|
76
by Kees Cook
install lsb-release if needed |
1 |
#!/bin/bash
|
2 |
# Copyright (C) 2008-2010, Canonical, Ltd.
|
|
|
1
by Kees Cook
initial re-check-in |
3 |
# Author: Kees Cook <kees@ubuntu.com>
|
4 |
#
|
|
5 |
# This will attempt to downgrade any non-standard package versions on the
|
|
6 |
# system. Use carefully!
|
|
|
76
by Kees Cook
install lsb-release if needed |
7 |
set -e
|
|
207
by Kees Cook
remove lsb-release if we installed it, clean up autoremove packages, handle missing -updates or -security in sources.list |
8 |
export LANG=C |
|
1
by Kees Cook
initial re-check-in |
9 |
|
|
207
by Kees Cook
remove lsb-release if we installed it, clean up autoremove packages, handle missing -updates or -security in sources.list |
10 |
rm_lsb= |
|
1
by Kees Cook
initial re-check-in |
11 |
[ -w /etc/passwd ] || { echo "Must be root" >&2; exit 1; } |
|
76
by Kees Cook
install lsb-release if needed |
12 |
if [ ! -x /usr/bin/lsb_release ]; then |
13 |
apt-get -y install lsb-release
|
|
|
207
by Kees Cook
remove lsb-release if we installed it, clean up autoremove packages, handle missing -updates or -security in sources.list |
14 |
rm_lsb=y |
|
76
by Kees Cook
install lsb-release if needed |
15 |
fi
|
|
1
by Kees Cook
initial re-check-in |
16 |
RELEASE=$(lsb_release -cs) |
17 |
||
18 |
# Save pre-existing preferences
|
|
19 |
saved=$(mktemp -t prefs-XXXXXX) |
|
20 |
if [ -f /etc/apt/preferences ]; then |
|
21 |
cat /etc/apt/preferences > $saved |
|
22 |
fi
|
|
23 |
||
|
207
by Kees Cook
remove lsb-release if we installed it, clean up autoremove packages, handle missing -updates or -security in sources.list |
24 |
# Prefer versions from standard release
|
|
1
by Kees Cook
initial re-check-in |
25 |
cat > /etc/apt/preferences <<EOM
|
26 |
Package: *
|
|
27 |
Pin: release a=$RELEASE
|
|
28 |
Pin-Priority: 1001
|
|
|
207
by Kees Cook
remove lsb-release if we installed it, clean up autoremove packages, handle missing -updates or -security in sources.list |
29 |
EOM
|
30 |
||
31 |
# Prefer versions from standard desired pockets
|
|
32 |
for pocket in updates security ; do |
|
33 |
grep -v ^# /etc/apt/sources.list | grep -q $RELEASE-$pocket && cat >> /etc/apt/preferences <<EOM |
|
34 |
||
35 |
Package: *
|
|
36 |
Pin: release a=$RELEASE-$pocket
|
|
37 |
Pin-Priority: 1001
|
|
38 |
EOM
|
|
39 |
done
|
|
|
1
by Kees Cook
initial re-check-in |
40 |
|
41 |
# Prompt for downgrades, if any
|
|
42 |
apt-get dist-upgrade "$@" || true |
|
43 |
||
44 |
# Restore old preferences
|
|
45 |
if [ -s $saved ]; then |
|
46 |
cat $saved > /etc/apt/preferences |
|
47 |
else
|
|
48 |
rm -f /etc/apt/preferences
|
|
49 |
fi
|
|
50 |
rm -f $saved
|
|
|
207
by Kees Cook
remove lsb-release if we installed it, clean up autoremove packages, handle missing -updates or -security in sources.list |
51 |
|
52 |
if [ -n "$rm_lsb" ]; then |
|
53 |
apt-get purge -y lsb-release
|
|
54 |
fi
|
|
|
567.1.1
by Kees Cook
utilities/downgrade-all: also remove unknown packages |
55 |
|
56 |
# Remove everything not found in the archive, but prompt for it.
|
|
57 |
UNKNOWN=$(apt-get install --dry-run --reinstall --print-uris \ |
|
58 |
$(dpkg -l '*' | grep '^.i' | awk '{print $2}') \ |
|
59 |
| grep 'cannot be downloaded' | awk '{print $3}') |
|
60 |
if [ -n "$UNKNOWN" ] ; then |
|
61 |
apt-get purge $UNKNOWN |
|
62 |
fi
|
|
63 |
||
64 |
# Toss everything else that was left hanging.
|
|
|
207
by Kees Cook
remove lsb-release if we installed it, clean up autoremove packages, handle missing -updates or -security in sources.list |
65 |
apt-get autoremove --purge -y |