Full support of Ubuntu and Amazon Linux 2

backend/device_registry/api_views.py

@@ -108,16 +108,7 @@ def post(self, request, *args, **kwargs):
                                                                 os_release_codename=os_release['codename'])
         else:
             device.kernel_deb_package = None
-        kernel_meta_package = data.get('kernel_meta_package')
-        if kernel_meta_package:
-            device.kernel_meta_package = device.deb_packages.get(name=kernel_meta_package['name'],
-                                                                 version=kernel_meta_package['version'],
-                                                                 arch=kernel_meta_package['arch'],
-                                                                 os_release_codename=os_release['codename'])
-            device.reboot_required = kernel_meta_package['reboot_required']
-        else:
-            device.kernel_meta_package = None
-            device.reboot_required = None
+        device.reboot_required = data.get('reboot_required')
         device.cpu = data.get('cpu', {})
         device.os_release = os_release
         device.mysql_root_access = data.get('mysql_root_access')
@@ -164,8 +155,8 @@ def post(self, request, *args, **kwargs):
         device.update_trust_score = True
         device.save(update_fields=['last_ping', 'agent_version', 'audit_files', 'deb_packages_hash',
                                    'update_trust_score', 'os_release', 'auto_upgrades',
-                                   'mysql_root_access', 'cpu', 'kernel_deb_package', 'kernel_meta_package',
-                                   'reboot_required', 'default_password_users'])
+                                   'mysql_root_access', 'cpu', 'kernel_deb_package', 'reboot_required',
+                                   'default_password_users'])
         # Un-snooze recommended actions which were "Fixed" (i.e. snoozed until next ping)
         device.recommendedactionstatus_set.filter(status=RecommendedAction.Status.SNOOZED_UNTIL_PING) \
             .update(status=RecommendedAction.Status.AFFECTED)

backend/device_registry/celery_tasks/common.py

@@ -7,7 +7,7 @@
 import redis
 
 from device_registry.models import Device, Vulnerability, DebPackage, DEBIAN_SUITES, UBUNTU_SUITES
-from device_registry.models import DEBIAN_KERNEL_PACKAGES_RE_PATTERN, UBUNTU_KERNEL_PACKAGES_RE_PATTERN
+from device_registry.models import UBUNTU_KERNEL_PACKAGES_RE_PATTERN
 from profile_page.models import Profile
 
 logger = logging.getLogger('django')
@@ -73,6 +73,7 @@ def update_packages_vulnerabilities(batch):
             if vuln.is_vulnerable(package.source_version) and vuln.fix_available:
                 relations.append(Relation(debpackage_id=package.id, vulnerability_id=vuln.id))
         counter += 1
+    # TODO: Execute ORM requests below in one transaction.
     Relation.objects.filter(debpackage_id__in=package_ids).delete()
     Relation.objects.bulk_create(relations, batch_size=10000, ignore_conflicts=True)
     logger.info('finished')
@@ -89,12 +90,10 @@ def send_packages_to_vulns_update(task):
         with redis_conn.lock('vulns_lock', timeout=60 * 2.5, blocking_timeout=3):
             logger.info('lock acquired.')
             package_ids = list((DebPackage.objects.filter(
-                processed=False, os_release_codename__in=DEBIAN_SUITES).exclude(
-                name__regex=DEBIAN_KERNEL_PACKAGES_RE_PATTERN) |
-                                DebPackage.objects.filter(
-                                    processed=False, os_release_codename__in=UBUNTU_SUITES).exclude(
-                                    name__regex=UBUNTU_KERNEL_PACKAGES_RE_PATTERN)).order_by(
-                'os_release_codename', 'source_name').values_list('id', flat=True))
+                processed=False, os_release_codename__in=DEBIAN_SUITES + ('amzn2',)) |
+                                DebPackage.objects.filter(processed=False, os_release_codename__in=UBUNTU_SUITES
+                                                          ).exclude(name__regex=UBUNTU_KERNEL_PACKAGES_RE_PATTERN)
+                                ).order_by('os_release_codename', 'source_name').values_list('id', flat=True))
             logger.info('%d packages to process found.' % len(package_ids))
             batch_size = 500
             position = 0

backend/device_registry/migrations/0086_auto_20200306_1702.py → backend/device_registry/migrations/0088_auto_20200306_1702.py

@@ -1,19 +1,13 @@
 # Generated by Django 2.2.10 on 2020-03-06 17:02
 
 from django.db import migrations, models
-import django.db.models.deletion
 
-from device_registry.models import DEBIAN_SUITES, UBUNTU_SUITES, DEBIAN_KERNEL_PACKAGES_RE_PATTERN
-from device_registry.models import UBUNTU_KERNEL_PACKAGES_RE_PATTERN
+from device_registry.models import UBUNTU_SUITES, UBUNTU_KERNEL_PACKAGES_RE_PATTERN
 
 
 def reset_kernel_packages_vulns(apps, schema_editor):
     # Delete vulns of kernel-related packages.
     DebPackageVulnerability = apps.get_model('device_registry', 'DebPackage').vulnerabilities.through
-    # Debian.
-    DebPackageVulnerability.objects.filter(
-        debpackage__os_release_codename__in=DEBIAN_SUITES, debpackage__name__regex=DEBIAN_KERNEL_PACKAGES_RE_PATTERN
-    ).delete()
     # Ubuntu.
     DebPackageVulnerability.objects.filter(
         debpackage__os_release_codename__in=UBUNTU_SUITES, debpackage__name__regex=UBUNTU_KERNEL_PACKAGES_RE_PATTERN
@@ -23,15 +17,10 @@ def reset_kernel_packages_vulns(apps, schema_editor):
 class Migration(migrations.Migration):
 
     dependencies = [
-        ('device_registry', '0085_auto_20200302_1420'),
+        ('device_registry', '0087_auto_20200318_0652'),
     ]
 
     operations = [
-        migrations.AddField(
-            model_name='device',
-            name='kernel_meta_package',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='+', to='device_registry.DebPackage'),
-        ),
         migrations.AddField(
             model_name='device',
             name='reboot_required',

backend/device_registry/models.py

@@ -26,7 +26,6 @@
 DEBIAN_SUITES = ('jessie', 'stretch', 'buster')  # Supported Debian suite names.
 UBUNTU_SUITES = ('xenial', 'bionic')  # Supported Ubuntu suite (16.04, 18.04) names.
 UBUNTU_KERNEL_PACKAGES_RE_PATTERN = r'linux-(?:headers|aws-headers|image|modules)-.+'
-DEBIAN_KERNEL_PACKAGES_RE_PATTERN = r'linux-image-\d+\.\d+\.\d+-\d+[.-].+'
 IPV4_ANY = '0.0.0.0'
 IPV6_ANY = '::'
 FTP_PORT = 21
@@ -116,8 +115,6 @@ class SshdIssueItem(NamedTuple):
     deb_packages_hash = models.CharField(max_length=32, blank=True)
     cpu = JSONField(blank=True, default=dict)
     kernel_deb_package = models.ForeignKey(DebPackage, null=True, on_delete=models.SET_NULL, related_name='+')
-    kernel_meta_package = models.ForeignKey(DebPackage, null=True, blank=True,
-                                            on_delete=models.SET_NULL, related_name='+')
     reboot_required = models.BooleanField(null=True, blank=True, db_index=True)
     audit_files = JSONField(blank=True, default=list)
     os_release = JSONField(blank=True, default=dict)