From a5b282e5c65d146eb678a3517838321123bb4901 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Sat, 31 Oct 2020 19:14:33 +0100
Subject: [PATCH] Diagnosis: report usage of backports repository in apt's
 sources.list

---
 data/hooks/diagnosis/00-basesystem.py | 10 ++++++++++
 locales/en.json                       |  1 +
 2 files changed, 11 insertions(+)

diff --git a/data/hooks/diagnosis/00-basesystem.py b/data/hooks/diagnosis/00-basesystem.py
index d56faec98..00412cc74 100644
--- a/data/hooks/diagnosis/00-basesystem.py
+++ b/data/hooks/diagnosis/00-basesystem.py
@@ -92,6 +92,11 @@ class BaseSystemDiagnoser(Diagnoser):
                        summary="diagnosis_package_installed_from_sury",
                        details=["diagnosis_package_installed_from_sury_details"])
 
+        if self.backports_in_sources_list():
+            yield dict(meta={"test": "backports_in_sources_list"},
+                       status="WARNING",
+                       summary="diagnosis_backports_in_sources_list")
+
     def bad_sury_packages(self):
 
         packages_to_check = ["openssl", "libssl1.1", "libssl-dev"]
@@ -105,6 +110,11 @@ class BaseSystemDiagnoser(Diagnoser):
             version_to_downgrade_to = check_output(cmd)
             yield (package, version_to_downgrade_to)
 
+    def backports_in_sources_list(self):
+
+        cmd = "grep -q -nr '^ *deb .*-backports' /etc/apt/sources.list*"
+        return os.system(cmd) == 0
+
     def is_vulnerable_to_meltdown(self):
         # meltdown CVE: https://security-tracker.debian.org/tracker/CVE-2017-5754
 
diff --git a/locales/en.json b/locales/en.json
index 221046382..e13c0d2b2 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -147,6 +147,7 @@
     "diagnosis_basesystem_ynh_single_version": "{package} version: {version} ({repo})",
     "diagnosis_basesystem_ynh_main_version": "Server is running YunoHost {main_version} ({repo})",
     "diagnosis_basesystem_ynh_inconsistent_versions": "You are running inconsistent versions of the YunoHost packages... most probably because of a failed or partial upgrade.",
+    "diagnosis_backports_in_sources_list": "It looks like apt (the package manager) is configured to use the backports repository. Unless you really know what you are doing, we strongly discourage from installing packages from backports, because it's likely to create unstabilities or conflicts on your system.",
     "diagnosis_package_installed_from_sury": "Some system packages should be downgraded",
     "diagnosis_package_installed_from_sury_details": "Some packages were inadvertendly installed from a third-party repository called Sury. The Yunohost team improved the strategy that handle these packages, but it's expected that some setups that installed PHP7.3 apps while still on Stretch have some remaining inconsistencies. To fix this situation, you should try running the following command: <cmd>{cmd_to_fix}</cmd>",
     "diagnosis_display_tip": "To see the issues found, you can go to the Diagnosis section of the webadmin, or run 'yunohost diagnosis show --issues' from the command-line.",