!79 update the dnf hot-updateinfo, dnf hotpatch and dnf hotupgrade command, support the mixed management ability for coldpatches and hotpatches

From: @wang-guangge Reviewed-by: @zhu-yuncheng Signed-off-by: @zhu-yuncheng
2023-08-29 12:39:02 +00:00 · 2023-08-29 12:39:02 +00:00 · adfc710b03
commit adfc710b03
parent f856d614db 4ff02db533
6 changed files with 9 additions and 128 deletions
--- a/0001-fix-issue-gen-cve-task-failed.patch
+++ b/0001-fix-issue-gen-cve-task-failed.patch
@ -1,28 +0,0 @@
-From 614e6462e28c7ab013b669d7a7b2cc9c996a0a3f Mon Sep 17 00:00:00 2001
-From: rabbitali <shusheng.wen@outlook.com>
-Date: Wed, 28 Jun 2023 11:57:38 +0800
-Subject: [PATCH 1/1] fix issue:gen cve task failed
-
---
- apollo/database/proxy/task.py | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/apollo/database/proxy/task.py b/apollo/database/proxy/task.py
-index dd172b8..ed5e858 100644
--- a/apollo/database/proxy/task.py
-+++ b/apollo/database/proxy/task.py
-@@ -3224,8 +3224,9 @@ class TaskProxy(TaskMysqlProxy, TaskEsProxy):
-         """
- 
-         try:
-            exists_cve_count = self.session.query(CveHostAssociation).filter(
-                CveHostAssociation.cve_id.in_(cve_id)).count()
-+            exists_cve_count = self.session.query(CveHostAssociation.cve_id).filter(
-+                CveHostAssociation.cve_id.in_(cve_id)).distinct().count()
-+
- 
-             return True if exists_cve_count == len(cve_id) else False
-         except SQLAlchemyError as error:
-- 
-2.33.0
-
--- a/0002-do-not-return-the-related-hotpatches-when-the-cve-is.patch
+++ b/0002-do-not-return-the-related-hotpatches-when-the-cve-is.patch
@ -1,65 +0,0 @@
-From 4225065c74beb5e66c4d66a4bd3dfca5bcac91bd Mon Sep 17 00:00:00 2001
-From: wang-guangge <wangguangge@huawei.com>
-Date: Wed, 28 Jun 2023 16:53:10 +0800
-Subject: [PATCH] do not return the related hotpatches when the cve is fixed
-
---
- hotpatch/hotpatch_updateinfo.py | 15 ++++++++++++---
- hotpatch/hotupgrade.py          |  2 +-
- 2 files changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/hotpatch/hotpatch_updateinfo.py b/hotpatch/hotpatch_updateinfo.py
-index 4b39969..7dc92ce 100644
--- a/hotpatch/hotpatch_updateinfo.py
-+++ b/hotpatch/hotpatch_updateinfo.py
-@@ -291,7 +291,7 @@ class HotpatchUpdateInfo(object):
-         Get hotpatches from specified cve. If there are several hotpatches for the same source package for a cve, only return the
-         hotpatch with the highest version.
- 
-        Args: 
-+        Args:
-             cves: [cve_id_1, cve_id_2]
- 
-         Returns:
-@@ -307,14 +307,23 @@ class HotpatchUpdateInfo(object):
-                 continue
-             # find the hotpatch with the highest version for the same source package
-             mapping_src_pkg_to_hotpatches = dict()
-+            # check whether the cve is fixed
-+            is_cve_fixed = False
-             for hotpatch in self.hotpatch_cves[cve_id].hotpatches:
-+                if hotpatch.state == self.INSTALLED:
-+                    is_cve_fixed = True
-                 if hotpatch.state == self.INSTALLABLE:
-                    mapping_src_pkg_to_hotpatches.setdefault(hotpatch.src_pkg, []).append([hotpatch.hotpatch_name, hotpatch])
-+                    mapping_src_pkg_to_hotpatches.setdefault(hotpatch.src_pkg, []).append(
-+                        [hotpatch.hotpatch_name, hotpatch]
-+                    )
-+            # do not return the releated hotpatches if the cve is fixed
-+            if is_cve_fixed:
-+                continue
-             for src_pkg, hotpatches in mapping_src_pkg_to_hotpatches.items():
-                 # extract the number in HPxxx and sort hotpatches in descending order according to the number
-                 hotpatches = sorted(hotpatches, key=lambda x: int(re.findall("\d+", x[0])[0]), reverse=True)
-                 mapping_cve_hotpatches[cve_id].append(hotpatches[0][1].nevra)
-                
-+
-         return mapping_cve_hotpatches
- 
-     def get_hotpatches_from_advisories(self, advisories: list[str]) -> dict():
-diff --git a/hotpatch/hotupgrade.py b/hotpatch/hotupgrade.py
-index 2a36312..3bff9a1 100644
--- a/hotpatch/hotupgrade.py
-+++ b/hotpatch/hotupgrade.py
-@@ -251,7 +251,7 @@ class HotupgradeCommand(dnf.cli.Command):
-         cve_hp_dict = updateinfo.get_hotpatches_from_cve(cves)
-         for cve, hp in cve_hp_dict.items():
-             if not hp:
-                logger.info(_("The cve's hot patch doesn't exist: %s"), cve)
-+                logger.info(_("The cve doesn't exist or cannot be fixed by hotpatch: %s"), cve)
-                 continue
-             hp_list += hp
-         return list(set(hp_list))
-- 
-2.33.0
-
--- a/0003-update-condition-under-which-hotpatches-can-be-applied.patch
+++ b/0003-update-condition-under-which-hotpatches-can-be-applied.patch
@ -1,28 +0,0 @@
-From 30a0f76f2150f27db79fedde3af4926b36954066 Mon Sep 17 00:00:00 2001
-From: rabbitali <shusheng.wen@outlook.com>
-Date: Fri, 30 Jun 2023 19:07:55 +0800
-Subject: [PATCH] Update the condition under which hot patches can be applied
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
---
- hotpatch/hotpatch_updateinfo.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hotpatch/hotpatch_updateinfo.py b/hotpatch/hotpatch_updateinfo.py
-index 7dc92ce..3963867 100644
--- a/hotpatch/hotpatch_updateinfo.py
-+++ b/hotpatch/hotpatch_updateinfo.py
-@@ -212,7 +212,7 @@ class HotpatchUpdateInfo(object):
-                     hp_vere = '%s-%s' % (src_pkg_version, src_pkg_release)
-                     if hp_vere != inst_pkg_vere:
-                         continue
-                    elif self._get_hotpatch_status_in_syscare(hotpatch) == 'ACTIVED':
-+                    elif self._get_hotpatch_status_in_syscare(hotpatch) in ('ACTIVED', "ACCEPTED"):
-                         hotpatch.state = self.INSTALLED
-                     else:
-                         hotpatch.state = self.INSTALLABLE
-- 
-2.33.0
-
--- a/aops-apollo-v1.2.2.tar.gz
+++ b/aops-apollo-v1.2.2.tar.gz
--- a/aops-apollo-v1.3.0.tar.gz
+++ b/aops-apollo-v1.3.0.tar.gz
--- a/aops-apollo.spec
+++ b/aops-apollo.spec
@ -1,13 +1,10 @@
 Name:		aops-apollo
-Version:	v1.2.2
-Release:	4
+Version:	v1.3.0
+Release:	1
 Summary:	Cve management service, monitor machine vulnerabilities and provide fix functions.
 License:	MulanPSL2
 URL:		https://gitee.com/openeuler/%{name}
 Source0:	%{name}-%{version}.tar.gz
-Patch0001:  0001-fix-issue-gen-cve-task-failed.patch
-Patch0002:  0002-do-not-return-the-related-hotpatches-when-the-cve-is.patch
-Patch0003:  0003-update-condition-under-which-hotpatches-can-be-applied.patch


 BuildRequires:  python3-setuptools
@ -24,7 +21,7 @@ Cve management service, monitor machine vulnerabilities and provide fix function

 %package -n dnf-hotpatch-plugin
 Summary: dnf hotpatch plugin
-Requires: python3-hawkey python3-dnf syscare >= 1.0.1
+Requires: python3-hawkey python3-dnf syscare >= 1.1.0

 %description -n dnf-hotpatch-plugin
 dnf hotpatch plugin, it's about hotpatch query and fix
@ -63,11 +60,12 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
 %files
 %doc README.*
 %attr(0644,root,root) %{_sysconfdir}/aops/apollo.ini
-%attr(0644,root,root) %{_sysconfdir}/aops/apollo_crontab.ini
+%attr(0644,root,root) %{_sysconfdir}/aops/apollo_crontab.yml
 %attr(0755,root,root) %{_bindir}/aops-apollo
 %attr(0755,root,root) /usr/lib/systemd/system/aops-apollo.service
 %{python3_sitelib}/aops_apollo*.egg-info
 %{python3_sitelib}/apollo/*
+%attr(0755, root, root) /opt/aops/database/*

 %files -n dnf-hotpatch-plugin
 %{python3_sitelib}/dnf-plugins/*
@ -79,6 +77,10 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
 %{python3_sitelib}/aops_apollo_tool/*

 %changelog
+* Tue Aug 29 2023 wangguangge<wangguangge@huawei.com> - v1.3.0-1
+- update the dnf hot-updateinfo, dnf hotpatch and dnf hotupgrade command
+- support the mixed management ability for coldpatches and hotpatches   
+
 * Fri Jun 30 2023 wenxin<shusheng.wen@outlook.com> - v1.2.2-4
 - Update the condition under which hot patches can be applied