!90 Added the repair status of the cve fixed package

From: @gongzt 
Reviewed-by: @zhu-yuncheng 
Signed-off-by: @zhu-yuncheng

0001-fix-issue-gen-cve-task-failed.patch

@@ -1,28 +0,0 @@
-From 614e6462e28c7ab013b669d7a7b2cc9c996a0a3f Mon Sep 17 00:00:00 2001
-From: rabbitali <shusheng.wen@outlook.com>
-Date: Wed, 28 Jun 2023 11:57:38 +0800
-Subject: [PATCH 1/1] fix issue:gen cve task failed
-
----
- apollo/database/proxy/task.py | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/apollo/database/proxy/task.py b/apollo/database/proxy/task.py
-index dd172b8..ed5e858 100644
---- a/apollo/database/proxy/task.py
-+++ b/apollo/database/proxy/task.py
-@@ -3224,8 +3224,9 @@ class TaskProxy(TaskMysqlProxy, TaskEsProxy):
-         """
- 
-         try:
--            exists_cve_count = self.session.query(CveHostAssociation).filter(
--                CveHostAssociation.cve_id.in_(cve_id)).count()
-+            exists_cve_count = self.session.query(CveHostAssociation.cve_id).filter(
-+                CveHostAssociation.cve_id.in_(cve_id)).distinct().count()
-+
- 
-             return True if exists_cve_count == len(cve_id) else False
-         except SQLAlchemyError as error:
--- 
-2.33.0
-

0001-fix-updateinfo_parse.py-bug.patch

@@ -0,0 +1,30 @@
+From 68d4c8cad42960391998868f15e2f99b40daa216 Mon Sep 17 00:00:00 2001
+From: wang-guangge <wangguangge@huawei.com>
+Date: Tue, 19 Sep 2023 13:58:04 +0800
+Subject: [PATCH] fix updateinfo_parse.py bug
+
+---
+ hotpatch/updateinfo_parse.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hotpatch/updateinfo_parse.py b/hotpatch/updateinfo_parse.py
+index 42e3814..7bfba61 100644
+--- a/hotpatch/updateinfo_parse.py
++++ b/hotpatch/updateinfo_parse.py
+@@ -279,12 +279,12 @@ class HotpatchUpdateInfo(object):
+             hotpatch(Hotpatch)
+         """
+         hotpatch.state = self.UNRELATED
++        is_find_installable_hp = False
+         for required_pkg_name, required_pkg_vere in hotpatch.required_pkgs_info.items():
+             inst_pkgs = self._inst_pkgs_query.filter(name=required_pkg_name)
+             # check whether the relevant target required package is installed on this machine
+             if not inst_pkgs:
+                 return
+-            is_find_installable_hp = False
+             for inst_pkg in inst_pkgs:
+                 inst_pkg_vere = '%s-%s' % (inst_pkg.version, inst_pkg.release)
+                 if not self.version.larger_than(required_pkg_vere, inst_pkg_vere):
+-- 
+2.33.0
+

0002-add-repair-status-of-the-cve-fixed-package.patch

@@ -0,0 +1,67 @@
+From 7797ac40d715c9e7d56f1d6c0053b699c42c4ac2 Mon Sep 17 00:00:00 2001
+From: gongzt <gong_zhengtang@163.com>
+Date: Tue, 19 Sep 2023 18:45:38 +0800
+Subject: Added the repair status of the cve fixed package
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ apollo/database/proxy/cve.py | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
+index 95de25c..c6d017e 100644
+--- a/apollo/database/proxy/cve.py
++++ b/apollo/database/proxy/cve.py
+@@ -1562,21 +1562,25 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
+ 
+         cve_fixed_packages = (
+             self.session.query(
++                CveHostAssociation.id,
+                 CveHostAssociation.installed_rpm,
+                 CveHostAssociation.fixed_way,
+                 func.count(CveHostAssociation.host_id).label("host_num"),
+             )
+             .filter(*filters)
+-            .group_by('installed_rpm', 'fixed_way')
++            .group_by('installed_rpm', 'fixed_way', 'id')
+             .all()
+         )
+         if not cve_fixed_packages:
+             return NO_DATA, []
++        cve_fixed_packages_status = (
++            self.session.query(CveHostAssociation.id, CveHostAssociation.hp_status).filter(*filters).all()
++        )
+ 
+-        return SUCCEED, self._cve_fixed_packages_row2dict(cve_fixed_packages)
++        return SUCCEED, self._cve_fixed_packages_row2dict(cve_fixed_packages, cve_fixed_packages_status)
+ 
+     @staticmethod
+-    def _cve_fixed_packages_row2dict(rows):
++    def _cve_fixed_packages_row2dict(rows, cve_fixed_packages_status):
+         """
+         Fixed cve package row data converted to dictionary
+         Args:
+@@ -1586,10 +1590,17 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
+             list
+         """
+         result = []
++        cve_fixed_packages_status_dict = {
++            cve_host_match.id: cve_host_match.hp_status for cve_host_match in cve_fixed_packages_status
++        }
+         for row in rows:
++            status = cve_fixed_packages_status_dict[row.id] if cve_fixed_packages_status_dict[row.id] else ""
++            fixed_way = row.fixed_way
++            if fixed_way != "coldpatch":
++                fixed_way = fixed_way + f" ({status})"
+             fixed_rpm = {
+                 "installed_rpm": row.installed_rpm,
+-                "fixed_way": row.fixed_way,
++                "fixed_way": fixed_way,
+                 "host_num": row.host_num,
+             }
+             result.append(fixed_rpm)
+-- 
+Gitee
+

0002-do-not-return-the-related-hotpatches-when-the-cve-is.patch

@@ -1,65 +0,0 @@
-From 4225065c74beb5e66c4d66a4bd3dfca5bcac91bd Mon Sep 17 00:00:00 2001
-From: wang-guangge <wangguangge@huawei.com>
-Date: Wed, 28 Jun 2023 16:53:10 +0800
-Subject: [PATCH] do not return the related hotpatches when the cve is fixed
-
----
- hotpatch/hotpatch_updateinfo.py | 15 ++++++++++++---
- hotpatch/hotupgrade.py          |  2 +-
- 2 files changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/hotpatch/hotpatch_updateinfo.py b/hotpatch/hotpatch_updateinfo.py
-index 4b39969..7dc92ce 100644
---- a/hotpatch/hotpatch_updateinfo.py
-+++ b/hotpatch/hotpatch_updateinfo.py
-@@ -291,7 +291,7 @@ class HotpatchUpdateInfo(object):
-         Get hotpatches from specified cve. If there are several hotpatches for the same source package for a cve, only return the
-         hotpatch with the highest version.
- 
--        Args: 
-+        Args:
-             cves: [cve_id_1, cve_id_2]
- 
-         Returns:
-@@ -307,14 +307,23 @@ class HotpatchUpdateInfo(object):
-                 continue
-             # find the hotpatch with the highest version for the same source package
-             mapping_src_pkg_to_hotpatches = dict()
-+            # check whether the cve is fixed
-+            is_cve_fixed = False
-             for hotpatch in self.hotpatch_cves[cve_id].hotpatches:
-+                if hotpatch.state == self.INSTALLED:
-+                    is_cve_fixed = True
-                 if hotpatch.state == self.INSTALLABLE:
--                    mapping_src_pkg_to_hotpatches.setdefault(hotpatch.src_pkg, []).append([hotpatch.hotpatch_name, hotpatch])
-+                    mapping_src_pkg_to_hotpatches.setdefault(hotpatch.src_pkg, []).append(
-+                        [hotpatch.hotpatch_name, hotpatch]
-+                    )
-+            # do not return the releated hotpatches if the cve is fixed
-+            if is_cve_fixed:
-+                continue
-             for src_pkg, hotpatches in mapping_src_pkg_to_hotpatches.items():
-                 # extract the number in HPxxx and sort hotpatches in descending order according to the number
-                 hotpatches = sorted(hotpatches, key=lambda x: int(re.findall("\d+", x[0])[0]), reverse=True)
-                 mapping_cve_hotpatches[cve_id].append(hotpatches[0][1].nevra)
--                
-+
-         return mapping_cve_hotpatches
- 
-     def get_hotpatches_from_advisories(self, advisories: list[str]) -> dict():
-diff --git a/hotpatch/hotupgrade.py b/hotpatch/hotupgrade.py
-index 2a36312..3bff9a1 100644
---- a/hotpatch/hotupgrade.py
-+++ b/hotpatch/hotupgrade.py
-@@ -251,7 +251,7 @@ class HotupgradeCommand(dnf.cli.Command):
-         cve_hp_dict = updateinfo.get_hotpatches_from_cve(cves)
-         for cve, hp in cve_hp_dict.items():
-             if not hp:
--                logger.info(_("The cve's hot patch doesn't exist: %s"), cve)
-+                logger.info(_("The cve doesn't exist or cannot be fixed by hotpatch: %s"), cve)
-                 continue
-             hp_list += hp
-         return list(set(hp_list))
--- 
-2.33.0
-

0003-update-condition-under-which-hotpatches-can-be-applied.patch

@@ -1,28 +0,0 @@
-From 30a0f76f2150f27db79fedde3af4926b36954066 Mon Sep 17 00:00:00 2001
-From: rabbitali <shusheng.wen@outlook.com>
-Date: Fri, 30 Jun 2023 19:07:55 +0800
-Subject: [PATCH] Update the condition under which hot patches can be applied
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
----
- hotpatch/hotpatch_updateinfo.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hotpatch/hotpatch_updateinfo.py b/hotpatch/hotpatch_updateinfo.py
-index 7dc92ce..3963867 100644
---- a/hotpatch/hotpatch_updateinfo.py
-+++ b/hotpatch/hotpatch_updateinfo.py
-@@ -212,7 +212,7 @@ class HotpatchUpdateInfo(object):
-                     hp_vere = '%s-%s' % (src_pkg_version, src_pkg_release)
-                     if hp_vere != inst_pkg_vere:
-                         continue
--                    elif self._get_hotpatch_status_in_syscare(hotpatch) == 'ACTIVED':
-+                    elif self._get_hotpatch_status_in_syscare(hotpatch) in ('ACTIVED', "ACCEPTED"):
-                         hotpatch.state = self.INSTALLED
-                     else:
-                         hotpatch.state = self.INSTALLABLE
--- 
-2.33.0
-

aops-apollo.spec

@@ -1,13 +1,10 @@
 Name:		aops-apollo
-Version:	v1.2.2
+Version:	v1.3.2
-Release:	4
+Release:	3
 Summary:	Cve management service, monitor machine vulnerabilities and provide fix functions.
 License:	MulanPSL2
 URL:		https://gitee.com/openeuler/%{name}
 Source0:	%{name}-%{version}.tar.gz
-Patch0001:  0001-fix-issue-gen-cve-task-failed.patch
-Patch0002:  0002-do-not-return-the-related-hotpatches-when-the-cve-is.patch
-Patch0003:  0003-update-condition-under-which-hotpatches-can-be-applied.patch
 
 
 BuildRequires:  python3-setuptools
@@ -17,6 +14,8 @@ Requires:   python3-sqlalchemy python3-PyMySQL python3-Flask-APScheduler >= 1.11
 Requires:   python3-PyYAML python3-flask python3-gevent
 Requires:   python3-retrying python3-lxml
 Provides:   aops-apollo
+Patch0001:  0001-fix-updateinfo_parse.py-bug.patch
+Patch0002:  0002-add-repair-status-of-the-cve-fixed-package.patch
 
 
 %description
@@ -50,6 +49,8 @@ popd
 
 # install for aops-apollo
 %py3_install
+mkdir -p %{buildroot}/opt/aops/
+cp -r database %{buildroot}/opt/aops/
 
 # install for aops-apollo-tool
 pushd aops-apollo-tool
@@ -63,11 +64,12 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
 %files
 %doc README.*
 %attr(0644,root,root) %{_sysconfdir}/aops/apollo.ini
-%attr(0644,root,root) %{_sysconfdir}/aops/apollo_crontab.ini
+%attr(0644,root,root) %{_sysconfdir}/aops/apollo_crontab.yml
 %attr(0755,root,root) %{_bindir}/aops-apollo
 %attr(0755,root,root) /usr/lib/systemd/system/aops-apollo.service
-%{python3_sitelib}/aops_apollo*.egg-info
+%{python3_sitelib}/aops_apollo*.egg-info/*
 %{python3_sitelib}/apollo/*
+%attr(0755, root, root) /opt/aops/database/*
 
 %files -n dnf-hotpatch-plugin
 %{python3_sitelib}/dnf-plugins/*
@@ -79,6 +81,38 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
 %{python3_sitelib}/aops_apollo_tool/*
 
 %changelog
+* Tue Sep 19 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.2-3
+- added the repair status of the cve fixed package
+
+* Tue Sep 19 2023 wangguangge<wangguangge@huawei.com> - v1.3.2-2
+- fix the updateinfo_parse.py bug
+
+* Tue Sep 19 2023 wenxin<shusheng.wen@outlook.com> - v1.3.2-1
+- fix cve scan callback error
+- fix cve-fix task generate error when it only contain coldpatches
+- add a method to querying fixed cve info for dnf plugin
+
+* Wed Sep 13 2023 zhuyuncheng<zhuyuncheng@huawei.com> -v1.3.1-5
+- fix task_cve_host return all host bug
+
+* Wed Sep 13 2023 gongzhengtang<gong_zhengtang@163.com> -v1.3.1-4
+- fixed host ip addresses are not verified in the generation task
+
+* Mon Sep 11 2023 gongzhengtang<gong_zhengtang@163.com> -v1.3.1-3
+- fixed several known issues
+- fix dnf hot-updateinfo list cves bug
+- fixed an error generated after selecting a specific rpm package
+
+* Tue Sep 5 2023 zhuyuncheng<zhuyuncheng@huawei.com> - v1.3.1-2
+- fix bug: delete host id filter when rollback in cve list interface
+
+* Tue Sep 5 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.1-1
+- cve repair tasks support rpm packet granularity
+
+* Tue Aug 29 2023 wangguangge<wangguangge@huawei.com> - v1.3.0-1
+- update the dnf hot-updateinfo, dnf hotpatch and dnf hotupgrade command
+- support the mixed management ability for coldpatches and hotpatches   
+
 * Fri Jun 30 2023 wenxin<shusheng.wen@outlook.com> - v1.2.2-4
 - Update the condition under which hot patches can be applied