diff --git a/0001-fix-shell-command-return-error-and-update-register-function.patch b/0001-fix-shell-command-return-error-and-update-register-function.patch deleted file mode 100644 index 969fcb8e08e88989cdf85fbf71abdbcf2b3e385b..0000000000000000000000000000000000000000 --- a/0001-fix-shell-command-return-error-and-update-register-function.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 2bd159509f6d74710bf28ff50a08e9f20887c002 Mon Sep 17 00:00:00 2001 -From: rabbitali -Date: Tue, 25 Apr 2023 10:29:32 +0800 -Subject: [PATCH] fix shell command return error and update register function -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - ceres/function/command.py | 10 +++++++++- - ceres/function/register.py | 10 ++++------ - ceres/function/schema.py | 2 +- - ceres/function/util.py | 8 ++------ - 4 files changed, 16 insertions(+), 14 deletions(-) - -diff --git a/ceres/function/command.py b/ceres/function/command.py -index df1c5ae..d84177e 100644 ---- a/ceres/function/command.py -+++ b/ceres/function/command.py -@@ -132,6 +132,9 @@ def collect_command_manage(args): - if not validate_data(data, STRING_ARRAY): - exit(1) - print(json.dumps(Collect.collect_file(data))) -+ else: -+ print("Please check the input parameters!") -+ exit(1) - - - def plugin_command_manage(args): -@@ -152,7 +155,9 @@ def plugin_command_manage(args): - print(json.dumps(change_collect_items(data))) - elif args.info: - print(json.dumps(Collect.get_plugin_info())) -- -+ else: -+ print("Please check the input parameters!") -+ exit(1) - - def cve_command_manage(args): - if args.set_repo: -@@ -180,3 +185,6 @@ def cve_command_manage(args): - status_code, cve_fix_result = VulnerabilityManage().cve_fix(data.get("cves")) - res = StatusCode.make_response_body((status_code, {"result": cve_fix_result})) - print(json.dumps(res)) -+ else: -+ print("Please check the input parameters!") -+ exit(1) -\ No newline at end of file -diff --git a/ceres/function/register.py b/ceres/function/register.py -index 8176df8..f8ee397 100644 ---- a/ceres/function/register.py -+++ b/ceres/function/register.py -@@ -77,12 +77,10 @@ def register(register_info: dict) -> int: - LOGGER.error(e) - return HTTP_CONNECT_ERROR - -- if ret.status_code != SUCCESS: -+ if ret.status_code != requests.codes["ok"]: - LOGGER.warning(ret.text) - return ret.status_code - -- ret_data = json.loads(ret.text) -- if ret_data.get('code') == SUCCESS: -- return SUCCESS -- LOGGER.error(ret_data) -- return int(ret_data.get('code')) -+ if ret.json().get('label') != SUCCESS: -+ LOGGER.error(ret.text) -+ return ret.json().get('label') -diff --git a/ceres/function/schema.py b/ceres/function/schema.py -index e7e4ce7..f8541aa 100644 ---- a/ceres/function/schema.py -+++ b/ceres/function/schema.py -@@ -133,6 +133,6 @@ CVE_FIX_SCHEMA = { - HOST_INFO_SCHEMA = { - "type": "array", - "items": { -- "enum": ["os", "cpu", "memory"] -+ "enum": ["os", "cpu", "memory", "disk"] - } - } -diff --git a/ceres/function/util.py b/ceres/function/util.py -index 73a0014..42cebe2 100644 ---- a/ceres/function/util.py -+++ b/ceres/function/util.py -@@ -159,12 +159,8 @@ def get_dict_from_file(file_path: str) -> dict: - try: - with open(file_path, "r") as f: - data = json.load(f) -- except FileNotFoundError: -- LOGGER.error('file not found') -- data = {} -- except json.decoder.JSONDecodeError: -- LOGGER.error('Json conversion error, the file content' -- ' structure is not json format.') -+ except (IOError, ValueError) as error: -+ LOGGER.error(error) - data = {} - if not isinstance(data, dict): - data = {} --- -Gitee - diff --git a/0001-revise-the-query-method-for-installed-kernel-package.patch b/0001-revise-the-query-method-for-installed-kernel-package.patch new file mode 100644 index 0000000000000000000000000000000000000000..a4c1407e44bb973df2b515c4091a515c9e35e95c --- /dev/null +++ b/0001-revise-the-query-method-for-installed-kernel-package.patch @@ -0,0 +1,57 @@ +From 0e84a02e690017f62fc42f3ea1597a4e40c2ec66 Mon Sep 17 00:00:00 2001 +From: wang-guangge +Date: Mon, 23 Oct 2023 21:37:39 +0800 +Subject: [PATCH] revise the query method for installed kernel packages + +--- + hotpatch/updateinfo_parse.py | 26 +++++++++++++++++++++++++- + 1 file changed, 25 insertions(+), 1 deletion(-) + +diff --git a/hotpatch/updateinfo_parse.py b/hotpatch/updateinfo_parse.py +index 7395dc6..4322eee 100644 +--- a/hotpatch/updateinfo_parse.py ++++ b/hotpatch/updateinfo_parse.py +@@ -286,8 +286,14 @@ class HotpatchUpdateInfo(object): + # check whether the relevant target required package is installed on this machine + if not inst_pkgs: + return ++ # for kernel rpm, inst_pkgs is based on the kernel version of the current system ++ if required_pkg_name == "kernel": ++ inst_pkgs = [self.get_kernel_version_of_system()] + for inst_pkg in inst_pkgs: +- inst_pkg_vere = '%s-%s' % (inst_pkg.version, inst_pkg.release) ++ if isinstance(inst_pkg, str): ++ inst_pkg_vere = inst_pkg.rsplit(".", 1)[0] ++ else: ++ inst_pkg_vere = '%s-%s' % (inst_pkg.version, inst_pkg.release) + if not self.version.larger_than(required_pkg_vere, inst_pkg_vere): + hotpatch.state = self.UNRELATED + elif required_pkg_vere != inst_pkg_vere: +@@ -304,6 +310,24 @@ class HotpatchUpdateInfo(object): + hotpatch.state = self.INSTALLABLE + return + ++ def get_kernel_version_of_system(self) -> str: ++ """ ++ Get the kernel version of current system, according to the command of 'uname -r'. ++ ++ Returns: ++ str: kernel version ++ """ ++ cmd = ["uname", "-r"] ++ kernel_version = '' ++ kernel_version, return_code = cmd_output(cmd) ++ # 'uname -r' show the kernel version-release.arch of the current system ++ # [root@openEuler hotpatch]# uname -r ++ # 5.10.0-136.12.0.86.oe2203sp1.x86_64 ++ if return_code != SUCCEED: ++ return kernel_version ++ kernel_version = kernel_version.split('\n')[0] ++ return kernel_version ++ + def _parse_and_store_from_xml(self, updateinfoxml: str): + """ + Parse and store hotpatch update information from xxx-updateinfo.xml.gz +-- +2.33.0 + diff --git a/0002-fix-hotpatch-fail-show-succeed-bug.patch b/0002-fix-hotpatch-fail-show-succeed-bug.patch deleted file mode 100644 index 7cdee44c5691b4e8920e55470df8bc7f2251800b..0000000000000000000000000000000000000000 --- a/0002-fix-hotpatch-fail-show-succeed-bug.patch +++ /dev/null @@ -1,51 +0,0 @@ -From af168dfd4886d994060af0d3a17f417d7d08daa2 Mon Sep 17 00:00:00 2001 -From: young <954906362@qq.com> -Date: Tue, 9 May 2023 11:07:47 +0800 -Subject: [PATCH] fix hotpatch fail show succeed bug -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - ceres/manages/vulnerability_manage.py | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py -index 12c3bc1..a353dab 100644 ---- a/ceres/manages/vulnerability_manage.py -+++ b/ceres/manages/vulnerability_manage.py -@@ -151,8 +151,10 @@ class VulnerabilityManage: - scan_result = get_shell_data( - ["dnf", "updateinfo", "list", "cves", "--repo", repo_id]) - is_dnf_command = False -- -- for scan_info in scan_result.strip().split("\n")[2:]: -+ # scan_result e.g. -+ # Last metadata expiration check: 4:31:51 ago on Tue 09 May 2023 05:50:28 AM CST. -+ # CVE-2021-32675 Low/sec.- - -+ for scan_info in scan_result.strip().split("\n")[1:]: - cve = re.findall(r"CVE-[\d]{4}-[\d]+", scan_info)[0] - result_list.append({ - "cve_id": cve, -@@ -221,7 +223,8 @@ class VulnerabilityManage: - command_execute_result: output from command execution - - """ -- if cve.get("hotpatch"): -+ hotpatch = cve.get("hotpatch") -+ if hotpatch: - commond_args = ["dnf", "hotupgrade", - f"--cve={cve.get('cve_id')}", "-y"] - else: -@@ -233,4 +236,7 @@ class VulnerabilityManage: - LOGGER.error(f"Failed to fix cve {cve.get('cve_id')} by dnf") - res = 'Host has no command dnf' - -- return "Apply hot patch succeed" in res or "Complete" in res, res -+ if hotpatch: -+ return "Apply hot patch succeed" in res, res -+ else: -+ return "Complete" in res, res --- -Gitee - diff --git a/0002-update-query-installed-rpm-func.patch b/0002-update-query-installed-rpm-func.patch new file mode 100644 index 0000000000000000000000000000000000000000..26a33e7641115dbfa51448d9b30a317794351c89 --- /dev/null +++ b/0002-update-query-installed-rpm-func.patch @@ -0,0 +1,55 @@ +From 6d64fbb6c5645b582d7d84f81719abe66a6e021e Mon Sep 17 00:00:00 2001 +From: rabbitali +Date: Tue, 24 Oct 2023 16:30:33 +0800 +Subject: [PATCH 1/1] update query_installed_rpm func + +--- + ceres/manages/vulnerability_manage.py | 25 ++++++++++++------------- + 1 file changed, 12 insertions(+), 13 deletions(-) + +diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py +index 983451c..c41a7fa 100644 +--- a/ceres/manages/vulnerability_manage.py ++++ b/ceres/manages/vulnerability_manage.py +@@ -150,26 +150,25 @@ class VulnerabilityManage: + """ + rpm_info = {} + # Example of command execution result: +- # "kernel-tools":"kernel-tools-5.10.0-60.92.0.116.oe2203.aarch64", +- # "kernel-headers":"kernel-headers-5.10.0-60.92.0.116.oe2203.aarch64", +- # "kernel-devel":"kernel-devel-5.10.0-60.92.0.116.oe2203.aarch64", +- # "kernel":"kernel-5.10.0-60.92.0.116.oe2203.aarch64", ++ # openldap:openldap-2.4.50-6.oe1.x86_64 ++ # kernel:kernel-4.19.90-2310.3.0.0222.oe1.x86_64 ++ # systemtap-runtime:systemtap-runtime-4.3-2.oe1.x86_64 ++ # perl-Net-SSLeay:perl-Net-SSLeay-1.88-5.oe1.x86_64 ++ # powertop:powertop-2.9-12.oe1.x86_64 ++ # libusbx:libusbx-1.0.23-1.oe1.x86_64 + code, stdout, _ = execute_shell_command( + """ +- rpm -qa --queryformat '"%{NAME}":"%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}",' ++ rpm -qa --queryformat '%{NAME}:%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' + """ + ) +- if code != CommandExitCode.SUCCEED: +- LOGGER.error("query installed packages info failed!") +- return rpm_info +- +- try: +- rpm_info = json.loads(f"{{{stdout[:-1]}}}") +- except json.decoder.JSONDecodeError as error: +- LOGGER.error(error) ++ if code != CommandExitCode.SUCCEED or not stdout: + LOGGER.error("query installed packages info failed!") + return rpm_info + ++ for line in stdout.splitlines(): ++ rpm_name, new_rpm_info = line.split(":",1) ++ old_rpm_info = rpm_info.get(rpm_name, "") ++ rpm_info[rpm_name] = new_rpm_info if new_rpm_info > old_rpm_info else old_rpm_info + LOGGER.debug("query installed rpm package info succeed!") + return rpm_info + +-- +2.33.0 + diff --git a/0003-optimize-register-func.patch b/0003-optimize-register-func.patch deleted file mode 100644 index 2cb82ffefb470309f470659692dccdb83e3b82a0..0000000000000000000000000000000000000000 --- a/0003-optimize-register-func.patch +++ /dev/null @@ -1,32 +0,0 @@ -From e627084922fdead376e16cfc05b555f2d2b114ea Mon Sep 17 00:00:00 2001 -From: rabbitali -Date: Mon, 8 May 2023 11:24:25 +0800 -Subject: [PATCH] optimize register func - ---- - ceres/function/command.py | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -diff --git a/ceres/function/command.py b/ceres/function/command.py -index d84177e..e9bb25e 100644 ---- a/ceres/function/command.py -+++ b/ceres/function/command.py -@@ -47,14 +47,12 @@ def register_on_manager(args: argparse.Namespace) -> NoReturn: - Returns: - NoReturn - """ -- if args.data: -+ if args.data is not None: - register_info = register_info_to_dict(args.data) - else: - register_info = get_dict_from_file(args.path) -- if register_info.get('ceres_host') is not None: -- update_ini_data_value(CERES_CONFIG_PATH, -- 'ceres', 'port', register_info.get('ceres_host')) -- if register(register_info) == SUCCESS: -+ -+ if register_info and register(register_info) == SUCCESS: - print('Register Success') - else: - print('Register Fail') --- diff --git a/aops-ceres-v1.2.0.tar.gz b/aops-ceres-v1.2.0.tar.gz deleted file mode 100644 index d40fc75b38ca7ff720b61c65f546a950fdc02170..0000000000000000000000000000000000000000 Binary files a/aops-ceres-v1.2.0.tar.gz and /dev/null differ diff --git a/aops-ceres-v1.3.3.tar.gz b/aops-ceres-v1.3.3.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..d4d5ef633f240d7c3a8973805265a985bb085099 Binary files /dev/null and b/aops-ceres-v1.3.3.tar.gz differ diff --git a/aops-ceres.spec b/aops-ceres.spec index 713b7e1161f61e6a14179c1ab0cb704263b1c78e..fccab0bf3d00dd697b87d8d46df62ce8e56df154 100644 --- a/aops-ceres.spec +++ b/aops-ceres.spec @@ -1,13 +1,12 @@ Name: aops-ceres -Version: v1.2.0 -Release: 4 +Version: v1.3.3 +Release: 3 Summary: An agent which needs to be adopted in client, it managers some plugins, such as gala-gopher(kpi collection), fluentd(log collection) and so on. License: MulanPSL2 URL: https://gitee.com/openeuler/%{name} Source0: %{name}-%{version}.tar.gz -Patch0001: 0001-fix-shell-command-return-error-and-update-register-function.patch -Patch0002: 0002-fix-hotpatch-fail-show-succeed-bug.patch -Patch0003: 0003-optimize-register-func.patch +Patch0001: 0001-revise-the-query-method-for-installed-kernel-package.patch +Patch0002: 0002-update-query-installed-rpm-func.patch BuildRequires: python3-setuptools @@ -21,6 +20,15 @@ Conflicts: aops-agent An agent which needs to be adopted in client, it managers some plugins, such as gala-gopher(kpi collection), fluentd(log collection) and so on. +%package -n dnf-hotpatch-plugin +Summary: dnf hotpatch plugin +Requires: python3-hawkey python3-dnf syscare >= 1.1.0 + + +%description -n dnf-hotpatch-plugin +dnf hotpatch plugin, it's about hotpatch query and fix + + %prep %autosetup -n %{name}-%{version} -p1 @@ -33,6 +41,10 @@ An agent which needs to be adopted in client, it managers some plugins, such as %py3_install +# install for aops-dnf-plugin +cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/ + + %files %doc README.* %attr(0644,root,root) %{_sysconfdir}/aops/ceres.conf @@ -42,7 +54,69 @@ An agent which needs to be adopted in client, it managers some plugins, such as %{_bindir}/aops-ceres +%files -n dnf-hotpatch-plugin +%{python3_sitelib}/dnf-plugins/* + + %changelog +* Tue Oct 24 2023 wenxin - v1.3.3-3 +- update query_installed_rpm func + +* Mon Oct 23 2023 wangguangge - v1.3.3-2 +- revise the query method for installed kernel packages + +* Wed Oct 11 2023 wenxin - v1.3.3-1 +- add hotpatch plugin + +* Wed Sep 20 2023 wenxin - v1.3.2-1 +- fix query fixed cves info error by dnf + +* Tue Sep 19 2023 wenxin - v1.3.1-5 +- update func about querying applied hotpatch info + +* Tue Sep 19 2023 wenxin - v1.3.1-4 +- update method of querying fixed cves by dnf plugin + +* Wed Sep 13 2023 wenxin - v1.3.1-3 +- add file sync func + +* Wed Sep 13 2023 wenxin - v1.3.1-2 +- update func named set_hotpatch_status_by_dnf_plugin + +* Mon Sep 11 2023 zhuyuncheng - v1.3.1-1 +- update rollback task logic, better returned log +- update status code and return None when installed_rpm or available_rpm is empty + +* Wed Aug 30 2023 wenxin - v1.3.0-3 +- update query disk info func + +* Tue Aug 29 2023 wenxin - v1.3.0-2 +- fix bug: repeated display of vulnerabilities fixed by hotpatch + +* Tue Aug 29 2023 wenxin - v1.3.0-1 +- update vulnerability scanning method and vulnerability fix method + +* Fri Jun 30 2023 wenxin - v1.2.1-7 +- update release + +* Fri Jun 30 2023 gongzhengtang - v1.2.1-6 +- Match the correctly applied hot patches + +* Wed Jun 21 2023 wenxin - v1.2.1-5 +- update hostpatch info query func + +* Fri Jun 09 2023 wenxin - v1.2.1-4 +- fix issue: cve fix result doesn't match log + +* Fri Jun 02 2023 wenxin - v1.2.1-3 +- update cve scan and cve fix + +* Thu Jun 01 2023 wenxin - v1.2.1-2 +- modify the return result when no hot patch is matched + +* Tue May 23 2023 wenixn - v1.2.1-1 +- the client supports hot patch cve rollback + * Thu May 11 2023 wenixn - v1.2.0-4 - fix hotpatch fail show succeed bug