exosphere-cli 2.3.0__tar.gz → 2.4.0__tar.gz

{exosphere_cli-2.3.0 → exosphere_cli-2.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: exosphere-cli
-Version: 2.3.0
+Version: 2.4.0
 Summary: CLI/TUI driven patch reporting for remote Unix-like systems.
 Author: Alexandre Gauthier
 Author-email: Alexandre Gauthier <alex@underwares.org>

{exosphere_cli-2.3.0 → exosphere_cli-2.4.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "exosphere-cli"
-version = "2.3.0"
+version = "2.4.0"
 description = "CLI/TUI driven patch reporting for remote Unix-like systems."
 readme = "README.md"
 authors = [

{exosphere_cli-2.3.0 → exosphere_cli-2.4.0}/src/exosphere/providers/api.py

@@ -6,13 +6,23 @@ well as helper functions and decorators to be used by package manager
 provider implementations.
 """
 
+import functools
 import logging
 from abc import ABC, abstractmethod
 from collections.abc import Callable
 
 from fabric import Connection
+from invoke.exceptions import AuthFailure
 
 from exosphere.data import Update
+from exosphere.errors import DataRefreshError
+
+_SUDO_AUTH_FAILURE_MESSAGE = (
+    "Sudo failed: "
+    "Ensure the user is configured with passwordless sudo. "
+    "You can use 'exosphere sudo generate' to produce a sudoers snippet for this host. "
+    "See: https://exosphere.readthedocs.io/en/stable/connections.html#id1"
+)
 
 
 def requires_sudo(func: Callable) -> Callable:
@@ -23,9 +33,21 @@ def requires_sudo(func: Callable) -> Callable:
     it requires sudo privileges to execute. You should add it to any
     method that requires elevated privileges, i.e. whenever you are
     using 'cx.sudo()' instead of 'cx.run()'.
+
+    Additionally, the decorator provides enhanced error handling for
+    sudo related failures, presenting a clear message about sudo policies
+    and sudoers configuration when an AuthFailure or related exception occurs.
     """
-    setattr(func, "__requires_sudo", True)
-    return func
+
+    @functools.wraps(func)
+    def wrapper(*args: object, **kwargs: object) -> object:
+        try:
+            return func(*args, **kwargs)
+        except AuthFailure as e:
+            raise DataRefreshError(_SUDO_AUTH_FAILURE_MESSAGE) from e
+
+    setattr(wrapper, "__requires_sudo", True)
+    return wrapper
 
 
 class PkgManager(ABC):

{exosphere_cli-2.3.0 → exosphere_cli-2.4.0}/src/exosphere/providers/freebsd.py

@@ -26,6 +26,7 @@ class Pkg(PkgManager):
 
     SUDOERS_COMMANDS: list[str] | None = [
         "/usr/sbin/pkg update -q",
+        "/usr/sbin/pkg audit -qF",
     ]
 
     def __init__(self) -> None:
@@ -41,7 +42,11 @@ class Pkg(PkgManager):
         """
         Synchronize the package repository.
 
-        This method is equivalent to running 'pkg update -q'.
+        It will also download the latest version of the vuln.xml
+        database to check for security updates.
+
+        This method is equivalent to running 'pkg update -q', followed
+        by 'pkg audit -qF'.
 
         :param cx: Fabric Connection object
         :return: True if synchronization is successful, False otherwise.
@@ -56,6 +61,19 @@ class Pkg(PkgManager):
             )
             return False
 
+        # Sync vulnerability data via pkg audit -qF, which forces a download
+        # of the vuln.xml database. We do not store or parse the output, as
+        # the cost of running it a second time in get_updates() is negligible,
+        # and will be a local operation anyways.
+        self.logger.debug("Synchronizing vuln.xml via pkg audit")
+        audit_result = cx.sudo("/usr/sbin/pkg audit -qF", hide=True, warn=True)
+
+        if audit_result.failed and audit_result.stderr:
+            self.logger.error(
+                f"Failed to synchronize vuln.xml via pkg audit: {audit_result.stderr}"
+            )
+            return False
+
         self.logger.debug("FreeBSD pkg repositories synchronized successfully")
 
         return True