Aptitude safety precautions
Aptitude can be a booby trap -- an object lesson
Background: an apology for bringing down the most important server in engineering.
"Hello everyone. So, I'm here to say sorry about lobotomizing the engineering server that runs Subversion and Trac. It's all been fixed. I'm also sorry it took me over an hour. I'm glad to see most of you have put away your pitchforks and torches. Anyway, the short story is that I tried to install 'ctags' with Aptitude but I didn't notice that Aptitude had a bunch of previously queued actions left pending. After I hit 'g' to start installation I noticed right away that Aptitude was doing way more than I had told it to do so I tried to CTRL-C out of it, but I was too late to stop it from executing one of the most dangerous actions in the queue which was to remove most of the PAM system modules. This is what lets the server authenticate against our LDAP server; no LDAP PAM --> no user logins --> no access to Subversion."
Quitting Aptitude does not clear the action queue
I usually use Aptitude to install packages. One problem with Aptitude is that anyone who used Aptitude before you could have left behind a queue of pending actions (install, update, remove). This easily happens if someone selects a bunch of package to be installed or removed and then simply quits Aptitude. Quitting Aptitude does not clear the action queue. These actions will get run by the next person who tries to install a package. Aptitude does print a list for you to review, but if you were not expecting a massive upgrade of the kernel and a complete removal of the PAM system then you might hastily click past the review list. It's worse if you use the curses UI; Aptitude will print most of the important actions "below the fold" because Aptitude shows "held back" packages first. It's easy to think, "I only selected one package so nothing can go wrong". I like to think this is human nature and not an example of abject stupidity; although, obviously I am biased in this particular instance.
So here are some notes on how to check the queue and how to clear the queue. Maybe this will help others from making the same mistake.
View actions pending in the Queue
This will show you want Aptitude has planned. This shows what would happen if you started up `aptitude` and hit 'g' twice or if you started `aptitude install` from the CLI:
aptitude -ysfD install
To protect against this problem in the future I put this in my bash alises:
alias aptitude='aptitude -sfD install && aptitude'
Notice I removed the '-y' option, so the first aptitude command will block if there are any pending actions in the queue; it will not block if the queue is empty and so it will allow the second aptitude to run. The result is that if the aptitude action queue is not empty before you start Aptitude then you will more easily be aware of the situation.
Clear pending actions from the queue -- keep all (forget new)
How to forget new actions in queue.
If you find a bunch of unwanted actions queued in Aptitude there is a single command, "keep-all", which will clear out the queue. This will clear every action from the queue including install, upgrade, and remove: