I do upgrade packages manually on my machine because I want to control when and what to upgrade. Security freaks could argue that it is not secure not to update computers frequently but I believe that chances to get hacked because of an outdated package are less than receive an upgrade that bricks your computer. The recent Canonical fuck up with activating experimental Intel SPI drivers in kernel that bricked some Lenovo laptops is a very good example. Another reason is the time needed to upgrade packages because apt-get is really slow. So basically I need to check what has been changed and only upgrade if really needed.
There's no apt-get function for this but it could be done with a relatively simple script. For all upgradable packages script downloads their change logs and strips them to only show changes until installed packages version:
#!/bin/bash
LIGHTRED='\e[1;31m' # ${lightred}
LIGHTGREEN='\e[1;32m' # ${lightgreen}
NC='\e[0m' # ${nc} (no color - resets previous color)
IFS=$'\n'
# list of upgradable packages
upgradable=$(apt list --upgradable 2>/dev/null | awk -F/ '/[^\/]*\//{print $1}')
# get versions of the installed packages
for package in ${upgradable[@]}; do
version=$(dpkg -l "$package" | awk -F\ '/^ii/{print $3}')
[[ -n "$version" ]] && {
# some characters in the version string should be escaped. Such
# chars have special meaning in regular expressions. Currently
# only the '+' char is escaped but God only knows what other chars
# these freak&fucks could use in the vesion string
version="${version/+/\\\\+}" # plus should be prepended with \\ for awk
echo -e "${LIGHTRED}Package: ${LIGHTGREEN}${package}${NC}"
apt-get -q changelog "$package" | \
awk -v ver="$version" '{if($0 ~ "[^(]*\\("ver"\\).*"){found=1};if(found!=1)print $0}'
}
done
exit 0
Example output looks like this:
$ sudo apt-get update && bin/aptchangelog.sh Package: command-not-found Get:1 http://changelogs.ubuntu.com command-not-found 0.3ubuntu17.10.2 Changelog [30.1 kB] command-not-found (0.3ubuntu17.10.2) artful; urgency=medium * Update scan.data after a new "artful" archive scan (LP: #1739467) -- Michael Funker VogtWed, 20 Dec 2017 19:29:20 +0100 Package: command-not-found-data Get:1 http://changelogs.ubuntu.com command-not-found 0.3ubuntu17.10.2 Changelog [30.1 kB] command-not-found (0.3ubuntu17.10.2) artful; urgency=medium * Update scan.data after a new "artful" archive scan (LP: #1739467) -- Michael Funker Vogt Wed, 20 Dec 2017 19:29:20 +0100 Package: ntpdate Get:1 http://changelogs.ubuntu.com ntp 1:4.2.8p10+dfsg-5ubuntu3.1 Changelog [133 kB] ntp (1:4.2.8p10+dfsg-5ubuntu3.1) artful; urgency=medium * debian/apparmor-profile: add attach_disconnected which is needed in some cases to let ntp report its log messages (LP: #1727202). -- Christian Ehrhardt Mon, 18 Dec 2017 13:19:36 +0100 Package: python3-commandnotfound Get:1 http://changelogs.ubuntu.com command-not-found 0.3ubuntu17.10.2 Changelog [30.1 kB] command-not-found (0.3ubuntu17.10.2) artful; urgency=medium * Update scan.data after a new "artful" archive scan (LP: #1739467) -- Michael Funker Vogt Wed, 20 Dec 2017 19:29:20 +0100
Script can be downloaded from here
No comments:
Post a Comment