def testOriginMatcherSimple(self):
test_pkgs = set()
for pkg in self.cache:
if pkg.candidate and pkg.candidate.origins:
if [l.archive for l in pkg.candidate.origins
if l.archive == "xenial-security"]:
test_pkgs.add(pkg.name)
self.assertTrue(len(test_pkgs) > 0)
ul = UpdateList(None, dist="xenial")
for pkgname in test_pkgs:
pkg = self.cache[pkgname]
self.assertTrue(ul._is_security_update(pkg),
"pkg '%s' is not in xenial-security" % pkg.name)
def fillstore(self):
# populate the list
self.list = UpdateList(self)
self.list.update(self.cache)
origin_list = sorted(self.list.pkgs,
key=operator.attrgetter("importance"),
reverse=True)
for (i, origin) in enumerate(origin_list):
self.checkbox_tree_updates.append(origin.description,
selected=True)
for pkg in self.list.pkgs[origin]:
self.checkbox_tree_updates.addItem(pkg.name,
(i, snackArgs['append']),
pkg,
selected=True)
def apt_check():
apt_pkg.init()
cache = apt_pkg.Cache(apt.progress.base.OpProgress())
depcache = apt_pkg.DepCache(cache)
if depcache.broken_count > 0:
raise SystemExit("Error: BrokenCount > 0")
try:
from UpdateManager.Core.UpdateList import UpdateList
ul = UpdateList(None)
except ImportError:
ul = None
# This mimics an upgrade but will never remove anything
depcache.upgrade(True)
if depcache.del_count > 0:
# Unmark (clean) all changes from the given depcache
depcache.init()
depcache.upgrade()
with apt.Cache() as aptcache:
for pkg in cache.packages:
if not depcache.marked_install(pkg) and \
not depcache.marked_upgrade(pkg):
continue
inst_ver = pkg.current_ver
cand_ver = depcache.get_candidate_ver(pkg)
if cand_ver == inst_ver:
continue
security = False
phased = False
if isSecurityUpgrade(cand_ver):
security = True
elif inst_ver:
# Check for security updates that are masked by a candidate
# version from another repo (-proposed or -updates)
for ver in pkg.version_list:
if apt_pkg.version_compare(ver.ver_str, inst_ver.ver_str) \
> 0 and isSecurityUpgrade(ver):
security = True
break
if ul is not None and \
ul._is_ignored_phased_update(aptcache[pkg.name]):
phased = True
yield Upgrade(
package=pkg.name,
installed=inst_ver.ver_str if inst_ver else None,
candidate=cand_ver.ver_str,
security=security,
phased=phased,
)
def testOriginMatcherWithVersionInUpdatesAndSecurity(self):
# empty dpkg status
self.cache.open(apt.progress.base.OpProgress())
# find test packages set
test_pkgs = set()
for pkg in self.cache:
# only test on native arch
if ":" in pkg.name:
continue
# check if the candidate origin is -updates (but not also
# -security, often packages are available in both)
if pkg.candidate is not None:
# ensure that the origin is not in -updates and -security
is_in_updates = False
is_in_security = False
had_security = False
for v in pkg.candidate.origins:
# test if the package is not in both updates and security
if v.archive == "xenial-updates":
is_in_updates = True
elif v.archive == "xenial-security":
is_in_security = True
# ensure that the package actually has any version in -security
for v in pkg.versions:
for (pkgfile, _unused) in v._cand.file_list:
o = apt.package.Origin(pkg, pkgfile)
if o.archive == "xenial-security":
had_security = True
break
if (is_in_updates and
not is_in_security and
had_security and
len(pkg._pkg.version_list) > 2):
test_pkgs.add(pkg.name)
self.assertTrue(len(test_pkgs) > 0,
"no suitable test package found that has a version in "
"both -security and -updates and where -updates is "
"newer")
# now test if versions in -security are detected
ul = UpdateList(None, dist="xenial")
for pkgname in test_pkgs:
pkg = self.cache[pkgname]
self.assertTrue(ul._is_security_update(pkg),
"package '%s' from xenial-updates contains also a "
"(not yet installed) security update, but it is "
"not labeled as such" % pkg.name)
# now check if it marks the version with -update if the -security
# version is installed
for pkgname in test_pkgs:
pkg = self.cache[pkgname]
# FIXME: make this more inteligent (picking the version from
# -security
sec_ver = pkg._pkg.version_list[1]
self.dpkg_status.write("Package: %s\n"
"Status: install ok installed\n"
"Installed-Size: 1\n"
"Version: %s\n"
"Architecture: all\n"
"Description: foo\n\n"
% (pkg.name, sec_ver.ver_str))
self.dpkg_status.flush()
self.cache.open()
for pkgname in test_pkgs:
pkg = self.cache[pkgname]
self.assertIsNotNone(pkg._pkg.current_ver,
"no package '%s' installed" % pkg.name)
candidate_version = getattr(pkg.candidate, "version", None)
self.assertFalse(ul._is_security_update(pkg),
"package '%s' (%s) from xenial-updates is "
"labelled as a security update even though we "
"have marked this version as installed already" %
(pkg.name, candidate_version))
def run(options=None):
# we are run in "are security updates installed automatically?"
# question mode
if options.security_updates_unattended:
res = apt_pkg.config.find_i("APT::Periodic::Unattended-Upgrade", 0)
#print(res)
sys.exit(res)
# get caches
try:
cache = apt_pkg.Cache(apt.progress.base.OpProgress())
except SystemError as e:
sys.stderr.write("E: "+ _("Error: Opening the cache (%s)") % e)
sys.exit(-1)
depcache = apt_pkg.DepCache(cache)
# read the synaptic pins too
if os.path.exists(SYNAPTIC_PINFILE):
depcache.read_pinfile(SYNAPTIC_PINFILE)
depcache.init()
if depcache.broken_count > 0:
sys.stderr.write("E: "+ _("Error: BrokenCount > 0"))
sys.exit(-1)
# do the upgrade (not dist-upgrade!)
try:
saveDistUpgrade(cache,depcache)
except SystemError as e:
sys.stderr.write("E: "+ _("Error: Marking the upgrade (%s)") % e)
sys.exit(-1)
# analyze the ugprade
upgrades = 0
security_updates = 0
# we need another cache that has more pkg details
with apt.Cache() as aptcache:
for pkg in cache.packages:
# skip packages that are not marked upgraded/installed
if not (depcache.marked_install(pkg) or depcache.marked_upgrade(pkg)):
continue
# check if this is really a upgrade or a false positive
# (workaround for ubuntu #7907)
inst_ver = pkg.current_ver
cand_ver = depcache.get_candidate_ver(pkg)
if cand_ver == inst_ver:
continue
# check for security upgrades
if isSecurityUpgrade(cand_ver):
upgrades += 1
security_updates += 1
continue
# check to see if the update is a phased one
try:
from UpdateManager.Core.UpdateList import UpdateList
ul = UpdateList(None)
ignored = ul._is_ignored_phased_update(aptcache[pkg.name])
if ignored:
depcache.mark_keep(pkg)
continue
except ImportError:
pass
upgrades = upgrades + 1
# now check for security updates that are masked by a
# canidate version from another repo (-proposed or -updates)
for ver in pkg.version_list:
if (inst_ver and apt_pkg.version_compare(ver.ver_str, inst_ver.ver_str) <= 0):
#print("skipping '%s' " % ver.VerStr)
continue
if isSecurityUpgrade(ver):
security_updates += 1
break
# print the number of upgrades
if options and options.show_package_names:
write_package_names(sys.stderr, cache, depcache)
elif options and options.readable_output:
write_human_readable_summary(sys.stdout, upgrades, security_updates)
else:
# print the number of regular upgrades and the number of
# security upgrades
sys.stderr.write("%s;%s" % (upgrades,security_updates))
# return the number of upgrades (if its used as a module)
return(upgrades,security_updates)
