[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[PATCH] Be more thorough when upgrading and pulling in security updates

1. Run dist-upgrade, needed if the kernel has changed ABI
2. Remove all but the highest-versioned kernel
3. Run autoremove afterwards to force cleanup
 build-openstack-debian-image | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/build-openstack-debian-image b/build-openstack-debian-image
index f1a0e99..ac88991 100755
--- a/build-openstack-debian-image
+++ b/build-openstack-debian-image
@@ -522,7 +522,24 @@ if [ "${AZURE}" = "yes" ] ; then
 	chroot ${MOUNT_DIR} apt-get install -y debian-azure-archive-keyring unscd
 	chroot ${MOUNT_DIR} apt-get update
-chroot ${MOUNT_DIR} apt-get upgrade -y
+# Run dist-upgrade here - some security updates may involve installing
+# packages with new names, like kernels with a new ABI chroot
+${MOUNT_DIR} apt-get --no-install-recommends dist-upgrade -y
+# Specifically remove all but the highest-versioned kernel
+# image. Let's not waste space on older kernels we won't use...
+OLD_KERNELS=$(COLUMNS=200 chroot ${MOUNT_DIR} dpkg -l | awk '/^ii  linux-image-[0-9]/ {print $2}' | sort -u | head -n -1)
+NUM_KERNELS=$(echo $OLD_KERNELS | wc -w)
+if [ $NUM_KERNELS -gt 0 ]; then
+    echo "Removing old kernels: $OLD_KERNELS"
+    chroot ${MOUNT_DIR} apt-get remove --purge -y $OLD_KERNELS
+# And run autoremove to remove any dependencies that might have been
+# brought in too
+echo "Running apt-get autoremove:"
+chroot ${MOUNT_DIR} apt-get autoremove -y
 # Setup cloud-init, cloud-utils and cloud-initramfs-growroot
 # These are only available from backports in Wheezy

Reply to: