packages/aops-apollo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!89 Added the repair status of the cve fixed package

Browse Source 
From: @gongzt 
Reviewed-by: @zhu-yuncheng 
Signed-off-by: @zhu-yuncheng
This commit is contained in:
openeuler-ci-bot 2023-09-20 06:20:23 +00:00 committed by Gitee
commit 108afbd8f7
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 133 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0001-fix-updateinfo_parse.py-bug.patch Normal file
View File

@ -0,0 +1,30 @@
From 68d4c8cad42960391998868f15e2f99b40daa216 Mon Sep 17 00:00:00 2001
From: wang-guangge <wangguangge@huawei.com>
Date: Tue, 19 Sep 2023 13:58:04 +0800
Subject: [PATCH] fix updateinfo_parse.py bug
---
hotpatch/updateinfo_parse.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hotpatch/updateinfo_parse.py b/hotpatch/updateinfo_parse.py
index 42e3814..7bfba61 100644
--- a/hotpatch/updateinfo_parse.py
+++ b/hotpatch/updateinfo_parse.py
@@ -279,12 +279,12 @@ class HotpatchUpdateInfo(object):
hotpatch(Hotpatch)
"""
hotpatch.state = self.UNRELATED
+ is_find_installable_hp = False
for required_pkg_name, required_pkg_vere in hotpatch.required_pkgs_info.items():
inst_pkgs = self._inst_pkgs_query.filter(name=required_pkg_name)
# check whether the relevant target required package is installed on this machine
if not inst_pkgs:
return
- is_find_installable_hp = False
for inst_pkg in inst_pkgs:
inst_pkg_vere = '%s-%s' % (inst_pkg.version, inst_pkg.release)
if not self.version.larger_than(required_pkg_vere, inst_pkg_vere):
--
2.33.0

67
0002-add-repair-status-of-the-cve-fixed-package.patch Normal file
View File

@ -0,0 +1,67 @@
From 7797ac40d715c9e7d56f1d6c0053b699c42c4ac2 Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Tue, 19 Sep 2023 18:45:38 +0800
Subject: Added the repair status of the cve fixed package
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/database/proxy/cve.py | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
index 95de25c..c6d017e 100644
--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
@@ -1562,21 +1562,25 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
cve_fixed_packages = (
self.session.query(
+ CveHostAssociation.id,
CveHostAssociation.installed_rpm,
CveHostAssociation.fixed_way,
func.count(CveHostAssociation.host_id).label("host_num"),
)
.filter(*filters)
- .group_by('installed_rpm', 'fixed_way')
+ .group_by('installed_rpm', 'fixed_way', 'id')
.all()
)
if not cve_fixed_packages:
return NO_DATA, []
+ cve_fixed_packages_status = (
+ self.session.query(CveHostAssociation.id, CveHostAssociation.hp_status).filter(*filters).all()
+ )
- return SUCCEED, self._cve_fixed_packages_row2dict(cve_fixed_packages)
+ return SUCCEED, self._cve_fixed_packages_row2dict(cve_fixed_packages, cve_fixed_packages_status)
@staticmethod
- def _cve_fixed_packages_row2dict(rows):
+ def _cve_fixed_packages_row2dict(rows, cve_fixed_packages_status):
"""
Fixed cve package row data converted to dictionary
Args:
@@ -1586,10 +1590,17 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
list
"""
result = []
+ cve_fixed_packages_status_dict = {
+ cve_host_match.id: cve_host_match.hp_status for cve_host_match in cve_fixed_packages_status
+ }
for row in rows:
+ status = cve_fixed_packages_status_dict[row.id] if cve_fixed_packages_status_dict[row.id] else ""
+ fixed_way = row.fixed_way
+ if fixed_way != "coldpatch":
+ fixed_way = fixed_way + f" ({status})"
fixed_rpm = {
"installed_rpm": row.installed_rpm,
- "fixed_way": row.fixed_way,
+ "fixed_way": fixed_way,
"host_num": row.host_num,
}
result.append(fixed_rpm)
--
Gitee

BIN
aops-apollo-v1.3.0.tar.gz
View File

Binary file not shown.

BIN
aops-apollo-v1.3.2.tar.gz Normal file
View File

Binary file not shown.

40
aops-apollo.spec
View File

@ -1,6 +1,6 @@
Name: aops-apollo Name: aops-apollo
Version: v1.3.0 Version: v1.3.2
Release: 1 Release: 3
Summary: Cve management service, monitor machine vulnerabilities and provide fix functions. Summary: Cve management service, monitor machine vulnerabilities and provide fix functions.
License: MulanPSL2 License: MulanPSL2
URL: https://gitee.com/openeuler/%{name} URL: https://gitee.com/openeuler/%{name}
@ -14,6 +14,8 @@ Requires: python3-sqlalchemy python3-PyMySQL python3-Flask-APScheduler >= 1.11
Requires: python3-PyYAML python3-flask python3-gevent Requires: python3-PyYAML python3-flask python3-gevent
Requires: python3-retrying python3-lxml Requires: python3-retrying python3-lxml
Provides: aops-apollo Provides: aops-apollo
Patch0001: 0001-fix-updateinfo_parse.py-bug.patch
Patch0002: 0002-add-repair-status-of-the-cve-fixed-package.patch
%description %description
@ -21,7 +23,7 @@ Cve management service, monitor machine vulnerabilities and provide fix function
%package -n dnf-hotpatch-plugin %package -n dnf-hotpatch-plugin
Summary: dnf hotpatch plugin Summary: dnf hotpatch plugin
Requires: python3-hawkey python3-dnf syscare >= 1.1.0 Requires: python3-hawkey python3-dnf syscare >= 1.0.1
%description -n dnf-hotpatch-plugin %description -n dnf-hotpatch-plugin
dnf hotpatch plugin, it's about hotpatch query and fix dnf hotpatch plugin, it's about hotpatch query and fix
@ -47,6 +49,8 @@ popd
# install for aops-apollo # install for aops-apollo
%py3_install %py3_install
mkdir -p %{buildroot}/opt/aops/
cp -r database %{buildroot}/opt/aops/
# install for aops-apollo-tool # install for aops-apollo-tool
pushd aops-apollo-tool pushd aops-apollo-tool
@ -63,7 +67,7 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
%attr(0644,root,root) %{_sysconfdir}/aops/apollo_crontab.yml %attr(0644,root,root) %{_sysconfdir}/aops/apollo_crontab.yml
%attr(0755,root,root) %{_bindir}/aops-apollo %attr(0755,root,root) %{_bindir}/aops-apollo
%attr(0755,root,root) /usr/lib/systemd/system/aops-apollo.service %attr(0755,root,root) /usr/lib/systemd/system/aops-apollo.service
%{python3_sitelib}/aops_apollo*.egg-info %{python3_sitelib}/aops_apollo*.egg-info/*
%{python3_sitelib}/apollo/* %{python3_sitelib}/apollo/*
%attr(0755, root, root) /opt/aops/database/* %attr(0755, root, root) /opt/aops/database/*
@ -77,6 +81,34 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
%{python3_sitelib}/aops_apollo_tool/* %{python3_sitelib}/aops_apollo_tool/*
%changelog %changelog
* Tue Sep 19 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.2-3
- added the repair status of the cve fixed package
* Tue Sep 19 2023 wangguangge<wangguangge@huawei.com> - v1.3.2-2
- fix the updateinfo_parse.py bug
* Tue Sep 19 2023 wenxin<shusheng.wen@outlook.com> - v1.3.2-1
- fix cve scan callback error
- fix cve-fix task generate error when it only contain coldpatches
- add a method to querying fixed cve info for dnf plugin
* Wed Sep 13 2023 zhuyuncheng<zhuyuncheng@huawei.com> -v1.3.1-5
- fix task_cve_host return all host bug
* Wed Sep 13 2023 gongzhengtang<gong_zhengtang@163.com> -v1.3.1-4
- fixed host ip addresses are not verified in the generation task
* Mon Sep 11 2023 gongzhengtang<gong_zhengtang@163.com> -v1.3.1-3
- fixed several known issues
- fix dnf hot-updateinfo list cves bug
- fixed an error generated after selecting a specific rpm package
* Tue Sep 5 2023 zhuyuncheng<zhuyuncheng@huawei.com> - v1.3.1-2
- fix bug: delete host id filter when rollback in cve list interface
* Tue Sep 5 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.1-1
- cve repair tasks support rpm packet granularity
* Tue Aug 29 2023 wangguangge<wangguangge@huawei.com> - v1.3.0-1 * Tue Aug 29 2023 wangguangge<wangguangge@huawei.com> - v1.3.0-1
- update the dnf hot-updateinfo, dnf hotpatch and dnf hotupgrade command - update the dnf hot-updateinfo, dnf hotpatch and dnf hotupgrade command
- support the mixed management ability for coldpatches and hotpatches - support the mixed management ability for coldpatches and hotpatches