Skip to content

Commit

Permalink
Add candidate version check to security status
Browse files Browse the repository at this point in the history
Fixes: #3184
  • Loading branch information
dheyay committed Sep 10, 2024
1 parent 42e09fe commit 20a23de
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 7 deletions.
1 change: 1 addition & 0 deletions features/schemas/ua_security_status.json
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@
"type": "string",
"enum": [
"upgrade_available",
"upgrade_available_lower_priority",
"pending_attach",
"pending_enable",
"upgrade_unavailable"
Expand Down
23 changes: 21 additions & 2 deletions uaclient/security_status.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
get_apt_cache_datetime,
get_apt_pkg_cache,
get_esm_apt_pkg_cache,
get_pkg_candidate_version,
)
from uaclient.config import UAConfig
from uaclient.entitlements import ESMAppsEntitlement, ESMInfraEntitlement
Expand All @@ -39,6 +40,7 @@
class UpdateStatus(Enum):
"Represents the availability of a security package."
AVAILABLE = "upgrade_available"
AVAILABLE_LOWER_PRIORITY = "upgrade_available_lower_priority"
UNATTACHED = "pending_attach"
NOT_ENABLED = "pending_enable"
UNAVAILABLE = "upgrade_unavailable"
Expand Down Expand Up @@ -256,20 +258,37 @@ def get_livepatch_fixed_cves() -> List[Dict[str, Any]]:
return []


@lru_cache(maxsize=None)
def _is_candidate_version(pkg: str, version: str) -> bool:
"""Returns True if the version is a candidate version."""
candidate_version = get_pkg_candidate_version(pkg, check_esm_cache=True)
if candidate_version:
return version == candidate_version
return False


def create_updates_list(
upgradable_versions: DefaultDict[str, List[Tuple[apt_pkg.Version, str]]],
ua_info: Dict[str, Any],
) -> List[Dict[str, Any]]:
updates = []
for service, version_list in upgradable_versions.items():
status = get_update_status(service, ua_info)
current_update_status = get_update_status(service, ua_info)
for version, origin in version_list:
is_candidate = _is_candidate_version(
version.parent_pkg.name, version.ver_str
)
update_status = (
current_update_status
if is_candidate
else UpdateStatus.AVAILABLE_LOWER_PRIORITY.value
)
updates.append(
{
"package": version.parent_pkg.name,
"version": version.ver_str,
"service_name": service,
"status": status,
"status": update_status,
"origin": origin,
"download_size": version.size,
}
Expand Down
35 changes: 30 additions & 5 deletions uaclient/tests/test_security_status.py
Original file line number Diff line number Diff line change
Expand Up @@ -508,8 +508,10 @@ def test_filter_updates_when_esm_disabled(self, m_esm_cache):
)
@mock.patch(M_PATH + "filter_updates")
@mock.patch(M_PATH + "get_apt_pkg_cache")
@mock.patch(M_PATH + "get_pkg_candidate_version", return_value=None)
def test_security_status_dict(
self,
m_pkg_candidate_version,
m_cache,
m_filter_sec_updates,
_m_get_origin,
Expand All @@ -524,9 +526,24 @@ def test_security_status_dict(
m_version = mock_version("1.0", size=123456)
m_package = mock_package("example_package", m_version)

m_cache.return_value.packages = [m_package] * 10
# Different package with version that is not candidate
m_version_2 = mock_version("2.0", size=123456)
m_package_2 = mock_package(
"example_pkg_diff_candidate_version", m_version_2
)

m_package_list = [m_package] * 10
m_package_list.append(m_package_2)
m_cache.return_value.packages = m_package_list

m_pkg_candidate_version.return_value = "1.0"

m_filter_sec_updates.return_value = {
"esm-infra": [(m_version, "some.url.for.esm")] * 2,
"esm-infra": [
(m_version, "some.url.for.esm"),
(m_version, "some.url.for.esm"),
(m_version_2, "some.url.for.esm"),
],
"esm-apps": [],
"standard-security": [],
}
Expand All @@ -553,23 +570,31 @@ def test_security_status_dict(
"origin": "some.url.for.esm",
"download_size": 123456,
},
{
"package": "example_pkg_diff_candidate_version",
"version": "2.0",
"service_name": "esm-infra",
"status": "upgrade_available_lower_priority",
"origin": "some.url.for.esm",
"download_size": 123456,
},
],
"summary": {
"ua": {
"attached": False,
"enabled_services": [],
"entitled_services": [],
},
"num_installed_packages": 10,
"num_main_packages": 10,
"num_installed_packages": 11,
"num_main_packages": 11,
"num_restricted_packages": 0,
"num_universe_packages": 0,
"num_multiverse_packages": 0,
"num_third_party_packages": 0,
"num_unknown_packages": 0,
"num_esm_infra_packages": 0,
"num_esm_apps_packages": 0,
"num_esm_infra_updates": 2,
"num_esm_infra_updates": 3,
"num_esm_apps_updates": 0,
"num_standard_security_updates": 0,
"reboot_required": "no",
Expand Down

0 comments on commit 20a23de

Please sign in to comment.