exosphere-cli 2.4.0__tar.gz → 2.4.2__tar.gz

{exosphere_cli-2.4.0 → exosphere_cli-2.4.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: exosphere-cli
-Version: 2.4.0
+Version: 2.4.2
 Summary: CLI/TUI driven patch reporting for remote Unix-like systems.
 Author: Alexandre Gauthier
 Author-email: Alexandre Gauthier <alex@underwares.org>
@@ -9,7 +9,6 @@ License-File: LICENSE
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Console
 Classifier: Intended Audience :: System Administrators
-Classifier: License :: OSI Approved :: MIT License
 Classifier: Natural Language :: English
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3.13
@@ -87,7 +86,7 @@ Supported platforms for remote hosts include:
 - FreeBSD (using pkg)
 - OpenBSD (using pkg_add)
 
-Unsupported platform with with SSH connectivity checks only:
+Unsupported platforms with SSH connectivity checks only:
 
 - Other Linux distributions (e.g., Arch Linux, Gentoo, NixOS, etc.)
 - Other BSD systems (NetBSD)
@@ -101,9 +100,11 @@ This includes network equipment with proprietary operating systems, etc.
 For installation instructions, configuration and usage examples,
 [full documentation](https://exosphere.readthedocs.io/) is available.
 
-## Development Quick Start
+## Development
 
-tl;dr, use [uv](https://docs.astral.sh/uv/getting-started/installation/)
+### Development Quick Start
+
+TL;DR, use [uv](https://docs.astral.sh/uv/getting-started/installation/)
 
 ```bash
 uv sync --dev
@@ -124,7 +125,7 @@ For more details, and available tasks, run:
 uv run poe --help
 ```
 
-## UI Development Quick Start
+### UI Development Quick Start
 
 The UI is built with [Textual](https://textual.textualize.io/).
 
@@ -145,7 +146,7 @@ reflect changes immediately.
 
 Make sure you run Exosphere UI with `exosphere ui start`.
 
-## Documentation Editing Quick Start
+### Documentation Editing Quick Start
 
 To edit the documentation, you can use the following commands:
 
@@ -171,6 +172,89 @@ documentation, but can also be invoked separately:
 uv run poe docs-lint
 ```
 
+### Project Structure
+
+The project is managed via uv and `pyproject.toml`, which contains all dependencies,
+scripts, and metadata for the application.
+
+Exosphere uses [Poe the Poet](https://poethepoet.natn.io/) as a task runner, and all
+tasks are defined in the `pyproject.toml` file under the `[tool.poe.tasks]` table.
+
+#### Root Directory
+
+| path | description |
+| ---- | ----------- |
+| `docs/` | Sphinx documentation source tree |
+| `docs/source/_ext/` | Custom Sphinx extensions for the project |
+| `examples/` | Example configuration files and reports |
+| `scripts/` | Utilitarian scripts for dev and maintenance |
+| `src/` | Main source code for the application |
+| `tests/` | Test suite for the application |
+
+#### Source Tree
+
+| path | description |
+| ---- | ----------- |
+| `src/exosphere/` | Main application source code |
+| `src/exosphere/commands/` | CLI command implementations |
+| `src/exosphere/providers/` | Package Manager Provider implementations (e.g. debian, freebsd, redhat, etc) |
+| `src/exosphere/schema/` | Reporting JSON schema definitions |
+| `src/exosphere/setup/` | Discovery and platform detection module |
+| `src/exosphere/templates/` | Jinja2 templates for reporting |
+| `src/exosphere/ui/` | Textual UI source code |
+| `src/exosphere/ui/style.tcss` | Textual CSS for styling the UI |
+
+The rest of the source tree should be fairly self-explanatory.
+
+#### Core Modules
+
+Paths below are relative to `src/exosphere/` unless otherwise noted.
+
+| module | description |
+| ------ | ----------- |
+| `main.py` | Main entry point for the application |
+| `providers/api.py` | Package manager provider API and base classes |
+| `providers/factory.py` | Concrete provider factory for creation of Package Managers |
+| `cli.py` | CLI interface entry point |
+| `config.py` | Configuration subsystem, including defaults |
+| `context.py` | Context management for shared state across commands and UI |
+| `data.py` | Data models and structures for serialization and exchange |
+| `database.py` | Cache system for serialization |
+| `errors.py` | Exception classes and general error messages |
+| `inventory.py` | Inventory management subsystem |
+| `migrations.py` | Cache format migration processes |
+| `objects.py` | Main objects for representing Hosts, and most of the relevant logic |
+| `pipelining.py` | SSH pipelining implementation, including reaper thread |
+| `repl.py` | REPL module for interactive CLI usage |
+| `reporting.py` | Reporting subsystem, including templates and formatters |
+| `security.py` | Sudo management subsystem, including policy and utilities |
+
+Generally, most of the things Exosphere does to hosts (including connection management
+and operations) are going to be found in `objects.py`.
+
+#### UI Modules
+
+Paths below are relative to `src/exosphere/` unless otherwise noted.
+
+| module | description |
+| ------ | ----------- |
+| `ui/app.py` | Main Textual application class and entry point for the UI |
+| `ui/context.py` | UI Context management for shared state across UI components |
+| `ui/elements.py` | Shared UI elements, including task runners |
+| `ui/dashboard.py` | Dashboard view implementation |
+| `ui/inventory.py` | Inventory view implementation |
+| `ui/logs.py` | Logs view implementation |
+| `ui/messages.py` | Screen refresh and message passing system |
+
+The TCSS for all of it is in a single file under `ui/style.tcss`.
+
+### Using Exosphere as a Library
+
+This use case is not currently well supported, but it is possible to use Exosphere as a library.
+The documentation for this (alongside actual examples) is still a WIP, but you can
+refer to the [Online API Documentation](https://exosphere.readthedocs.io/en/stable/api/index.html)
+for the core functionality and objects that are considered public.
+
 ## License
 
 This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

{exosphere_cli-2.4.0 → exosphere_cli-2.4.2}/README.md

@@ -50,7 +50,7 @@ Supported platforms for remote hosts include:
 - FreeBSD (using pkg)
 - OpenBSD (using pkg_add)
 
-Unsupported platform with with SSH connectivity checks only:
+Unsupported platforms with SSH connectivity checks only:
 
 - Other Linux distributions (e.g., Arch Linux, Gentoo, NixOS, etc.)
 - Other BSD systems (NetBSD)
@@ -64,9 +64,11 @@ This includes network equipment with proprietary operating systems, etc.
 For installation instructions, configuration and usage examples,
 [full documentation](https://exosphere.readthedocs.io/) is available.
 
-## Development Quick Start
+## Development
 
-tl;dr, use [uv](https://docs.astral.sh/uv/getting-started/installation/)
+### Development Quick Start
+
+TL;DR, use [uv](https://docs.astral.sh/uv/getting-started/installation/)
 
 ```bash
 uv sync --dev
@@ -87,7 +89,7 @@ For more details, and available tasks, run:
 uv run poe --help
 ```
 
-## UI Development Quick Start
+### UI Development Quick Start
 
 The UI is built with [Textual](https://textual.textualize.io/).
 
@@ -108,7 +110,7 @@ reflect changes immediately.
 
 Make sure you run Exosphere UI with `exosphere ui start`.
 
-## Documentation Editing Quick Start
+### Documentation Editing Quick Start
 
 To edit the documentation, you can use the following commands:
 
@@ -134,6 +136,89 @@ documentation, but can also be invoked separately:
 uv run poe docs-lint
 ```
 
+### Project Structure
+
+The project is managed via uv and `pyproject.toml`, which contains all dependencies,
+scripts, and metadata for the application.
+
+Exosphere uses [Poe the Poet](https://poethepoet.natn.io/) as a task runner, and all
+tasks are defined in the `pyproject.toml` file under the `[tool.poe.tasks]` table.
+
+#### Root Directory
+
+| path | description |
+| ---- | ----------- |
+| `docs/` | Sphinx documentation source tree |
+| `docs/source/_ext/` | Custom Sphinx extensions for the project |
+| `examples/` | Example configuration files and reports |
+| `scripts/` | Utilitarian scripts for dev and maintenance |
+| `src/` | Main source code for the application |
+| `tests/` | Test suite for the application |
+
+#### Source Tree
+
+| path | description |
+| ---- | ----------- |
+| `src/exosphere/` | Main application source code |
+| `src/exosphere/commands/` | CLI command implementations |
+| `src/exosphere/providers/` | Package Manager Provider implementations (e.g. debian, freebsd, redhat, etc) |
+| `src/exosphere/schema/` | Reporting JSON schema definitions |
+| `src/exosphere/setup/` | Discovery and platform detection module |
+| `src/exosphere/templates/` | Jinja2 templates for reporting |
+| `src/exosphere/ui/` | Textual UI source code |
+| `src/exosphere/ui/style.tcss` | Textual CSS for styling the UI |
+
+The rest of the source tree should be fairly self-explanatory.
+
+#### Core Modules
+
+Paths below are relative to `src/exosphere/` unless otherwise noted.
+
+| module | description |
+| ------ | ----------- |
+| `main.py` | Main entry point for the application |
+| `providers/api.py` | Package manager provider API and base classes |
+| `providers/factory.py` | Concrete provider factory for creation of Package Managers |
+| `cli.py` | CLI interface entry point |
+| `config.py` | Configuration subsystem, including defaults |
+| `context.py` | Context management for shared state across commands and UI |
+| `data.py` | Data models and structures for serialization and exchange |
+| `database.py` | Cache system for serialization |
+| `errors.py` | Exception classes and general error messages |
+| `inventory.py` | Inventory management subsystem |
+| `migrations.py` | Cache format migration processes |
+| `objects.py` | Main objects for representing Hosts, and most of the relevant logic |
+| `pipelining.py` | SSH pipelining implementation, including reaper thread |
+| `repl.py` | REPL module for interactive CLI usage |
+| `reporting.py` | Reporting subsystem, including templates and formatters |
+| `security.py` | Sudo management subsystem, including policy and utilities |
+
+Generally, most of the things Exosphere does to hosts (including connection management
+and operations) are going to be found in `objects.py`.
+
+#### UI Modules
+
+Paths below are relative to `src/exosphere/` unless otherwise noted.
+
+| module | description |
+| ------ | ----------- |
+| `ui/app.py` | Main Textual application class and entry point for the UI |
+| `ui/context.py` | UI Context management for shared state across UI components |
+| `ui/elements.py` | Shared UI elements, including task runners |
+| `ui/dashboard.py` | Dashboard view implementation |
+| `ui/inventory.py` | Inventory view implementation |
+| `ui/logs.py` | Logs view implementation |
+| `ui/messages.py` | Screen refresh and message passing system |
+
+The TCSS for all of it is in a single file under `ui/style.tcss`.
+
+### Using Exosphere as a Library
+
+This use case is not currently well supported, but it is possible to use Exosphere as a library.
+The documentation for this (alongside actual examples) is still a WIP, but you can
+refer to the [Online API Documentation](https://exosphere.readthedocs.io/en/stable/api/index.html)
+for the core functionality and objects that are considered public.
+
 ## License
 
 This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

{exosphere_cli-2.4.0 → exosphere_cli-2.4.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "exosphere-cli"
-version = "2.4.0"
+version = "2.4.2"
 description = "CLI/TUI driven patch reporting for remote Unix-like systems."
 readme = "README.md"
 authors = [
@@ -11,7 +11,6 @@ classifiers = [
     "Development Status :: 5 - Production/Stable",
     "Environment :: Console",
     "Intended Audience :: System Administrators",
-    "License :: OSI Approved :: MIT License",
     "Natural Language :: English",
     "Operating System :: OS Independent",
     "Programming Language :: Python :: 3.13",
@@ -49,14 +48,14 @@ dev = [
     "pytest-cov>=6.1.1",
     "pytest-json-ctrf>=0.3.5",
     "pytest-mock>=3.14.1",
-    "renku-sphinx-theme>=0.5.0",
+    "sphinx-rtd-theme>=3.0.2",
     "ruff>=0.15.0",
-    "sphinx>=8.2.3,<9.0",
+    "sphinx>=8.2.3",
     "sphinx-autobuild>=2024.10.3",
     "sphinx-lint>=1.0.0",
     "sphinx-tabs>=3.4.7",
     "sphinxcontrib-spelling>=8.0.1",
-    "sphinxcontrib-typer>=0.5.1",
+    "sphinxcontrib-typer>=0.7.2",
     "textual-dev>=1.7.0",
 ]
 
@@ -74,7 +73,7 @@ issues = "https://github.com/mrdaemon/exosphere/issues"
 exosphere = "exosphere.main:main"
 
 [build-system]
-requires = ["uv_build>=0.7.19,<0.11.0"]
+requires = ["uv_build>=0.7.19,<0.12.0"]
 build-backend = "uv_build"
 
 [tool.uv.build-backend]

{exosphere_cli-2.4.0 → exosphere_cli-2.4.2}/src/exosphere/errors.py

@@ -16,6 +16,18 @@ AUTH_FAILURE_MESSAGE = (
     "and that your username is correct for the host."
 )
 
+# Sudo authentication failure message for better UX
+# This is intended to be displayed whenever a sudo command fails due to
+# a password prompt, or failure raised by Invoke's AuthFailure exception.
+# This will generally come up when a user is not configured with passwordless
+# sudo, but has a Sudo Policy of NOPASSWD or equivalent.
+SUDO_AUTH_FAILURE_MESSAGE = (
+    "Sudo failed: "
+    "Ensure the user is configured with passwordless sudo. "
+    "You can use 'exosphere sudo generate' to produce a sudoers snippet for this host. "
+    "See: https://exosphere.readthedocs.io/en/stable/connections.html#id1"
+)
+
 
 class DataRefreshError(Exception):
     """Exception raised for errors encountered during data refresh."""

{exosphere_cli-2.4.0 → exosphere_cli-2.4.2}/src/exosphere/providers/api.py

@@ -15,14 +15,7 @@ from fabric import Connection
 from invoke.exceptions import AuthFailure
 
 from exosphere.data import Update
-from exosphere.errors import DataRefreshError
-
-_SUDO_AUTH_FAILURE_MESSAGE = (
-    "Sudo failed: "
-    "Ensure the user is configured with passwordless sudo. "
-    "You can use 'exosphere sudo generate' to produce a sudoers snippet for this host. "
-    "See: https://exosphere.readthedocs.io/en/stable/connections.html#id1"
-)
+from exosphere.errors import SUDO_AUTH_FAILURE_MESSAGE, DataRefreshError
 
 
 def requires_sudo(func: Callable) -> Callable:
@@ -44,7 +37,7 @@ def requires_sudo(func: Callable) -> Callable:
         try:
             return func(*args, **kwargs)
         except AuthFailure as e:
-            raise DataRefreshError(_SUDO_AUTH_FAILURE_MESSAGE) from e
+            raise DataRefreshError(SUDO_AUTH_FAILURE_MESSAGE) from e
 
     setattr(wrapper, "__requires_sudo", True)
     return wrapper

{exosphere_cli-2.4.0 → exosphere_cli-2.4.2}/src/exosphere/providers/debian.py

@@ -28,6 +28,7 @@ class Apt(PkgManager):
         """
         super().__init__()
         self.logger.debug("Initializing Debian Apt package manager")
+        self.line_pattern: re.Pattern | None = None
 
     @requires_sudo
     def reposync(self, cx: Connection) -> bool:
@@ -49,6 +50,10 @@ class Apt(PkgManager):
             )
             return False
 
+        # Log warnings from apt-get if there was any stderr output.
+        if update.stderr:
+            self._log_apt_warn(update.stderr)
+
         self.logger.debug("Apt repositories synchronized successfully")
 
         return True
@@ -78,6 +83,10 @@ class Apt(PkgManager):
             self.logger.debug("No updates available or no matches in output.")
             return updates
 
+        # Log warnings from apt-get if there was any stderr output.
+        if raw_query.stderr:
+            self._log_apt_warn(raw_query.stderr)
+
         for line in raw_query.stdout.splitlines():
             line = line.strip()
 
@@ -108,15 +117,17 @@ class Apt(PkgManager):
         :return: Update data class instance or None if parsing fails.
         """
 
-        pattern = (
-            r"^Inst\s+"  # Starts with "Inst" followed by space(s)
-            r"(?P<name>\S+)\s+"  # Package name: non-space characters
-            r"(?:\[(?P<current_version>[^\]]+)\]\s+)?"  # Current version: text in [] (optional)
-            r"\((?P<new_version>\S+)\s+"  # New version: first non-space in ()
-            r"(?P<source>.+?)\s+\[[^\]]+\]\)"  # Repo source: lazily capture text until next [..]
-        )
+        # Compile the regex pattern on first use
+        if self.line_pattern is None:
+            self.line_pattern = re.compile(
+                r"^Inst\s+"  # Starts with "Inst" followed by space(s)
+                r"(?P<name>\S+)\s+"  # Package name: non-space characters
+                r"(?:\[(?P<current_version>[^\]]+)\]\s+)?"  # Current version: text in [] (optional)
+                r"\((?P<new_version>\S+)\s+"  # New version: first non-space in ()
+                r"(?P<source>.+?)\s+\[[^\]]+\]\)"  # Repo source: lazily capture text until next [..]
+            )
 
-        match = re.match(pattern, line)
+        match = self.line_pattern.match(line)
 
         if not match:
             return None
@@ -135,7 +146,7 @@ class Apt(PkgManager):
         repo_source = match["source"].strip()
         is_security = False
 
-        if "security" in repo_source.lower():
+        if "security" in repo_source.casefold():
             self.logger.debug(
                 f"Package {package_name} is a security update: {new_version}"
             )
@@ -148,3 +159,16 @@ class Apt(PkgManager):
             source=repo_source,
             security=is_security,
         )
+
+    def _log_apt_warn(self, lines: str) -> None:
+        """
+        Log warnings from APT stderr output.
+        We ignore empty lines and lines that do not begin with "W:"
+
+        :param lines: Stderr output to log.
+        """
+        for line in lines.splitlines():
+            line = line.strip()
+            if not line or not line.startswith("W: "):
+                continue
+            self.logger.warning("APT: %s", line)

{exosphere_cli-2.4.0 → exosphere_cli-2.4.2}/src/exosphere/providers/freebsd.py

@@ -36,6 +36,7 @@ class Pkg(PkgManager):
         super().__init__()
         self.logger.debug("Initializing FreeBSD pkg package manager")
         self.vulnerable: list[str] = []
+        self.line_pattern: re.Pattern | None = None
 
     @requires_sudo
     def reposync(self, cx: Connection) -> bool:
@@ -169,17 +170,20 @@ class Pkg(PkgManager):
         Also extracts the repository name in case of recent versions of pkg.
         """
 
-        pattern = (
-            r"^\s*(?P<name>\S+):\s+"  # Package name, followed by colon and spaces
-            r"(?P<version>[^\s]+)"  # Current version: non-space characters
-            r"(?:"  # Start of alternation group
-            r"(?:\s+->\s+(?P<new>[^\s]+))?"  # Optional separator and new version
-            r")"  # End of alternation group
-            r"(?:\s*\[(?P<repo>.*?)\])?"  # Optional repo tag in brackets (e.g., [FreeBSD])
-            r"$"  # End of line
-        )
+        # Compile the regex pattern on first use
+        if self.line_pattern is None:
+            self.line_pattern = re.compile(
+                r"^\s*(?P<name>\S+):\s+"  # Package name, followed by colon and spaces
+                r"(?P<version>[^\s]+)"  # Current version: non-space characters
+                r"(?:"  # Start of alternation group
+                r"(?:\s+->\s+(?P<new>[^\s]+))?"  # Optional separator and new version
+                r")"  # End of alternation group
+                r"(?:\s*\[(?P<repo>.*?)\])?"  # Optional repo tag in brackets (e.g., [FreeBSD])
+                r"$"  # End of line
+            )
+
+        match = self.line_pattern.match(line)
 
-        match = re.match(pattern, line)
         if not match:
             return None
 

{exosphere_cli-2.4.0 → exosphere_cli-2.4.2}/src/exosphere/providers/openbsd.py

@@ -30,6 +30,7 @@ class PkgAdd(PkgManager):
         """
         super().__init__()
         self.logger.debug("Initializing OpenBSD pkg_add package manager")
+        self.line_pattern: re.Pattern | None = None
 
     def reposync(self, cx: Connection) -> bool:
         """
@@ -67,7 +68,7 @@ class PkgAdd(PkgManager):
         # Syspatch returns non-zero exit code if the release is unsupported,
         # and we use this to determine if we can track security status.
         if version_query.failed:
-            if "unsupported release" in version_query.stderr.lower():
+            if "unsupported release" in version_query.stderr.casefold():
                 self.logger.warning(
                     "Host is running unsupported OpenBSD release. "
                     "Security status will not be tracked.",
@@ -139,9 +140,13 @@ class PkgAdd(PkgManager):
         :return: An Update object or None if not an update
         """
 
-        pattern = r"^Update candidates: ([\w\-.+]+)-([^\s]+) -> ([\w\-.+]+)-([^\s]+)$"
+        # Compile the regex pattern on first use
+        if self.line_pattern is None:
+            self.line_pattern = re.compile(
+                r"^Update candidates: ([\w\-.+]+)-([^\s]+) -> ([\w\-.+]+)-([^\s]+)$"
+            )
 
-        match = re.match(pattern, line)
+        match = self.line_pattern.match(line)
 
         if not match:
             self.logger.debug("Could not parse: %s", line)

{exosphere_cli-2.4.0 → exosphere_cli-2.4.2}/src/exosphere/providers/redhat.py

@@ -2,6 +2,8 @@
 RedHat Package Manager Provider
 """
 
+import re
+
 from fabric import Connection
 
 from exosphere.data import Update
@@ -16,9 +18,14 @@ class Dnf(PkgManager):
     Implements the DNF package manager interface.
     Can also be used as a drop-in replacement for YUM.
 
-    The whole RPM ecosystem is kind of a piece of shit in terms of
-    integration between high level and low level interfaces.
-    It is what it is.
+    Some limitations:
+     - Current Version data is provided on a Best Effort basis
+     - Slotted/installonly packages especially are clobbered down to a
+       single version
+     - Some broken kernel repo configurations may cause kernel updates
+       to not be displayed, but this is a Vendor Specific issue, and
+       working around it is not worth the effort as it introduces new
+       and exciting issues for systems where this is not the case.
     """
 
     def __init__(self, use_yum: bool = False) -> None:
@@ -31,6 +38,7 @@ class Dnf(PkgManager):
         super().__init__()
         self.logger.debug("Initializing RedHat DNF package manager")
         self.security_updates: list[str] = []
+        self.line_pattern: re.Pattern | None = None
 
     def reposync(self, cx: Connection) -> bool:
         """
@@ -67,13 +75,7 @@ class Dnf(PkgManager):
         # Get security updates first
         self.security_updates = self._get_security_updates(cx)
 
-        # Get kernel updates second
-        kernel_update = self._get_kernel_updates(cx)
-        if kernel_update:
-            self.logger.debug("A new kernel is available.")
-            updates.append(kernel_update)
-
-        # Get all other updates
+        # Get all updates
         raw_query = cx.run(
             f"{self.pkgbin} --quiet -y check-update", hide=True, warn=True
         )
@@ -98,12 +100,19 @@ class Dnf(PkgManager):
                 continue
 
             # Stop processing at "Obsoleting Packages" section
-            if "obsoleting packages" in line.lower():
+            if "obsoleting packages" in line.casefold():
                 self.logger.debug(
                     "Reached 'Obsoleting Packages' section, stopping parsing."
                 )
                 break
 
+            # Skip Security: annotation lines emitted by dnf when
+            # some intermediate security updates are installed but not active,
+            # or similar scenarios
+            if line.casefold().startswith("security:"):
+                self.logger.debug("Skipping security annotation line: %s", line)
+                continue
+
             parsed = self._parse_line(line)
             if parsed is None:
                 self.logger.debug("Failed to parse line: %s. Skipping.", line)
@@ -115,38 +124,25 @@ class Dnf(PkgManager):
 
         self.logger.debug("Found %d update(s)", len(parsed_tuples))
 
-        installed_versions = self._get_current_versions(
+        # Skip the rest of processing if no parsable updates were found.
+        # This likely indicates an issue with the system, unexpected
+        # output, or an issue with our parser needing adjustments.
+        if not parsed_tuples:
+            self.logger.warning(
+                "%s reported updates, but none were extracted! "
+                "This is likely a bug, consider filing an issue." % self.pkgbin.upper()
+            )
+            return updates
+
+        installed_versions = self._get_current_version(
             cx, [name for name, _, _ in parsed_tuples]
         )
 
         for name, version, source in parsed_tuples:
-            # If update was provided by security or kernel checks, skip it here
-            # Whether it shows up in both lists depends on configuration and
-            # this varies from specific flavor to flavor.
-            if name in [u.name for u in updates]:
-                self.logger.debug(
-                    "Update for %s is already in the list, skipping", name
-                )
-                continue
-
             is_security = name in self.security_updates
 
             current_version = installed_versions.get(name, None)
 
-            # Handle slotted packages, if they show up for any reason.
-            # We only handle the kernel package as slotted, but it may show
-            # up here in some edge cases or configurations.
-            if isinstance(current_version, list):
-                self.logger.debug(
-                    "Slotted package %s has multiple versions: %s",
-                    name,
-                    current_version,
-                )
-                current_version = current_version[-1] if current_version else None
-                self.logger.debug(
-                    "Using version %s for currently installed.", current_version
-                )
-
             update = Update(
                 name=name,
                 current_version=current_version,
@@ -159,89 +155,6 @@ class Dnf(PkgManager):
 
         return updates
 
-    def _get_kernel_updates(self, cx: Connection) -> Update | None:
-        """
-        Get latest kernel update if it differs from installed
-
-        This is a separate step due to the way redhat systems usually
-        manage kernel images. The packages are essentially slotted,
-        and they are New Packages, not straight upgrades in any
-        meaningful way.
-        """
-        self.logger.debug("Querying repository for latest kernel")
-
-        # Format the output to match 'check-update'
-        queryformat = "%{name}.%{arch}  %{version}-%{release}  %{repoid}\n"
-
-        raw_query = cx.run(
-            f"{self.pkgbin} --quiet -y repoquery kernel --latest-limit=1 --queryformat='{queryformat}'",
-            hide=True,
-            warn=True,
-        )
-
-        if raw_query.failed:
-            raise DataRefreshError(
-                f"Failed to retrieve latest kernel from repo: {raw_query.stderr}"
-            )
-
-        latest: tuple[str, str, str] | None = None
-
-        for line in raw_query.stdout.splitlines():
-            line = line.strip()
-
-            if not line:
-                continue
-
-            parsed = self._parse_line(line)
-
-            if not parsed:
-                self.logger.debug("Failed to parse line: %s. Skipping.", line)
-                continue
-
-            latest = parsed
-            break  # Only one result is expected anyways.
-
-        if not latest:
-            self.logger.warning("Repo query did not return a kernel, skipping check")
-            return None
-
-        latest_name, latest_version, latest_source = latest
-        self.logger.debug("Latest version is %s", latest_version)
-
-        self.logger.debug("Checking installed kernels")
-        installed_kernels = self._get_current_versions(cx, ["kernel"])
-
-        if not installed_kernels:
-            self.logger.warning("No installed kernels found? This is likely a bug.")
-            return None
-
-        # Kernel packages are ALWAYS slotted, and will always return a list
-        installed_versions = [v for k in installed_kernels.values() for v in k]
-
-        if latest_version not in installed_versions:
-            # We can generally assume that if a kernel package is
-            # present in security updates, it's going to be this one,
-            # even though we don't explicitly check and compare the versions.
-            is_security: bool = latest_name in self.security_updates
-
-            self.logger.debug("Found new kernel: %s", latest_version)
-
-            self.logger.debug(
-                "Kernel %s is %s",
-                latest_version,
-                "security" if is_security else "not security",
-            )
-
-            return Update(
-                name=latest_name,
-                current_version=installed_versions[-1] if installed_versions else None,
-                new_version=latest_version,
-                source=latest_source,
-                security=is_security,
-            )
-
-        return None
-
     def _get_security_updates(self, cx: Connection) -> list[str]:
         """
         Get updates marked as security from dnf
@@ -275,12 +188,16 @@ class Dnf(PkgManager):
                 continue
 
             # Stop processing at "Obsoleting Packages" section
-            if line.startswith("Obsoleting Packages"):
+            if line.casefold().startswith("obsoleting packages"):
                 self.logger.debug(
                     "Reached 'Obsoleting Packages' section, stopping parsing."
                 )
                 break
 
+            # Skip Security: annotation lines
+            if line.casefold().startswith("security:"):
+                continue
+
             parsed = self._parse_line(line)
             if parsed:
                 name, version, source = parsed
@@ -291,40 +208,52 @@ class Dnf(PkgManager):
 
     def _parse_line(self, line: str) -> tuple[str, str, str] | None:
         """
-        Parse a line from the DNF output to create an Update object.
+        Parse a line from DNF check-update style tabular output
+        Extracts Update object data as a tuple.
 
         :param line: Line from DNF output.
         :return: Tuple of (name, version, source) or None if parsing fails.
         """
-        parts = line.split()
 
-        if len(parts) < 3:
-            self.logger.debug("Line does not contain enough parts: %s", line)
+        # Lazy compile the line pattern on first use
+        # Repository source component is usually in the form of "reponame"
+        # but can be prefixed with "@" or in the case of missing metadata,
+        # be the string "<unknown>" or similar. We account for these here.
+        if self.line_pattern is None:
+            self.line_pattern = re.compile(
+                r"^(?P<name>[a-z0-9][\w+.-]*\.\w+)\s+"  # Package (name.arch)
+                r"(?P<version>[\w.+~:-]+-[\w.+~]+)\s+"  # RPM version-release
+                r"(?P<source>@?[a-z0-9][\w.:+/-]*|<[^>\s]+>)$",  # Repo source (optional @ or <>
+                re.ASCII | re.IGNORECASE,
+            )
+
+        match = self.line_pattern.match(line)
+
+        if not match:
+            self.logger.debug("Skipping garbage line: %s", line)
             return None
 
-        name = parts[0]
-        version = parts[1]
-        source = parts[2]
+        # Cleanup source string before sending it up
+        source = match["source"].removeprefix("@").strip("<>")
 
-        return (name, version, source)
+        return (match["name"], match["version"], source)
 
-    def _get_current_versions(
+    def _get_current_version(
         self, cx: Connection, package_names: list[str]
-    ) -> dict[str, str | list[str]]:
+    ) -> dict[str, str]:
         """
         Get the currently installed version of a package.
 
-        Kernel packages are handled specially since they are slotted.
-        We don't generally care about slotted packages and just clobber it
-        down to a single version, but kernel packages are of interest.
+        This method clobbers packages down to a single version.
+        For installonly/slotted packages with multiple installed versions,
+        the last reported version is used.
 
-        If 'kernel' is in the package_names, the value will be
-        a list of versions.
+        This is done on a best effort basis, but works well enough
+        given the limitations of the DNF/YUM interfaces.
 
         :param cx: Fabric Connection object.
         :param package_names: Package names to return versions for.
-        :return: Currently installed version of the package, or
-                 list of installed versions if kernel package.
+        :return: Currently installed version of each package.
         """
 
         result = cx.run(
@@ -340,14 +269,14 @@ class Dnf(PkgManager):
 
         for line in result.stdout.splitlines():
             line = line.strip()
-            if not line or "installed packages" in line.lower():
+            if not line or "installed packages" in line.casefold():
                 continue
 
             # Stop parsing at "Available packages" section
             # This is for DNF5 compatibility, which helpfully lists them
             # and our clobbering logic prevents current version logic from
             # working.
-            if "available packages" in line.lower():
+            if "available packages" in line.casefold():
                 self.logger.debug(
                     "Reached 'Available packages' section, stopping parsing."
                 )
@@ -363,25 +292,18 @@ class Dnf(PkgManager):
 
             existing_key = current_versions.get(name)
 
-            # Kernel packages are slotted and we want to keep all of them.
-            if name.split(".")[0] == "kernel":
-                if not existing_key:
-                    current_versions[name] = [version]
-                else:
-                    current_versions[name].append(version)
-            else:
-                # Everything else gets clobbered because slotted packages
-                # generally don't matter from a UX standpoint. We just need
-                # the last version in the results.
-                if existing_key:
-                    self.logger.debug(
-                        "Clobbering %s with %s for package %s",
-                        existing_key,
-                        version,
-                        name,
-                    )
-
-                current_versions[name] = version
+            # Clobber packages down to a single version
+            # This handles slotted/installonly packages where multiple
+            # versions may be installed concurrently.
+            if existing_key:
+                self.logger.debug(
+                    "Clobbering %s with %s for package %s",
+                    existing_key,
+                    version,
+                    name,
+                )
+
+            current_versions[name] = version
 
         self.logger.debug("Current versions: %s", current_versions)
         return current_versions
@@ -400,10 +322,5 @@ class Yum(Dnf):
     def __init__(self) -> None:
         """
         Initialize the Yum package manager.
-
-        :param sudo: Whether to use sudo for package refresh operations
-            (default is True).
-        :param password: Optional password for sudo operations, if not
-            using NOPASSWD.
         """
         super().__init__(use_yum=True)

{exosphere_cli-2.4.0 → exosphere_cli-2.4.2}/src/exosphere/setup/detect.py

@@ -30,6 +30,10 @@ def platform_detect(cx: Connection) -> HostInfo:
     Detect the platform of the remote system.
     Entry point for refreshing all platform details.
 
+    Linux detection in general depends on the presence of a well-formed
+    /etc/os-release file, which is a safe assumption for everything we
+    explicitly support that's not EOL'd.
+
     :param cx: Fabric Connection object
     :return: HostInfo object with platform details
     """
@@ -114,8 +118,6 @@ def flavor_detect(cx: Connection, platform_name: str) -> str:
 
     # Linux
     if platform_name == "linux":
-        # We're just going to query /etc/os-release directly.
-        # Using lsb_release would be better, but it's less available
         result_id = cx.run("grep ^ID= /etc/os-release", hide=True, warn=True)
         result_like_id = cx.run(
             "grep ^ID_LIKE= /etc/os-release",
@@ -125,7 +127,7 @@ def flavor_detect(cx: Connection, platform_name: str) -> str:
 
         if result_id.failed:
             raise DataRefreshError(
-                "Failed to detect OS flavor via lsb identifier.",
+                "Failed to detect OS flavor via os-release identifier.",
                 stderr=result_id.stderr,
                 stdout=result_id.stdout,
             )
@@ -187,36 +189,31 @@ def version_detect(cx: Connection, flavor_name: str) -> str:
     if flavor_name.lower() not in SUPPORTED_FLAVORS:
         raise UnsupportedOSError(f"Unsupported OS flavor: {flavor_name}")
 
-    # Debian/Ubuntu
-    if flavor_name in ["ubuntu", "debian"]:
-        result_version = cx.run("lsb_release -s -r", hide=True, warn=True)
-
-        if result_version.failed:
-            raise DataRefreshError(
-                "Failed to detect OS version via lsb_release.",
-                stderr=result_version.stderr,
-                stdout=result_version.stdout,
+    # Linux flavors that rely on os-release metadata
+    # (which is all of them, at the time of writing)
+    if flavor_name in ["ubuntu", "debian", "rhel", "fedora"]:
+        result_version = None
+
+        # Some systems (debian sid, for instance) don't provide VERSION_ID,
+        # So we fall back to VERSION_CODENAME in these cases.
+        # If neither work, we just err on the side of failure.
+        for version_key in ["VERSION_ID", "VERSION_CODENAME"]:
+            result_version = cx.run(
+                f"grep ^{version_key}= /etc/os-release", hide=True, warn=True
             )
 
-        return result_version.stdout.strip()
-
-    # Redhat-likes
-    if flavor_name in ["rhel", "fedora"]:
-        result_version = cx.run(
-            "grep ^VERSION_ID= /etc/os-release", hide=True, warn=True
-        )
-
-        if result_version.failed:
-            raise DataRefreshError(
-                "Failed to detect OS version via os-release VERSION_ID.",
-                stderr=result_version.stderr,
-                stdout=result_version.stdout,
-            )
+            if not result_version.failed:
+                logger.debug("Found version using %s", version_key)
+                version_line = result_version.stdout.strip()
+                version_value = version_line.partition("=")[2].strip().strip("\"'")
 
-        version_line = result_version.stdout.strip()
-        version_value = version_line.partition("=")[2].strip().strip("\"'")
+                return version_value
 
-        return version_value.lower()
+        raise DataRefreshError(
+            "Failed to detect OS version via os-release VERSION_ID or VERSION_CODENAME.",
+            stderr=result_version.stderr if result_version else "",
+            stdout=result_version.stdout if result_version else "",
+        )
 
     # FreeBSD
     if flavor_name == "freebsd":