|
Hello APT maintainers,
I should preface this by saying that while I started on Linux using Debian back in 2002, I've been working as a RHEL professional for the last 15 years so I'm just now getting back into the swing of Debian and Ubuntu at a new job.
One thing that I was quite happy with in the YUM ecosystem was the simple rollback capability. Being able to do `yum history undo` to perform an easy rollback gave us confidence to roll out package upgrades automatically and rapidly with high confidence that
we could revert the vast majority of any updates that might prove to be problematic at our site. This meant that we could have the whole production fleet automatically apply full patches weekly and were a single command or Ansible play away from rolling back
any bad update we might be hit with. (we'd simply pin anything that would be problematic to roll back such as complicated service stacks or things that depend on database migrations during upgrades etc)
Coming back to Debian & Ubuntu now that I'm working at a site that is a mix of Debian 9-10 and Ubuntu 18-20, there is a lot of apprehension about automatically applying package updates, which really slows down our update cadence as we do most of production
manually and opportunistically - generally patching about once a quarter per host if we are lucky.
I'm aware that I can manually examine /var/log/apt/history.log to discover the to/from package versions for any given unattended-upgrades run, but it's a completely manual process to assemble a long command string of 'apt install foo=vers' package arguments
to roll an upgrade back. In contrast with YUM we could roll back any transaction (to an extent) by calling 'yum history undo $n.
Given that APT and Debian are quite mature projects, the goal of this email is to better understand the rationale for not building such functionality into APT. I do understand already that any package undo operation isn't going to be a perfect magic bullet
due to pre/post scripts, but with YUM that's the exact same case, and yet 'yum history undo' is still quite usefull in 95+% of cases.
So please if you could, help me understand why APT doesn't have something similar in place. I'm certainly not the only one grasping for such functionality, as I do see various projects on both Salsa and on Github using scripts to try to achieve a similar utility.
I'm open to any tricks that help with rolling back package upgrades in a more hands-off way if we do find problematic patches that we need to revert.
Thanks!
-- Kodiak Firesmith |