a ƒ¬ i´/ã@súddlmZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlmZddlmZddlmZddlmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*ddlm+Z+m,Z,m-Z-dd l.m/Z/m0Z0m1Z1m2Z2m3Z3d Z4d Z5d Z6d Z7dZ8dZ9dZ:dZ;e e „Zbd?d@„ZciZddAdB„Zeeee1jf_gehe dCdƒsz8ddliZjddlkZlejjm neljo¡ejjm ndD¡krÈepdEƒ‚WnepyÞYn80dFdG„Zqe1jrZsGdHdI„dIetƒZuGdJdK„dKe1jrƒZveve1_rdLdM„ZwejxfdNdO„ZydPdQ„ZzdRdS„Z{GdTdU„dUetƒZ|dVdW„Z}dXdY„Z~d¼d[d\„Zd]d^„Z€d_d`„Zd½dadb„Z‚dcdd„Zƒdedf„Z„dgdh„Z…didj„Z†dkdl„Z‡dmdn„Zˆdodp„Z‰dqdr„ZŠdsdt„Z‹dudv„ZŒdwdx„Zdydz„ZŽd{d|„Zd}d~„Zdd€„Z‘dd‚„Z’d¾dƒd„„Z“d…d†„Z”d‡dˆ„Z•d‰dŠ„Z–d‹dŒ„Z—d¿dŽd„Z˜dd‘„Z™d’d“„Zšd”d•„Z›d–d—„ZœdÀd˜d™„Zdšd›„Zždœd„ZŸGdždŸ„dŸƒZ d d¡„Z¡d¢d£„Z¢d¤d¥„Z£d¦d§„Z¤ej¥ejxfd¨d©„Z¦dªd«„Z§ej¥fd¬d­„Z¨d®d¯„Z©d°d±„Zªd²d³„Z«dÁd´dµ„Z¬d¶d·„Z­d¸d¹„Z®dS)Âé)Úprint_functionN)ÚArgumentParser)Úcontextmanager)Údatetimeé)ÚanomalyÚauthÚ capabilitiesÚconfigÚconfig_handlersÚ constantsÚerrorsÚfetchÚ http_utilsÚ ipv6_supportÚkcareÚlibcareÚ log_utilsÚplatform_utilsÚ process_utilsÚselinuxÚ server_infoÚserveridÚ update_utilsÚutils)Ú KcareErrorÚNotFoundÚSafeExceptionWrapper)Ú HTTPErrorÚURLErrorÚhttplibÚjson_loads_nstrÚ urlencodeécZv3)Z12hZ24hZ48hÚtestz./etc/sysconfig/kcare/freezer.modules.blacklistz/usr/libexec/kcare/kcdoctor.sh)z latest.v3ú latest.v2z /etc/sysconfig/kcare/sysctl.confé z$==BLACKLIST== (.*)==END BLACKLIST== z'(kpatch.*|ksplice.*|kpatch_livepatch.*)z/usr/libexec/kcare/pythonÚignore)ÚcategorycCs@tƒ}tj t¡rÚAttributeErrorÚ TypeErrorÚKeyErrorÚIOErrorrÚetypeÚtypeÚinnerrMrÚ get_distror ÚVERSIONZget_python_versionÚgetattrÚstrr<rNZ format_tb)rYÚvalueÚtbZdetails_sanitizedrKr6r6r7Ú format_exception_without_detailsms,   ørbcCsttjr dSt tƒ¡}t t t  |¡¡¡}t  d¡d|}t   |t  ¡¡}zt  |¡WntynYn0dS)Nz/api/kcarectl-tracez?trace=)r ÚUPDATE_FROM_LOCALÚjsonÚdumpsrbrÚnstrÚbase64Zurlsafe_b64encodeZbstrÚget_patch_server_urlrZ http_requestrZget_http_auth_stringZ urlopen_baseÚ Exception)ZtraceZ encoded_traceÚurlZrequestr6r6r7Úsend_exc‰s  rkcCsèt ¡}|dkr t |d¡dSt ¡t ¡}|dkrBt d¡t d¡ttjdƒ0}t  |  ¡d¡t  |  ¡d¡Wdƒn1sŽ0Y|r¦t   |¡z |ƒWn(t yØtj d¡t d¡Yn0t d¡dS)zš Run func in a fork in an own process group (will stay alive after kcarectl process death). :param func: function to execute :return: rNÚarézWait exception)r+ÚforkÚwaitpidÚsetsidÚ_exitr2r/r ZLOG_FILEÚdup2ÚfilenoÚtimeÚsleeprirÚkcarelogÚ exception)ÚfuncruÚpidÚfdr6r6r7Ú nohup_fork›s(   .    r{c Csštj tjd¡}tj |¡r†t|dƒP}z,t| ¡ƒ}|t j t   ¡krRt ||ƒ‚Wnt yfYn0Wdƒn1s|0Yt |t ¡¡dS)aCheck the fact that there was a failed patching attempt. If anchor file not exists we should create an anchor with timestamp and schedule its deletion at $timeout. If anchor exists and its timestamp more than $timeout from now we should raise an error. ú.kcareprev.lockr)N)r+r,r<r Ú PATCH_CACHEr-r/ÚintÚreadr ÚSUCCESS_TIMEOUTrtÚPreviousPatchFailedExceptionÚ ValueErrorrÚ atomic_writeÚ timestamp_str)Zanchor_filepathZafileÚ timestampr6r6r7Ú touch_anchorÁs    $r†cCstzt tj tjd¡¡Wnty,Yn0td|ƒtj   ¡zt ddWnt ynt j d¡Yn0dS)zÀ See touch_anchor() for detailed explanation of anchor mechanics. See KPT-730 for details about action registration. :param state_data: dict with current level, kernel_id etc. r|Údone©ÚreasonzCannot send update info!N)r+Úremover,r<r r}rRÚregister_actionrÚget_loaded_modulesÚclearÚget_latest_patch_levelrirrvrw©Ú state_datar6r6r7Ú commit_updateØs    r‘cCs(tjtj tjd¡t ||d¡ddS)NÚpatchesrG)Z exclude_path) rÚclean_directoryr+r,r<r r}rÚget_cache_path)ÚkhashZplevelr6r6r7Ú clear_cacheísr–cCs>tjpd}d ||g¡}tjd|f}|r2||f7}tjj|ŽS)NÚnoneú-Úmodules)r ÚPREFIXr<r r}r+r,)r•ÚfnameÚprefixZ module_dirr3r6r6r7Úget_current_level_pathñs    rcCstjt|dƒt|ƒdddS)NÚlatestT)Z ensure_dir)rrƒrr_)r•Ú patch_levelr6r6r7Úsave_cache_latestúsr c CsVt|dƒ}tj |¡rRz$tt|dƒ ¡ ¡ƒ}t  ||¡WSt t fyPYn0dS)Nržr)) rr+r,r-r~r/rÚstriprÚLegacyKernelPatchLevelr‚rV)r•Zpath_with_latestÚplr6r6r7Úget_cache_latestþs  r¤c@s eZdZdS)ÚCertificateErrorN)rHÚ __module__Ú __qualname__r6r6r6r7r¥ sr¥c@seZdZdd„ZdS)ÚUnknownKernelExceptionc Cs*t |d t ¡dt ¡t ¡¡¡dS)NúLNew kernel detected ({0} {1} {2}). There are no updates for this kernel yet.r) riÚ__init__Úformatrr\ÚplatformÚreleaserÚget_kernel_hash©Úselfr6r6r7rªs ÿþzUnknownKernelException.__init__N)rHr¦r§rªr6r6r6r7r¨sr¨cs$eZdZ‡fdd„Zdd„Z‡ZS)ÚApplyPatchErrorcsJtt|ƒj|i|¤Ž||_||_||_||_t ¡d|_ t   ¡|_ dS©Nr) Úsuperr±rªÚcodeÚ freezer_styleÚlevelÚ patch_filerr\rKr¬r­)r°r´rµr¶r·ÚargsÚkwargs©Ú __class__r6r7rªszApplyPatchError.__init__c Cs0d |j|j|j|j|jd dd„|jDƒ¡¡S)Nz0Unable to apply patch ({0} {1} {2} {3} {4}, {5})ú, cSsg|] }t|ƒ‘qSr6)r_)Ú.0Úir6r6r7Ú *óz+ApplyPatchError.__str__..)r«r·r¶r´rKr­r<rµr¯r6r6r7Ú__str__#súzApplyPatchError.__str__©rHr¦r§rªrÁÚ __classcell__r6r6rºr7r±s r±cs$eZdZ‡fdd„Zdd„Z‡ZS)rcs&tt|ƒj|i|¤Ž||_||_dSr@)r³rrªr…Úanchor)r°r…rÄr¸r¹rºr6r7rª0sz%PreviousPatchFailedException.__init__cCsd}| |j|j¡S)NzˆIt seems, the latest patch, applying at {0}, crashed, and further attempts will be suspended. To force patch applying, remove `{1}` file)r«r…rÄ)r°Úmessager6r6r7rÁ5sÿz$PreviousPatchFailedException.__str__rÂr6r6rºr7r/s rc CsÄt ¡d |¡}z|t |¡}t t | ¡¡¡}t |dƒ}|dkrRt  d¡n8|dkrft  d¡n$|dkrzt  d¡nt  d  |¡¡|WSt y¾}zt   ||¡WYd}~n d}~00d S) Nz"/nagios/register_key.plain?key={0}r´rzKey successfully registeredrzWrong key format or sizermz!No KernelCare license for that IPzUnknown error {0}r:)rÚget_registration_urlr«rÚurlopenrÚ data_as_dictrfrr~Ú print_wrapperrrÚprint_cln_http_error)ÚkeyrjÚresponseÚresr´Úer6r6r7Ú!set_monitoring_key_for_ip_license>s      "rÏc csTtjrtjtjddz dVWtjrPtjtjddntjrNtjtjdd0dS)NT)Úshell)r ZBEFORE_UPDATE_COMMANDrÚ run_commandZAFTER_UPDATE_COMMANDr6r6r6r7Ú execute_hooksRsÿrÒcCsÖtƒ}|j}|j}t ¡}|dkrht|ƒtjt  ¡t   ¡|t t  ¡ƒ|dœ}t d¡t t |¡¡njt d¡t t|ƒ¡t dt|ƒ¡t tj¡t t  ¡¡t t   ¡¡t |¡t t  ¡¡dS)a1 The output will consist of: Ignore output up to the line with "--START--" Line 1: show if update is needed: 0 - updated to latest, 1 - update available, 2 - unknown kernel 3 - kernel doesn't need patches 4 - no license, cannot determine Line 2: licensing message (can be skipped, can be more then one line) Line 3: LICENSE: CODE: 1: license present, 2: trial license present, 0: no license Line 4: Update mode (True - auto-update, False, no auto update) Line 5: Effective kernel version Line 6: Real kernel version Line 7: Patchset Installed # --> If None, no patchset installed Line 8: Uptime (in seconds) If *format* is 'json' return the results in JSON format. Any other output means error retrieving info :return: rd)Z updateCodeZ autoUpdateZeffectiveKernelZ realKernelZloadedPatchLevelZuptimeÚlicensez --START--z LICENSE: N)Ú_patch_level_infor´Ú applied_lvlrÚ license_infor_r Ú AUTO_UPDATErÚ kcare_unamer¬r­r~rZ get_uptimerrÉrdre)ÚfmtÚpliZ update_codeZ loaded_plZlicense_info_resultZresultsr6r6r7Ú plugin_info^s. ù    rÛcCs`t ¡}ztdd}Wn ty6tjr.dndYS0|durDdS||krPdSt ¡r\dSdS)NÚinforˆrérrm)rÚloaded_patch_levelrŽr¨r ÚIGNORE_UNKNOWN_KERNELrZstatus_gap_passed)Ú current_levelZlatest_patch_levelr6r6r7Úget_update_status’s rácCs2t ¡dd…\}}|dkr*| d¡r*dSdSdS)NrmZ CloudLinuxz7.ÚextrarG)rr\Ú startswith)rKÚversionr6r6r7Úedf_fallback_ptype¢sråcCsl|j|jf}t ||¡}t ||j¡|_|j tj tj d¡|tvrZ|j  ¡dd…t|<|j rh|  ¡dS)zFunction remembers IP address of host connected to and uses it for later connections. Replaces stdlib version of httplib.HTTPConnection.connect rNrm)ÚhostZportÚCONNECTION_STICKY_MAPÚgetÚsocketZcreate_connectionZtimeoutÚsockZ setsockoptZ IPPROTO_TCPZ TCP_NODELAYZ getpeernameÚ _tunnel_hostZ_tunnel)r°ZaddrZ resolved_addrr6r6r7Ústicky_connect¯s  rìZHAS_SNIz0.13z%No pyOpenSSL module with SNI ability.cGsdS)NTr6)r¸r6r6r7Údummy_verify_callbackÓsríc@s,eZdZdd„Zdd„Zdd„Zdd„Zd S) ÚSSLSockcCs||_d|_dSr²)Ú _ssl_connÚ_makefile_refs)r°rêr6r6r7rªÝszSSLSock.__init__cGs(|jd7_tj|jg|¢RddiŽS)Nrr2T)rðréZ _fileobjectrï©r°r¸r6r6r7ÚmakefileászSSLSock.makefilecCs |js|jr|j ¡d|_dSr@)rðrïr2r¯r6r6r7r2ås  z SSLSock.closecGs |jj|ŽSr@)rïÚsendallrñr6r6r7róêszSSLSock.sendallN)rHr¦r§rªròr2rór6r6r6r7rîÜsrîc@seZdZdd„ZdS)ÚPyOpenSSLHTTPSConnectioncCs¾tj |¡tj tjj¡}| tjjtjj B¡t j rJ|  tjj t¡n|  tjjt¡| ¡tj ||j¡}| ¡|jp„|j}| | ¡¡| ¡t j r°t| ¡|ƒt|ƒ|_dSr@)r ÚHTTPConnectionÚconnectÚOpenSSLZSSLZContextZ SSLv23_METHODZ set_optionsZ OP_NO_SSLv2Z OP_NO_SSLv3r ÚCHECK_SSL_CERTSZ set_verifyZ VERIFY_PEERríZ VERIFY_NONEZset_default_verify_pathsZ ConnectionrêZset_connect_staterëræZset_tlsext_host_nameÚencodeZ do_handshakeÚmatch_hostnameZget_peer_certificaterî)r°ÚctxZconnZ server_hostr6r6r7röîs  z PyOpenSSLHTTPSConnection.connectN)rHr¦r§rör6r6r6r7rôísrôc Csºtjr&t ||¡}t tj¡|ddS|dv}tjo6|}d|fd|fdfD]h\}}t j |||d} t j | |d} |r€d  | ¡} t |t ||ƒ¡d | }d } |s¦|rÌt |ƒ| krÌ|rºd nd } t d | ¡qJz~t tj¡|dd} tjrBt | ¡rBt | ¡}t |¡}|r&tjd  |¡ddntjddd|rB| ¡| WSty²}zN|sh|rœ|jdvs€|jdkrœt d  |¡¡WYd}~qJ‚WYd}~qJd}~00qJdS)NF©Ú check_license)z latest.v1r%T)FF)Úsecure_boot_infoÚ perf_metrics)Ú b64_encodingzinfo={0}ú?iXzsecure boot infoz perf metricsz.Check-in URL param is too large, discarding %sz:Automatic kernel anomaly report uploaded successfully: {0}©Z print_msgú$Failed to send kernel anomaly report)iižiôzCCheck-in request failed with error: {0}, retrying with reduced info)r rcrZget_kernel_prefixed_urlrZwrap_with_cache_keyrÚ urlopen_authZSEND_PERF_METRICSrZencode_checkin_payloadr«ÚstickyfyÚlenrÚlogwarnZKERNEL_ANOMALY_REPORT_ENABLErZdetect_anomalyÚprepare_kernel_anomaly_reportÚsend_data_packageÚloginfoÚremove_archiverr´)r•ržr‰ÚmoderjrZ perf_enabledrþrÿZsinfoZ request_paramZmax_url_lengthZ discard_infor3Ú data_packageÚ upload_nameÚexr6r6r7Ú_fetch_patch_level_request sD        ÿ $ rc Cs>t ¡}tjdur$t |ttjƒ¡StD]}z¶t||||ƒ}t  |j ¡t ƒt   | ¡¡ ¡}tjd ||¡dd|rÐ| d¡rÐt|ƒ}| dg¡}t |¡s®t d¡‚t ||d|d|d ¡WSt |t|ƒ¡WStyöYq(ty0}z"|jd vrtd ƒ‚‚WYd}~q(d}~00q(tƒ‚dS) Nz;fetch patch level, reason: {0}, kernel latest response: {1}Frú{r zeLatest KernelCare patchset is incompatible with the current kernecare package version, please upgrader¶Úbaseurlr­)i“i‘zKC licence is required) rr®r Ú PATCH_LEVELr¢r~Ú PATCH_LATESTrr Zset_feature_flags_from_headersÚheadersÚupdate_all_kmod_paramsrrfrr¡rr r«rãr!rèr Zhas_kc_capabilitiesr ÚCapabilitiesMismatchZKernelPatchLevelrrr´rr¨) r‰r r•ržrÌr£Z latest_infoZrequired_capabilitiesrr6r6r7Úfetch_patch_level6s4     ÿ"  rc CsB| t|tjƒ¡}tj d |¡¡ztj |dddWdSt y`tj d |¡¡YdSt yš}z$tj  d |t |ƒ¡¡WYd}~n d}~00| t|tjƒtj¡}tj d |¡¡ztj |ddWndt ytj d |¡¡YdSty<}z$tj d  |t |ƒ¡¡WYd}~n d}~00dS) NzProbing patch URL: {0}FÚHEAD)rýÚmethodTz{0} is not available: 404zFHEAD request for {0} raised an error, fallback to the GET request: {1}rüz{0} is not available: {1})Úfile_urlr?r rArrvrÜr«rrrriÚdebugr_r ZSIGr)r¶r=Zbin_urlrrjr6r6r7Ú probe_patchWs( ..rcCsF|tjkr| tj¡}n | |¡}| |¡}tj||tjt  |¡dS)N)Z hash_checker) r ÚKMOD_BINZkmod_urlrÚ cache_pathrZ fetch_urlr Ú USE_SIGNATUREZget_hash_checker)r¶ÚnamerjZdstr6r6r7Úfetch_and_verify_kernel_fileps    r"c@s>eZdZddd„Zdd„Zdd„Zdd „Zd d „Zd d „ZdS)Ú PatchFetcherNcCs ||_dSr@)rŸ)r°rŸr6r6r7rª{szPatchFetcher.__init__cCs t|j|ƒSr@)r"rŸ)r°r!r6r6r7Ú_fetch~szPatchFetcher._fetchcCsr|j tj¡}|j tj¡}|j tj¡}|j tj¡}tdd„||||fDƒƒopt j   |¡dkopt j   |¡dkS)Ncss|]}tj |¡VqdSr@)r+r,r-)r½r,r6r6r7Ú ˆrÀz0PatchFetcher.is_patch_fetched..r) rŸrr rErArBr rÚallr+r,Úgetsize)r°Zpatch_done_pathZpatch_bin_pathZpatch_info_pathZ kmod_bin_pathr6r6r7Úis_patch_fetchedsÿýzPatchFetcher.is_patch_fetchedcCs,|jdurtdƒ‚|js|jS| ¡r6t d¡|jSt d¡t|jtjƒr¤ztj |j  t j ¡dd}Wnt y|Yn(0|j dd¡}|r¤|j t |¡¡|_z| t j ¡Wn*t yÞtd |jt jpÔd¡ƒ‚Yn0| t j¡| tj¡| ¡tj|j t j¡d d d t tj ¡|jS) Nz+Cannot fetch patch as no patch level is setzUpdates already downloadedzDownloading updatesr)rú KC-Base-UrlzfThe `{0}` patch level is not found for `{1}` patch type. Please select valid patch type or patch levelÚdefaultrÀÚwb©r )!rŸr‚r(rr rQrr¢rrrr rArrrèÚupgraderrfr$rr«Ú PATCH_TYPErBr rÚextract_blacklistrƒrrErÚrestore_selinux_contextr})r°Úresprr6r6r7Ú fetch_patchs<      ÿÿ    zPatchFetcher.fetch_patchcCsJt|j tj¡dƒ ¡}|rFt |¡}|rFt  |j tj ¡|  d¡¡dS)Nr)r) r/rŸrr rBrÚ BLACKLIST_REÚsearchrrƒrCÚgroup)r°ZbufZmor6r6r7r/µs  zPatchFetcher.extract_blacklistcCsÄ|dur dSzt|tjƒ}Wnty0YdS0|j dd¡}|rT| t |¡¡}|  tj¡}t |dƒ&}t dd„|  ¡Dƒƒ}Wdƒn1s–0Y|D]}t||ƒq¤t  tj¡dS)z¶ Download fixup files for defined patch level :param level: download fixups for this patch level (usually it's a level of loaded patch) :return: None Nr)r)cSsg|] }| ¡‘qSr6)r¡)r½Úfixupr6r6r7r¿ÒrÀz-PatchFetcher.fetch_fixups..)r"r rDrrrèr-rrfrr/r*Ú readlinesrr0r r})r°r¶r1rZ fixups_fnamer4Úfixupsr6r6r6r7Ú fetch_fixups¼s   4 zPatchFetcher.fetch_fixups)N) rHr¦r§rªr$r(r2r/r9r6r6r6r7r#ys   (r#cCs8tƒ}t |j¡|jtjkr*t d¡n t d¡dS)Nrr) rÔrrÉÚmsgr´ÚPLIÚPATCH_NEED_UPDATErOÚexit)rÚr6r6r7Ú kcare_checkÚs    r>c Cstƒ}t|ƒ}z t ¡}Wnty0i}Yn0t ¡}d}|durZt |d¡  d¡}t  ¡}t |  dg¡ƒ}t dd„|Dƒƒ}t ¡}|sœt d¡n t d¡t d  |¡¡t d  |¡¡|d krÞt d  |¡¡|d kröt d  |¡¡||d krt d¡t d¡dS)NZUnknownÚtsz%Y-%m-%dr’css|]}t| dg¡ƒVqdS)r’N)rrè)r½Zrecr6r6r7r%órÀz$show_generic_info..z$KernelCare live patching is disabledz"KernelCare live patching is activez - Last updated on {0}z - Effective kernel version {0}rz* - {0} kernel vulnerabilities live patchedz- - {0} userspace vulnerabilities live patchedz% - This system has no applied patchesz(Type kcarectl --patch-info to learn more)rÔÚ_kcare_patch_info_jsonrZlibcare_patch_info_basicrrZ get_staterZ fromtimestampÚstrftimerØrrèÚsumrÞrrÉr«) rÚÚ kcare_infoÚ libcare_infoÚstateZ latest_updateZeffective_versionZkernel_vulnerabilitiesZuserspace_vulnerabilitiesrŸr6r6r7Úshow_generic_infoãs4      rFFc Csôz tdtjd}|st‚| tj¡}t t   |¡  ¡¡}|r”gi}}|  d¡D]0}t  |¡}|rvd|vrv| |¡qP| |¡qP||d<t |¡}t |¡WnNtyÔ}zt ||j¡WYd}~dSd}~0tyît d¡Yn0d S) z½ Retrieve and output to STDOUT latest patch info, so it is easy to get list of CVEs in use. More info at https://cloudlinux.atlassian.net/browse/KCARE-952 :return: None rÜ)r‰Úpolicyú ú kpatch-namer’NrzNo patches availabler)rŽr Ú POLICY_REMOTEr¨rr rBrrfrrrr;rÈÚappendÚupdaterdrerÉrrrÊrj) Úis_jsonržrjÚ patch_infor’r3ÚchunkÚdatarÎr6r6r7Úkcare_latest_patch_infos,        rQcCs„d|ji}|jdur€t|ƒ}g}| d¡D]0}t |¡}|rPd|vrP| |¡q*| |¡q*||d<t  ¡}|rx|dnd|d<|S)NrÅrHrIr’r­Úunknown) r:rÕÚ_kcare_patch_infor;rrÈrKrLrZread_dumped_kernel_patch_level)rÚr3rNr’rOrPZsaved_patch_levelr6r6r7r@&s      r@cCsPt ¡}t ||jtj¡}tj |¡s.t dƒ‚t |dƒ  ¡}|rLt   d|¡}|S)NzvCan't find information due to the absent patch information file. Please, run /usr/bin/kcarectl --update and try again.r)rG)rr®r”rÕr rBr+r,r-rr/rr3Úsub)rÚr•rrÜr6r6r7rS:s ÿ rScCsZtƒ}|s>|jdkr t |j¡|jdur.dSt t|ƒ¡nt tjt |ƒdd¡dS)NrT)Z sort_keys) rÔr´rrÉr:rÕrSrdrer@©rMrÚr6r6r7rNHs   rNcCs:tjd|g}t |¡}t ¡}d}t ||¡t ||¡kS)Nz file-infozkpatch-build-time)r Ú KPATCH_CTLrÚ check_outputrÚ _patch_infoZget_patch_value)Únew_patch_filer¸Znew_patch_infoZcurrent_patch_infoZbuild_time_labelr6r6r7Ú is_same_patchTs   rZcCsL|dkr dS|r||krdS||kr(dSt t ¡|tj¡}t|ƒsHdSdS)NrFT)rr”r®r rArZ)Ú applied_levelÚ new_levelrYr6r6r7Úkcare_need_update\s r]cCsptjrltj t¡r t ttj¡s6tj   d  t¡¡dSt j dddtgdd\}}}|dkrltj   d  |¡¡dS) Nz-File {0} does not exist or has no read accessz /sbin/sysctlú-qz-pT©Ú catch_stdoutrz%Unable to load kcare sysctl.conf: {0})r ZUPDATE_SYSCTL_CONFIGr+r,r-Ú SYSCTL_CONFIGÚaccessÚR_OKrrvÚwarningr«rrÑ)r´Ú_r6r6r7Ú update_sysctlnsrfcsÈtj t¡sttdƒ ¡t ttj¡s>tj   d  t¡¡dSttdƒl}|  ¡}|  d¡|D]$‰t‡fdd„|Dƒƒs`| ˆ¡q`|D]}| |d¡qŠ| ¡Wdƒn1sº0YdS) z*Update SYSCTL_CONFIG accordingly the editsrlzFile {0} has no read accessNzr+rc3s|]}ˆ |¡VqdSr@)rã)r½r)©r5r6r7r%ŠrÀz#edit_sysctl_conf..Ú )r+r,r-rar/r2rbrcrrvrdr«r7ÚseekÚanyÚwriteÚtruncate)rŠrKZsysctlÚlinesrlr6rgr7Úedit_sysctl_confys    rncCs&|D]}t |¡rtd |¡ƒ‚qdS)NzDDetected '{0}' kernel module loaded. Please unload that module first)ÚCONFLICTING_MODULES_REÚmatchrr«)r™Úmoduler6r6r7Údetect_conflicting_modules’s rrcCsd t ¡¡S)Nz/lib/modules/{0}/extra/kcare.ko)r«rZget_system_unamer6r6r6r7Úget_kcare_kmod_link˜srscCsptdd}t t ¡|tj¡}tj |¡s.dSt |dƒ$}|  ¡dd…dkWdƒS1sb0YdS)NrÜrˆÚrbiäÿÿÿs~Module signature appended~ ) rŽrr”r®r rr+r,r-r/r)r¶Z kmod_fileZvfdr6r6r7Úkmod_is_signedœs    rucs4t d¡‰ˆdurdSddg}t‡fdd„|DƒƒS)Nz /proc/keysZ(12ff0613c0f80cfba3b2f8eba71ebc27c5a76170Z(69a6d9eed3f620d5c2e13a1d211c46510a5ad9f5c3s|]}|ˆvVqdSr@r6)r½rË©Z system_keysr6r7r%­rÀz'kcare_certs_enrolled..)rZ try_to_readrj)Z kcare_keysr6rvr7Úkcare_certs_enrolled¥s þrwcKs\d|g}| ¡D]\}}| d ||¡¡qtj|dd\}}}|dkrXtd ||¡ƒ‚dS)Nz /sbin/insmodz{0}={1}Tr_rzLUnable to load kmod ({0} {1}). Try to run with `--check-compatibility` flag.)ÚitemsrKr«rrÑr)Zkmodr¹ÚcmdrËr`r´rer6r6r7Ú load_kmod°s rzcCsPt ¡r,tƒdurtdƒ‚tƒdur,tdƒ‚t ¡sDt ¡sDt ¡rLtdƒ‚dS)NFz4Secure boot is enabled. Not supported by KernelCare.z.)rsrr”r rÚshutilÚcopyrir r‰r+r,r‹rŒrŠr†ÚdictrxrzÚ update_depmod)r•r¶r„Z kcare_fileZ kmod_paramsr6r’r7Úload_kcare_kmodùs   r—cCsXdg}|dur| d|g¡tj|ddd\}}}|rTtjd d |¡||¡dddS) Nz /sbin/depmodz-aTr|z%Running of `{0}` failed with {1}: {2}ú Fr)ÚextendrrÑrr€r«r<)Úunameryr´reÚstderrr6r6r7r–sÿr–cCs4tjd|gdd\}}}|dkr0td ||¡ƒ‚dS)Nz /sbin/rmmodTr_rzUnable to unload {0} kmod {1})rrÑrr«)Úmodnamer´rer6r6r7Ú unload_kmodsrcCsPg}dg|D]<}t ||d |¡¡}tj |¡rt|ƒ| d |¡¡q|S)NZvmlinuxz fixup_{0}.koz fixup_{0})rr”r«r+r,r‹rzrK)r•ràr™ZloadedÚmodÚmodpathr6r6r7Ú apply_fixups!s r c Cs>|D]4}z t|ƒWqty6tj d|¡Yq0qdS)Nz$Exception while unloading module %s.)rrirrvrw)r8ržr6r6r7Ú remove_fixups+s   r¡cCsŽ|r |}n6tjrtj}n(tƒ |¡r2d|tjdfSd|tjdfSddddddœ}| ¡}||vrj||}ntd ||tjd¡ƒ‚||tjdfS) NZfreeze_conflictTr*FZ freeze_noneZ freeze_all)ZNONEZNOFREEZEZFULLZFREEZEZSMARTz3Unable to detect freezer style ({0}, {1}, {2}, {3}))r Z PATCH_METHODr8Ú intersectionÚupperrr«)Úfreezerr™rZpatch_method_mapr6r6r7Úget_freezer_style3s$ û r¥rGcsª|||dœ‰tdˆƒt ¡}t ¡}t|ƒt||ƒ}t ||tj¡}t ||ƒd  |tj t   ¡t |¡¡} d|v} | o„t ||¡} |du} | o¢t|ƒo¢t | ¡} ˆ || dœ¡| rÆtdˆƒdS| rtdˆƒt|||ƒ}tdˆƒt|ƒtd ˆƒt|ƒ| r"td ˆƒtdƒd } | sŽrÀzkcare_load..)ru)"r‹rrÞrŒrrr¥r”r rAr r«r.rr„Z parse_unameZis_kmod_version_changedrZZkcare_update_effective_versionrLr Úkpatch_ctl_unpatchr¡rr—r†Úkpatch_ctl_patchrfrr rØrZtouch_status_gap_filer{r€)r•r¶r r¤Ú use_anchorràr™rµr·Ú descriptionZ kmod_loadedr§Z patch_loadedZ same_patchr8r6rr7Ú kcare_loadRsT    ÿ          r²c CsŒtjg}t ||tj¡}tj |¡r2|  d|g¡|  dd|g¡|  d|dg¡|  |¡t j |dd\}}}|dkrˆt ||||ƒ‚dS)Nz-br«z-dú-mrTr_)r rVrr”r rCr+r,r‹r™rKrrÑr±) r·r•r¶r±rµr¸Zblacklist_filer´rer6r6r7r¯‘s  r¯cCsZtjtjdd|dgddd\}}}|dkrVtjd ||¡ddtd  |t|ƒ¡ƒ‚dS) Nr¨r³rTr|ú4Error unpatching, kpatch_ctl stdout: {0} stderr: {1}FrúError unpatching [{0}] {1}) rrÑr rVrr€r«rr_)rµr´r…r›r6r6r7r®žs ÿ r®cCs8||d<tt ¡ƒ|d<t tj tjd¡t |ƒ¡dS)NÚactionr?z kcare.state) r~rtrrƒr+r,r<r r}r_)r¶rr6r6r7r‹¨sr‹cCsld}tj |¡sdSt |¡D]H}tj ||dd¡}tj |¡sBqt |¡}||krt |¡t|ƒqdS)Nz/usr/lib/modules/z weak-updateszkcare.ko) r+r,ÚisdirÚlistdirr<ÚislinkÚreadlinkÚunlinkr–)Ú kmod_linkZ modules_pathÚentryZ sym_link_pathZ target_pathr6r6r7Úupdate_weak_modules®s    r¾c CsZt ¡}tƒ}z| |¡Wn6tyR}z|s>td |¡ƒ‚WYd}~n d}~00t ¡}t||ƒ}t ƒØd|vr|du}|ròt t  ¡||ƒ}t j tjdd|dgddd\} } } t|ƒ| dkròtjd | | ¡d d td  | t|ƒ¡ƒ‚tjt t¡d td tƒdƒtƒ} tj | ¡r.t | ¡t| ƒWdƒn1sL0YdS)NzUnable to retrieve fixups: '{0}'. The unloading of patches has been interrupted. To proceed without fixups, use the --force flag.rr¨r³rTr|r´Frrµr)ÚcountÚdelay) rrÞr#r9rirr«rŒr¥rÒr r®rrÑr rVr¡rr€r_rZretryr Z check_excÚUNLOAD_RETRY_DELAYrrsr+r,r-r»r¾) r¤ÚforceràÚpfÚerrr™rµZ need_unpatchr8r´r…r›r¼r6r6r7Ú kcare_unload¾s@ÿÿ  ÿ  ÿ rÅcCs8tƒ}|rt|ƒS|jdkr"|jS|jdur4t ¡SdSr²)rÔÚ_kcare_info_jsonr´r:rÕrrXrUr6r6r7rCês  rCcCsRd|ji}|jdur>| t t ¡¡¡| t | d¡¡¡|j |d<t   |¡S)NrÅzkpatch-descriptionz kpatch-state) r:rÕrLrrÈrrXZparse_patch_descriptionrèrErdre)rÚr3r6r6r7rÆös    rÆc@s$eZdZdZdZdZdZdd„ZdS)r;rrrmrÝcCs"||_||_||_||_||_dSr@)r´r:Ú remote_lvlrÕrE)r°r´r:rÇrÕrEr6r6r7rªs z PLI.__init__N)rHr¦r§rr<ÚPATCH_UNAVALIABLEÚPATCH_NOT_NEEDEDrªr6r6r6r7r;s r;c Csút ¡}z‚tdd}|rJt||ƒr6tjdd}}}qxtjdd}}}n.|dkrftjdd}}}ntjd d}}}t|||||ƒ}Wnjtyôtj }t j rÂd   t j t  ¡dt ¡¡}nd   t  ¡dt ¡t ¡¡}t||ddd ƒ}Yn0|S) NrÜrˆz*Update available, run 'kcarectl --update'.ZappliedzThe latest patch is applied.rz(This kernel doesn't require any patches.ZunsetzDNo patches applied, but some are available, run 'kcarectl --update'.zuInvalid sticky patch tag {0} for kernel ({1} {2}). Please check /etc/sysconfig/kcare/kcare.conf STICKY_PATCH settingsr©Z unavailable)rrÞrŽr]r;r<rrÉr¨rÈr Ú STICKY_PATCHr«rr\r¬r­r®)Zcurrent_patch_levelZnew_patch_levelr´r:rErÜr6r6r7rÔsF  ý ý ý ý  þÿÿrÔc Csüd}zZt ¡}td|fd|fgƒ}t ¡d |¡}t |¡}t  t  |  ¡¡¡}t |dƒWSt y}zt ||¡WYd}~dSd}~0tyÀ}zt ||¡WYd}~dSd}~0työ}zt d |¡¡WYd}~d Sd}~00dS) zÁ Request to tag server from ePortal. See KCARE-947 for more info :param tag: String used to tag the server :return: 0 on success, -1 on wrong server id, other values otherwise NÚ server_idÚtagz/tag_server.plain?{0}r´éýÿÿÿéüÿÿÿzInternal Error {0}éûÿÿÿ)rÚ get_serveridr"rrÆr«rrÇrrÈrfrr~rrrÊrrir€) rÌrjrËZqueryrÌrÍrÎZueZeer6r6r7Ú tag_serverBs"   rÑc Csìt d¡}t d |¡¡t}t ¡²}z:t  ||j ¡}t  t   |¡|j ¡t |j |¡|j }Wn4ty–}zt d |¡¡WYd}~n d}~00tjd|t ¡gdd\}}}|rÊtd ||¡ƒ‚Wdƒn1sÞ0YdS)Nz doctor.shz#Requesting doctor script from `{0}`z3Kcare doctor error: {0}. Fallback to the local one.ZbashT)r}zScript failed with '{0}' {1})rrhrZlogdebugr«ÚKCDOCTORÚtempfileZNamedTemporaryFilerZfetch_signaturer!Z save_to_filerrÇZcheck_gpg_signaturerir€rrÑrZget_patch_serverr)Z doctor_urlZdoctor_filenameZ doctor_dstZ signaturerÄr´rer›r6r6r7Úkcdoctor]s   &rÔcCsBt d t¡¡}zt |¡Wnty2YdS0t d¡dS)Nz{0}-new-versionFzwA new version of the KernelCare package is available. To continue to get kernel updates, please install the new versionT) rrhr«ÚEFFECTIVE_LATESTrrÇrrr )rjr6r6r7Úcheck_new_kc_versionns ÿrÖc Cst ¡}t|ƒ}|tjkp*|tjko*|du}zt||ƒ}WnŠtjyˆ}z4|durV‚t   t |ƒ¡t   d¡tj }WYd}~nFd}~0t yÄ}z&|rž‚nt j d |¡¡WYd}~n d}~00|tjkrÖ|} n@|} |dur|tj krüt |d¡} n|tjkr|} ntdƒ‚| S)aÒ Get patch level to apply. :param reason: what was the source of request (update, info etc.) :param policy: REMOTE -- get latest patch_level from patchserver, LOCAL -- use cached latest, LOCAL_FIRST -- if cached level is None get latest from patchserver, use cache otherwise :param mode: constants.UPDATE_MODE_MANUAL, constants.UPDATE_MODE_AUTO or constants.UPDATE_MODE_SMART :return: patch_level string Nz#Using previously downloaded patcheszUnable to send data: {0}rz9Unknown policy, choose one of: REMOTE, LOCAL, LOCAL_FIRST)rr®r¤r rJZPOLICY_LOCAL_FIRSTrr rrrr_Z POLICY_LOCALrirvrdr«r¢r) r‰rGr r•Z cached_levelZconsider_remote_exZ remote_levelrÎrr¶r6r6r7rŽ{s2  (    rŽcCs’|dkr dS|dkrdn|t_ttddtjƒr€tjtjdtjdvrnt ¡rntjpXt }t dd d   |¡fƒt   d   |¡¡ntd   |¡ƒ‚dS) NÚedfr*rGZproberˆ©r.r~)zfs.enforce_symlinksifownerzfs.symlinkown_gidzfs.enforce_symlinksifowner=1zfs.symlinkown_gid={0}z'{0}' patch type selectedz/'{0}' patch type is unavailable for your kernel)r r.rrr Ú update_configrZ is_cpanelZ FORCE_GIDÚ CPANEL_GIDrnr«rr r)r=Úgidr6r6r7Úupdate_patch_type©s  þrÜc CsŽt ¡ttjƒ|tjkr"tƒztd||d}Wn^t y’}zF|tj tj fvr|tj r|t |ƒ}tj |¡WYd}~dS‚WYd}~n d}~00t ¡}t|ƒ}| ¡t||dsÆt d¡dSz(tjtjdddtjtjdd dWn tytj d ¡Yn0t ¡}|tj ks,tjrvtƒ2| |¡t |||||tj kd Wdƒn1sl0Yt !|¡t"||ƒdS) ax :param mode: constants.UPDATE_MODE_MANUAL, constants.UPDATE_MODE_AUTO or constants.UPDATE_MODE_SMART :param policy: REMOTE -- download latest and patches from patchserver, LOCAL -- use cached files, LOCAL_FIRST -- download latest and patches if cached level is None, use cache in other cases :param freezer: freezer mode rL)r‰rGr N)r[r\z%No updates are needed for this kernelrÝz kcore*.dump)Zkeep_nÚpatternz kmsg*.logz#Error during crash reporter cleanup)r°)#rZlog_all_parent_processesrr r.r rJrÖrŽr¨ÚUPDATE_MODE_AUTOÚUPDATE_MODE_SMARTrßr_rrvrdrrÞr#r2r]r rr“r‰rirwr®r×rÒr9r²Zdump_kernel_patch_levelr–) r¤r rGr¶rÎr:ràrÃr•r6r6r7Ú do_update¿s<      8 ràcCstttjƒttjptjƒttjp$tjƒfƒ}|dkr| d ¡sˆ| d ¡rš| t |¡¡n| t |¡  d d ¡¡|D]}| t |¡¡q¶t  d d   |¡dtj ¡} |   |¡S)zhMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 Fr9rrNÚ*z,too many wildcards in certificate DNS name: z[^.]+zxn--z\*z[^.]*z\Az\.z\Z)r;r¿r¥ÚreprÚlowerrKrãÚreÚescapeÚreplaceÚcompiler<Ú IGNORECASErp) ZdnÚhostnameZ max_wildcardsZpatsÚpiecesZleftmostZ remainderZ wildcardsZfragZpatr6r6r7Ú_dnsname_matchEs(    ròc Csg}t| ¡ƒD]2}| |¡}| ¡dkrdd„t|ƒ d¡Dƒ}q|sPtdƒ‚g}|D]*\}}|dkrXt||ƒrxdS| |¡qX|sª|  ¡j }t||ƒr dS| |¡t |ƒdkrÔt d  |d  tt|ƒ¡¡ƒ‚n*t |ƒdkröt d   ||d ¡ƒ‚nt d ƒ‚dS) NZsubjectAltNamecSsg|]}| ¡ dd¡‘qS)r‚r)r¡r;)r½Úitr6r6r7r¿}rÀz"match_hostname..ú,ztempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIREDZDNSrz(hostname {0} doesn't match either of {1}r¼zhostname {0} doesn't match {1}rz=no appropriate commonName or subjectAltName fields were found)ÚrangeZget_extension_countZ get_extensionZget_short_namer_r;r‚ròrKZ get_subjectZ commonNamerr¥r«r<Úmapré) ZcertrðZsanr¾rÎZdnsnamesrËr`Zcnr6r6r7rúxs2  ÿ        rúc Cs8 tddd}|jdddd|jdd d dd|jd d dd|jd dddd|jdddd|jdddd|jdddd|jdddd|jdddd|jdddd|jdd dd|jd!d"dd|jd#d$dd|jd%d&dd|jd'd(d)d|jd*d+dd|jd,d-dd|jd.d/dd|jd0d1dd|jd2d3dd|jd4d5d6d|jd7d8d9d|jd:d;dd|jdd?dd|jd@dAdd|jdBdCddDdE|jdFdGdd|jdHdIdd|jdJdKdd|jdLdMdd|jdNdOdd|jdPdQdd|jdRdSdd|jdTdUdd|jdVdWdd|jdXdYdZtdd[d\|jd]d^dd|jd_d`dd| ¡}|jdadbdZd|jdcdddd|jdedfdd|jdgdhdZdd[di|jdjdkdldd[dm|jdndodp|jdqdrdd|jdsdtdudvdwtjsä|jdxdydzd{d[d||jd}d~dzd{dd||jd€ddd|jd‚dƒd„dd|jd…ddd|jd†d‡dˆdd|jd‰dŠd‹dd|jdŒddŽdd|jdd‘d’dd“d”|jd•d“dd|jd–d—dd| ¡}t ¡tjs tj d˜g7_ |j dur@t t d|j   d™¡ƒƒ tj ¡r|j?rì|j?t_@|jArt7 8d£t9¡d¤t_@tj@ Bd¥¡t_@tj@rDtj@tCvrDt"jD Ed¦ Ftj@d§ GtC¡¡¡|jHr^dt_Id¨|jHt_J|j=rptK|j=ƒtj;d¡kržtLƒt_;t7 8d© Ftj;p–d¢¡t9¡|jMr¾t' NtOjM|jPdª¡dS|jQrêtQjQd«ddd¬}t' NtP R|¡¡dStStj;ƒ|jTrtUƒdS|jVr–tW XtQjQd«ddd¬¡}d­ F|jY¡}|jZrDt' N|¡nRtW [|¡}|rft" \d® F|¡¡nt"j]d¯dd°|j^rˆt' N|¡n|r–| _¡|j`r¼|jPr²t`d±d²nt`ƒdS|jarÔtj,d³d´dS|jbrìtj,dµd´dS|jcrt d|jc¡dS|jertf|jeƒS|jgr&th g¡|jirVtj;d¶krFtj,d·d¸th i|ji|jj¡S|jkrtth k¡dškrpdšSd›S|jldurŠtm|jlƒS|jnržt' Ntjo¡tp|dzdƒdurÀtq r|js¡dšStj sø|jtrØtq u¡S|jvrøtq w¡durøt" \d¹¡|jx rtqjwtjydºn|jz r*tq {¡t" \d»¡|j| r@t' Ntq }¡¡|j~ rVt' Ntq ¡¡|j€ rztq ¡ rzt' Ntq ‚|j€¡¡|jƒdu rà|jƒdk rªtj„ p¦t…tqj† ‡¡ƒ}nd¼d½„|jƒ  d™¡Dƒ}tqjwtˆ|ƒd¾du ràt" \d¹¡|j‰ røtqjwtjydd¿|jŠ rt' Nt‹|jPdª¡d} |jŒ r.t7 8dÀt9¡dÁ} |j r<|j} |jŽ rVt| tjtj‘dÂ|j> rvt| tj’dºt" \dá|j rŒt' Nt“ ”¡¡|j• r¬t–| |j—dÄt" \dÅ¡|j rÚd[t_˜t™ št› œdšdÆ¡¡t| tjydº|j rît|jPdª|jž rütŸƒS|j  rt¡|jPdª|j¢ rt£ƒt¤tj¥ƒd›k r4t¦ƒdS)ÇNZkcarectlz)Manage KernelCare patches for your kernel)Zprogr±z--debugrGZ store_true)Úhelpr¶z-iz--infoz]Display information about KernelCare. Use with --json parameter to get result in JSON format.z --app-infozcDisplay information about KernelCare agent. Use with --json parameter to get result in JSON format.z-uz--updatez.)Úlimit)r rzQFlag --nofreeze has been deprecated and will be not available in future releases.r—)r rGzKernel is safe)rÂz=KernelCare protection disabled. Your kernel might not be safeé<)§rZ add_argumentr~Zadd_mutually_exclusive_groupr ZLIBCARE_DISABLEDZ parse_argsr Zset_settings_from_config_fileÚFLAGSZ has_flagsr*Úfilterr;ÚissubsetÚquietZ auto_updateZSILENCE_ERRORSr ZPRINT_CRITICALZ PRINT_LEVELZ PRINT_ERRORrZ PRINT_DEBUGršr+ÚgetuidÚprintrOr›ÚloggingÚINFOZWARNINGÚDEBUGrZinitialize_loggingZIGNORE_FEATURE_FLAGSZset_feature_flags_from_cacher–rZclear_all_cacheZset_patch_levelr_rrÙZset_sticky_patchrÊZ nosignaturer Z no_check_certrør‡rˆr{Z edf_enabledÚwarningsÚwarnÚDeprecationWarningZ edf_disabledr.ZPREV_PATCH_TYPEZset_patch_typerLrœršr$r¡ÚEXPECTED_PREFIXrvrdr«r<ZlocalrcZ PATCH_SERVERrÜråZapp_inforÉrrdrrerFZdoctorrÔZkernel_anomaly_reportrrZ archive_pathrúr r rZ keep_localr rÛZenable_auto_updateZdisable_auto_updateZ set_configZupdate_config_from_argsZset_monitoring_keyrÏZ unregisterrÚregisterZregister_autoretryrÖrÌrÑrär]r^rZset_libcare_statusrýZuserspace_statusZget_userspace_update_statusZ lib_updateZdo_userspace_updateZlib_auto_updaterÞZ lib_unloadZlibcare_unloadZlib_inforDZlib_patch_infoZlibcare_patch_infoZ lib_versionZlibcare_server_startedZlibcare_versionZuserspace_updaterÿÚlistZ USERSPACE_MAPÚkeysÚsortedZuserspace_auto_updaterÜrCZnofreezer¤Z smart_updateràrßZ UPDATE_POLICYrârrØr©rÅrÂZCHECK_CLN_LICENSE_STATUSrtruÚrandomZuniformrNZstatusráZlatest_patch_inforQZcheckr>rÚargvrF) ZparserZexclusive_groupr¸r¶rÜr Zlocal_path_messagerrr¤r6r6r7Úmain¡s| üýÿÿýýÿýüýýúÿû ÿ ÿ ÿÿÿûý               ÿ                         r)N)N)F)F)N)rGF)rGF)r)¯Z __future__rrgrdr r+r¬rrër“réZsslrOrÓrtrNr ZargparserÚ contextlibrrrGrrr r r r r rrrrrrrrrrrrrrrrZpy23rrr r!r"rÚrÕrr.rÒrrarÁrîÚDOTALLr3ror,r·ÚinsertÚfilterwarningsrÚAnyÚDictÚOptionalÚSetÚTupleÚUnionrvZsetLevelr r8r?rFrbrkr{r†r‘r–rr r¤r‚r¥r¨r±rrÏrÒrÛrárårçrìrõrör^Zdistutils.versionZ distutilsZ OpenSSL.SSLr÷räZ StrictVersionÚ __version__Ú ImportErrorríZHTTPSConnectionZPureHTTPSConnectionÚobjectrîrôrrârrr"r#r>rFrQr@rSrNrZr]rfrnrrrsrurwrzr{rr†rŠrrr—r–rr r¡r¥r²r¯r®r‹r¾rÅrCrÆr;rÔrÑrÔrÖrJrŽrÜràrãrärròrúrr6r6r6r7Úsþ    X    &    4  -! a #             ?   ,  2 .7, 3)