def attempt_auto_attach(cfg: UAConfig, cloud: AutoAttachCloudInstance): try: with lock.SpinLock(cfg=cfg, lock_holder="ua.daemon.attempt_auto_attach"): actions.auto_attach(cfg, cloud) except exceptions.LockHeldError as e: LOG.error(e) cfg.add_notice( "", messages.NOTICE_DAEMON_AUTO_ATTACH_LOCK_HELD.format( operation=e.lock_holder), ) LOG.debug("Failed to auto attach") return except Exception as e: LOG.exception(e) cfg.add_notice("", messages.NOTICE_DAEMON_AUTO_ATTACH_FAILED) lock.clear_lock_file_if_present() LOG.debug("Failed to auto attach") return LOG.debug("Successful auto attach")
def prompt_for_affected_packages( cfg: UAConfig, issue_id: str, affected_pkg_status: Dict[str, CVEPackageStatus], installed_packages: Dict[str, Dict[str, str]], usn_released_pkgs: Dict[str, Dict[str, Dict[str, str]]], dry_run: bool, ) -> FixStatus: """Process security CVE dict returning a CVEStatus object. Since CVEs point to a USN if active, get_notice may be called to fill in CVE title details. :returns: An FixStatus enum value corresponding to the system state after processing the affected packages """ count = len(affected_pkg_status) print_affected_packages_header(issue_id, affected_pkg_status) if count == 0: return FixStatus.SYSTEM_NON_VULNERABLE fix_message = messages.SECURITY_ISSUE_RESOLVED.format(issue=issue_id) src_pocket_pkgs = defaultdict(list) binary_pocket_pkgs = defaultdict(list) pkg_index = 0 pkg_status_groups = group_by_usn_package_status( affected_pkg_status, usn_released_pkgs ) unfixed_pkgs = [] for status_value, pkg_status_group in sorted(pkg_status_groups.items()): if status_value != "released": fix_message = messages.SECURITY_ISSUE_NOT_RESOLVED.format( issue=issue_id ) print( _format_packages_message( pkg_status_list=pkg_status_group, pkg_index=pkg_index, num_pkgs=count, ) ) pkg_index += len(pkg_status_group) unfixed_pkgs += [src_pkg for src_pkg, _ in pkg_status_group] else: for src_pkg, pkg_status in pkg_status_group: src_pocket_pkgs[pkg_status.pocket_source].append( (src_pkg, pkg_status) ) for binary_pkg, version in installed_packages[src_pkg].items(): usn_released_src = usn_released_pkgs.get(src_pkg, {}) if binary_pkg not in usn_released_src: unfixed_pkgs += [ src_pkg for src_pkg, _ in pkg_status_group ] msg = ( "{issue} metadata defines no fixed version for" " {pkg}.\n".format(pkg=binary_pkg, issue=issue_id) ) msg += _format_unfixed_packages_msg(unfixed_pkgs) raise exceptions.SecurityAPIMetadataError( msg, issue_id ) fixed_pkg = usn_released_src[binary_pkg] fixed_version = fixed_pkg["version"] # type: ignore if not version_cmp_le(fixed_version, version): binary_pocket_pkgs[pkg_status.pocket_source].append( binary_pkg ) released_pkgs_install_result = _handle_released_package_fixes( cfg=cfg, src_pocket_pkgs=src_pocket_pkgs, binary_pocket_pkgs=binary_pocket_pkgs, pkg_index=pkg_index, num_pkgs=count, dry_run=dry_run, ) unfixed_pkgs += released_pkgs_install_result.unfixed_pkgs if unfixed_pkgs: print(_format_unfixed_packages_msg(unfixed_pkgs)) if released_pkgs_install_result.fix_status: # fix_status is True if either: # (1) we successfully installed all the packages we needed to # (2) we didn't need to install any packages # In case (2), then all_already_installed is also True if released_pkgs_install_result.all_already_installed: # we didn't install any packages, so we're good print(util.handle_unicode_characters(fix_message)) return ( FixStatus.SYSTEM_STILL_VULNERABLE if unfixed_pkgs else FixStatus.SYSTEM_NON_VULNERABLE ) elif util.should_reboot( installed_pkgs=released_pkgs_install_result.installed_pkgs ): # we successfully installed some packages, but # system reboot-required. This might be because # or our installations. reboot_msg = messages.ENABLE_REBOOT_REQUIRED_TMPL.format( operation="fix operation" ) print(reboot_msg) cfg.add_notice("", reboot_msg) print( util.handle_unicode_characters( messages.SECURITY_ISSUE_NOT_RESOLVED.format(issue=issue_id) ) ) return FixStatus.SYSTEM_VULNERABLE_UNTIL_REBOOT else: # we successfully installed some packages, and the system # reboot-required flag is not set, so we're good print(util.handle_unicode_characters(fix_message)) return ( FixStatus.SYSTEM_STILL_VULNERABLE if unfixed_pkgs else FixStatus.SYSTEM_NON_VULNERABLE ) else: print( util.handle_unicode_characters( messages.SECURITY_ISSUE_NOT_RESOLVED.format(issue=issue_id) ) ) return FixStatus.SYSTEM_STILL_VULNERABLE