Jump to content

Apt-upgrade

From Wikitech
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

The apt-upgrade script is a custom tool that can be used to know which suite/channel/repo have pending package upgrades and also to perform the actual upgrade.

This script was developed as part of our workflow for package upgrades.

Usage options are: 

% apt-upgrade [-un] [-f exclude_file] [-x regex] upgrade <suite> [-yh]
% apt-upgrade [-un] [-f exclude_file] [-x regex] report [<suite>] [-h]
% apt-upgrade [-un] [-f exclude_file] [-x regex] list [-h]

The -u switch is to control whether or not to update the apt cache. The -n switch control whether the node name should be printed in each line.

The -f/--exclude-file switch allows to load a file with a regex per file for package exclusion. This can be combined with -x/--exclude, which allows to specify exclusion regex as arguments (can be specified multiple times).

  • upgrade: upgrade all pending upgradeable packages from a given suite. Use the -y to avoid a confirmation prompt.
  • report: report all upgradeable packages in the system. Optionally, only from a given archive.
  • list: report all archives from which there are pending upgradeable packages.

Root permission is always required to run it. Please note that DEBIAN_FRONTEND=nonintereactive is used internally to avoid debconf prompts.

Listing archives which contains upgradeable packages, with and without node name: 

user@machine01:~$ sudo apt-upgrade -u list
machine01: jessie-backports, jessie-wikimedia, oldstable-updatesuser
user@machine01:~$ sudo apt-upgrade -un list
jessie-backports, jessie-wikimedia, oldstable-updates

Report details of package upgrades, with and without node name: 

user@machine01:~$ sudo apt-upgrade -u report
machine01: jessie-backports: linux-image-4.9.0-0.bpo.4-amd64 4.9.51-1~bpo8+1 --> 4.9.65-3+deb9u1~bpo8+1 
machine01: jessie-wikimedia: linux-meta 1.16 --> 1.17 
machine01: jessie-wikimedia: linux-meta-4.9 1.16 --> 1.17 
machine01: jessie-wikimedia: linux-image-4.9.0-0.bpo.6-amd64 [absent] --> 4.9.82-1~wmf1 
machine01: oldstable-updates: linux-image-3.16.0-4-amd64 3.16.43-2+deb8u5 --> 3.16.51-3 
user@machine01:~$ sudo apt-upgrade -un report
jessie-backports: linux-image-4.9.0-0.bpo.4-amd64 4.9.51-1~bpo8+1 --> 4.9.65-3+deb9u1~bpo8+1 
jessie-wikimedia: linux-meta 1.16 --> 1.17 
jessie-wikimedia: linux-meta-4.9 1.16 --> 1.17 
jessie-wikimedia: linux-image-4.9.0-0.bpo.6-amd64 [absent] --> 4.9.82-1~wmf1 
oldstable-updates: linux-image-3.16.0-4-amd64 3.16.43-2+deb8u5 --> 3.16.51-3

Excluding some packages by using a file with a regexp per line: 

user@machine01:~$ cat exclude_file.txt 
linux-meta.*
user@machine01:~$ sudo apt-upgrade -un -f exclude_file.txt report
jessie-wikimedia: linux-meta 1.16 --> 1.17 [excluded]
jessie-wikimedia: linux-meta-4.9 1.16 --> 1.17 [excluded]
jessie-backports: linux-image-4.9.0-0.bpo.4-amd64 4.9.51-1~bpo8+1 --> 4.9.65-3+deb9u1~bpo8+1 
jessie-wikimedia: linux-image-4.9.0-0.bpo.6-amd64 [absent] --> 4.9.82-1~wmf1 
oldstable-updates: linux-image-3.16.0-4-amd64 3.16.43-2+deb8u5 --> 3.16.51-3

Performing an upgrade, a report is printed and a confirmation prompt will appear: 

user@machine01:~$ sudo apt-upgrade -un -f exclude_file.txt upgrade jessie-wikimedia
jessie-wikimedia: linux-meta 1.16 --> 1.17 [excluded]
jessie-wikimedia: linux-meta-4.9 1.16 --> 1.17 [excluded]
jessie-wikimedia: linux-image-4.9.0-0.bpo.6-amd64 [absent] --> 4.9.82-1~wmf1 
commit changes? [y/N]:

To avoid the confirmation prompt use -y in the command line: 

user@machine01:~$ sudo apt-upgrade -un -f exclude_file.txt upgrade jessie-wikimedia -y
jessie-wikimedia: linux-meta 1.16 --> 1.17 [excluded]
jessie-wikimedia: linux-meta-4.9 1.16 --> 1.17 [excluded]
jessie-wikimedia: linux-image-4.9.0-0.bpo.6-amd64 [absent] --> 4.9.82-1~wmf1 
Selecting previously unselected package linux-image-4.9.0-0.bpo.6-amd64.
(Reading database ... 67435 files and directories currently installed.)
Preparing to unpack .../linux-image-4.9.0-0.bpo.6-amd64_4.9.82-1~wmf1_amd64.deb ...
Unpacking linux-image-4.9.0-0.bpo.6-amd64 (4.9.82-1~wmf1) ...
Setting up linux-image-4.9.0-0.bpo.6-amd64 (4.9.82-1~wmf1) ...
[...]

Since all machines should have this wrapper, you should be able to use clush: 

user@machine01:~$ clush -w @all 'sudo apt-upgrade -u upgrade stretch-updates -y'

To avoid upgrades of certain key important packages, it is recommended that you:

  • create an apt pinning for it
  • put the package on hold
  • exclude it by means of -f exclude_file.txt or -x regex.

FAQ

  • Does the `apt-upgrade` script works with any repository?

Yes, since in reads the source repo of candidate upgrades. If no candidates are found, nothing will happen.

  • Does the `apt-upgrade` script produce logs?

Yes, in /var/log/apt/history.log as per usual.

  • Could the `apt-upgrade` script destroy the system?

It's similar to running `aptitude install pkg1 pkg2 pkg3 ...`. The dependency resolver could do estrange things as per usual. Obtain a report before to see what will happen.

  • Is it safe to obtain reports using the `apt-upgrade` script?

yes, it should produce 0 modification to any given system. However, it has been observed that running it may trigger dpkg/apt to continue with previous aborted updates.

  • I want to see a package debconf prompt, does apt-upgrade allows that?

no, the code uses interanlly DEBIAN_FRONTEND=noninteractive

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Apt-upgrade&oldid=1796740"