Ubuntu – Is apt-get upgrade a dangerous command

12.04apt

When I use apt-get update and apt-get upgrade,there are some packages should installed in newest version,like below:

The following packages will be upgraded:
  accountsservice apparmor apport apt apt-transport-https apt-utils binutils
  cloud-init cpp-4.8 dpkg fuse g++-4.8 gcc-4.8 gcc-4.8-base gdisk gnupg gpgv
  grub-common grub-legacy-ec2 grub-pc grub-pc-bin grub2-common initscripts
  isc-dhcp-client isc-dhcp-common libaccountsservice0 libapparmor-perl
  libapparmor1 libapt-inst1.5 libapt-pkg4.12 libasan0 libatomic1 libbsd0
  libcurl3-gnutls libdrm2 libedit2 libfuse2 libgcc-4.8-dev libgd3 libgomp1
  libitm1 libjson-c2 libjson0 libnuma1 libpam-systemd libpolkit-agent-1-0
  libpolkit-backend-1-0 libpolkit-gobject-1-0 libquadmath0 libstdc++-4.8-dev
  libstdc++6 libsystemd-daemon0 libsystemd-login0 libtsan0 libudev1 libxext6
  linux-libc-dev ntpdate openssl overlayroot patch policykit-1 ppp
  python-urllib3 python3-apport python3-problem-report python3-update-manager
  rsyslog systemd-services sysv-rc sysvinit-utils tcpdump tzdata udev
  update-manager-core
75 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.

If I didn't know every one of there packages what will happen if there update in newest version.I shouldn't execute this command(apt-get upgrade).

For example:

This php version is before I upgrade

yzxu@ubuntu:/tmp/git-2.1.2$ php --version
PHP 5.6.6-1+deb.sury.org~precise+1 (cli) 
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies

and after I upgrade:

yzxu@ubuntu:/tmp/git-2.1.2$ php --version
PHP 5.6.10-1+deb.sury.org~precise+1 (cli) 
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies

The php version is changed.And if I didn't what what was change in two version,should I upgrade it?Is it will influence product?

Best Answer

apt-get update

Refreshes the repositories and fetches information about packages that are available online.

apt-get upgrade

Downloads and installs updates for all installed packages - as long as it doesn't bother dependencies (install new packages, remove old ones or crosses a repo source (switch a package from one repo to another)).

apt-get dist-upgrade

Does the same as "upgrade" but upgrades a package also when dependencies or sources are changed (something you want to avoid on servers without further testing).

To conclude - an update can break things but it is necessary! So if you are on a desktop you should normally do a:

sudo apt-get update && sudo apt-get dist-upgrade

Without destroying something.

On a server most of the times a:

sudo apt-get update && sudo apt-get upgrade

should be enough AND security updates should be installed automatically (on servers and desktops)

Update to 16.04

Meanwhile the "apt" wrapper is the standard way in Ubuntu, so the commands are now:

sudo apt update        #to update the repo-information

sudo apt upgrade       #to install all security fixes and changes that doesn't harm the system or change the behaviour

sudo apt full-upgrade  #the new "dist-upgrade" that installs newer versions that can break backwards-compatibility

TL;DR!

Yes, you should update PHP in this example because it is a security fix (this can be seen through the versioning scheme of PHP; it also wouldn't have been pushed into the "upgrade" channel of Ubuntu.)

Related Solutions

Ubuntu – How to rollback an apt-get upgrade from command line

You can display packages that are going to be upgraded and version changes with:

sudo apt-get update
sudo apt-get -V upgrade

The '-V' flag shows you the additional info. As for the snapshots - you really have to roll your own here.

My favourite method for having the rollback ability is using LVM with snapshots on Linux - but the last time I checked, there was no progress on the automated rollback to the chosen snapshot. This might have changed since then (I'd be happy for someone to correct me), but you can always boot using root=/dev/vg0/root-snap kernel parameter (for instance) and then use rsync to sync the snapshot /dev/vg0/root-snap to the original volume /dev/vg0/root and then discard the snapshot. Not ideal but can be automated.

Of course ZFS snapshots rock but there's no official, production-ready ZFS support for Linux (yes, I'm aware of zfsonlinux.org and ZFS-FUSE), so unless you're just playing around, that's not really a feasible option for you.

UPDATE: it looks that we can now rollback (merge in LVM2 parlance) snapshots. So the update would take the following form with LVM2:

Create a 5GB snapshot of your root LV:

lvcreate -s /dev/vg0/root -L5G -n root-snap
Update the package (as above).
Roll back if necessary by running:

lvconvert --merge /dev/vg0/root-snap

And because /dev/vg0/root (the original LV) is opened, lvconvert will notify you that the /dev/vg0/root will be rolled back to /dev/vg0/root-snap upon the next activation of this volume. This happens when you run

lvchange -ay /dev/vg0/root

while this LV is closed, which is upon the next boot or after running:

lvchange -an /dev/vg0/root

Ubuntu – apt-get autoremove dangerous

It should be perfectly safe to run sudo apt-get autoremove This should only remove packages that are not in use or needed any longer. If its a necessary package that would "break" your system if removed it shouldn't remove it.

Best Answer

Related Solutions

Ubuntu – How to rollback an apt-get upgrade from command line

Ubuntu – apt-get autoremove dangerous

Related Question