def testOriginMatcherSimple(self): test_pkgs = set() for pkg in self.cache: if pkg.candidate and pkg.candidate.origins: if [l.archive for l in pkg.candidate.origins if l.archive == "xenial-security"]: test_pkgs.add(pkg.name) self.assertTrue(len(test_pkgs) > 0) ul = UpdateList(None, dist="xenial") for pkgname in test_pkgs: pkg = self.cache[pkgname] self.assertTrue(ul._is_security_update(pkg), "pkg '%s' is not in xenial-security" % pkg.name)
def fillstore(self): # populate the list self.list = UpdateList(self) self.list.update(self.cache) origin_list = sorted(self.list.pkgs, key=operator.attrgetter("importance"), reverse=True) for (i, origin) in enumerate(origin_list): self.checkbox_tree_updates.append(origin.description, selected=True) for pkg in self.list.pkgs[origin]: self.checkbox_tree_updates.addItem(pkg.name, (i, snackArgs['append']), pkg, selected=True)
def apt_check(): apt_pkg.init() cache = apt_pkg.Cache(apt.progress.base.OpProgress()) depcache = apt_pkg.DepCache(cache) if depcache.broken_count > 0: raise SystemExit("Error: BrokenCount > 0") try: from UpdateManager.Core.UpdateList import UpdateList ul = UpdateList(None) except ImportError: ul = None # This mimics an upgrade but will never remove anything depcache.upgrade(True) if depcache.del_count > 0: # Unmark (clean) all changes from the given depcache depcache.init() depcache.upgrade() with apt.Cache() as aptcache: for pkg in cache.packages: if not depcache.marked_install(pkg) and \ not depcache.marked_upgrade(pkg): continue inst_ver = pkg.current_ver cand_ver = depcache.get_candidate_ver(pkg) if cand_ver == inst_ver: continue security = False phased = False if isSecurityUpgrade(cand_ver): security = True elif inst_ver: # Check for security updates that are masked by a candidate # version from another repo (-proposed or -updates) for ver in pkg.version_list: if apt_pkg.version_compare(ver.ver_str, inst_ver.ver_str) \ > 0 and isSecurityUpgrade(ver): security = True break if ul is not None and \ ul._is_ignored_phased_update(aptcache[pkg.name]): phased = True yield Upgrade( package=pkg.name, installed=inst_ver.ver_str if inst_ver else None, candidate=cand_ver.ver_str, security=security, phased=phased, )
def testOriginMatcherWithVersionInUpdatesAndSecurity(self): # empty dpkg status self.cache.open(apt.progress.base.OpProgress()) # find test packages set test_pkgs = set() for pkg in self.cache: # only test on native arch if ":" in pkg.name: continue # check if the candidate origin is -updates (but not also # -security, often packages are available in both) if pkg.candidate is not None: # ensure that the origin is not in -updates and -security is_in_updates = False is_in_security = False had_security = False for v in pkg.candidate.origins: # test if the package is not in both updates and security if v.archive == "xenial-updates": is_in_updates = True elif v.archive == "xenial-security": is_in_security = True # ensure that the package actually has any version in -security for v in pkg.versions: for (pkgfile, _unused) in v._cand.file_list: o = apt.package.Origin(pkg, pkgfile) if o.archive == "xenial-security": had_security = True break if (is_in_updates and not is_in_security and had_security and len(pkg._pkg.version_list) > 2): test_pkgs.add(pkg.name) self.assertTrue(len(test_pkgs) > 0, "no suitable test package found that has a version in " "both -security and -updates and where -updates is " "newer") # now test if versions in -security are detected ul = UpdateList(None, dist="xenial") for pkgname in test_pkgs: pkg = self.cache[pkgname] self.assertTrue(ul._is_security_update(pkg), "package '%s' from xenial-updates contains also a " "(not yet installed) security update, but it is " "not labeled as such" % pkg.name) # now check if it marks the version with -update if the -security # version is installed for pkgname in test_pkgs: pkg = self.cache[pkgname] # FIXME: make this more inteligent (picking the version from # -security sec_ver = pkg._pkg.version_list[1] self.dpkg_status.write("Package: %s\n" "Status: install ok installed\n" "Installed-Size: 1\n" "Version: %s\n" "Architecture: all\n" "Description: foo\n\n" % (pkg.name, sec_ver.ver_str)) self.dpkg_status.flush() self.cache.open() for pkgname in test_pkgs: pkg = self.cache[pkgname] self.assertIsNotNone(pkg._pkg.current_ver, "no package '%s' installed" % pkg.name) candidate_version = getattr(pkg.candidate, "version", None) self.assertFalse(ul._is_security_update(pkg), "package '%s' (%s) from xenial-updates is " "labelled as a security update even though we " "have marked this version as installed already" % (pkg.name, candidate_version))
def run(options=None): # we are run in "are security updates installed automatically?" # question mode if options.security_updates_unattended: res = apt_pkg.config.find_i("APT::Periodic::Unattended-Upgrade", 0) #print(res) sys.exit(res) # get caches try: cache = apt_pkg.Cache(apt.progress.base.OpProgress()) except SystemError as e: sys.stderr.write("E: "+ _("Error: Opening the cache (%s)") % e) sys.exit(-1) depcache = apt_pkg.DepCache(cache) # read the synaptic pins too if os.path.exists(SYNAPTIC_PINFILE): depcache.read_pinfile(SYNAPTIC_PINFILE) depcache.init() if depcache.broken_count > 0: sys.stderr.write("E: "+ _("Error: BrokenCount > 0")) sys.exit(-1) # do the upgrade (not dist-upgrade!) try: saveDistUpgrade(cache,depcache) except SystemError as e: sys.stderr.write("E: "+ _("Error: Marking the upgrade (%s)") % e) sys.exit(-1) # analyze the ugprade upgrades = 0 security_updates = 0 # we need another cache that has more pkg details with apt.Cache() as aptcache: for pkg in cache.packages: # skip packages that are not marked upgraded/installed if not (depcache.marked_install(pkg) or depcache.marked_upgrade(pkg)): continue # check if this is really a upgrade or a false positive # (workaround for ubuntu #7907) inst_ver = pkg.current_ver cand_ver = depcache.get_candidate_ver(pkg) if cand_ver == inst_ver: continue # check for security upgrades if isSecurityUpgrade(cand_ver): upgrades += 1 security_updates += 1 continue # check to see if the update is a phased one try: from UpdateManager.Core.UpdateList import UpdateList ul = UpdateList(None) ignored = ul._is_ignored_phased_update(aptcache[pkg.name]) if ignored: depcache.mark_keep(pkg) continue except ImportError: pass upgrades = upgrades + 1 # now check for security updates that are masked by a # canidate version from another repo (-proposed or -updates) for ver in pkg.version_list: if (inst_ver and apt_pkg.version_compare(ver.ver_str, inst_ver.ver_str) <= 0): #print("skipping '%s' " % ver.VerStr) continue if isSecurityUpgrade(ver): security_updates += 1 break # print the number of upgrades if options and options.show_package_names: write_package_names(sys.stderr, cache, depcache) elif options and options.readable_output: write_human_readable_summary(sys.stdout, upgrades, security_updates) else: # print the number of regular upgrades and the number of # security upgrades sys.stderr.write("%s;%s" % (upgrades,security_updates)) # return the number of upgrades (if its used as a module) return(upgrades,security_updates)