apt-listbugs is a tool that integrates with apt to check the critical bug reports (Critical, Grave, Serious) of a package before its installation or upgrade. It helps you avoid installing a version of a piece of software known to cause major problems.
Why Use apt-listbugs?
- System stability: Prevents the installation of updates that could break your system.
- Informed decision-making: Notifies you of the risks before you confirm an update.
- Security: A bug can sometimes be a security vulnerability. Being informed is the first step toward prevention.
Prerequisites
- Operating system: Debian, Ubuntu or a derived distribution.
- Privileges: Root access or sudo privileges.
Installation
Installation is very simple and is done through the official repositories:
sudo apt-get update
sudo apt-get install -y apt-listbugsOnce installed, it will activate automatically. On your next apt upgrade or apt install command, it will kick in if necessary.
Typical Usage
When you run an update, if a package is affected by a serious bug, apt-listbugs will interrupt the process and present you with a report.
sudo apt-get upgradeSample Output
You will see a list of bugs for each affected package. After the list, an interactive menu will ask you what to do:
Reading changelogs... Done
Retrieving bug reports... Done
Parsing bug reports... Done
Critical bugs of libc6 (2.31-13+deb11u2 -> 2.31-13+deb11u3)
#123456 - libc6: segmentation fault on starting any process
Summary:
libc6(1 bug)
Are you sure you want to install/upgrade the above packages? [Y/n/?]
The Possible Choices
- `y` (yes): Ignore the bug and install the update (not recommended for critical bugs).
- `n` (no): Cancel the installation or upgrade of THIS package.
aptwill continue with the other non-problematic packages. - `p` (pin): "Freeze" the package version.
aptwill ignore this package during future updates until you manually unblock it. This is often the best choice. - `?`: Displays the help.
Choosing `p` is a safe solution. The package is put on "hold". You can see held packages with
dpkg --get-selections | grep hold.
Checking Bugs Manually
You can also query apt-listbugs for a specific package without running an update.
# Check the bugs for the nginx package
apt-listbugs list nginx
# Check the bugs for a specific version from a .deb file
apt-listbugs list /path/to/package.debConfiguration
The main configuration file is /etc/apt/apt.conf.d/10apt-listbugs.
You can, for example, change the severity levels that trigger an alert:
# /etc/apt/apt.conf.d/10apt-listbugs
APT::Listbugs::Severities "critical,grave,serious";
You could add important if you want to be even more cautious.
The goal of
apt-listbugs is to make you think. At the very least, read the bug title before deciding to install a package that is critical to your system.
Conclusion
apt-listbugs is a simple but extremely powerful tool for maintaining the stability of Debian/Ubuntu-based servers or workstations. In just a few minutes, it adds an essential layer of protection against software regressions. It is a "must-have" for any serious system administrator.
Comments