return _convert_str_to_livepatch_support_status(lp_status.supported) def _on_supported_kernel_cache( version: str, flavor: str, arch: str, codename: str ) -> Tuple[bool, Optional[bool]]: """Check local cache of kernel support :return: (is_cache_valid, result) """ try: cache_data = state_files.livepatch_support_cache.read() except Exception: cache_data = None if cache_data is not None: one_week_ago = datetime.datetime.now( datetime.timezone.utc ) - datetime.timedelta(days=7) if all( [ cache_data.cached_at > one_week_ago, # less than one week old cache_data.version == version, cache_data.flavor == flavor, cache_data.arch == arch, cache_data.codename == codename, ] ): if cache_data.supported is None: LOG.warning("livepatch kernel support cache has None value") return (True, cache_data.supported) return (False, None) def _on_supported_kernel_api( version: str, flavor: str, arch: str, codename: str, build_date: Optional[datetime.datetime], ) -> Optional[LivepatchSupport]: supported = UALivepatchClient().is_kernel_supported( version=version, flavor=flavor, arch=arch, codename=codename, build_date=build_date, ) # cache response as a bool/None before returning cache_supported = None if supported == LivepatchSupport.SUPPORTED: cache_supported = True elif supported == LivepatchSupport.UNSUPPORTED: cache_supported = False state_files.livepatch_support_cache.write( state_files.LivepatchSupportCacheData( version=version, flavor=flavor, arch=arch, codename=codename, supported=cache_supported, cached_at=datetime.datetime.now(datetime.timezone.utc), ) ) if supported is None: LOG.warning("livepatch kernel support API response was ambiguous") return supported @lru_cache(maxsize=None) def on_supported_kernel() -> LivepatchSupport: """ Checks CLI, local cache, and API in that order for kernel support If all checks fail to return an authoritative answer, we return None """ # first check cli cli_says = _on_supported_kernel_cli() if cli_says is not None: LOG.debug("using livepatch cli for support") return cli_says # gather required system info to query support kernel_info = system.get_kernel_info() if ( kernel_info.flavor is None or kernel_info.major is None or kernel_info.minor is None ): LOG.warning( "unable to determine enough kernel information to " "check livepatch support" ) return LivepatchSupport.UNKNOWN arch = util.standardize_arch_name(kernel_info.uname_machine_arch) codename = system.get_release_info().series lp_api_kernel_ver = "{major}.{minor}".format( major=kernel_info.major, minor=kernel_info.minor ) # second check cache is_cache_valid, cache_says = _on_supported_kernel_cache( lp_api_kernel_ver, kernel_info.flavor, arch, codename ) if is_cache_valid: LOG.debug("using livepatch support cache") if cache_says is None: return LivepatchSupport.UNKNOWN if cache_says: return LivepatchSupport.SUPPORTED if not cache_says: return LivepatchSupport.UNSUPPORTED # finally check api LOG.debug("using livepatch support api") api_says = _on_supported_kernel_api( lp_api_kernel_ver, kernel_info.flavor, arch, codename, kernel_info.build_date, ) if api_says is None: return LivepatchSupport.UNKNOWN return api_says def unconfigure_livepatch_proxy( protocol_type: str, retry_sleeps: Optional[List[float]] = None ) -> None: """ Unset livepatch configuration settings for http and https proxies. :param protocol_type: String either http or https :param retry_sleeps: Optional list of sleep lengths to apply between retries. Specifying a list of [0.5, 1] tells subp to retry twice on failure; sleeping half a second before the first retry and 1 second before the second retry. """ if not is_livepatch_installed(): return system.subp( [LIVEPATCH_CMD, "config", "{}-proxy=".format(protocol_type)], retry_sleeps=retry_sleeps, ) def configure_livepatch_proxy( http_proxy: Optional[str] = None, https_proxy: Optional[str] = None, retry_sleeps: Optional[List[float]] = None, ) -> None: """ Configure livepatch to use http and https proxies. :param http_proxy: http proxy to be used by livepatch. If None, it will not be configured :param https_proxy: https proxy to be used by livepatch. If None, it will not be configured :@param retry_sleeps: Optional list of sleep lengths to apply between snap calls """ from uaclient.entitlements import LivepatchEntitlement if http_proxy or https_proxy: event.info( messages.SETTING_SERVICE_PROXY.format( service=LivepatchEntitlement.title ) ) if http_proxy: system.subp( [LIVEPATCH_CMD, "config", "http-proxy={}".format(http_proxy)], retry_sleeps=retry_sleeps, ) if https_proxy: system.subp( [LIVEPATCH_CMD, "config", "https-proxy={}".format(https_proxy)], retry_sleeps=retry_sleeps, ) def get_config_option_value(key: str) -> Optional[str]: """ Gets the config value from livepatch. :param key: can be any valid livepatch config option :return: the value of the livepatch config option, or None if not set """ out, _ = system.subp([LIVEPATCH_CMD, "config"]) match = re.search("^{}: (.*)$".format(key), out, re.MULTILINE) value = match.group(1) if match else None if value: # remove quotes if present value = re.sub(r"\"(.*)\"", r"\g<1>", value) return value.strip() if value else None def is_livepatch_installed() -> bool: return system.which(LIVEPATCH_CMD) is not None