Thursday, January 4, 2018

A simple apt-get based script to get upgradable packages change logs

I do upgrade packages manually on my machine because I want to control when and what to upgrade. Security freaks could argue that it is not secure not to update computers frequently but I believe that chances to get hacked because of an outdated package are less than receive an upgrade that bricks your computer. The recent Canonical fuck up with activating experimental Intel SPI drivers in kernel that bricked some Lenovo laptops is a very good example. Another reason is the time needed to upgrade packages because apt-get is really slow. So basically I need to check what has been changed and only upgrade if really needed.

There's no apt-get function for this but it could be done with a relatively simple script. For all upgradable packages script downloads their change logs and strips them to only show changes until installed packages version:
#!/bin/bash

LIGHTRED='\e[1;31m'       # ${lightred}
LIGHTGREEN='\e[1;32m'     # ${lightgreen}
NC='\e[0m'                # ${nc} (no color - resets previous color)

IFS=$'\n'

# list of upgradable packages
upgradable=$(apt list --upgradable 2>/dev/null | awk -F/ '/[^\/]*\//{print $1}')

# get versions of the installed packages
for package in ${upgradable[@]}; do
  version=$(dpkg -l "$package" | awk -F\  '/^ii/{print $3}')
  [[ -n "$version" ]] && {
    # some characters in the version string should be escaped. Such
    # chars have special meaning in regular expressions. Currently
    # only the '+' char is escaped but God only knows what other chars
    # these freak&fucks could use in the vesion string 
    version="${version/+/\\\\+}" # plus should be prepended with \\ for awk
    echo -e "${LIGHTRED}Package: ${LIGHTGREEN}${package}${NC}"
    apt-get -q changelog "$package" | \
        awk -v ver="$version" '{if($0 ~ "[^(]*\\("ver"\\).*"){found=1};if(found!=1)print $0}'
  }
done

exit 0

Example output looks like this:
$ sudo apt-get update && bin/aptchangelog.sh

Package: command-not-found
Get:1 http://changelogs.ubuntu.com command-not-found 0.3ubuntu17.10.2 Changelog [30.1 kB]
command-not-found (0.3ubuntu17.10.2) artful; urgency=medium

  * Update scan.data after a new "artful" archive scan 
    (LP: #1739467)

 -- Michael Funker Vogt   Wed, 20 Dec 2017 19:29:20 +0100

Package: command-not-found-data
Get:1 http://changelogs.ubuntu.com command-not-found 0.3ubuntu17.10.2 Changelog [30.1 kB]
command-not-found (0.3ubuntu17.10.2) artful; urgency=medium

  * Update scan.data after a new "artful" archive scan 
    (LP: #1739467)

 -- Michael Funker Vogt   Wed, 20 Dec 2017 19:29:20 +0100

Package: ntpdate
Get:1 http://changelogs.ubuntu.com ntp 1:4.2.8p10+dfsg-5ubuntu3.1 Changelog [133 kB]
ntp (1:4.2.8p10+dfsg-5ubuntu3.1) artful; urgency=medium

  * debian/apparmor-profile: add attach_disconnected which is needed in some
    cases to let ntp report its log messages (LP: #1727202).

 -- Christian Ehrhardt   Mon, 18 Dec 2017 13:19:36 +0100

Package: python3-commandnotfound
Get:1 http://changelogs.ubuntu.com command-not-found 0.3ubuntu17.10.2 Changelog [30.1 kB]
command-not-found (0.3ubuntu17.10.2) artful; urgency=medium

  * Update scan.data after a new "artful" archive scan 
    (LP: #1739467)

 -- Michael Funker Vogt   Wed, 20 Dec 2017 19:29:20 +0100

Script can be downloaded from here

No comments: