Skip to content

Commit

Permalink
Introduce new config options for blacklisting by Origin
Browse files Browse the repository at this point in the history 
This commit introduces two new options for blacklisting packages:
Unattended-Upgrade::Blacklist-Origins-Pattern and
Unattended-Upgrade::Blacklist-Origins-Strict.

With this, users are able to manage updates comming from third party
repositories manually, without the risk of packages being automatically
upgraded by u-u if a higher version of such become available in u-u's
managed repositories
  • Loading branch information
@markkrj
markkrj committed Aug 30, 2022
1 parent 5f979a2 commit 77477fe
Show file tree
Hide file tree
Showing 3 changed files with 172 additions and 95 deletions.
46 changes: 27 additions & 19 deletions test/test_origin_pattern.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@
import unattended_upgrade
from unattended_upgrade import (
check_changes_for_sanity,
is_in_allowed_origin,
ver_in_origins,
get_distro_codename,
match_whitelist_string,
match_pattern_string,
UnknownMatcherError,
)

Expand All @@ -31,6 +31,10 @@ class MockPackage():
pass


class MockVersion():
pass


class MockCache(dict):
def __iter__(self):
for pkgname in self.keys():
Expand All @@ -43,6 +47,8 @@ def get_changes(self):
blacklist = [] # type: List[str]
whitelist = [] # type: List[str]
strict_whitelist = False # type: bool
blacklisted_origins = [] # type: List[str]
strict_blacklist = True # type: bool


class MockDepCache():
Expand All @@ -51,35 +57,35 @@ class MockDepCache():

class TestOriginPatern(TestBase):

def test_match_whitelist_string(self):
def test_match_pattern_string(self):
origin = self._get_mock_origin(
"OriginUbuntu", "LabelUbuntu", "ArchiveUbuntu",
"archive.ubuntu.com", "main")
# good
s = "o=OriginUbuntu"
self.assertTrue(match_whitelist_string(s, origin))
self.assertTrue(match_pattern_string(s, origin))
s = "o=OriginUbuntu,l=LabelUbuntu,a=ArchiveUbuntu," \
"site=archive.ubuntu.com"
self.assertTrue(match_whitelist_string(s, origin))
self.assertTrue(match_pattern_string(s, origin))
# bad
s = ""
self.assertFalse(match_whitelist_string(s, origin))
self.assertFalse(match_pattern_string(s, origin))
s = "o=something"
self.assertFalse(match_whitelist_string(s, origin))
self.assertFalse(match_pattern_string(s, origin))
s = "o=LabelUbuntu,a=no-match"
self.assertFalse(match_whitelist_string(s, origin))
self.assertFalse(match_pattern_string(s, origin))
# with escaping
origin = self._get_mock_origin("Google, Inc.", archive="stable")
# good
s = "o=Google\\, Inc.,a=stable"
self.assertTrue(match_whitelist_string(s, origin))
self.assertTrue(match_pattern_string(s, origin))

def test_match_whitelist_from_conffile(self):
# read some
apt_pkg.config.clear("Unattended-Upgrade")
apt_pkg.read_config_file(
apt_pkg.config, "./data/50unattended-upgrades.Test")
allowed_origins = unattended_upgrade.get_allowed_origins()
allowed_origins = unattended_upgrade.get_origins_from_conf()
# print allowed_origins
self.assertTrue("o=aOrigin,a=aArchive" in allowed_origins)
self.assertTrue("s=aSite,l=aLabel" in allowed_origins)
Expand All @@ -89,33 +95,33 @@ def test_macro(self):
codename = get_distro_codename()
s = "a=${distro_codename}"
origin = self._get_mock_origin("Foo", archive=codename)
self.assertTrue(match_whitelist_string(s, origin))
self.assertTrue(match_pattern_string(s, origin))

def test_compatiblity(self):
apt_pkg.config.clear("Unattended-Upgrade")
apt_pkg.read_config_file(
apt_pkg.config, "./data/50unattended-upgrades.compat")
allowed_origins = unattended_upgrade.get_allowed_origins()
allowed_origins = unattended_upgrade.get_origins_from_conf()
# print allowed_origins
self.assertTrue("o=Google\\, Inc.,a=stable" in allowed_origins)
self.assertTrue("o=MoreCorp\\, eink,a=stable" in allowed_origins)
# test whitelist
pkg = self._get_mock_package()
self.assertTrue(is_in_allowed_origin(pkg.candidate, allowed_origins))
self.assertTrue(ver_in_origins(pkg.candidate, allowed_origins))

def test_escaped_colon(self):
apt_pkg.config.clear("Unattended-Upgrade")
apt_pkg.read_config_file(
apt_pkg.config, "./data/50unattended-upgrades.colon")
allowed_origins = unattended_upgrade.get_allowed_origins()
allowed_origins = unattended_upgrade.get_origins_from_conf()

self.assertIn('o=http://foo.bar,a=stable', allowed_origins)

def test_unkown_matcher(self):
apt_pkg.config.clear("Unattended-Upgrade")
s = "xxx=OriginUbuntu"
with self.assertRaises(UnknownMatcherError):
self.assertTrue(match_whitelist_string(s, None))
self.assertTrue(match_pattern_string(s, None))

def test_blacklist(self):
# get the mocks
Expand Down Expand Up @@ -179,6 +185,8 @@ def _get_mock_package(self, name="foo"):
self._get_mock_origin(aorigin="Google, Inc.",
archive="stable")]
pkg.candidate.record = {}
pkg.versions = [MockVersion()]
pkg.versions[0].origins = pkg.candidate.origins
return pkg

def test_match_whitelist_wildcard(self):
Expand All @@ -187,16 +195,16 @@ def test_match_whitelist_wildcard(self):
"archive.ubuntu.com", "main")
# good
s = "o=OriginU*"
self.assertTrue(match_whitelist_string(s, origin))
self.assertTrue(match_pattern_string(s, origin))
# bad
s = "o=X*"
self.assertFalse(match_whitelist_string(s, origin))
self.assertFalse(match_pattern_string(s, origin))
# good
s = "o=?riginUbunt?"
self.assertTrue(match_whitelist_string(s, origin))
self.assertTrue(match_pattern_string(s, origin))
# good
s = "o=*Ubunt?"
self.assertTrue(match_whitelist_string(s, origin))
self.assertTrue(match_pattern_string(s, origin))

def test_get_allowed_origins_legacy(self):
for cfg, (distro_id, distro_codename) in (
Expand Down
6 changes: 3 additions & 3 deletions test/test_substitute.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import apt_pkg


from unattended_upgrade import substitute, get_allowed_origins
from unattended_upgrade import substitute, get_origins_from_conf

from test.test_base import TestBase

Expand All @@ -24,11 +24,11 @@ def testSubstitute(self):
self.assertTrue(substitute("${distro_id}"), "MyDistroID")

def test_get_allowed_origins_with_substitute(self):
""" test if substitute for get_allowed_origins works """
""" test if substitute for get_origins_from_conf works """
apt_pkg.config.clear("Unattended-Upgrade::Allowed-Origins")
apt_pkg.config.set("Unattended-Upgrade::Allowed-Origins::",
"${distro_id} ${distro_codename}-security")
li = get_allowed_origins()
li = get_origins_from_conf()
self.assertIn("o=MyDistroID,a=mycodename-security", li)


Expand Down
Loading

0 comments on commit 77477fe

Please sign in to comment.