Re: When to sudo apt clean?

2023-06-27 Thread Jeffrey Walton
On Tue, Jun 27, 2023 at 2:18 PM Steve Sobol  wrote:
>
> On 2023-06-27 10:54, David Wright wrote:
> > On Fri 23 Jun 2023 at 15:51:31 (-0700), Steve Sobol wrote:
> >> On 2023-06-23 15:26, Emanuel Berg wrote:
> >> > Steve Sobol wrote:
> >> >
> >> > > > In general people don't want to dist-upgrade automatically.
> >> > >
> >> > > Seconded.
> >> >
> >> > I'm not following, when these functions are invoked, be it
> >> > scheduled by some other software or by the user from the shell,
> >> > they are intended to do their work automatically
> >> > (non-interactively) if that is what you mean?
> >>
> >> Dist-upgrade makes major changes to your system, updating dozens of
> >> packages, and pointing the OS at different APT repos.
> >
> > Yes, but only if you've changed the codename in your sources.list
> > (or after a new release if you use the suite names).
>
> Maybe I'm thinking of do-release-upgrade, then.
>
> I am still not comfortable automating OS updates.

I recommend taking updates daily.

The number one threat to server applications is unpatched software.
The number one threat to users is phishing, followed by unpatched
software at number two.

Updating vulnerable software is important. And updating even though
the software does not have a CVE is equally important. Many folks
don't place importance on non-CVE items, but they bite, too. Cf.,
https://thenewstack.io/design-system-can-update-greg-kroah-hartman-linux-security/.

Jeff



Re: When to sudo apt clean?

2023-06-27 Thread Steve Sobol

On 2023-06-27 10:54, David Wright wrote:

On Fri 23 Jun 2023 at 15:51:31 (-0700), Steve Sobol wrote:

On 2023-06-23 15:26, Emanuel Berg wrote:
> Steve Sobol wrote:
>
> > > In general people don't want to dist-upgrade automatically.
> >
> > Seconded.
>
> I'm not following, when these functions are invoked, be it
> scheduled by some other software or by the user from the shell,
> they are intended to do their work automatically
> (non-interactively) if that is what you mean?

Dist-upgrade makes major changes to your system, updating dozens of
packages, and pointing the OS at different APT repos.


Yes, but only if you've changed the codename in your sources.list
(or after a new release if you use the suite names).


Maybe I'm thinking of do-release-upgrade, then.

I am still not comfortable automating OS updates.



Re: When to sudo apt clean?

2023-06-27 Thread David Wright
On Fri 23 Jun 2023 at 15:51:31 (-0700), Steve Sobol wrote:
> On 2023-06-23 15:26, Emanuel Berg wrote:
> > Steve Sobol wrote:
> > 
> > > > In general people don't want to dist-upgrade automatically.
> > > 
> > > Seconded.
> > 
> > I'm not following, when these functions are invoked, be it
> > scheduled by some other software or by the user from the shell,
> > they are intended to do their work automatically
> > (non-interactively) if that is what you mean?
> 
> Dist-upgrade makes major changes to your system, updating dozens of
> packages, and pointing the OS at different APT repos.

Yes, but only if you've changed the codename in your sources.list
(or after a new release if you use the suite names).

> Automating such changes would be a very bad idea.

Agreed, though I use dist-upgrade routinely in combination with -d
in my cron job:

  0 */3 * * * apt-get -qq -o Acquire::http::Proxy="http://192.168.1.14:3142/"; 
update && apt-get -qq -d -o Acquire::http::Proxy="http://192.168.1.14:3142/"; 
dist-upgrade && find /var/cache/apt/archives/ -name '*deb'

As well as acting as a notification, this saves waiting while the
packages are downloaded when actually doing the upgrade.

> Personally, I avoid doing in-place upgrades from one Debian/Ubuntu
> release to another. Given the low cost and quick turnaround time
> involved in spinning up a new VPS, I will almost always spin up a new
> VM instead, and move services and data from the old one to the new
> one. But if I have to do an in-place upgrade, I'm going to sit and
> watch it happen... just in case something goes wrong.

Because I run several old machines (and nothing you could call new),
I use a similar scheme, but machine by machine rather than VMs.
It does rely somewhat on a careful record of configuration changes
made on each system for speed and consistency. Each system has
two consecutive releases installed on its drive at any time.

Cheers,
David.



Re: When to sudo apt clean?

2023-06-24 Thread Emanuel Berg
Max Nikulin wrote:

>> sudo apt autoremove -y && sudo apt update && sudo apt
>> upgrade -y
>
> Almost from the start of this thread I am curious if there
> is a reason to not run autoremove immediately after upgrade.
> What is the purpose of retaining unnecessary packages till
> next upgrade?

Indeed, it makes sense to do cleanup after, but it also makes
sense to upgrade from a clean state.

> I usually add --purge to apt autoremove to avoid remnants of
> deleted kernel packages. On the other hand I am not brave
> enough to use -y.
>
> This thread started from a question concerning
> /var/cache/apt/archives. I do not remember if somebody
> already mentioned that "apt upgrade" by default removes
> downloaded .deb files in the case of success, however
> "apt-get upgrade" does no do it.

Good ideas, made 2 changes below accordingly.

a1 () {
sudo apt-get -qq check
sudo apt-get -qq update
sudo apt-get -qq --purge -y autoremove
sudo aptitude -q=99 autoclean
apt -a list --upgradable
}

a2 () {
a1
sudo apt -qq upgrade
sudo apt dist-upgrade
}

-- 
underground experts united
https://dataswamp.org/~incal



Re: When to sudo apt clean?

2023-06-24 Thread Max Nikulin

On 24/06/2023 23:42, gene heskett wrote:

sudo apt autoremove -y && sudo apt update && sudo apt upgrade -y


Almost from the start of this thread I am curious if there is a reason 
to not run autoremove immediately after upgrade. What is the purpose of 
retaining unnecessary packages till next upgrade?


I usually add --purge to apt autoremove to avoid remnants of deleted 
kernel packages. On the other hand I am not brave enough to use -y.


This thread started from a question concerning /var/cache/apt/archives. 
I do not remember if somebody already mentioned that "apt upgrade" by 
default removes downloaded .deb files in the case of success, however 
"apt-get upgrade" does no do it.




Re: When to sudo apt clean?

2023-06-24 Thread Emanuel Berg
tomas wrote:

>> I'd much rather err on the side of extreme caution.
>> If something goes bump, I'm screwed.
>
> To be fair, autoremove can improve safety: when it removes
> old kernel versions filling up your boot partition.

Anything more to add to the 'maintain' function (a1), to
improve safety and dig in from the basis of a sound state?

Now it looks like this:

a1 () {
sudo apt-get  -qq   check
sudo apt-get  -qq   update
sudo apt-get  -qq   autoremove
sudo aptitude -q=99 autoclean
apt -a list --upgradable
}

a2 () {
a1
sudo apt-get -qq upgrade
sudo apt-get dist-upgrade
}

> Having a new kernel install failing because -ENOSPC has
> bitten some of us around here at least once :-)

ENOSPC = error as no space (on the drive).

It only happened to me once as a youth, when I tried to insert
bills into my wallet ...

-- 
underground experts united
https://dataswamp.org/~incal



Re: When to sudo apt clean?

2023-06-24 Thread gene heskett

On 6/24/23 02:53, to...@tuxteam.de wrote:

On Fri, Jun 23, 2023 at 10:57:55PM -0700, Steve Sobol wrote:

On 2023-06-23 21:59, to...@tuxteam.de wrote:

On Fri, Jun 23, 2023 at 05:29:22PM -0700, Steve Sobol wrote:

[...]


I'd much rather err on the side of extreme caution. If something
goes bump,
I'm screwed.


To be fair, autoremove can improve safety: when it removes old kernel
versions
filling up your boot partition.


Yes. My comment was about dist-upgrade, not autoremove.


Point taken. I wouldn't run this one automatically. It can and
will remove packages from time to time, so you better know what
happened :-)

Cheers


I run my update script like this:

sudo apt autoremove -y && sudo apt update && sudo apt upgrade -y

That way I always have the next older version waiting to be restored if 
something "goes bump'. But I've not had to resort to that in quite a spell.


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 



Re: When to sudo apt clean?

2023-06-23 Thread tomas
On Fri, Jun 23, 2023 at 10:57:55PM -0700, Steve Sobol wrote:
> On 2023-06-23 21:59, to...@tuxteam.de wrote:
> > On Fri, Jun 23, 2023 at 05:29:22PM -0700, Steve Sobol wrote:
> > 
> > [...]
> > 
> > > I'd much rather err on the side of extreme caution. If something
> > > goes bump,
> > > I'm screwed.
> > 
> > To be fair, autoremove can improve safety: when it removes old kernel
> > versions
> > filling up your boot partition.
> 
> Yes. My comment was about dist-upgrade, not autoremove.

Point taken. I wouldn't run this one automatically. It can and
will remove packages from time to time, so you better know what
happened :-)

Cheers
-- 
t


signature.asc
Description: PGP signature


Re: When to sudo apt clean?

2023-06-23 Thread Steve Sobol

On 2023-06-23 21:59, to...@tuxteam.de wrote:

On Fri, Jun 23, 2023 at 05:29:22PM -0700, Steve Sobol wrote:

[...]

I'd much rather err on the side of extreme caution. If something goes 
bump,

I'm screwed.


To be fair, autoremove can improve safety: when it removes old kernel 
versions

filling up your boot partition.


Yes. My comment was about dist-upgrade, not autoremove.



Re: When to sudo apt clean?

2023-06-23 Thread tomas
On Fri, Jun 23, 2023 at 05:29:22PM -0700, Steve Sobol wrote:

[...]

> I'd much rather err on the side of extreme caution. If something goes bump,
> I'm screwed.

To be fair, autoremove can improve safety: when it removes old kernel versions
filling up your boot partition.

Having a new kernel install failing because -ENOSPC has bitten some of us around
here at least once :-)

Cheers
-- 
t


signature.asc
Description: PGP signature


Re: When to sudo apt clean?

2023-06-23 Thread Steve Sobol

On 2023-06-23 16:54, Emanuel Berg wrote:


Ah, don't worry, it is safe, I've done it a lot.


I don't doubt that it is quite safe, most of the time.

But I run my servers on Ubuntu and Debian. (Mostly Ubuntu right now; 
slowly migrating to Debian.)


I get paid for hosting, as well as work I do that requires the use of my 
VPS's.


I'd much rather err on the side of extreme caution. If something goes 
bump, I'm screwed.




But actually even if something goes wrong, it is still a good
idea since then it is the upgrade process that must be
debugged at the other end, the command is fine.


Spoken like someone who doesn't run live servers in production... :)




Re: When to sudo apt clean?

2023-06-23 Thread John Hasler
 Emanuel Berg writes:
> But if I have to do an in-place upgrade, I'm going to sit and watch it
> happen... just in case something goes wrong.

I think has been about twenty years since I've had an in-place upgrade
from oldstable to stable go wrong.
-- 
John Hasler 
j...@sugarbit.com
Elmwood, WI USA



Re: When to sudo apt clean?

2023-06-23 Thread Emanuel Berg
Steve Sobol wrote:

 In general people don't want to dist-upgrade automatically.
>>>
>>> Seconded.
>>
>> I'm not following, when these functions are invoked, be it
>> scheduled by some other software or by the user from the
>> shell, they are intended to do their work automatically
>> (non-interactively) if that is what you mean?
>
> Dist-upgrade makes major changes to your system, updating
> dozens of packages, and pointing the OS at different
> APT repos.

Well, not always, right? But yes, that's the intension.

> Automating such changes would be a very bad idea. [...] But
> if I have to do an in-place upgrade, I'm going to sit and
> watch it happen... just in case something goes wrong.

Ah, don't worry, it is safe, I've done it a lot.

But actually even if something goes wrong, it is still a good
idea since then it is the upgrade process that must be
debugged at the other end, the command is fine.

-- 
underground experts united
https://dataswamp.org/~incal



Re: When to sudo apt clean?

2023-06-23 Thread Steve Sobol

On 2023-06-23 15:26, Emanuel Berg wrote:

Steve Sobol wrote:


In general people don't want to dist-upgrade automatically.


Seconded.


I'm not following, when these functions are invoked, be it
scheduled by some other software or by the user from the shell,
they are intended to do their work automatically
(non-interactively) if that is what you mean?


Dist-upgrade makes major changes to your system, updating dozens of 
packages, and pointing the OS at different APT repos.


(Debian, and downstream distros like Ubuntu, have separate repos for 
each release.)


Automating such changes would be a very bad idea.

Personally, I avoid doing in-place upgrades from one Debian/Ubuntu 
release to another. Given the low cost and quick turnaround time 
involved in spinning up a new VPS, I will almost always spin up a new VM 
instead, and move services and data from the old one to the new one. But 
if I have to do an in-place upgrade, I'm going to sit and watch it 
happen... just in case something goes wrong.






Re: When to sudo apt clean?

2023-06-23 Thread Emanuel Berg
Steve Sobol wrote:

>> In general people don't want to dist-upgrade automatically.
>
> Seconded.

I'm not following, when these functions are invoked, be it
scheduled by some other software or by the user from the shell,
they are intended to do their work automatically
(non-interactively) if that is what you mean?

-- 
underground experts united
https://dataswamp.org/~incal



Re: When to sudo apt clean?

2023-06-23 Thread Emanuel Berg
Dan Ritter wrote:

> It seems unlikely to me that you want to do an autoremove
> before you have done an upgrade.

a1 is to maintain and a2 is to upgrade, so the idea is to
always upgrade from a maintained state, that's why a2 first
calls a1. One could do a1 after a2 as well as
before, actually.

> apt autoremove calls apt-get autoremove. Doing that twice
> seems unwise or useless.

OK, thanks, fixed!

> apt-get check is an extremely basic fast check to see if the
> cache is in place. Running it after update is useless -- any
> failure would appear in update first.

OK!

> In general people don't want to dist-upgrade automatically.
> Maybe you do.

Well, none of this is automated necessarily, these commands
can be run by the user explicitely from the shell, it is how
I use them. I don't install a lot of things from the repos but
when I do the system get the implied sanity check by those
piles of commands.

Now they look like this:

a1 () {
sudo apt-get  -qq   check
sudo apt-get  -qq   update
sudo apt-get  -qq   autoremove
sudo aptitude -q=99 autoclean
apt -a list --upgradable
}

a2 () {
a1
sudo apt-get -qq upgrade
sudo apt-get dist-upgrade
}

Here is the whole file yanked if you are into this part of the
Debianverse ...

#! /bin/zsh
#
# this file:
#   https://dataswamp.org/~incal/conf/.zsh/apt

alias am='aptitude show'
alias as='aptitude search'

alias ar='sudo apt-get -qq remove'
alias ap='sudo apt-get -qq purge'

package-versions () {
apt list -a $1
}
alias vers=package-versions

apt-install () {
apt-get-update
sudo apt-get -qq install $@
}
alias ai=apt-install

apt-reinstall () {
apt-get-update
sudo apt-get -qq reinstall $@
}
alias aii=apt-reinstall

a1 () {
sudo apt-get  -qq   check
sudo apt-get  -qq   update
sudo apt-get  -qq   autoremove
sudo aptitude -q=99 autoclean
apt -a list --upgradable
}

a2 () {
a1
sudo apt-get -qq upgrade
sudo apt-get dist-upgrade
}

require-bin () {
local bins=($@)
local all_good=true

local fun=$funcstack[2]
echo "checking requirements for"
echo "\n  ${fun}\n"

for b in $bins; do
echo -n "$b: "
type $b &> /dev/null

if (( ! $? )); then
set-color green
echo OK
else
set-color red
echo fail
all_good=false
fi
reset-color
done

if ( ! $all_good ); then
echo "\nnot all"
return 1
else
echo "\nall systems ready"
return 0
fi
}

apt-installed () {
apt list --installed
}

apt-get-update () {
sudo apt-get -qq update
}

apt-get-upgrade () {
apt-get-update
if [ $# > 0 ]; then
sudo apt-get -qq install --only-upgrade $@
else
sudo apt-get -qq upgrade
fi
}
alias au=apt-get-upgrade

apt-get-upgrade-dist () {
apt-get-update
sudo apt-get -qq dist-upgrade
}

command-to-pack () {
if [[ $# = 1 ]]; then
local cmd=$1
local whereis_path=$(whereis $cmd | awk '{print $2}')
local bin=$(readlink -e $whereis_path)
if [[ -z $bin ]]; then
local fun=$funcstack[1]
echo\
"$fun error: no such command (\"$cmd\")"\
"\nNB: $fun deals with installed software," \
"\nto track the package of any binary, use" \
"\n$ bin-to-pack BINARY-NAME"   >&2
return
fi
bin-to-pack $bin
else
echo "syntax: $0 COMMAND" >&2
fi
}
alias cmd2pack=command-to-pack

bin-to-pack () {
local fs=($@)
deb-file-to-pack $fs
file-to-pack $fs
}
alias bin2pack=bin-to-pack

pack-to-file () {
local pack=$1
local only_bins=$2

local fs=("${(@f)$(dpkg --listfiles $pack)}")

if [[ $only_bins == 1 ]]; then
for f in $fs; do
[[ -x $f && ! -d $f ]] && echo $f
done
else
for f in $fs; do
[[ -f $f ]]&& echo $f
done
fi | sort
}
alias files-from=pack-to-file

pack-to-bin () {
local pack=$1
pack-to-file $pack 1 # only_bins
}
alias bins-from=pack-to-bin

deb-file-to-pack () {
local fs=($@)
dpkg --search $fs 2> /dev/null | cut -d ':' -f 1
}

file-to-pack () {
sudo apt-file update > /dev/null
apt-file search $@
}
alias file-there=file-to-pack

get-source () {
apt-get -qq source $@
}
alias get-src=get-source

get-command-source () {
if [[ $# = 1 ]]; then
local cmd=$1
get-source $(cmd2pack $cmd)
else
echo "syntax: $0 COMMAND" >&2
fi
}

# aptitude search -F %V "?exact-name(units)"
file-url () {
local pack=$1
local ver=$(dpkg-query -f '${Version}\n' -W $pack)
local file=$2
local url=https://sources.debian.org/data/main/u/$pack/$ver/$file
echo $url
}

-- 
underground experts united
https://dataswamp.org/~incal



Re: When to sudo apt clean?

2023-06-23 Thread Steve Sobol

On 2023-06-23 14:14, Dan Ritter wrote:


It seems unlikely to me that you want to do an autoremove before
you have done an upgrade.


I'd not say unwise. Useless, pointless, perhaps; but it doesn't hurt 
anything.


autoremove removes packages that were installed as dependencies of other 
packages that were "orphaned" (meaning any package(s) that installed 
those dependent packages are no longer installed). Running it two or 
more times in a row, or running it when you haven't uninstalled packages 
since the last time you ran autoremove, is pointless, but will have 
absolutely no effect.



In general people don't want to dist-upgrade automatically.


Seconded.



Re: When to sudo apt clean?

2023-06-23 Thread Dan Ritter
Emanuel Berg wrote: 
> Default User wrote:
> 
> > I am considering just running sudo apt clean (or sudo
> > apt-get clean) [...]
> 
> This is what I eventually landed at and it has worked ever
> since - a1 is to maintain, a2 to upgrade as well.
> 
> #! /bin/zsh
> 
> a1 () {
> sudo apt-get  -qq   update
> sudo aptautoremove >&2 2> /dev/null
> sudo apt-get  -qq   autoremove
> sudo aptitude -q=99 autoclean
> sudo apt-get  -qq   check
> apt -a list --upgradable
> }

It seems unlikely to me that you want to do an autoremove before
you have done an upgrade.

apt autoremove calls apt-get autoremove. Doing that twice seems
unwise or useless.

apt-get check is an extremely basic, fast check to see if the
cache is in place. Running it after update is useless --
any failure would appear in update first.

> a2 () {
> a1
> sudo apt-get -qq upgrade
> sudo apt-get dist-upgrade
> }

In general people don't want to dist-upgrade automatically.
Maybe you do.

-dsr-



Re: When to sudo apt clean?

2023-06-23 Thread Emanuel Berg
Default User wrote:

> I am considering just running sudo apt clean (or sudo
> apt-get clean) [...]

This is what I eventually landed at and it has worked ever
since - a1 is to maintain, a2 to upgrade as well.

#! /bin/zsh

a1 () {
sudo apt-get  -qq   update
sudo aptautoremove >&2 2> /dev/null
sudo apt-get  -qq   autoremove
sudo aptitude -q=99 autoclean
sudo apt-get  -qq   check
apt -a list --upgradable
}

a2 () {
a1
sudo apt-get -qq upgrade
sudo apt-get dist-upgrade
}

Full source with all other apt stuff I have, suggestions
welcome:

  https://dataswamp.org/~incal/conf/.zsh/apt

-- 
underground experts united
https://dataswamp.org/~incal



Re: When to sudo apt clean?

2023-06-23 Thread Default User
On Fri, 2023-06-23 at 10:51 +0500, Stanislav Vlasov wrote:
> 2023-06-23 4:44 GMT+05:00, Default User :
> 
> > Other than that, is there any good reason not to do sudo apt clean?
> 
> Only if you have many machines which share /var/cache/apt (via nfs
> for example)
> 
> You may use `apt-get autoclean` for cleanup non-donwloadable .deb's,
> if you want store packages for offline reinstall
> 


Okay, thanks guys.  That's what I thought.

:)



Re: When to sudo apt clean?

2023-06-22 Thread Stanislav Vlasov
2023-06-23 4:44 GMT+05:00, Default User :

> Other than that, is there any good reason not to do sudo apt clean?

Only if you have many machines which share /var/cache/apt (via nfs for example)

You may use `apt-get autoclean` for cleanup non-donwloadable .deb's,
if you want store packages for offline reinstall

-- 
Stanislav



Re: When to sudo apt clean?

2023-06-22 Thread Dan Ritter
Default User wrote: 
> The biggest chunk of var used seems to be /var/cache/apt/archives, at
> about 1.7Gb. 
> 
> I am considering just running sudo apt clean (or sudo apt-get clean) to
> just clear out the packages cache completely, in order to free up space
> in /var.
> 
> I realize that any packages that need to be re-installed would take
> more time to do so, since they would have to come from online
> respositories.  
> 
> Other than that, is there any good reason not to do sudo apt clean?


Nope. It's just there to prevent having to re-download something
that you uninstall and reinstall.

-dsr-



When to sudo apt clean?

2023-06-22 Thread Default User
Hi!

I have a separate /var partition, size 10Gb (actually, 9.1Gb per sudo
df -h).

It is now about 41% full; 3.5Gb used, 5.1Gb free, per sudo df -h.

The biggest chunk of var used seems to be /var/cache/apt/archives, at
about 1.7Gb. 

I am considering just running sudo apt clean (or sudo apt-get clean) to
just clear out the packages cache completely, in order to free up space
in /var.

I realize that any packages that need to be re-installed would take
more time to do so, since they would have to come from online
respositories.  

Other than that, is there any good reason not to do sudo apt clean?