ddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z ddlmZddlmZmZdZejeZdZd ezZed zZe d Ze d e d fZde e fdZdede ddfdZdZde ddfdZ de de!ddfdZ"dede ddfdZ#de e fdZ$defdZ%defdZ&dZ'dS)N)Path)Optional) Packaging) save_state) CheckRunError check_runzimunify-doctor.shz2https://repo.imunify360.cloudlinux.com/defence360/.sigz/var/imunify360/tmpz//etc/pki/rpm-gpg/RPM-GPG-KEY-CloudLinux-Imunifyz1/etc/apt/trusted.gpg.d/RPM-GPG-KEY-CloudLinux.gpgreturnctD]F}|r0tjt |tjr|cSGdSN) _PUBKEY_PATHSis_fileosaccessstrR_OKps Q/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/utils/doctor.py _find_pubkeyrsK  99;; 29SVVRW55 HHH 4urldstcFtj|}tj|t5}|d5}t j||dddn #1swxYwYddddS#1swxYwYdS)N)timeoutwb)urllibrequestRequesturlopen _HTTP_TIMEOUTopenshutil copyfileobj)rrreqrespfps r_blocking_downloadr)&s .  % %C   ]  ; ;%tSXX FF% 4$$$%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%s6BA>2 B>B BB BBBc`t}|tjdsdS tdddt t jdtt}n9#t$r,}t dt|Yd}~dSd}~wwxYw | }tj|js5tj|jr|jt%jkr%tjt|d dS|d z d nV#t$rI}t d |tjt|d Yd}~dSd}~wwxYw||fS) zLocate the pubkey + gpg binary and create a validated 0700 workdir. Returns (pubkey_path, workdir_path) on success or None on failure; any partial state is removed before returning. NgpgT)modeparentsexist_okzimunify-doctor.)prefixdirz#cannot prepare workdir under %s: %s ignore_errorsgnupg)r-zworkdir setup failed: %s)rr$which_TMPDIRmkdirrtempfilemkdtemprOSErrorloggerinfolstatstatS_ISLNKst_modeS_ISDIRst_uidrgeteuidrmtree)pubkeyworkdirexcsts r_blocking_setup_workdirrI.s ^^F ~V\%00~t 5$ >>>  $53w<< H H H    97CHHHttttt ]]__ L $ $ < ++ yBJLL(( M#g,,d ; ; ; ;4 7 !!u!----  .444 c'll$7777ttttt 7?s7AA;; B1!B,,B15BE<E F) >F$$F)rcLtjt|ddS)NTr2)r$rDrrs r_blocking_rmtreerKTs# M#a&&------rr-c0||dSr )chmod)rr-s r_blocking_chmodrNXsGGDMMMMMrcvKtj}|dt||d{VdS)zFetch *url* to *dst* without blocking the event loop. Raises urllib.error.URLError (subclass of OSError) on any HTTP/transport error, which the caller's `except OSError` already handles. N)asyncioget_event_looprun_in_executorr))rrloops r _downloadrT\sI  ! # #D   t%7c B BBBBBBBBBBrc Ktj}|dtd{V}|dS|\}}|tz }|tdzz }|dz }d} t t |d{Vt t|d{Vttj t|}tdddd t|g| d{Vtdddd t|t|g| d{V|dt|d d{Vd }||s#|dt|d{VSS#tt f$rL} t"d| Yd} ~ |s$|dt|d{VdSdSd} ~ wwxYw#|s#|dt|d{VwwxYw)a# Download imunify-doctor.sh + .sig into /var/imunify360/tmp and verify the detached signature against an ephemeral keyring seeded with the CloudLinux pubkey. Returns the verified script on success or None on any failure (so the caller can fall back to the package copy). Nr r4F) GNUPGHOMEr+z--batchz--quietz--import)envz--verifyr,Tz%signed remote doctor fetch failed: %s)rPrQrRrI _SCRIPT_NAMErT _SCRIPT_URL_SIG_URLdictrenvironrrrNrKrr:r;r<) rSsetuprErFscriptsiggpghomesuccessrWrGs r_verified_remote_scriptrbfs  ! # #D&&t-DEE E E E E E EE }tOFG | #F \F* +CGGH V,,,,,,,,,#&&&&&&&&&2:W666 Iy*c&kk B           Iy*c#hhF L          ""4&%HHHHHHHHH  H&&t-=wGG G G G G G G G G H 7 # ;SAAAttt H&&t-=wGG G G G G G G G G G H H  H&&t-=wGG G G G G G G G G Hs+C$E))G:GG GG 'G0cKtd{V}|tdtj} t t |gd{V}|dt|jd{Vn,#|dt|jd{VwxYw| }|std|S)Nz)Signed remote doctor script not availablezDoctor key is empty) rb ValueErrorrPrQrrrRrKparentdecodestrip)r^rSoutkeys r_repo_get_doctor_keyrjs *,, , , , , , ,F ~DEEE  ! # #DJs6{{m,,,,,,,,""4)96=IIIIIIIIIId""4)96=IIIIIIIIII **,,    C 0./// Js #B)B0cKtj}t|sd}t t|dt gd{V}|}|S)Nz%/opt/imunify360/venv/share/imunify360scripts)rDATADIRris_dirrrXrfrg)dir_rhris r_package_get_doctor_keyrpsy  D ::    764i>>?@@ @ @ @ @ @ @C **,,    C JrcK td{V}n1#tttf$rt d{V}YnwxYwt dd|i|S)N doctor_key)rjrrdr:rpr)ris rget_doctor_keyrss.(******** :w /...+--------.|lC0111 Js+AA)(rPloggingrr$r>r8urllib.requestrpathlibrtypingr defence360agent.contracts.configr'defence360agent.subsys.persistent_staterdefence360agent.utilsrrr" getLogger__name__r;rXrYrZr6rrrr)rIrKintrNrTrbrjrprsrrrsV 666666>>>>>>::::::::  8 $ $" 8<G    $$ % %D :;;D <== htn%C%d%t%%%%###L......t34CC4CDCCCC&Hx~&H&H&H&HR C    sr