hX SSKrSSKrSSKrSSKrSSKrSSKrSSKrSSKrSSK r SSK r SSK J r SSK JrJrJrJrJr SSKJr SSKJr SSKJr SSKJr SSKJrJr SS KJr SS K J!r! SS K"J#r#J$r$ SS K%J&r& SS K'J(r(J)r)J*r* SSK+J,r, SSK-J.r.J/r/ SSK0J1r1J2r2 SSK3J4r4 \Rj"S5r6S\ 4Sjr7S\\84Sjr9"SS\)5r:SSSS.\RvEr;"SS\25r<"SS\Rz5r>S \8S\?\\8\\844S!jr@S"\\8S#\8S$\ S%\8S\?\\8\\844 S&jrAS"\\8S'\\8S\?\\8\\844S(jrB"S)S*\,5rC"S+S,\15rDS0S-jrES0S.jrF\GS/:Xa\F"5 gg)1N)Path)DictIterableLiteralOptionalSequence) polyfills)ferny) bootloader)BridgeBeibootHelper)parse_os_release setup_logging)ChannelRoutingRule)PackagesChannel) JsonObjectget_str)supported_oses)PackagesPackagesLoaderpatch_libexecdir)Peer)CockpitProblemCockpitProtocolError)Router RoutingRule)StdioTransportzcockpit.beibootreturnc[RR[R5S- nUR 5n[ RRS5nUc[ RRS5n[ R"USS9 [US5n[RSU5 UR 5U:wa[RS5 [eUR!5R"S -(d[RS 5 [eU$![$[4a; [RS 5 UR'U5 UR)S 5 U$f=f) zCreate askpass executable We need this for the flatpak: ssh and thus the askpass program run on the host (via flatpak-spawn), not the flatpak. Thus we cannot use the shipped cockpit-askpass program. zinteraction_client.pyXDG_CACHE_HOMEz~/.cacheT)exist_okzcockpit-client-askpasszChecking if %s exists...z. ... it exists but is not the same version...@z; ... it has the correct contents, but is not executable...z ... writing contents.i) importlib resourcesfilesr __name__ read_bytesosenvirongetpath expandusermakedirsrloggerdebug ValueErrorstatst_modeFileNotFoundError write_byteschmod)src_pathsrc_dataxdg_cache_home dest_paths 1/usr/lib/python3/dist-packages/cockpit/beiboot.pyensure_ferny_askpassr:1s, ""((8;RRH""$HZZ^^$45N++J7KK.^%=>I LL+Y7     !X - LLI J ~~''%/ LLV W 0  z * ./h'  s:A,D))AE43E4c## [R"5HWnURHDnURS;dM[ UR [ 5(dM6UR v MF MY g7f)N) path-existspath-not-exists)rload_manifests conditionsname isinstancevaluestr)manifest conditions r9get_interesting_filesrFSsS"113!,,I~~!CC S\SbSbdgHhHhoo%-4s6A4A4A4cX\rSrSr%\\\4\S'S\S\S\4Sjr S\\\44Sjr Sr g ) ProxyPackagesLoaderZ file_statusrErBrc[U[5(deX R;deUS:XaURU$US:XaURU(+$[e)Nr<r=)rArCrJKeyError)selfrErBs r9check_condition#ProxyPackagesLoader.check_condition]sb%%%%%(((((  %##E* * + +''.. .NcXlgNrJ)rMrJs r9__init__ProxyPackagesLoader.__init__hs&rPrSN) r% __module__ __qualname____firstlineno__rrCbool__annotations__objectrNrT__static_attributes__rPr9rHrHZs>c4i   V  'DdO'rPrHz import os def report_exists(files): command('cockpit.report-exists', {name: os.path.exists(name) for name in files}) z import os def check_os_release(_argv): try: with open('/etc/os-release') as f: command('cockpit.check-os-release', f.read()) except OSError: command('cockpit.check-os-release', "") z import os def force_exec(argv): try: os.execvp(argv[0], argv) except OSError as e: command('cockpit.fail-no-cockpit', str(e)) ) report_existscheck_os_release force_execcX^\rSrSr%S\S'S\4U4SjjrS\SS4SjrS S jr S r U=r $) DefaultRoutingRulez Peer | Nonepeerrouterc$>[TU]U5 grR)superrT)rMre __class__s r9rTDefaultRoutingRule.__init__s  rPoptionsrcUR$rR)rd)rMrjs r9 apply_ruleDefaultRoutingRule.apply_rules yyrPcTURbURR5 ggrR)rdcloserMs r9shutdownDefaultRoutingRule.shutdowns 99 IIOO  !rPr]rN) r%rVrWrXrZrrTrrlrqr\ __classcell__rhs@r9rbrbs2 !v!*rPrbc \rSrSr%Sr\\S'S\S\\4Sjr S\S\S\S \\4S jr S \S \ S \ \ S\S S4 SjrSrg)AuthorizeResponder)z ferny.askpasscockpit.report-existscockpit.fail-no-cockpitcockpit.check-os-releaserebasic_passwordc.XlX lUSLUlgrR)rer|have_basic_password)rMrer|s r9rTAuthorizeResponder.__init__s ,#1#= rPmessagesprompthintrc # [RSX!U5 UR(aLSUR5;a8URb+[RSU5 URnSUlU$US:Xag[ R "SU5n[ R "SU5n0nU(acU(a\URS5nUS:Xa[RS U5 g US URS5S 3US 'URS5US'[R"5S[R"53n SU 3n U S -[R"UR55R5-n URR "U 4SUUUSS.UD6IShvN n U R#U 5(d[%SU SU 35eU R'U 5R)5n [R*"U R55R5n [RS[-U 55 U $N7f)Nz3AuthorizeResponder: prompt %r, messages %r, hint %rz password:z=AuthorizeResponder: sending Basic auth password for prompt %rnonez$\n(\w+) key fingerprint is ([^.]+)\.zauthenticity of host '([^ ]+) z 127.0.0.1z,auto-accepting fingerprint for 127.0.0.1: %syes z login-datazhost-keydefault-zX-Conversation F)timeoutrrrechozAuthorizeResponder: response z does not match challenge zReturning a %d chars response)r-r.r~lowerr|researchgroupr'getpidtimebase64 b64encodeencodedecodererequest_authorization startswithr removeprefixstrip b64decodelen)rMrrrreplyfp_match host_matchargshostname challenge_idchallenge_prefix challengeresponseb64s r9 do_askpassAuthorizeResponder.do_askpasss JF^bc  # # v||~(E"". \^de++&*# 6>99DfMYY@&I   !''*H;& KZX #+1X^^A->,?{KD &nnQ/DO))+a }5 ,\N;$s*V-=-=fmmo-N-U-U-WW ::9CCGDLBH@D@E C >B CC""#344&/z9STdSefh h##$45;;=##CJJL188: 4c(mDCsF&I(I)BIcommandrfdsstderrNc^ # [RSXU5 US:XadUun[[U5S9URlURR RS[UR[/55 US:Xa [SUSS9eUS:XGao[US5m [RS T 5 [RS [5 [HCn[U 4S jUR555(dM-[RS U5 g [RS T 5 [S5n[UR!55nSSS5 T R'S5WR'S5:Xa;T R'S5UR'S5:Xa[RSU5 gT R'ST R'SS55ST R'SS53n [SU S9eg!,(df  N=f!["a n [R%SU 5 Sn A gSn A ff=f7f)NzGot ferny command %s %s %sry)loaderrrzz no-cockpit)messager{z'cockpit.check-os-release: remote OS: %rz,cockpit.check-os-release: supported OSes: %rc3P># UHupTRU5U:Hv M g7frR)r)).0kv remote_oss r9 7AuthorizeResponder.do_custom_command..s!Hy}}Q'1,s#&z8cockpit.check-os-release: remote matches supported OS %rz$cockpit.check-os-release: remote: %rz/etc/os-releasezIfailed to read local /etc/os-release, skipping OS compatibility check: %sID VERSION_IDz7cockpit.check-os-release: remote OS matches local OS %rNAME?r) unsupported)r-r.rrHrepackages routing_rulesinsertrrrr rallitemsopenreadOSErrorwarningr)) rMrrrrrJosinfofthis_oserrs @r9do_custom_command$AuthorizeResponder.do_custom_commands 17&I - -LK#+3F{3S#TDKK KK % % , ,Q0B4;;Q`Pa0b c / / tAw? ? 0 0(a1I LLBI N LLG X(HHHHLL![]cd ) LL? K +,.qvvx8G- }}T"gkk$&77IMM,v>x}> BBcBBRUBH%Hs%H%%Hd3i%HY\%Hae%HrPrwcommentcSSSU34S4$)Npython3z-icz# r]r])rs r9python_interpreterr s u7)n -r 11rPcmddest ssh_askpassssh_optsc@URS5upEnUR5(aLURS5(d6URS5(aURS5(aUSSnSXd/nOU/nS/UQUQ[R "U5P7SU<3S S 44$) N:[]rz-psshz SSH_ASKPASS=z DISPLAY=xzSSH_ASKPASS_REQUIRE=force) rpartitionisdigitendswithrshlexjoin)rrrrhost_port destinations r9via_sshrsOOC(MDT ||~~dmmC00 ??3  DMM#$6$6":DT( f    & (- 3  {o& #  rPenvc&SS/SU5QUQ7S4$)Nz flatpak-spawnz--hostc3,# UH nSU3v M g7f)z--env=Nr])rkvs r9r flatpak_spawn..'s &#BF2$-#sr]r])rrs r9 flatpak_spawnr$s2  &# &     rPc^\rSrSr%S\S'S\S\S\R4U4Sjjr SS jr SS jr SS jr S \ \S\ \SS 4SjrSSjrS\SS 4SjrSrU=r$)SshPeeri-zMLiteral["always"] | Literal["never"] | Literal["supported"] | Literal["auto"]modererrc>X lURUl[R"5Ul[ URR 5S- UlSUl[TU])U5 g)Nzuser-known-hosts) r remote_bridgetempfileTemporaryDirectorytmpdirrr@known_hosts_filer|rgrT)rMrerrrhs r9rTSshPeer.__init__0sY&!//113 $T[[%5%5 69K K,0  rPrNc# [RRS5(aUR5IShvN gUR 5IShvN gNN7f)Nz/.flatpak-info)r'r*existsconnect_from_flatpakconnect_from_bastion_hostrps r9do_connect_transportSshPeer.do_connect_transport8sE 77>>* + +++- - -002 2 2 . 2s!8AAAAAAc# [S5upURS:wa [XR[55up[ X5upUR X5IShvN gN7f)Ncockpit-bridge localhost)rrrr:rboot)rMrrs r9rSshPeer.connect_from_flatpak?sX%&67   { *s$4$46J6LMHC *ii!!!sAA)!A'"A)c# SnSS/nURRS5IShvN n[US5nURS5(ax[R "USS5R 5nURS5upgnURS5upUlU(a[RS U5 US U/- nURcUSS /- n[S 5up[S 5n [U [5(de[U 5n U R!5(d[R#SU 5 [$R&"S5n U b USSU 3/- nUb0UR(R+U5 USSUR(<3/- n[-XR.U /UQ76upUR1X5IShvN gGNN7f)Nz-ozNumberOfPasswordPrompts=1*rzBasic rz,got username %s and password from Basic authz-lzPasswordAuthentication=norz${libexecdir}/cockpit-askpassz+Could not find cockpit-askpass helper at %rCOCKPIT_SSH_KNOWN_HOSTS_FILEzGlobalKnownHostsFile=zUserKnownHostsfile=)rerequest_authorization_objectrrrrr partitionr|r-r.rrrArCrrerrorr'getenvr write_textrrr)rM known_hostsrauthrdecoded user_passwordruserrraskpassrenv_known_hostss r9r!SshPeer.connect_from_bastion_hostLs 12[[==cBB4,   x ( (&&x|4;;=G,3,=,=d,C )Mk+8+B+B3+G (DT( KTRt $    & T67 7D&&67##BC'3''''7m !!## LLF P))$BC  & T2?2CDE ED  "  ! ! , ,[ 9 T01F1F0IJK KD3 0 0+EEii!!!CCB "s"%G GFG G G  G rrc# [U5n[R"[URUR 5U/5n[ RSX5 URXUSS9IShvN nURS:XaSS/44/nOHURS:XaSS/44/nO0URS :Xa SS/44S /44/nOURS :Xde/n[R"/UQS [[55/4PURQ[S 9nUR!UR#55 UR%5IShvN gNN7f)Nz Launching command: cmd=%s env=%sT)rstart_new_sessionautotry_execralwaysr` supportedr_neverr^)gadgets)r r InteractionAgentrwrer|r-r.spawnrr make_bootloaderrrFstepsBEIBOOT_GADGETSwriter communicate)rMrrbeiboot_helperagent transportexec_cockpit_bridge_stepsstage1s r9r SshPeer.bootusl,T2&&(:4;;H[H[(\^l'mn 7B**Set*TT    '*48H7I6K)L(M %   8 +*6:J9K8M)N(O %   ; .*48H7I6K)LOadfchNi(j %%%0 00(* %++- &- t$9$;<= >-  ! !- # $  (!!!-U, "s%A,E .E/CE E E  E cSUlgrR)r|rps r9do_superuser_init_doneSshPeer.do_superuser_init_dones "rPrct[RSXRSL5 [US5R S5(aP[US5nURb7[RS5 UR SX RS9 SUlg[RS5 UR SWS S 9 g) Nz*SshPeer.do_authorize: %r; have password %srzplain1:cookiez-SshPeer.do_authorize: responded with password authorize)rr-rz0SshPeer.do_authorize: authentication-unavailablezauthentication-unavailable)rr-problem)r-r.r|rr write_control)rMrr-s r9 do_authorizeSshPeer.do_authorizes A7L_L_gkLkl 7K ( 3 3I > >Wh/F"". LM"";vPcPc"d&*# GH ;vGcdrP)r|rrrrrs)r%rVrWrXrZrrCargparse NamespacerTrrrrrr*rr1r\rtrus@r9rr-s| YY!v!C!x?Q?Q!3 "'"R"hsm"(3-"D":# eJ e4 e erPrcz^\rSrSr%Sr\\\S'\\S'S\ R4U4Sjjr Sr Sr S S jrS rU=r$) SshBridgeiNrssh_peerrc>[U5n[TU] U/5 [XRU5UlUR UlgrR)rbrgrTrrr7rd)rMrrulerhs r9rTSshBridge.__init__s?"$' $  &6&6= MM rPcgrRr]rps r9 do_send_initSshBridge.do_send_inits rPcf[RSU5 URRU5 g)NzSshBridge.do_init: %r)r-r.r7r0)rMrs r9do_initSshBridge.do_inits%  ,g6 ##G,rPcNURRUR5 grR)r7add_done_callbackrorps r9 setup_sessionSshBridge.setup_sessions '' 3rP)r7rs)r%rVrWrXrrrrZrr3r4rTr<r?rCr\rtrus@r9r6r6s>#'Hhx ' "X// " - 44rPr6c# [RS5 [U5n[[R "5U5 [ URR5IShvN 5nURRR5(a6URSSSSURRR50S9 URS05n[U[ 5(dURSS S S 9 g[U[ 5(deS US 'UR(a,[ R!URR5US'URU5 URR#5 [RS5 UR?5 URA5IShvN gGNd![$R&Gakn[$R(R+[-U55n[RSXE5 [U[$R.5(aSnO[U[$R05(aSnO^[U[$R25(aSnO<[U[45(aSnO$[U[$R65(aSnOSnURRR5(a>URSU[-U5URRR5S9 OURSU[-U5S 9 SnAgSnAf[8a:n[RSU5 URUR:SS9 SnAgSnAf[R<a [RS5 gf=fGN![Ba gf=f7f)NzHi. How are you today?r.z x-login-datarz known-hosts)rrr- login_data capabilitiesinitzprotocol-errorzcapabilities must be a dict)rr/rTzexplicit-superuserrz.ferny.InteractionError: %s, interpreted as: %rzauthentication-failedzinvalid-hostkeyzunknown-hostkeyz unknown-hostzinternal-error)rr/rr zCockpitProblem: %s)rz"Peer bridge got cancelled, exitingz/Startup done. Looping until connection closes.)"r-r.r6rasyncioget_running_loopdictr7startrrr0 read_text setdefaultrArfromkeys thaw_endpointr InteractionError ssh_errorsget_exception_for_ssh_stderrrCSshAuthenticationErrorSshChangedHostKeyErrorSshHostKeyErrorrSshErrorrattrsCancelledErrorrCr"BrokenPipeError)rbridgerrGexcr r/s r9runr]s LL)* t_F7++-v66V__22445 ?? + + 2 2 4 4  #~c!6??#C#C#M#M#OW ! ))."= ,--  9ISp q ,-----1 )* ??"&--0H0H"IGJ W%%%'@ LLBC    """u50  ! !  ==c#hG EsR eU99 : :-G u;; < <'G u44 5 5'G w ' '$G u~~ . .-G&G ?? + + 2 2 4 4  #e*-3__-M-M-W-W-Y ! [  #e* U  )3/SYY7  ! ! 9: #    sAO"G %G &BG OBG %O0N>N;N>O G N8!E!MO N80N O ,N85O7N88O;N>> O O O  OcT[R"5 [R"SS9nUR S/SQSSS9 UR SS S 9 UR S S S 9 UR 5n[ URS9 [R"[U5URS9 g)Nz@cockpit-bridge is run automatically inside of a Cockpit session.) descriptionz--remote-bridge)rrrrrzHow to run cockpit-bridge from the remote host: auto: if installed (default), never: always copy the local one; supported: if not installed, copy local one for compatible OSes, fail otherwise; always: fail if not installed)choicesrhelpz--debug store_true)actionrz5Name of the remote host to connect to, or 'localhost')ra)r.) r installr3ArgumentParser add_argument parse_argsrr.rIr])parserrs r9mainris   $ $1s tF )3[ek89   ,7  ,cd    D # KKD ,rP__main__rs)Hr3rIrimportlib.resourcesr"loggingr'rrrrpathlibrtypingrrrrrcockpitr cockpit._vendorr cockpit._vendor.beir cockpit.beipackr cockpit.bridger rcockpit.channelrcockpit.channelsrcockpit.jsonutilrrcockpit.osinforcockpit.packagesrrr cockpit.peerrcockpit.protocolrrcockpit.routerrrcockpit.transportsr getLoggerr-r:rCrFrHr rbAskpassHandlerrwrrrrrr6r]rir%r]rPr9rs$   >>!*/:.,0)GGA.-   , -dD&x}&'.'& . /6  rH--rHj22hsmXc].J(K2#cQVW_`cWdfnorfsWsQt,x}8C=U8C=RZ[^R_C_=`sedsel44:D N-$ zFrP