o =Wbp4 @s$ddlZddlZddlmZmZmZmZmZddlm Z m Z m Z m Z m Z mZmZddlmZmZddlmZddlmZddgZd Zd Zd d d ZdZe Z ddedeeeddfddZ   d deedeedeeeddfddZ!dedeefddZ"GdddeZ#ddZ$dS)!N)AnyDictListOptionalTuple)apt event_logger exceptionsmessagessnapstatusutil)IncompatibleService UAEntitlement)ApplicationStatus)StaticAffordanceg?g?z http-proxyz https-proxyz)Invalid Auth-Token provided to livepatch.z2Your running kernel is not supported by Livepatch.)zUnknown Auth-Tokenzunsupported kernelz/snap/bin/canonical-livepatch protocol_type retry_sleepsreturncCs,ttsdStjtdd|g|ddS)a Unset livepatch configuration settings for http and https proxies. :param protocol_type: String either http or https :param retry_sleeps: Optional list of sleep lengths to apply between retries. Specifying a list of [0.5, 1] tells subp to retry twice on failure; sleeping half a second before the first retry and 1 second before the second retry. Nconfigz {}-proxy=r)r which LIVEPATCH_CMDsubpformat)rrrA/usr/lib/python3/dist-packages/uaclient/entitlements/livepatch.pyunconfigure_livepatch_proxy s  r http_proxy https_proxycCsb|s|rttjjtjd|rtjt dd|g|d|r/tjt dd|g|ddSdS)a Configure livepatch to use http and https proxies. :param http_proxy: http proxy to be used by livepatch. If None, it will not be configured :param https_proxy: https proxy to be used by livepatch. If None, it will not be configured :@param retry_sleeps: Optional list of sleep lengths to apply between snap calls )servicerz http-proxy={}rzhttps-proxy={}N) eventinfor ZSETTING_SERVICE_PROXYrLivepatchEntitlementtitler rrrrrrrrconfigure_livepatch_proxy4s" r&keycCs\ttdg\}}td||tj}|r|dnd}|r&tdd|}|r,| SdS)z Gets the config value from livepatch. :param protocol: can be any valid livepatch config option :return: the value of the livepatch config option, or None if not set rz ^{}: (.*)$Nz\"(.*)\"z\g<1>) r rrresearchr MULTILINEgroupsubstrip)r'out_matchvaluerrrget_config_option_valueWs r3c seZdZdZdZdZdZedee dffddZ edee dffd d Z dd e de fd dZ dde de de fddZdddZdeeeejffddZ ddeeefdeeefde de ffdd ZZS)r#z%https://ubuntu.com/security/livepatchZ livepatchZ LivepatchzCanonical Livepatch servicer.cCs0ddlm}ddlm}t|tjt|tjfS)NrFIPSEntitlement)RealtimeKernelEntitlement)uaclient.entitlements.fipsr5Zuaclient.entitlements.realtimer6rr ZLIVEPATCH_INVALIDATES_FIPSZREALTIME_LIVEPATCH_INCOMPATIBLE)selfr5r6rrrincompatible_servicesms  z*LivepatchEntitlement.incompatible_servicescsPddlm}||j}t|dtjktjdddftj fdddffS)Nrr4cSstSN)r Z is_containerrrrrsz9LivepatchEntitlement.static_affordances..FcsSr:rrZis_fips_enabledrrr;s) r7r5cfgboolapplication_statusrENABLEDr Z$LIVEPATCH_ERROR_INSTALL_ON_CONTAINERZ!LIVEPATCH_ERROR_WHEN_FIPS_ENABLED)r8r5Zfips_entrr<rstatic_affordances|s   z'LivepatchEntitlement.static_affordancesFsilentc Csttjs?tdttjzt Wnt j y2}zt dt|WYd}~nd}~wwtjgddtjdndtvrNt jtj|jdztjtjd d d gdd Wn%t jy}ztd t|rvt tjnWYd}~nd}~wwtd|jjtj}td|jjtj}tj ||tj!dtt"stdztjtjddgdtj!dWnt jy}zt j#t|dd}~wwt$|||j%dddS)zYEnable specific entitlement. @return: True on success, False otherwise. zInstalling snapdz intersectionanyrLr"rXrQ) r8rcrdreZdelta_entitlementZprocess_enable_defaultZenable_successr0r?Zdelta_directivesZsupported_deltasrJrK __class__rrrk,s2        z,LivepatchEntitlement.process_contract_deltas)F)TT)__name__ __module__ __qualname__Z help_doc_urlrXr$ descriptionpropertyrrr9rrAr>rSrQr_rrr rbr?rrNrrk __classcell__rrrorr#fs@B 8    r#cCs|sdS|didi}|d}|r"tjtdd|gdd|d d }|d r3|dd }|rDtjtdd |gdddSdS)aProcess livepatch configuration directives. We process caCerts before remoteServer because changing remote-server in the canonical-livepatch CLI performs a PUT against the new server name. If new caCerts were required for the new remoteServer, this canonical-livepatch client PUT could fail on unmatched old caCerts. @raises: ProcessExecutionError if unable to configure livepatch. Nrfrgrhrz ca-certs={}TrHrir`/zremote-server={})rWr rrrendswith)r=rgZca_certsZ remote_serverrrrrY\s*      rYr:)NNN)%rLr)typingrrrrrZuaclientrrr r r r r Zuaclient.entitlements.baserrZuaclient.statusrZuaclient.typesrraZHTTP_PROXY_OPTIONZHTTPS_PROXY_OPTIONr\rZget_event_loggerr!rNfloatrr&r3r#rYrrrrsN$      # w