Azure · Rkoffer-SMX · Mar 23, 2026
@@ -183,7 +183,7 @@ def __read_one_line_style_list_format(self, file_path, max_patch_published_date,
 
         for line in sources_content_lines:
             if len(line.strip()) != 0 and not line.strip().startswith("#"):
-                if base_classification == Constants.PackageClassification.SECURITY and "security" not in line:
+                if base_classification == Constants.PackageClassification.SECURITY and "security" not in line and "fips-updates" not in line:
                     continue
                 std_source_list_content += "\n" + self.__apply_max_patch_publish_date(sources_content=line, max_patch_publish_date=max_patch_published_date)
 
@@ -207,7 +207,7 @@ def __read_deb882_style_format(self, file_path, max_patch_published_date, base_c
 
                 if len(line.strip()) == 0:  # stanza separating line
                     if stanza != str():
-                        if base_classification == str() or (base_classification == Constants.PackageClassification.SECURITY and "security" in stanza):
+                        if base_classification == str() or (base_classification == Constants.PackageClassification.SECURITY and ("security" in stanza or "fips-updates" in stanza)):
                             std_source_parts_content += self.__apply_max_patch_publish_date(sources_content=stanza, max_patch_publish_date=max_patch_published_date) + '\n'
                         stanza = str()
                         continue

@@ -99,8 +99,8 @@ def __lib_test_custom_sources_with(self, include_sources_list=False, include_sou
         # Checks swapping and caching: All -> Security -> All -> All
         for i in range(3):
             # All
-            expected_debstyle_entry_count = 2 if include_source_parts_debstyle else 0   # 2 entries in the debstyle mock
-            expected_sources_list_entry_count = (4 if include_sources_list else 0) + (5 if include_source_parts_list else 0)    # 4 in regular file, 3 in mock folder
+            expected_debstyle_entry_count = 3 if include_source_parts_debstyle else 0   # 3 entries in the debstyle mock (incl. fips-updates)
+            expected_sources_list_entry_count = (4 if include_sources_list else 0) + (6 if include_source_parts_list else 0)    # 4 in regular file, 6 in mock folder (incl. fips-updates)
             sources_dir, sources_list = package_manager._AptitudePackageManager__get_custom_sources_to_spec(include_max_patch_publish_date)
             self.__check_custom_sources(sources_dir, sources_list,
                                         sources_debstyle_expected=include_source_parts_debstyle,
@@ -115,8 +115,8 @@ def __lib_test_custom_sources_with(self, include_sources_list=False, include_sou
                 continue
 
             # Security
-            expected_debstyle_entry_count = 1 if include_source_parts_debstyle else 0   # 1 security entry in the debstyle mock
-            expected_sources_list_entry_count = (1 if include_sources_list else 0) + (1 if include_source_parts_list else 0)    # 1 security entry in regular file, 1 security entry in mock folder
+            expected_debstyle_entry_count = 2 if include_source_parts_debstyle else 0   # 2 security entries in the debstyle mock (security + fips-updates)
+            expected_sources_list_entry_count = (1 if include_sources_list else 0) + (2 if include_source_parts_list else 0)    # 1 security entry in regular file, 2 security entries in mock folder (security + fips-updates)
             sources_dir, sources_list = package_manager._AptitudePackageManager__get_custom_sources_to_spec(include_max_patch_publish_date, "Security")
             self.__check_custom_sources(sources_dir, sources_list,
                                         sources_debstyle_expected=include_source_parts_debstyle,
@@ -146,8 +146,8 @@ def __check_custom_sources(self, sources_dir, sources_list, sources_debstyle_exp
                 self.assertEqual(len(data), sources_debstyle_entry_count)
                 for entry in data:
                     if security_only:
-                        self.assertTrue("security" in entry)
-                    if max_patch_publish_date != str():
+                        self.assertTrue("security" in entry or "fips-updates" in entry)
+                    if max_patch_publish_date != str() and "fips-updates" not in entry:  # exception for unsupported repo
                         self.assertTrue(max_patch_publish_date in entry)
         else:
             self.assertFalse(os.path.isdir(sources_dir))
@@ -159,8 +159,8 @@ def __check_custom_sources(self, sources_dir, sources_list, sources_debstyle_exp
                 self.assertEqual(len(data), sources_list_entry_count)
                 for entry in data:
                     if security_only:
-                        self.assertTrue("security" in entry)
-                    if max_patch_publish_date != str() and "ppa" not in entry:  # exception for unsupported repo
+                        self.assertTrue("security" in entry or "fips-updates" in entry)
+                    if max_patch_publish_date != str() and "ppa" not in entry and "fips-updates" not in entry:  # exception for unsupported repo
                         self.assertTrue(max_patch_publish_date in entry)
 
     # region - Mock sources preparation and clean up
@@ -212,7 +212,8 @@ def __get_sources_data_one_line_style_ext():
                 "deb http://ppa.launchpad.net/upubuntu-com/web/ubuntu focal main\n" + \
                 "deb http://azure.archive.ubuntu.com/ubuntu/ focal-security universe\n" + \
                 "deb http://in.archive.ubuntu.com/ubuntu/ focal multiverse\n" + \
-                "deb http://cn.archive.ubuntu.com/ubuntu/ focal main\n"
+                "deb http://cn.archive.ubuntu.com/ubuntu/ focal main\n" + \
+                "deb https://esm.ubuntu.com/fips-updates/ubuntu jammy-updates main\n"
 
     @staticmethod
     def __get_sources_data_debstyle():
@@ -229,7 +230,13 @@ def __get_sources_data_debstyle():
                 "URIs: http://azure.archive.ubuntu.com/ubuntu/ \n" + \
                 "Suites: noble-security \n" + \
                 "Components: main universe restricted multiverse \n" + \
-                "Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg \n"
+                "Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg \n" + \
+                "\n" + \
+                "Types: deb \n" + \
+                "URIs: https://esm.ubuntu.com/fips-updates/ubuntu \n" + \
+                "Suites: jammy-updates \n" + \
+                "Components: main \n" + \
+                "Signed-By: /usr/share/keyrings/ubuntu-pro-fips-updates.gpg \n"
     # endregion
 
 if __name__ == '__main__':