Question: Tracking the installation and removal of packages.
Posted by Anonymous on Fri 10 Jun 2005 at 01:51
Is there a package or configuration available which allows you to log whenever a package is installed or removed?
Ideally it would track any package oriented changes (eg. dpkg-repack or dpkg-reconfigure). I can't believe that this facility doesn't exist somehow but I have completely failed to find anything which does this.
Does anyone know of a way to accomplish this?
Thanks,
Adam.
I just found this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=957
[ Send Message | View Steve's Scratchpad | View Weblogs ]
I can't think of a global solution to this, certainly not something that keeps track of package re-configuration.
But there are a couple of different ways of keeping track of package addition/removal/upgrading which you might be able to investigate as a starting point.
These are just the things that spring to mind - others might have better solutions:
- apt-listchanges
The apt-listchanges package, which we covered here can be setup to send email whenever a package has been upgraded.
This sends the package changelog to a mail address, which should allow you to keep track of package upgrades. But it doesn't handle package removals at all.
- dpkg-changes
dpkg-changes which I wrote will keep track of noticing package additions or removals in a simplistic fashion.
It keeps a copy of the dpkg package installation logs, and when run it will show you what's changed since the previous invocation. I have a cronjob setup to run this nightly - so every morning I can see what other sysadmins at my company might have added/removed without telling me.
Sample output:
steve@skx:~/Mail$ dpkg-changes --uncache Package Change Report for skx.my.flat 2 packages removed: aide apache 1 package added: aptitude- tripwire
Tripwire/integrit/other software integrity checkers will allow you to keep track of binaries upon your system which might have changed, showing something has occurred.
This should also allow you to keep track of package upgrades/changes. It might allow you to keep track of configuration file changes if you monitor /etc/ too...
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
It occurs to me that you might also be able to use the pre/post-dpkg hooks directly, by adding files into /etc/apt/apt.conf.d.
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
http://redclay.altervista.org/archivio/python/apt-history/apt-his tory_0.1/
an example of the log it may create:
2005-03-04 02:04:34: remove mb2md
2005-06-08 09:22:43: install libedit2 2.9.cvs.20050518-2
2005-06-09 22:37:19: upgrade debconf=1.4.50 1.4.51
2005-06-09 22:37:19: upgrade dbus-glib-1=0.23.4-1bindings0 0.23.4-3
i really hope that such functionality will be included directly in dpkg.
[ Parent | Reply to this comment ]
It integrates well with apt, being placed in /etc/apt/apt.conf.d .
A must have!
[ Parent | Reply to this comment ]
Hope this helps
--
Arnau
[ Parent | Reply to this comment ]
This script doesn't answer exactly to the question asked but proved to be useful. It extracts the version and installed time of all the installed packages.
#!/usr/bin/python
# get version and install time of installed packages
# Jean-Marc Chaton
import apt_pkg
import os
import time
apt_pkg.init()
cache = apt_pkg.GetCache()
packages = cache.Packages
for package in packages:
if package.CurrentState==6:
installtime=os.path.getmtime("/var/lib/dpkg/info/"+ package.Name + ".list")
installtimestr=time.strftime("%Y-%m-%d %H:%M",time.localtime(installtime))
print "%s %35s %s" % (installtimestr, package.Name, package.CurrentVer.VerStr)
[ Parent | Reply to this comment ]
I was always concerned with it since I typically have a bare bones system and then decide to install..say... pan.
Pan of course depends on many different things and when I decide I don't need want it, if I do 'apt-get remove pan', I will only remove pan and not the many other packages that were automatically installed because of it.
So I simply started running 'script' whenever I apt-get install anything. Then I save the resulting script file so I know which packages were specifically installed only because of a particular package.
It's a tedious process, but I seldom install apps and it works exactly the way I want it to. I know there must be a smarter way to do it, but never to the time to figure it out.
[ Parent | Reply to this comment ]
In order to clean unused packages, i discovered and use a lot deborphan(1).
You can search for unreferenced installed packages (i mean packages installed, but not requisite for any othe packages) using:
# deborphan
Usually you can remove or purge all the resulting packages.
You can also use (but be carefull):
# deborphan --guess-all
(see man for more options)
deborphan can be also extremely usefull to see which packages depend on a XXX package, using -d switch:
# deborphan -d openssl
openssl
libapache-mod-ssl
openswan
It need not to be run as root.
Last but not least, have a look at apt-history (see above in this thread), i'm sure you'll love it!
Best regards,
Alex
[ Parent | Reply to this comment ]
afaik the command line usage of apt can be replaced quite well by a command line usage of aptitude with a more or less similar syntax (even simpler sometimes), but aptitude when removing a package by default removes also all the dependencies installed because of that package and not currently used by any other package.
quite handy...
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]