Merge pull request #23 from brant-ruan/dev

fix #9

Author: brant-ruan

config.py

@@ -72,10 +72,14 @@
     release=release)
 
 # kernel apt repositories
-_kernel_apt_repo_entry_xenial_official = 'deb http://security.ubuntu.com/ubuntu xenial-security main'
 _kernel_apt_repo_entry_trusty_official = 'deb http://security.ubuntu.com/ubuntu trusty-security main'
+_kernel_apt_repo_entry_xenial_official = 'deb http://security.ubuntu.com/ubuntu xenial-security main'
 _kernel_apt_repo_entry_bionic_official = 'deb http://security.ubuntu.com/ubuntu bionic-security main'
 
+# containerd apt repository
+_containerd_apt_repo_entry_xenial_official = 'deb http://archive.ubuntu.com/ubuntu xenial-updates universe'
+_containerd_apt_repo_entry_bionic_official = 'deb http://archive.ubuntu.com/ubuntu bionic-updates universe'
+
 # active k8s components images source
 k8s_images_prefix_official = "k8s.gcr.io/"
 k8s_images_prefix_official_9 = "gcr.io/google_containers/"
@@ -104,6 +108,12 @@
     _kernel_apt_repo_entry_bionic_official,
 ]
 
+# active containerd apt repository
+containerd_apt_repo_entries = [
+    _containerd_apt_repo_entry_xenial_official,
+    _containerd_apt_repo_entry_bionic_official,
+]
+
 # CNI plugins
 available_cni_plugins = [
     'flannel',

core/env_managers/docker_installer.py

@@ -76,11 +76,8 @@ def _pre_install(cls, verbose=False):
         # install requirements
         color_print.debug('installing prerequisites')
         try:
-            subprocess.run(
-                cls.cmd_apt_update,
-                stdout=stdout,
-                stderr=stderr,
-                check=True)
+            if not cls._apt_update(verbose=verbose):
+                return False
             subprocess.run(
                 cls.cmd_apt_install +
                 cls._docker_requirements,
@@ -89,8 +86,12 @@ def _pre_install(cls, verbose=False):
                 check=True)
         except subprocess.CalledProcessError:
             return False
-        return cls._add_apt_repository(gpg_url=config.docker_apt_repo_gpg,
-                                       repo_entry=config.docker_apt_repo_entry, verbose=verbose)
+        cls._add_apt_repository(gpg_url=config.docker_apt_repo_gpg,
+                                repo_entry=config.docker_apt_repo_entry, verbose=verbose)
+        for repo in config.containerd_apt_repo_entries:
+            cls._add_apt_repository(repo_entry=repo, verbose=verbose)
+
+        return True
 
 
 if __name__ == "__main__":

core/env_managers/installer.py

@@ -103,6 +103,19 @@ def _install_one_gadget_by_version(
         color_print.warning('no candidate version for %s' % name)
         return False
 
+    @classmethod
+    def _apt_update(cls, verbose=False):
+        stdout, stderr = verbose_func.verbose_output(verbose)
+        try:
+            subprocess.run(
+                cls.cmd_apt_update,
+                stdout=stdout,
+                stderr=stderr,
+                check=True)
+            return True
+        except subprocess.CalledProcessError:
+            return False
+
     @classmethod
     def _add_apt_repository(cls, repo_entry, gpg_url=None, verbose=False):
         stdout, stderr = verbose_func.verbose_output(verbose)
@@ -132,11 +145,6 @@ def _add_apt_repository(cls, repo_entry, gpg_url=None, verbose=False):
                 stdout=stdout,
                 stderr=stderr,
                 check=True)
-            subprocess.run(
-                cls.cmd_apt_update,
-                stdout=stdout,
-                stderr=stderr,
-                check=True)
             return True
         except subprocess.CalledProcessError:
             return False

core/env_managers/kernel_installer.py

@@ -41,6 +41,7 @@ def install_by_version(cls, gadgets, context=None, verbose=False):
         color_print.debug('switching kernel by version')
         for repo in config.kernel_apt_repo_entries:
             cls._add_apt_repository(repo_entry=repo, verbose=verbose)
+
         if cls._is_version_available_in_apt(version, verbose=verbose):
             return cls._install_by_version_with_apt(version, verbose=verbose)
         else:

core/env_managers/kubernetes_installer.py

@@ -319,11 +319,7 @@ def _pre_install(cls, mappings=None, verbose=False):
         color_print.debug('pre-installing')
         stdout, stderr = verbose_func.verbose_output(verbose)
         # install requirements
-        subprocess.run(
-            cls.cmd_apt_update,
-            stdout=stdout,
-            stderr=stderr,
-            check=True)
+        cls._apt_update(verbose=verbose)
         subprocess.run(
             cls.cmd_apt_install +
             cls._kubernetes_requirements,

vulns_cn/docker/cve-2020-15257.yaml

@@ -5,6 +5,9 @@ dependencies:
   - name: docker-ce
     version: 18.03.1
     versions: ~
+  - name: containerd
+    version: 1.3.3
+    versions: ~
 links:
   - https://nvd.nist.gov/vuln/detail/CVE-2020-15257
   - https://xz.aliyun.com/t/8681