哪些适合安全自动更新的选项

哪些适合安全自动更新的选项

与我的相关上一个问题,升级软件包时应使用哪些 apt 选项以便:

  • 如果升级导致其他软件包被删除,apt 将停止而不触及任何内容
  • 如果升级后会安装新的软件包,并且它们不会引起任何冲突或删除,则 apt 会安装它们
  • 如果需要升级其他软件包,我建议 apt 停止

提前感谢你的帮助

答案1

我对手册页进行了一些研究,特别是man apt.confman apt-get,并发现了以下内容。如果您认为我忘记了什么,请发表评论。

  • 使用 option --only-upgrade,或者将 apt 配置项设置APT::Get::Only-Upgrade为 true
  • apt配置项设置APT::Get::force-yes为false
  • 使用 option --no-remove,或者将 apt 配置项设置APT::Get::Remove为 false

不确定--trivial-only/是否APT::Get::Trivial-Only有帮助,需要进一步调查。

有了aptitude,相关的部分似乎是:

  • 使用safe-upgrade带有--no-new-installs选项的命令
  • 设置Aptitude::Delete-Unused为 false,这样未使用的包就不会自动删除(我可能不同意 aptitude 关于未使用包的说法......)
  • 添加-R/--without-recommends可能有帮助,需要进一步调查

更新 我在旧系统上做了一些测试:

# grep ^Ubuntu /etc/motd
Ubuntu 10.04.4 LTS

apt-getapt-get upgrade看起来更加谨慎,结果与正常结果没有区别apt-get -o APT::Get::Only-Upgrade=true --no-remove -o APT::Get::force-yes=false upgrade

aptitude似乎更加激进,而“安全选项”似乎发挥了作用。标准升级(它实际上运行safe-upgrade

# aptitude -s -y upgrade
W: The "upgrade" command is deprecated; use "safe-upgrade" instead.
Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze   
Lettura informazioni sullo stato... Fatto
Reading extended state information   
Initializing package states... Fatto
Resolving dependencies...
The following NEW packages will be installed:
  linux-image-2.6.32-55-generic-pae{a}
The following packages will be upgraded:
  linux-generic-pae linux-image-generic-pae linux-image-server linux-libc-dev linux-server
5 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/32.8MB of archives. After unpacking 98.2MB will be used.
Would download/install/remove packages.

现在有了“安全”选项:

# aptitude -s -y --no-new-installs -R -o Aptitude::Delete-Unused=false safe-upgrade 
Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze   
Lettura informazioni sullo stato... Fatto
Reading extended state information   
Initializing package states... Fatto
Resolving dependencies...
The following packages have been kept back:
  linux-generic-pae linux-image-generic-pae
The following packages will be upgraded:
  linux-image-server linux-libc-dev linux-server
3 packages upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
Need to get 0B/878kB of archives. After unpacking 0B will be used.
Would download/install/remove packages.

与我想要的更加相似。

install不幸的是,当使用命令而不是upgrade/时,这两套命令似乎都无法阻止安装新软件包或升级其他软件包,safe-upgrade所以我又回到了原点:当apt-get/aptitude执行潜在的、偏执的不安全操作时,我无法让它停止。从某种意义上说,我有了更好的安全网,但我没有被阻止跌倒。

相关内容