[PATCH] Be more thorough when upgrading and pulling in security updates
1. Run dist-upgrade, needed if the kernel has changed ABI
2. Remove all but the highest-versioned kernel
3. Run autoremove afterwards to force cleanup
---
build-openstack-debian-image | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/build-openstack-debian-image b/build-openstack-debian-image
index f1a0e99..ac88991 100755
--- a/build-openstack-debian-image
+++ b/build-openstack-debian-image
@@ -522,7 +522,24 @@ if [ "${AZURE}" = "yes" ] ; then
chroot ${MOUNT_DIR} apt-get install -y debian-azure-archive-keyring unscd
chroot ${MOUNT_DIR} apt-get update
fi
-chroot ${MOUNT_DIR} apt-get upgrade -y
+
+# Run dist-upgrade here - some security updates may involve installing
+# packages with new names, like kernels with a new ABI chroot
+${MOUNT_DIR} apt-get --no-install-recommends dist-upgrade -y
+
+# Specifically remove all but the highest-versioned kernel
+# image. Let's not waste space on older kernels we won't use...
+OLD_KERNELS=$(COLUMNS=200 chroot ${MOUNT_DIR} dpkg -l | awk '/^ii linux-image-[0-9]/ {print $2}' | sort -u | head -n -1)
+NUM_KERNELS=$(echo $OLD_KERNELS | wc -w)
+if [ $NUM_KERNELS -gt 0 ]; then
+ echo "Removing old kernels: $OLD_KERNELS"
+ chroot ${MOUNT_DIR} apt-get remove --purge -y $OLD_KERNELS
+fi
+
+# And run autoremove to remove any dependencies that might have been
+# brought in too
+echo "Running apt-get autoremove:"
+chroot ${MOUNT_DIR} apt-get autoremove -y
# Setup cloud-init, cloud-utils and cloud-initramfs-growroot
# These are only available from backports in Wheezy
--
2.11.0
Reply to: