Bug#987017: recommends 3 different ways to find obsolete packages, pick one

[Stuart Prescott <stuart@debian.org>]

On 19/12/2022 08:10, Paul Gevers wrote:
> Hi
>
> On 15-04-2021 19:39, Antoine Beaupré wrote:
> > I actually forgot that bullseye itself introduces yet another one:
> >
> >      apt list ~obsolete
>
> But (I'm running bookworm):
>
> paul@mulciber ~/release-team/release-notes $ apt list ~obsolete
> Listing... Error!
> E: input:2-9: error: Expected end of file
>     ~obsolete
>       ^^^^^^^
>
> Did this work in the past?

Doubt that ever worked as written — that should be « apt list '~o' ». 
(The ~ patterns are single letters followed by arguments.)

To tail back through this bug, there's a mixture of different recipes 
considered here. They do different things and will produce very 
different results depending on whether they are run before or after 
editing the sources.list+apt update step.

"obsolete" packages are packages that are currently installed but that 
package name is not available in any current apt source. The version of 
the package installed can be higher or lower than what is currently 
available.
- If you s/bullseye/bookworm/+apt update, packages that are upgradable 
are not obsolete; the package names that have disappeared completely 
are, obsolete.
- If you installed packages from bullseye-backports and then removed 
bullseye-backports from your sources.list, those packages aren't 
available any more, but are also not obsolete.

Obsolete packages are matched by both the aptitude and apt searches ~o. 
Locally built/manually downloaded packages that are in no apt source 
will also match ~o; locally built/manually downloaded packages where the 
package name is also in an apt repo will _not_ be included.

There's a second collection of packages where the currently installed 
version cannot be located in any available apt repository. While 
'obsolete' packages was only about the package name, this is about the 
(name, version, architecture) tuple. This set of "not available" 
packages includes the yet-to-be upgraded packages, and the ones that are 
somehow at a higher version than what is currently available.


So... the actual commands discussed:


aptitude search '~o'
apt list '~o'
 Both of these look for obsolete packages as defined above. On this 
machine it lists gcc-8-base linux-image-5.16.0-2-amd64-unsigned (left 
over from a previous release and churn in sid) but also "dpkg -i" 
installed packages like crossover and and draw.io (where those package 
names do not exist in Debian). My own backports are not included because 
the package names exist. Likewise packages like rclone I've grabbed the 
upstream .deb and installed it on this machine are not included.

aptitude search 
'?narrow(?not(?archive("^[^n][^o][^w].*$")),?version(CURRENT))'
apt list | grep 'installed,local'
 This is a monster (it may well have been reinvented multiple times, 
but I will own up to responsibility for creating it at least one time 
c2009). It's filtering out apt's magic repo of 'now', which accompanies 
all installed packages (a bit like /var/lib/dpkg/status in the output of 
apt-cache policy foo), to find packages that are currently installed but 
for which (name, version, architecture) doesn't exist in a currently 
configured repo. On this machine, it matches some 3rd party packages 
that are installed via dpkg -i and for which there is no apt repo, like 
crossover (just like 'obsolete') as well as local backports that I've 
made that are not sitting in any repo, and those upstream .debs like 
rclone. Backports that I poked into my own local repo are not included 
because they are available. Packages that I installed directly out of 
sid onto this bullseye machine and have never upgraded are also on the 
list because the version part of the (name, version, arch) tuple doesn't 
match. (The treatment of local repositories is slightly different for 
the two versions of this command given above)

aptitude search '?narrow(?installed, ?not(?origin(Debian)))'
apt list '?narrow(?installed, ?not(?origin(Debian)))'
 This looks for packages not currently installable from a repo with 
'Debian' as the name in the Release file, which includes the case where 
(name, version, arch) doesn't match. Because it's matching on the 
version string of the package, it spots that upstream .deb for rclone, 
the local backports, etc. It also adds in 3rd party packages that are in 
apt repositories, so on this machine signal-desktop and slack-desktop. 
Note that lots of 3rd party repositories are misconfigured which is 
unhelpful.


Which of the above is useful depends on the stage of the upgrade. 
Looking for obsolete packages after the upgrade is an important part of 
the cleanup process. Looking for 3rd party packages before the upgrade 
is an important part of the preparation.

Importantly, the output of any of these commands will depend on whether 
the sources.list has been edited; we see that quite frequently in 
#debian, where someone has edited the sources.list for the upgrade and 
is then freaked out by absolutely every single package suddenly being 
'not available'.

cheers
Stuart


--
Stuart Prescott   http://www.nanonanonano.net/ stuart@nanonanonano.net
Debian Developer  http://www.debian.org/       stuart@debian.org
GPG fingerprint   90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7