!89 Added the repair status of the cve fixed package

From: @gongzt Reviewed-by: @zhu-yuncheng Signed-off-by: @zhu-yuncheng
2023-09-20 06:20:23 +00:00 · 2023-09-20 06:20:23 +00:00 · 108afbd8f7
commit 108afbd8f7
parent adfc710b03 0a9e21d9d2
5 changed files with 133 additions and 4 deletions
--- a/0001-fix-updateinfo_parse.py-bug.patch
+++ b/0001-fix-updateinfo_parse.py-bug.patch
@ -0,0 +1,30 @@
+From 68d4c8cad42960391998868f15e2f99b40daa216 Mon Sep 17 00:00:00 2001
+From: wang-guangge <wangguangge@huawei.com>
+Date: Tue, 19 Sep 2023 13:58:04 +0800
+Subject: [PATCH] fix updateinfo_parse.py bug
+
+---
+ hotpatch/updateinfo_parse.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hotpatch/updateinfo_parse.py b/hotpatch/updateinfo_parse.py
+index 42e3814..7bfba61 100644
+--- a/hotpatch/updateinfo_parse.py
+++ b/hotpatch/updateinfo_parse.py
+@@ -279,12 +279,12 @@ class HotpatchUpdateInfo(object):
+             hotpatch(Hotpatch)
+         """
+         hotpatch.state = self.UNRELATED
+        is_find_installable_hp = False
+         for required_pkg_name, required_pkg_vere in hotpatch.required_pkgs_info.items():
+             inst_pkgs = self._inst_pkgs_query.filter(name=required_pkg_name)
+             # check whether the relevant target required package is installed on this machine
+             if not inst_pkgs:
+                 return
+-            is_find_installable_hp = False
+             for inst_pkg in inst_pkgs:
+                 inst_pkg_vere = '%s-%s' % (inst_pkg.version, inst_pkg.release)
+                 if not self.version.larger_than(required_pkg_vere, inst_pkg_vere):
+-- 
+2.33.0
+
--- a/0002-add-repair-status-of-the-cve-fixed-package.patch
+++ b/0002-add-repair-status-of-the-cve-fixed-package.patch
@ -0,0 +1,67 @@
+From 7797ac40d715c9e7d56f1d6c0053b699c42c4ac2 Mon Sep 17 00:00:00 2001
+From: gongzt <gong_zhengtang@163.com>
+Date: Tue, 19 Sep 2023 18:45:38 +0800
+Subject: Added the repair status of the cve fixed package
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ apollo/database/proxy/cve.py | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
+index 95de25c..c6d017e 100644
+--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
+@@ -1562,21 +1562,25 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
+ 
+         cve_fixed_packages = (
+             self.session.query(
+                CveHostAssociation.id,
+                 CveHostAssociation.installed_rpm,
+                 CveHostAssociation.fixed_way,
+                 func.count(CveHostAssociation.host_id).label("host_num"),
+             )
+             .filter(*filters)
+-            .group_by('installed_rpm', 'fixed_way')
+            .group_by('installed_rpm', 'fixed_way', 'id')
+             .all()
+         )
+         if not cve_fixed_packages:
+             return NO_DATA, []
+        cve_fixed_packages_status = (
+            self.session.query(CveHostAssociation.id, CveHostAssociation.hp_status).filter(*filters).all()
+        )
+ 
+-        return SUCCEED, self._cve_fixed_packages_row2dict(cve_fixed_packages)
+        return SUCCEED, self._cve_fixed_packages_row2dict(cve_fixed_packages, cve_fixed_packages_status)
+ 
+     @staticmethod
+-    def _cve_fixed_packages_row2dict(rows):
+    def _cve_fixed_packages_row2dict(rows, cve_fixed_packages_status):
+         """
+         Fixed cve package row data converted to dictionary
+         Args:
+@@ -1586,10 +1590,17 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
+             list
+         """
+         result = []
+        cve_fixed_packages_status_dict = {
+            cve_host_match.id: cve_host_match.hp_status for cve_host_match in cve_fixed_packages_status
+        }
+         for row in rows:
+            status = cve_fixed_packages_status_dict[row.id] if cve_fixed_packages_status_dict[row.id] else ""
+            fixed_way = row.fixed_way
+            if fixed_way != "coldpatch":
+                fixed_way = fixed_way + f" ({status})"
+             fixed_rpm = {
+                 "installed_rpm": row.installed_rpm,
+-                "fixed_way": row.fixed_way,
+                "fixed_way": fixed_way,
+                 "host_num": row.host_num,
+             }
+             result.append(fixed_rpm)
+-- 
+Gitee
+
--- a/aops-apollo-v1.3.0.tar.gz
+++ b/aops-apollo-v1.3.0.tar.gz
--- a/aops-apollo-v1.3.2.tar.gz
+++ b/aops-apollo-v1.3.2.tar.gz
--- a/aops-apollo.spec
+++ b/aops-apollo.spec
@ -1,6 +1,6 @@
 Name:		aops-apollo
-Version:	v1.3.0
-Release:	1
+Version:	v1.3.2
+Release:	3
 Summary:	Cve management service, monitor machine vulnerabilities and provide fix functions.
 License:	MulanPSL2
 URL:		https://gitee.com/openeuler/%{name}
@ -14,6 +14,8 @@ Requires:   python3-sqlalchemy python3-PyMySQL python3-Flask-APScheduler >= 1.11
 Requires:   python3-PyYAML python3-flask python3-gevent
 Requires:   python3-retrying python3-lxml
 Provides:   aops-apollo
+Patch0001:  0001-fix-updateinfo_parse.py-bug.patch
+Patch0002:  0002-add-repair-status-of-the-cve-fixed-package.patch


 %description
@ -21,7 +23,7 @@ Cve management service, monitor machine vulnerabilities and provide fix function

 %package -n dnf-hotpatch-plugin
 Summary: dnf hotpatch plugin
-Requires: python3-hawkey python3-dnf syscare >= 1.1.0
+Requires: python3-hawkey python3-dnf syscare >= 1.0.1

 %description -n dnf-hotpatch-plugin
 dnf hotpatch plugin, it's about hotpatch query and fix
@ -47,6 +49,8 @@ popd

 # install for aops-apollo
 %py3_install
+mkdir -p %{buildroot}/opt/aops/
+cp -r database %{buildroot}/opt/aops/

 # install for aops-apollo-tool
 pushd aops-apollo-tool
@ -63,7 +67,7 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
 %attr(0644,root,root) %{_sysconfdir}/aops/apollo_crontab.yml
 %attr(0755,root,root) %{_bindir}/aops-apollo
 %attr(0755,root,root) /usr/lib/systemd/system/aops-apollo.service
-%{python3_sitelib}/aops_apollo*.egg-info
+%{python3_sitelib}/aops_apollo*.egg-info/*
 %{python3_sitelib}/apollo/*
 %attr(0755, root, root) /opt/aops/database/*

@ -77,6 +81,34 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
 %{python3_sitelib}/aops_apollo_tool/*

 %changelog
+* Tue Sep 19 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.2-3
+- added the repair status of the cve fixed package
+
+* Tue Sep 19 2023 wangguangge<wangguangge@huawei.com> - v1.3.2-2
+- fix the updateinfo_parse.py bug
+
+* Tue Sep 19 2023 wenxin<shusheng.wen@outlook.com> - v1.3.2-1
+- fix cve scan callback error
+- fix cve-fix task generate error when it only contain coldpatches
+- add a method to querying fixed cve info for dnf plugin
+
+* Wed Sep 13 2023 zhuyuncheng<zhuyuncheng@huawei.com> -v1.3.1-5
+- fix task_cve_host return all host bug
+
+* Wed Sep 13 2023 gongzhengtang<gong_zhengtang@163.com> -v1.3.1-4
+- fixed host ip addresses are not verified in the generation task
+
+* Mon Sep 11 2023 gongzhengtang<gong_zhengtang@163.com> -v1.3.1-3
+- fixed several known issues
+- fix dnf hot-updateinfo list cves bug
+- fixed an error generated after selecting a specific rpm package
+
+* Tue Sep 5 2023 zhuyuncheng<zhuyuncheng@huawei.com> - v1.3.1-2
+- fix bug: delete host id filter when rollback in cve list interface
+
+* Tue Sep 5 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.1-1
+- cve repair tasks support rpm packet granularity
+
 * Tue Aug 29 2023 wangguangge<wangguangge@huawei.com> - v1.3.0-1
 - update the dnf hot-updateinfo, dnf hotpatch and dnf hotupgrade command
 - support the mixed management ability for coldpatches and hotpatches