YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Diagnosis: report usage of backports repository in apt's sources.list

Browse source
This commit is contained in:
Alexandre Aubin 2020-10-31 19:14:33 +01:00
parent 7aa3ff5255
commit a5b282e5c6
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
data/hooks/diagnosis/00-basesystem.py
View file

@ -92,6 +92,11 @@ class BaseSystemDiagnoser(Diagnoser):
summary="diagnosis_package_installed_from_sury", summary="diagnosis_package_installed_from_sury",
details=["diagnosis_package_installed_from_sury_details"]) details=["diagnosis_package_installed_from_sury_details"])
if self.backports_in_sources_list():
yield dict(meta={"test": "backports_in_sources_list"},
status="WARNING",
summary="diagnosis_backports_in_sources_list")
def bad_sury_packages(self): def bad_sury_packages(self):
packages_to_check = ["openssl", "libssl1.1", "libssl-dev"] packages_to_check = ["openssl", "libssl1.1", "libssl-dev"]
@ -105,6 +110,11 @@ class BaseSystemDiagnoser(Diagnoser):
version_to_downgrade_to = check_output(cmd) version_to_downgrade_to = check_output(cmd)
yield (package, version_to_downgrade_to) yield (package, version_to_downgrade_to)
def backports_in_sources_list(self):
cmd = "grep -q -nr '^ *deb .*-backports' /etc/apt/sources.list*"
return os.system(cmd) == 0
def is_vulnerable_to_meltdown(self): def is_vulnerable_to_meltdown(self):
# meltdown CVE: https://security-tracker.debian.org/tracker/CVE-2017-5754 # meltdown CVE: https://security-tracker.debian.org/tracker/CVE-2017-5754

1
locales/en.json
View file

@ -147,6 +147,7 @@
"diagnosis_basesystem_ynh_single_version": "{package} version: {version} ({repo})", "diagnosis_basesystem_ynh_single_version": "{package} version: {version} ({repo})",
"diagnosis_basesystem_ynh_main_version": "Server is running YunoHost {main_version} ({repo})", "diagnosis_basesystem_ynh_main_version": "Server is running YunoHost {main_version} ({repo})",
"diagnosis_basesystem_ynh_inconsistent_versions": "You are running inconsistent versions of the YunoHost packages... most probably because of a failed or partial upgrade.", "diagnosis_basesystem_ynh_inconsistent_versions": "You are running inconsistent versions of the YunoHost packages... most probably because of a failed or partial upgrade.",
"diagnosis_backports_in_sources_list": "It looks like apt (the package manager) is configured to use the backports repository. Unless you really know what you are doing, we strongly discourage from installing packages from backports, because it's likely to create unstabilities or conflicts on your system.",
"diagnosis_package_installed_from_sury": "Some system packages should be downgraded", "diagnosis_package_installed_from_sury": "Some system packages should be downgraded",
"diagnosis_package_installed_from_sury_details": "Some packages were inadvertendly installed from a third-party repository called Sury. The Yunohost team improved the strategy that handle these packages, but it's expected that some setups that installed PHP7.3 apps while still on Stretch have some remaining inconsistencies. To fix this situation, you should try running the following command: <cmd>{cmd_to_fix}</cmd>", "diagnosis_package_installed_from_sury_details": "Some packages were inadvertendly installed from a third-party repository called Sury. The Yunohost team improved the strategy that handle these packages, but it's expected that some setups that installed PHP7.3 apps while still on Stretch have some remaining inconsistencies. To fix this situation, you should try running the following command: <cmd>{cmd_to_fix}</cmd>",
"diagnosis_display_tip": "To see the issues found, you can go to the Diagnosis section of the webadmin, or run 'yunohost diagnosis show --issues' from the command-line.", "diagnosis_display_tip": "To see the issues found, you can go to the Diagnosis section of the webadmin, or run 'yunohost diagnosis show --issues' from the command-line.",