o K&bA @s$ddlZddlZddlZddlZddlZddlZddlmZmZm Z ddl m Z m Z m Z mZmZdZdZdZdZdZd Zd Zd Zd Zd ZdZdZgdZe ZddZde de ej!fddZ"difdee de e de ee e fde fddZ#ifde ee e fde fddZ$ddifdee de ee de e de ee e fde f d d!Z%d"e d#e d$e d%ee d&e ddf d'd(Z&d)d*Z'd+d,Z( dCd"e d#e d&e ddfd-d.Z)d/e ddfd0d1Z*d2d3Z+d4d5Z,d6d7Z-d8d9Z.dd:d;d<Z/dee fd=d>Z0 dDd?e e d@e e ddfdAdBZ1dS)EN)DictListOptional) event_logger exceptionsgpgmessagesutilgN@z # ubuntu-advantage-toolszDir::Etc::netrc/zDir::Etc::netrcparts/zDir::State::lists/z$Acquire::http::Proxy "{proxy_url}"; z%Acquire::https::Proxy "{proxy_url}"; z/etc/apt/trusted.gpg.dz/usr/share/keyringsz/usr/lib/apt/methods/httpsz /usr/sbin/update-ca-certificatesz//etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy)g?g@g$@c Cs|d\}}tjdsdSz0t!}tjddd||||tj |dgt t dWdWdS1s8wYWdSt j yy}z-|jdkrpt|j}td |rbt d |td |rpt d |t d d}~wtjyt dt |w)aValidate apt credentials for a PPA. @param repo_url: private-ppa url path @param username: PPA login username. @param password: PPA login password or resource token. @raises: UserFacingError for invalid credentials, timeout or unexpected errors. ://z/usr/lib/apt/apt-helperNz download-filez{}://{}:{}@{}/ubuntu/pool/zapt-helper-output)Ztimeout retry_sleepsdz401\s+unauthorized|httperror401z'Invalid APT credentials provided for {}zconnection timed outz-Timeout trying to access APT repository at {}z7Unexpected APT error. See /var/log/ubuntu-advantage.logzVCannot validate credentials for APT repo. Timeout after {} seconds trying to reach {}.)splitospathexiststempfileZTemporaryDirectoryr subpformatjoinAPT_HELPER_TIMEOUT APT_RETRIESrProcessExecutionErrorZ exit_codestrstderrlowerresearchUserFacingError subprocessZTimeoutExpired)repo_urlusernamepasswordZprotocol repo_pathZtmpderr$./usr/lib/python3/dist-packages/uaclient/apt.pyassert_valid_apt_credentials!sT   &   r& apt_errorreturncCsd}t}|dD]}|r*td|}|r*d|ddd}||q |rBtjj t |dkr8d nd d t |d }|S) aAParse apt update errors for invalid apt config in user machine. This functions parses apt update errors regarding the presence of invalid apt config in the system, for example, a ppa that cannot be reached, for example. In that scenario, apt will output a message in the following formats: The repository 'ppa 404 Release' ... Failed to fetch ppa 404 ... On some releases, both of these errors will be present in the apt error message. :param apt_error: The apt error string :return: a NamedMessage containing the error message N z2(Failed to fetch |The repository .)(?P[^\s]+)z- urlz/distsrs)plural failed_repos) setstripr rr groupdictaddrZAPT_UPDATE_INVALID_URL_CONFIGrlenrsorted)r' error_msgr/lineZ pattern_matchZrepo_url_matchr$r$r%(_parse_apt_update_for_invalid_apt_configUs$  r8cmdr6envc Csztj|dt|d\}}W|StjyB}z'dt|jvr"t t|j}|r1tj |j d|r5|nt|}t |d}~ww)aRun an apt command, retrying upon failure APT_RETRIES times. :param cmd: List containing the apt command to run, passed to subp. :param error_msg: The string to raise as UserFacingError when all retries are exhausted in failure. :param env: Optional dictionary of environment variables to pass to subp. :return: stdout from successful run of the apt command. :raise UserFacingError: on issues running apt-cache policy. T)Zcapturer r:z%Could not get lock /var/lib/dpkg/lock)r6N) r rrrrrrAPTProcessConflictErrorr8APTInvalidRepoErrormsgr)r9r6r:out_errr#Zrepo_error_msgr=r$r$r%run_apt_commands$   r@c Csz tddg|d}W|Stjyttjy*}ztj|jdd}~wtjyF}ztjtj jd|jtj j dd}~ww)Napt-getupdate)r9r:)repo_msgr))r=Zmsg_code) r@rr;ZAPTUpdateProcessConflictErrorr<ZAPTUpdateInvalidRepoErrorr=rrZAPT_UPDATE_FAILEDname)r:r>r#r$r$r%run_apt_update_commands rEpackages apt_optionsc Csr|durg}ztgd||||d}W|Stjy$tj|dtjy8}ztj|j|dd}~ww)N)rAinstallz --assume-yes)r9r6r:) header_msg)rCrI)r@rr;ZAPTInstallProcessConflictErrorr<ZAPTInstallInvalidRepoErrorr=)rFrGr6r:r>r#r$r$r%run_apt_install_commands* rJ repo_filenamer credentialssuites keyring_filecCs0z |d\}}Wn tyd}|}Ynwtd}|dr(|dd}t|||d}tdd gtjj } | D]} d || vrGq=d | vrLq=d }d } |D]"} || vrZqSd } d| vrk|skt d| |d} | dj | || d7} qSt|| t|||tjt|}tjt|}t||dS)zAdd an authenticated apt repo and credentials to the system. @raises: InvalidAPTCredentialsError when the token provided can't access the repo PPA. :Zbearerseries/NFz apt-cachepolicyz a={}-updatesz o=Ubuntu,Tr-z-updatesz?Not enabling apt suite "%s" because "%s-updates" is not enabledz# zQ{maybe_comment}deb {url}/ubuntu {suite} main # deb-src {url}/ubuntu {suite} main ) maybe_commentr*suite)r ValueErrorr get_platform_infoendswithr&r@rZAPT_POLICY_FAILEDr= splitlinesrloggingdebug write_fileadd_apt_auth_conf_entryrrr KEYRINGS_DIR APT_KEYS_DIRrZexport_gpg_key)rKrrLrMrNr r!rPZupdates_enabledrSr7contentrUrTZsource_keyring_fileZdestination_keyring_filer$r$r%add_auth_apt_reposX           rac Cst}|d\}}|dr|dd}tj|r!t|}nd}dj|||t d}d}g} | D]+} t d | } | rZ| d } | |krO| |d }q4| |vrZ| |d }| | q4|sg| || dtj|d | d ddS)zBAdd or replace an apt auth line in apt's auth.conf file or conf.d.r rQNrRr-z;machine {repo_path}/ login {login} password {password}{cmt})r"loginr!ZcmtFz$machine\s+(?P[.\-\w]+)/?.*rTr)mode)!get_apt_auth_file_from_apt_configr rXrrrr load_filerAPT_AUTH_COMMENTrYrmatchgroupappendr\r) rrbr! apt_auth_file _protocolr"Z orig_contentZrepo_auth_lineZadded_new_authZ new_linesr7Z machine_matchZ matched_repor$r$r%r]sB             r]cs|d\}}|dr|dd}t}tj|rGt|}dj|dd fdd | D}|s=t |dStj ||d d dSdS) z+Remove a repo from the shared apt auth filer rQNrRzmachine {repo_path}/ login)r"r)csg|]}|vr|qSr$r$).0r7Z auth_prefixr$r% Fsz2remove_repo_from_apt_auth_file..rcrd) r rXrfrrrr rgrrrYunlinkr\)rrmr"rlZapt_authr`r$ror%remove_repo_from_apt_auth_file<s     rrcCs2t||rtjt|}t|t|dS)z>Remove an authenticated apt repo and credentials to the systemN)r Zdel_filerrrr_rr)rKrrNr$r$r%remove_auth_apt_repoNs   rsfilenamecCs6tj|rt|}|dd}t||dSdS)z0Uncomment commented deb lines in the given file.z# deb zdeb N)rrrr rgreplacer\)rtZ file_contentr$r$r%restore_commented_apt_list_fileYs   rvcCsPtd}|d\}}|dr|dd}dj|||d}t||dS)z.Add an apt preferences file and pin for a PPA.rPr rQNrRzHPackage: * Pin: release o={origin}, n={series} Pin-Priority: {priority} )originpriorityrP)r rWr rXrr\)Zapt_preference_filerrwrxrPrmr"r`r$r$r%add_ppa_pinningas   rycCsVtdddtg\}}|r|dddStdddtg\}}|dddS)z7Return to patch to the system configured APT auth file. apt-configshellkey'r+z90ubuntu-advantagerQ)r rAPT_CONFIG_AUTH_PARTS_DIRr APT_CONFIG_AUTH_FILErstrip)r>r?r$r$r%rfqs  rfc Cs~|d\}}|dr|dd}d}tdddtg\}}|r(|d d }|dd }tttj ||d |S) zEList any apt files in APT_CONFIG_LISTS_DIR given repo_url and series.r rQNrRz/var/lib/apt/listsrzr{r|r}r+_z _dists_{}*) r rXr rAPT_CONFIG_LISTS_DIRrur5globrrrr)rrPrmr"Z lists_dirr>r?Zaptlist_filenamer$r$r%find_apt_list_filess   rcCs*t||D] }tj|rt|qdS)z?Remove any apt list files present for this repo_url and series.N)rrrrrq)rrPrr$r$r%remove_apt_list_filess   r) _entitlementscCsddlm}|durddlm}|jD]:}t||sq|jj|jd}|j j|jd}t j |rrr$r$r%get_installed_packagessr http_proxy https_proxycCs|s|rttjjddd}|r|tj|d7}|r$|tj|d7}|dkr-tj|}|dkr8t t dSt t |dS)a Writes an apt conf file that configures apt to use the proxies provided as args. If both args are None, then no apt conf file is written. If this function previously wrote a conf file, and was run again with both args as None, the existing file is removed. :param http_proxy: the url of the http proxy apt should use, or None :param https_proxy: the url of the https proxy apt should use, or None :return: None ZAPT)servicer-)Z proxy_urlN) eventrrZSETTING_SERVICE_PROXYrAPT_CONFIG_PROXY_HTTPAPT_CONFIG_PROXY_HTTPSZAPT_PROXY_CONFIG_HEADERr Z remove_fileAPT_PROXY_CONF_FILEr\)rrZapt_proxy_configr$r$r%setup_apt_proxys r)N)NN)2rrZrrrrtypingrrrrrrrrr rrhrr~rrrr_r^ZAPT_METHOD_HTTPS_FILEZCA_CERTIFICATES_FILErrZget_event_loggerrr&rZ NamedMessager8r@rErJrar]rrrsrvryrfrrrrrr$r$r$r%s4 / "'   ?)