Tales From the Front: in Search of APT-GET UNDO

Short URL: http://fsmsh.com/3375


I am currently in that level of hell reserved for people who upgrade their GNU/Linux system too quickly. I have for some time now been happily using KDE 4 with the plasma desktop enjoying the cute little animations and eye candy, and learning to use the task-bar and widgets. Then my bliss was interrupted by a simple mistake. I decided to upgrade. I forgot that my /etc/apt/sources.list was set to load experimental versions of the software, and now my X-server system is broken. It is only now that I am discovering that there is no apt-get undo.

But to understand best how I got here, let me give you a little history. This year, I saved my pennies and bought a laptop -- an Acer Aspire Timeline which has a rated battery life of 7 or 8 hours. I wanted this because of my habit of stopping in the middle of projects and carting my laptop around with me. I'd get up in the morning, start a project, close the lid, and hours later open the lid and finish. This doesn't work if your laptop has only a two hour battery life.

After all, the new version was just a bug fix, right?

So, happily, I bought the laptop and wiped windows off of the system, installing Debian GNU/Linux in its place. The problem was that, at that time, there were no drivers for my laptop in the 'stable' version of Debian, so I had to download drivers from the 'unstable' version of the software.

Now Debian has at least three versions of their software available at any one time. The main Debian GNU/Linux system is called 'stable'. The version with some newer components is called 'testing', and the version with all of the brand-spanking-new software that is largely untested is called 'unstable' or 'sid'. It is named after the demented kid in the original Toy Story movie. This image is there to remind you that if you want to run your system with only experimental software, then you are crazy.

Now I am not insane normally, but I do like to be on the cutting edge, so I run my system on 'testing'. It allows me to try out programs a little earlier, and makes me feel a little bit adventurous, but sometimes the software still has some annoying bugs in it.

Back to KDE 4. I was running the plasma-desktop and kept getting crash errors. It was weird, because for the most part the system didn't stop working, but I got errors saying some part of it had crashed. Most of the time I could ignore these and go on. Even so, I went to the KDE main site to see if there was a bug fix. Reading the page, I saw that KDE version 4.4.5 was mostly just a bug fix. Maybe if I could just upgrade this one program, I would stop the crash warnings. After all, the new version was just a bug fix, right?

Now although you can with some software just download a version from the website of each provider and set it up independently, Debian is an integrated system with dependencies. The proper way to get new software is download the official package using their apt-get program. Now you have to realize that normally I love apt-get. I've even made comments like "apt-get happiness" and other silly jokes of the type usually reserved for python programmers. But when I decided to upgrade to the 'unstable' version of KDE in order to get that "bug fix" I was making a mistake.

You see, KDE is not just one program, and it has lots of dependencies, so when I upgraded the program, I upgraded all these dependencies as well to the 'unstable' versions, and one of them was not quite ready for prime time. The result was that when I try to login, after a few flashes of the screen, I get thrown out of KDE to the blinking cursor of the command line.

Lack of access to the internet makes me feel a bit like I've gotten a partial lobotomy

Now the command-line doesn't scare me, but not having an X-server does. It means no music, or videos, or access to my web browser! Now I don't know about you, but lack of access to the internet makes me feel a bit like I've gotten a partial lobotomy. It's amazing how senile you feel when you can't remember the name to a movie and their is no IMDB or Wikipedia to search.

I have to get it to work again or... or... the alternative is not worth thinking of! And so I read the man page in search of the undo button. There has to be an apt-get undo. Just let me undo the last thing I did, and go back to the blissful world where all I had were a few crashes that really didn't hurt anything instead of this black flashy nothingness of despair.

But what I find after a borrowed search on my husband's computer is that the official policy is that people shouldn't ever downgrade packages. The system isn't designed to do it, and there are tales on the internet of people who have tried and been stuck with hopelessly broken systems. So there is no easy way to do it.

But I tell you that people make mistakes, and until we in the free software community start making allowances for people's stupidity instead of sitting on our high-horses talking about how 'those "win-doze" people are sheep who want everything done for them', we are never going to get the GNU/Linux platform on the majority of desktops.

The official policy is that people shouldn't ever downgrade packages

I tell you (from my text editor) that a broken X-server is every bit as traumatic as the old "blue screens of death" were, and it doesn't help when one realizes that searching for help usually reveals nothing but a few snide insults and a comment that when you start needing to downgrade packages, you're only a step away from needing to reinstall your system.

So what is the point of this article you ask? What do I want?

Well, I would love the APT developers to write an undo function of some kind into the apt program; I would love somebody to fix the bug in x-session that makes KDE crash on login; and I would love people in the free software community to be a little more tolerant of people who don't always do the right thing the first time. I would love everyone to help free software newbies, and congratulate them on daring to try to solve their own problems rather than mindlessly following the crowd because it's easier. But most of all, I just would like my x-server to work, and to see my desktop again even without the eye candy.

So when my courage comes back, I'll try removing individual packages the old-fashioned way, and hope that I'll get back some kind of desktop system. And yes, I'll file the bug report when I get my browser back.

Wish me luck!



speedyx's picture
Submitted by speedyx on

On the cutting edge with debian????
Impossible, even if you use sid or sidux. I try it so long, until I switched to ubuntu and mint.
If you want to stay with a working debian system with cutting edge applications you have to try Mepis.

Ryan Cartwright's picture

I'm a little confused. You started by saying your sources.list was "set to load experimental versions of the software" and then started talking about sid. I know I'm probably going to get shot down for being pedantic but sid packages are unstable not experimental. "Experimental" is another packaging level above sid. It's reserved for packages that are being tried out to see if they fit within Debian (over-simplification). They will almost certainly render your system broken (as opposed to Sid's "possibly") and they can only be installed if you specifically tell apt to do so. That is, experimental is not a "version" of Debian you can upgrade to. You add experimental packages to a Sid install.

But enough pedantry (see told you I would be called that). I sympathise with you. I even did a TBC cartoon about this very subject a while back. That said, having some way to undo an upgrade would be handy but it is fraught with difficulties. I think sometimes we users are fooled into the smooth way apt et al handles upgrades. It leads us to believe it's a much simpler process than it actually is. I guess the only way to really be sure here would be to backup your entire system and not just the data.

Equitas IT Solutions - fairness, quality, freedom

Terry Hancock's picture

"Bang!" -- I'm shooting you down for being pedantic!

If you look very carefully, you'll see that she used "sid" as a literal, and "experimental" as ordinary English.

Actually, you really have to be an insider to even notice there is an "experimental" set of packages. ;-)

Ryan Cartwright's picture

Actually in the context given it's difficult (for me anyway) to interpret whether she meant "the packages are experimental ones" or "the packages have been labelled experimental by Debian". Thus my confusion ( which it's true probably stemmed from my over-sensitive pedantic gland :) )

I was trying to say that the packages in Sid are not experimental ones. That is they are not being tried out to see _if_ they will end up in Testing or Stable - that decision has already been made. It's more a case of Debian saying "these are a work in progress and they might break your system". The experimental ones (in the Debian and English sense of the word) are more of "We're trying these out to see if they'll fit in Debian and what issues putting them in might raise".

It's semantics I know and I wasn't trying to shoot Rosalyn down at all. I was just trying to clear something up.

And yes while you have to be an insider to know about the Debian experimental I would say almost all of those who do are running Sid.

Equitas IT Solutions - fairness, quality, freedom

Terry Hancock's picture

Actually, Ryan, I think it would be entirely possible to make the APT system recover its previous state.

The only real problem is remembering what packages are installed and making sure they are available to reinstall.

(Theoretically, there could be some problems with broken packages and install/uninstall scripts -- but Debian has a really good track record, and I almost never see those kinds of problems. The problem Rosalyn describes here -- simply installing a bad package, but not being able to back up because of "deb hell" -- is much more common. I've encountered it several times, and it's the most common reason for me to have to reinstall Debian from scratch).

In a previous conversation about this, it was pointed out to me that an "undo" would "require" the distribution archives to be very stable (i.e. that the packages are all still on the server).

But in fact this idea is outdated. Consider how cheap hard drive space is nowadays. It would be trivial nowadays to assign a large amount of cache space on the hard drive to simply keep copies of ALL of the Debian packages that are currently installed (there is already a cache, it's just a matter of making it bigger and changing the rules for when a package can be deleted).

Of course, this should be up to the user, but there's no reason why there couldn't be an option and a debconf question for APT to ask whether you want to retain an "undo" capability for APT by storing all packages.

If you run out of room, then the APT programs should warn you before deleting files to make room for new downloads -- and allow you to assign some alternate space. ("Apt cannot undo this action, unless you provide additional cache space..." etc).

Back when hard drives were small, this would've been kind of insane. But today, I don't think it's that big of a deal.

It's feasible. A lot of work, of course, but feasible.

And if such a feature were available, I would definitely use it myself (understanding that I would need a much bigger /var partition).

Ryan Cartwright's picture

I can see your point but I really wouldn't want to try and diagnose an issue where the packages are from mixed repositories in the way you describe. Yes it's possible and yes it can be managed but the potential for creating a mess is huge. The problem is not remembering which packages (that is already possible) but the versions as well.

As said - and taking your point about cheap storage - perhaps the best way is to back up or mirror your entire system or even everything except the data directory onto a redundant drive. That gives you the unique configuration of your system.

Actually -- partially inspired by Rosalyn's piece -- I have a piece in the pipeline about another possible assistance to (rather than solution for) this issue - dpkg --get-selection. Watch this space as they say.

Equitas IT Solutions - fairness, quality, freedom

Terry Hancock's picture

AFAIK, dpkg --get-selections is not a solution.

The problem is that it records package names, but not versions (unless there's an extra switch I don't know about). I'll have to check into the apt-show-versions suggestion you mentioned later.

APT already caches packages it has downloaded. It just doesn't give you any control (or warnings) over when it deletes them. (That would require changes to the code).

chattr's picture
Submitted by chattr on

AFAIK, dpkg --get-selections is not a solution.

The problem is that it records package names, but not versions (unless there’s an extra switch I don’t know about).

No, that won't record versions, but something like

dpkg-query -W --showformat='${Package} ${Version}\n' > ~/list.packagenames.versionnumbers.$(date -I)

might be helpful, with some filtering of /var/lib/dpkg/status so only Status: install ok installed packages are returned.

Thanks for prodding me to think about this. I could add that to /etc/crontab and have the file contents mailed to me locally and to my external email.

If apt-get undo is an effectively unreachable goal, maybe an apt-snapshot is reachable. Too bad /var/lib/dpkg/status does not have the repo from where the .deb came, like apt-cache policy does.

Ryan Cartwright's picture

I did say it was not a solution but an assistance :)

Actually if you are resorted to reinstalling from scratch then get-selections can be of great assistance. It gives you a list of what packages you had installed. Version numbers won't be such an issue if you are switching repositories from say sid to testing or stable. In those instances I'd have thought the aim was to get the software you were using in the version that are the latest for the repo you are using. If you are after an exact replication - including version and configuration - then backup is your only option but using get-selections can help as when you come to install apt will bork if you come to install clashing packages.

BTW apt does give you warnings when it is about to remove packages (which it will only do as part of a dist-upgrade anyway). The problem is that the list is tucked between the packages-to-be-updated and packages-to-be-installed lists so when doing an dist-upgrade it's easy to lose amodst all the info that whizzes past. I've lost KDE this way before now (even wrote a Bizarre Cathedral strip about I recall).

The dpkg piece is up now but you probably figured that out by now ;)

Equitas IT Solutions - fairness, quality, freedom

Author information

Rosalyn Hunter's picture


Rosalyn Hunter has been on the internet since before the web was created. Born into a family of instructors, she has made it her life's goal to teach others about the important things in life, such as how to type kill -9 when a process is dead. She lives in a little house on the prairie in the American West with her husband, her three beautiful children, a cat and a dog.