Linux

安全自動更新的 apt 選項

  • January 9, 2014

與我之前的問題相關,升級軟體包時應該使用哪些 apt 選項,以便:

  • 如果升級導致其他軟體包被刪除,apt 將停止而不接觸任何內容
  • 如果由於升級而安裝了新軟體包,並且它們不會導致任何衝突或刪除,則 apt 將安裝它們
  • 如果要升級其他軟體包,我寧願停止

提前感謝您的幫助

我對手冊頁進行了一些研究,特別是在man apt.confand中man apt-get,並發現了以下內容。如果您認為我忘記了什麼,請發表評論。

  • 使用 option --only-upgrade,或者將 apt 配置項設置APT::Get::Only-Upgrade為 true
  • apt配置項APT::Get::force-yes設置為false
  • 使用 option --no-remove,或將 apt 配置項設置APT::Get::Remove為 false

不確定--trivial-only/APT::Get::Trivial-Only這裡有幫助,需要更好地調查它。

隨著aptitude,相關的部分似乎是:

  • 使用safe-upgrade帶有--no-new-installs選項的命令
  • 設置Aptitude::Delete-Unused為 false,以便不會自動刪除未使用的包(我可能不同意 aptitude 關於未使用的內容……)
  • 添加-R/--without-recommends可能有幫助,需要更多調查

更新 我在舊系統上做了一些測試:

# grep ^Ubuntu /etc/motd
Ubuntu 10.04.4 LTS

apt-get``apt-get upgrade看起來更加謹慎,結果在普通和之間沒有區別apt-get -o APT::Get::Only-Upgrade=true --no-remove -o APT::Get::force-yes=false upgrade

aptitude似乎更具侵略性,並且“安全選項”似乎發揮了作用。標準升級(實際執行safe-upgrade

# aptitude -s -y upgrade
W: The "upgrade" command is deprecated; use "safe-upgrade" instead.
Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze   
Lettura informazioni sullo stato... Fatto
Reading extended state information   
Initializing package states... Fatto
Resolving dependencies...
The following NEW packages will be installed:
 linux-image-2.6.32-55-generic-pae{a}
The following packages will be upgraded:
 linux-generic-pae linux-image-generic-pae linux-image-server linux-libc-dev linux-server
5 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/32.8MB of archives. After unpacking 98.2MB will be used.
Would download/install/remove packages.

現在有了“安全”選項:

# aptitude -s -y --no-new-installs -R -o Aptitude::Delete-Unused=false safe-upgrade 
Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze   
Lettura informazioni sullo stato... Fatto
Reading extended state information   
Initializing package states... Fatto
Resolving dependencies...
The following packages have been kept back:
 linux-generic-pae linux-image-generic-pae
The following packages will be upgraded:
 linux-image-server linux-libc-dev linux-server
3 packages upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
Need to get 0B/878kB of archives. After unpacking 0B will be used.
Would download/install/remove packages.

和我想要的更相似。

install不幸的是,當與命令而不是upgrade/一起使用時,這兩個集合似乎都不能阻止安裝新軟體包或升級其他軟體包safe-upgrade,所以我有點回到第一方:我無法apt-get/aptitude停止它會做一個潛在的、偏執的、不安全的操作。從某種意義上說,我有一個更好的安全網,但我不會摔倒。

引用自:https://serverfault.com/questions/565833