GithubHelp home page GithubHelp logo

Comments (6)

mssalvatore avatar mssalvatore commented on June 4, 2024

@setharnold No, it's not. See #56 and #53

from sec-cvescan.

techalchemy avatar techalchemy commented on June 4, 2024

@setharnold @mssalvatore as a work-around until 3.0, do you see any issues with using the following to remove previously uninstalled items from the manifest?

$ grep -v -f <(dpkg --get-selections | awk '$2 ~ /deinstall/ {print $1}') <(dpkg-query -W)

from sec-cvescan.

philroche avatar philroche commented on June 4, 2024

If it helps, the cloud image manifests published to http://cloud-images.ubuntu.com/releases/focal/release/ are generated using

dpkg-query --show --admindir="/var/lib/dpkg"

See https://git.launchpad.net/ubuntu/+source/livecd-rootfs/tree/live-build/functions?h=ubuntu/focal-updates#n46 for more details.

from sec-cvescan.

techalchemy avatar techalchemy commented on June 4, 2024

@philroche that still turns up previously installed packages for me -- for example, zfs-zed is no longer installed locally and ideally won't show up in a manifest:

$ dpkg -l | grep '^rc' | tail -1       Wed 16 Dec 2020 09:28:15 PM UTC
rc  zfs-zed                                       0.7.12-1ubuntu5                             amd64        OpenZFS Event Daemon

but it does show up in standard queries:

$ dpkg-query --show --admindir="/var/lib/dpkg" | grep 'zfs-zed'
zfs-zed	0.7.12-1ubuntu5

from sec-cvescan.

philroche avatar philroche commented on June 4, 2024

@techalchemy Interesting. I'll check to see if any cloud-images are affected by this. I'll also update https://github.com/CanonicalLtd/ubuntu-package-manifest too

@philroche that still turns up previously installed packages for me -- for example, zfs-zed is no longer installed locally and ideally won't show up in a manifest:

$ dpkg -l | grep '^rc' | tail -1       Wed 16 Dec 2020 09:28:15 PM UTC
rc  zfs-zed                                       0.7.12-1ubuntu5                             amd64        OpenZFS Event Daemon

but it does show up in standard queries:

$ dpkg-query --show --admindir="/var/lib/dpkg" | grep 'zfs-zed'
zfs-zed	0.7.12-1ubuntu5

from sec-cvescan.

philroche avatar philroche commented on June 4, 2024

I have confirmed that Ubuntu cloud image manifests are not affected as any package removal that I can find uses apt-get remove --purge which means it will not show up in the manifest.

I have tested this locally now too.

from sec-cvescan.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.