1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
|
#!/usr/bin/python3
# nice apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst
import apt
import apt_pkg
import os
import sys
from optparse import OptionParser
import re
import gettext
import distro_info
SYNAPTIC_PINFILE = "/var/lib/synaptic/preferences"
OS_RELEASE_PATH = "/etc/os-release"
PRO_ESM_CACHE_DIR = "/var/lib/ubuntu-advantage/apt-esm/"
def _get_info_from_os_release(key):
" get info directly from os-release file "
if os.path.exists(OS_RELEASE_PATH):
with open(OS_RELEASE_PATH) as f:
search_res = re.search(
r"{}=(?P<name>.*)".format(key),
f.read()
)
if search_res:
return search_res.group("name")
else:
raise Exception(
"Could not find {} in {}".format(
key, OS_RELEASE_PATH
)
)
else:
raise Exception(
"File {} was not found on the system".format(
OS_RELEASE_PATH
)
)
def get_distro():
" get distro name "
return _get_info_from_os_release(key="UBUNTU_CODENAME")
DISTRO = get_distro()
ESM_INFRA_ORIGIN = "UbuntuESM"
ESM_APPS_ORIGIN = "UbuntuESMApps"
ESM_ORIGINS = (ESM_INFRA_ORIGIN, ESM_APPS_ORIGIN)
def _(msg):
return gettext.dgettext("update-notifier", msg)
def _handleException(type, value, tb):
sys.stderr.write("E: " + _("Unknown Error: '%s' (%s)") % (type, value))
sys.exit(-1)
def get_distro_version():
" get distro version "
return _get_info_from_os_release(key="VERSION_ID").replace('"', "")
def clean(cache, depcache):
" unmark (clean) all changes from the given depcache "
# mvo: looping is too inefficient with the new auto-mark code
# for pkg in cache.Packages:
# depcache.MarkKeep(pkg)
depcache.init()
def saveDistUpgrade(cache, depcache):
""" this function mimics a upgrade but will never remove anything """
depcache.upgrade(True)
if depcache.del_count > 0:
clean(cache, depcache)
depcache.upgrade()
def isSecurityUpgrade(ver):
" check if the given version is a security update (or masks one) "
security_pockets = [("Ubuntu", "%s-security" % DISTRO),
(ESM_INFRA_ORIGIN, "%s-infra-security" % DISTRO),
(ESM_APPS_ORIGIN, "%s-apps-security" % DISTRO),
("gNewSense", "%s-security" % DISTRO),
("Debian", "%s-updates" % DISTRO)]
for (file, index) in ver.file_list:
for origin, archive in security_pockets:
if (file.archive == archive and file.origin == origin):
return True
return False
def _isESMUpgrade(ver, esm_origin):
" check if the given version is a security update (or masks one) "
for (file, index) in ver.file_list:
if file.origin == esm_origin and file.archive.startswith(DISTRO):
return True
return False
def isESMAppsUpgrade(ver):
" check if the given version is an ESM Apps upgrade "
return _isESMUpgrade(ver, esm_origin=ESM_APPS_ORIGIN)
def isESMInfraUpgrade(ver):
" check if the given version is an ESM Infra upgrade "
return _isESMUpgrade(ver, esm_origin=ESM_INFRA_ORIGIN)
def write_package_names(outstream, cache, depcache):
" write out package names that change to outstream "
pkgs = [pkg for pkg in cache.packages if depcache.marked_install(pkg)
or depcache.marked_upgrade(pkg)]
outstream.write("\n".join([p.name for p in pkgs]))
def is_esm_distro():
" check if the current distro is ESM or not "
ubuntu_distro = distro_info.UbuntuDistroInfo()
is_esm_supported = bool(
DISTRO in ubuntu_distro.supported_esm()
)
is_not_currently_supported = bool(
DISTRO in ubuntu_distro.unsupported()
)
return is_esm_supported and is_not_currently_supported
def is_lts_distro():
" check if the current distro is LTS or not"
return distro_info.UbuntuDistroInfo().is_lts(DISTRO)
def _output_esm_package_count(outstream, service_type, esm_pkg_count):
" output the number of packages upgrades related to esm service "
if esm_pkg_count > 0:
outstream.write("\n")
outstream.write(gettext.dngettext("update-notifier",
"%d of these updates "
"is an ESM %s "
"security update.",
"%d of these updates "
"are ESM %s "
"security updates.",
esm_pkg_count) %
(esm_pkg_count, service_type))
def _output_esm_package_alert(
outstream, service_type, disabled_pkg_count, is_esm=False
):
" output the number of upgradable packages if esm service was enabled "
outstream.write("\n")
if disabled_pkg_count > 0:
outstream.write("\n")
if is_esm:
distro_version = get_distro_version()
esm_info_url = "https://ubuntu.com/{}".format(
distro_version.replace(".", "-")
)
learn_msg_suffix = "for Ubuntu {} at\n{}".format(
distro_version, esm_info_url)
else:
learn_msg_suffix = "at https://ubuntu.com/esm"
outstream.write(gettext.dngettext("update-notifier",
"%i additional security "
"update can be applied "
"with ESM %s.\nLearn "
"more about enabling ESM %s "
"service %s",
"%i additional security "
"updates can be applied "
"with ESM %s.\nLearn "
"more about enabling "
"ESM %s service %s",
disabled_pkg_count) %
(disabled_pkg_count, service_type, service_type,
learn_msg_suffix))
else:
outstream.write("\n")
outstream.write(gettext.dgettext("update-notifier",
"Enable ESM %s to "
"receive additional future "
"security updates.") %
service_type)
outstream.write("\n")
outstream.write(
gettext.dgettext("update-notifier",
"See https://ubuntu.com/esm "
"or run: sudo pro status")
)
def _output_esm_service_status(outstream, have_esm_service, service_type):
if have_esm_service:
outstream.write(gettext.dgettext("update-notifier",
"Expanded Security Maintenance for "
"%s is enabled.") % service_type)
else:
outstream.write(gettext.dgettext("update-notifier",
"Expanded Security Maintenance for "
"%s is not enabled.") % service_type)
outstream.write("\n\n")
def write_human_readable_summary(outstream, upgrades, security_updates,
esm_infra_updates, esm_apps_updates,
have_esm_infra, have_esm_apps,
disabled_esm_infra_updates,
disabled_esm_apps_updates,
hide_esm_messages=False):
" write out human summary summary to outstream "
esm_distro = is_esm_distro()
lts_distro = is_lts_distro()
if not hide_esm_messages:
if have_esm_infra is not None and esm_distro:
_output_esm_service_status(
outstream, have_esm_infra, service_type="Infrastructure"
)
if have_esm_apps is not None and lts_distro and not esm_distro:
_output_esm_service_status(
outstream, have_esm_apps, service_type="Applications"
)
outstream.write(
gettext.dngettext("update-notifier",
"%i update can be applied immediately.",
"%i updates can be applied immediately.",
upgrades) % upgrades
)
if not hide_esm_messages:
_output_esm_package_count(
outstream, service_type="Infra", esm_pkg_count=esm_infra_updates)
_output_esm_package_count(
outstream, service_type="Apps", esm_pkg_count=esm_apps_updates)
if security_updates > 0:
outstream.write("\n")
outstream.write(gettext.dngettext("update-notifier",
"%i of these updates is a "
"standard security update.",
"%i of these updates are "
"standard security updates.",
security_updates) %
security_updates)
if any([upgrades, security_updates, esm_infra_updates, esm_apps_updates]):
outstream.write("\n")
outstream.write(gettext.dgettext("update-notifier",
"To see these additional updates "
"run: apt list --upgradable"))
if all(
[
have_esm_apps is not None,
not have_esm_apps,
lts_distro,
not esm_distro,
not hide_esm_messages,
]
):
_output_esm_package_alert(
outstream, service_type="Apps",
disabled_pkg_count=disabled_esm_apps_updates)
if all(
[
have_esm_infra is not None,
not have_esm_infra,
esm_distro,
not hide_esm_messages,
]
):
_output_esm_package_alert(
outstream, service_type="Infra",
disabled_pkg_count=disabled_esm_infra_updates,
is_esm=True
)
outstream.write("\n")
def has_disabled_esm_security_update(esm_cache, pkg, esm_origin):
" check if we have a disabled ESM security update "
inst_ver = pkg.current_ver
if not inst_ver:
return False
if pkg.name not in esm_cache:
return False
esm_update = esm_cache[pkg.name]
for version in esm_update.version_list:
for (file, index) in version.file_list:
if file.origin == esm_origin:
return True
return False
def has_disabled_esm_apps_security_update(esm_cache, pkg):
" check if we have a disabled ESM Apps security update "
return has_disabled_esm_security_update(esm_cache, pkg, ESM_APPS_ORIGIN)
def has_disabled_esm_infra_security_update(esm_cache, pkg):
" check if we have a disabled ESM Infra security update "
return has_disabled_esm_security_update(esm_cache, pkg, ESM_INFRA_ORIGIN)
def has_esm_service(cache, esm_origin):
" check if we have an enabled ESM service in the machine "
for file in cache.file_list:
origin = file.origin
if origin == esm_origin and file.archive.startswith(DISTRO):
return True
return False
def get_apt_pkg_esm_cache():
"""Get an apt_pkg cache with the ubuntu-advantage-tools esm data.
Set the configuration to get the u-a-t cache, then set it back to an
empty configuration state and init again so other calls to Cache work as
expected.
"""
for key in apt_pkg.config.keys():
if re.match(r"^Acquire", key) is None:
apt_pkg.config.clear(key)
apt_pkg.config.set("Dir", PRO_ESM_CACHE_DIR)
apt_pkg.init()
try:
esm_cache = apt_pkg.Cache(progress=None)
except apt_pkg.Error:
esm_cache = None
for key in apt_pkg.config.keys():
apt_pkg.config.clear(key)
apt_pkg.init()
return esm_cache
def init():
" init the system, be nice "
# FIXME: do a ionice here too?
os.nice(19)
apt_pkg.init()
def run(options=None):
# we are run in "are security updates installed automatically?"
# question mode
if options.security_updates_unattended:
res = apt_pkg.config.find_i("APT::Periodic::Unattended-Upgrade", 0)
# print(res)
sys.exit(res)
# get caches
try:
cache = apt_pkg.Cache(apt.progress.base.OpProgress())
except SystemError as e:
sys.stderr.write("E: " + _("Error: Opening the cache (%s)") % e)
sys.exit(-1)
depcache = apt_pkg.DepCache(cache)
# read the synaptic pins too
if os.path.exists(SYNAPTIC_PINFILE):
depcache.read_pinfile(SYNAPTIC_PINFILE)
depcache.init()
if depcache.broken_count > 0:
sys.stderr.write("E: " + _("Error: BrokenCount > 0"))
sys.exit(-1)
# do the upgrade (not dist-upgrade!)
try:
saveDistUpgrade(cache, depcache)
except SystemError as e:
sys.stderr.write("E: " + _("Error: Marking the upgrade (%s)") % e)
sys.exit(-1)
esm_cache = get_apt_pkg_esm_cache()
# Check if we have ESM enabled or disabled; and if it exists in the
# first place.
have_esm_infra = has_esm_service(cache, esm_origin=ESM_INFRA_ORIGIN)
have_esm_apps = has_esm_service(cache, esm_origin=ESM_APPS_ORIGIN)
# analyze the ugprade
upgrades = 0
security_updates = 0
esm_apps_updates = 0
esm_infra_updates = 0
disabled_esm_apps_updates = 0
disabled_esm_infra_updates = 0
# we need another cache that has more pkg details
with apt.Cache() as aptcache:
for pkg in cache.packages:
if esm_cache:
if has_disabled_esm_apps_security_update(esm_cache, pkg):
disabled_esm_apps_updates += 1
if has_disabled_esm_infra_security_update(esm_cache, pkg):
disabled_esm_infra_updates += 1
# skip packages that are not marked upgraded/installed
if not (depcache.marked_install(pkg)
or depcache.marked_upgrade(pkg)):
continue
# check if this is really a upgrade or a false positive
# (workaround for ubuntu #7907)
inst_ver = pkg.current_ver
cand_ver = depcache.get_candidate_ver(pkg)
if cand_ver == inst_ver:
continue
# check for security upgrades
if isSecurityUpgrade(cand_ver):
if have_esm_apps and isESMAppsUpgrade(cand_ver):
esm_apps_updates += 1
elif have_esm_infra and isESMInfraUpgrade(cand_ver):
esm_infra_updates += 1
else:
security_updates += 1
upgrades += 1
continue
# check to see if the update is a phased one
try:
from UpdateManager.Core.UpdateList import UpdateList
ul = UpdateList(None)
ignored = ul._is_ignored_phased_update(
aptcache[pkg.get_fullname()])
if ignored:
depcache.mark_keep(pkg)
continue
except ImportError:
pass
upgrades = upgrades + 1
# now check for security updates that are masked by a
# candidate version from another repo (-proposed or -updates)
for ver in pkg.version_list:
if (inst_ver
and apt_pkg.version_compare(ver.ver_str,
inst_ver.ver_str) <= 0):
continue
if have_esm_apps and isESMAppsUpgrade(cand_ver):
esm_apps_updates += 1
elif have_esm_infra and isESMInfraUpgrade(cand_ver):
esm_infra_updates += 1
elif isSecurityUpgrade(ver):
security_updates += 1
break
# print the number of upgrades
if options and options.show_package_names:
write_package_names(sys.stderr, cache, depcache)
elif options and options.readable_output:
write_human_readable_summary(sys.stdout, upgrades, security_updates,
esm_infra_updates, esm_apps_updates,
have_esm_infra, have_esm_apps,
disabled_esm_infra_updates,
disabled_esm_apps_updates,
options.hide_esm_messages)
else:
# print the number of regular upgrades and the number of
# security upgrades
sys.stderr.write("%s;%s" % (upgrades, security_updates))
# return the number of upgrades (if its used as a module)
return(upgrades, security_updates)
if __name__ == "__main__":
# setup a exception handler to make sure that uncaught stuff goes
# to the notifier
sys.excepthook = _handleException
# gettext
APP = "update-notifier"
DIR = "/usr/share/locale"
gettext.bindtextdomain(APP, DIR)
gettext.textdomain(APP)
# check arguments
parser = OptionParser()
parser.add_option("-p",
"--package-names",
action="store_true",
dest="show_package_names",
help=_("Show the packages that are "
"going to be installed/upgraded"))
parser.add_option("",
"--human-readable",
action="store_true",
dest="readable_output",
help=_("Show human readable output on stdout"))
parser.add_option("",
"--no-esm-messages",
action="store_true",
dest="hide_esm_messages",
help=_("Do not show esm related messages in human "
"readable output"))
parser.add_option("",
"--security-updates-unattended",
action="store_true",
help=_("Return the time in days when security updates "
"are installed unattended (0 means disabled)"))
(options, args) = parser.parse_args()
# run it
init()
run(options)
|
