From a0837be41000ee67e2a5851272db5cb999031d15 Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalleroy@mailbox.org>
Date: Fri, 26 Jul 2019 19:06:57 -0400
Subject: [PATCH] help: Show security notice when backports are in use

Closes #1611.

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil@medhas.org: Fixed incorrect HTML nesting and inline styling]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
---
 plinth/modules/help/help.py                   | 17 ++++++++++++++++-
 plinth/modules/help/templates/help_about.html | 12 ++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/plinth/modules/help/help.py b/plinth/modules/help/help.py
index c84926668..10ee6c175 100644
--- a/plinth/modules/help/help.py
+++ b/plinth/modules/help/help.py
@@ -20,6 +20,7 @@ Help app for FreedomBox.
 
 import mimetypes
 import os
+import subprocess
 
 from apt.cache import Cache
 from django.core.files.base import File
@@ -83,7 +84,8 @@ def about(request):
         'title': _('About {box_name}').format(box_name=_(cfg.box_name)),
         'version': __version__,
         'new_version': not freedombox.candidate.is_installed,
-        'os_release': get_os_release()
+        'os_release': get_os_release(),
+        'backports_in_use': get_backports_in_use(),
     }
     return TemplateResponse(request, 'help_about.html', context)
 
@@ -143,3 +145,16 @@ def get_os_release():
                 line = line.split('=')
                 output = line[1]
     return output
+
+
+def get_backports_in_use():
+    """Return whether backports packages are installed."""
+    # Only freedombox package is set to be installed from backports currently.
+    output = subprocess.check_output(['apt-cache', 'policy', 'freedombox'])
+    for line in output.decode().split('\n'):
+        if 'Installed:' in line:
+            version = line.strip().split(': ')[1]
+            if 'bpo' in version:
+                return True
+
+    return False
diff --git a/plinth/modules/help/templates/help_about.html b/plinth/modules/help/templates/help_about.html
index 1848b21c6..3cfb09bc0 100644
--- a/plinth/modules/help/templates/help_about.html
+++ b/plinth/modules/help/templates/help_about.html
@@ -90,4 +90,16 @@
     {% endif %}
   </p>
 
+  {% if backports_in_use %}
+    <h3>{% trans "Security Notice" %}</h3>
+    <p>
+      {% blocktrans trimmed %}
+        You are using packages from Debian backports. Please note that these
+        packages do not have security support from Debian. However, they are
+        maintained on a best-effort basis by contributors in Debian and
+        FreedomBox community.
+      {% endblocktrans %}
+    </p>
+  {% endif %}
+
 {% endblock %}