Re: How safely to stop using backports repo?
On Thu, May 28, 2009 at 01:20:25AM +0700, sthu.d...@gmail.com wrote: Good day, MARGUERIE. Thank You for Your reply: Otherwise, you can `apt-get remove` them (plus --purge if you want to reset your configuration files) and re-install them : that way you'll use the main-repo version and you won't want have security problems anymore. That decision I feared... Is there a automatic way that can give me a list of the packages came from backports repo? plug type=shameless you might want to have a look at apt-forktracer /plug -- Marcin Owsiany porri...@debian.org http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
Good day, Konstantin. Thank You for Your reply: It will print the list of installed packages which have ~bpo in their names -- a common substring usually found in packages from backports.org. You say usually... Then, I can miss a package and that one will remain a breach in my system... No other tracking ideas? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
sthu.d...@gmail.com wrote: Is there a automatic way that can give me a list of the packages came from backports repo? If backports is still in the sources.list: aptitude -F %p search ~S~i~Alenny-backports or aptitude -F %p search ~S~i~OBackports.org or... Ooops, after comparing both results I realized that I still have the old debian-backports-keyring from etch-backports installed ;) So I refined my preferences to Package: * Pin: origin www.backports.org Pin-Priority: 777 which upgrades already installed packages but doesn't install all packages from backports when doing an aptitude safe-upgrade (I'm using such an odd Pin-Priority to distinguish my own preferences clearly in apt-cache policy). btw: The reference for the search patterns is included in the package aptitude-doc-en (and a few other language codes). Bye, Manne -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
In 4a201c37.20018e0a.51f2.6...@mx.google.com, sthu.d...@gmail.com wrote: It will print the list of installed packages which have ~bpo in their names -- a common substring usually found in packages from backports.org. You say usually... Well, I think it is backports policy to always have ~bpo in their version. See http://www.backports.org:80/dokuwiki/doku.php?id=contribute Basic Rule 4. It both identifies the package and ensures that the version is testing is considered 'higher'. 1.2-3~bpo 1.2-3, according to dpkg. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Re: How safely to stop using backports repo?
Hello, i use aptitude, i would do it this way: - call aptitude and look up, if you have a section named Obsolete and Locally Created Packages. Normaly this section should not be visible as its empty - remove (better comment out) the backports-line in /etc/apt/sources.list - now do an update in aptitude and look, what's new in the section Obsolete and Locally Created Packages. For every such package try to downgrade to a version from your remaining apt-sources. That way you should have a good control over the changes. If you have nothing left in the obsolete-section, you are done. If you want to leave there something, you should check if there is a reasonable reason to do so, as you have to care for security holes, bugfixes, updates there by yourself. my 2c, Guntram sthu.d...@gmail.com schrieb: Good day, Konstantin. Thank You for Your re You say usually... Then, I can miss a package and that one will remain a breach in my system... No other tracking ideas? -- Guntram Trebs freier Programmierer und Administrator g...@trebs.net +49 (30) 42 80 61 55 +49 (178) 686 77 55 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
Guntram Trebs wrote: Hello, i use aptitude, i would do it this way: - call aptitude and look up, if you have a section named Obsolete and Locally Created Packages. Normaly this section should not be visible as its empty - remove (better comment out) the backports-line in /etc/apt/sources.list - now do an update in aptitude and look, what's new in the section Obsolete and Locally Created Packages. For every such package try to downgrade to a version from your remaining apt-sources. That doesn't seem to work on my system. It will only report packages that exist in backports, but not in stable. If the package has the same name, but only a different version in stable and backports, that approach won't work. Cheers, Johannes -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
In 4a202553.4030...@trebs.net, Guntram Trebs wrote: - call aptitude and look up, if you have a section named Obsolete and Locally Created Packages. Normaly this section should not be visible as its empty - remove (better comment out) the backports-line in /etc/apt/sources.list - now do an update in aptitude and look, what's new in the section Obsolete and Locally Created Packages. For every such package try to downgrade to a version from your remaining apt-sources. Last I checked, Obsolete and Locally Created Packages only contains packages with NO available versions. So, this will catch packages that are not in stable that were backported, but it wouldn't catch packages that are in stable but have a newer version in backports. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Re: How safely to stop using backports repo?
sthu.d...@gmail.com wrote: Is there a automatic way that can give me a list of the packages came from backports repo? Install grep-dctrl and do $ grep-status -F Version ~bpo -a -F Status installed -s Package It will print the list of installed packages which have ~bpo in their names -- a common substring usually found in packages from backports.org. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
On Wed, May 27, 2009 at 11:20 AM, sthu.d...@gmail.com wrote: Good day, MARGUERIE. Thank You for Your reply: Otherwise, you can `apt-get remove` them (plus --purge if you want to reset your configuration files) and re-install them : that way you'll use the main-repo version and you won't want have security problems anymore. That decision I feared... Is there a automatic way that can give me a list of the packages came from backports repo? Not automatic, but here is a quick script that might help you along: #!/bin/sh for pkg in `dpkg -l | awk '{print $2}'|sort` ; do if apt-cache policy $pkg | grep www.backports.org /dev/null ; then echo $pkgappears to be from www.backports.org fi done -Jeff
Re: How safely to stop using backports repo?
On 2009-05-28, JeffD jeff.dicki...@gmail.com wrote: Not automatic, but here is a quick script that might help you along: #!/bin/sh for pkg in `dpkg -l | awk '{print $2}'|sort` ; do if apt-cache policy $pkg | grep www.backports.org /dev/null ; then echo $pkgappears to be from www.backports.org fi done I don't think that can work, unless you make it something like: apt-cache policy $pkg | grep -A 1 -E '^ \*\*\*' | grep www.backports.org to make sure www.backports.org actually qualifies the *installed* version ? Cheers, --Seb -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
On Thu, May 28, 2009 at 01:20:25AM +0700, sthu.d...@gmail.com wrote: Thank You for Your reply: Otherwise, you can `apt-get remove` them (plus --purge if you want to reset your configuration files) and re-install them : that way you'll use the main-repo version and you won't want have security problems anymore. That decision I feared... Is there a automatic way that can give me a list of the packages came from backports repo? Give stable a priority 1000 in /etc/apt/preferences and do an upgrade in apt-get or aptitude or ... It will downgrade all packages that have a version newer than in stable. Not completely guaranteed to work (downgrades are not officially supported), but often works OK. -- Lionel -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
Good day, MARGUERIE. Thank You for Your reply: Otherwise, you can `apt-get remove` them (plus --purge if you want to reset your configuration files) and re-install them : that way you'll use the main-repo version and you won't want have security problems anymore. That decision I feared... Is there a automatic way that can give me a list of the packages came from backports repo? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [deb-sec] Re: How safely to stop using backports repo?
Hi Stu, When I was downgrading from mixed stable/testing to stable, I created daudit. It is a perl script that compares a computer's installed debian packages with any of the three debian releases. daudit downloads the packagelist from packages.debian.org and compares it with dpkg on the local machine. daudit does not write to disk, and you don't need root access to use it. It might be useful for you: http://simple.be/software/daudit/ Let me know if it works for you! --Brett On Thu, 28 May 2009, sthu.d...@gmail.com wrote: Good day, MARGUERIE. Thank You for Your reply: Otherwise, you can `apt-get remove` them (plus --purge if you want to reset your configuration files) and re-install them : that way you'll use the main-repo version and you won't want have security problems anymore. That decision I feared... Is there a automatic way that can give me a list of the packages came from backports repo? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
On Wed, 2009-05-27 at 00:36 +0700, Sthu Deus wrote: I have packages installed from backports repo. Now I want to remove the repo from my source list and therefore use not any more packages from there. My question is on security stuff, as AFAIK I can get into a troublesome situation - in case of simply stopping using updates from the repo - that in those packages bugs can be found but I will not get updates for them - because: backports repo is no more available, and the updates/security repos have updates but not for so high version as the ones I have. So, what is the secure and the easiest way of turning from using the repo? Hi You might want to downgrade your software to match the version of the main repo, but it could do some nasty things with your configuration files. Otherwise, you can `apt-get remove` them (plus --purge if you want to reset your configuration files) and re-install them : that way you'll use the main-repo version and you won't want have security problems anymore. Anyway, leaving your software in their current state doesn't seem very secure. -- MARGUERIE Jérémie _ Student (Sup) at /EPITA\ Webmaster of www.web-modules.net -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org