0

How to create a command, on Ubuntu, to report when the latest version of a given package was released?

(I need to check this as part of proving that we install certain updates on certain servers within a given time.)

Right now, my script does the following:

  • issue apt-cache policy <packagename>
  • extract the repository URLs for the latest version
  • issue apt-cache show <packagename>
  • extract the URL path for the latest version
  • concatenate them
  • issue a HTTP HEAD request for the resulting URLs
  • report the Last-Modified header value

This assumes the local index is up to date (i.e. sudo apt-get update or equivalent has been run recently enough). That is fine with me.

Apart from that assumption, how reliable is this? Is there a better way?

reinierpost
  • 410
  • 3
  • 9
  • 1
    You appear to *also* assume that your mirror is up to date. Canonical is so very **not** confident in the speed at which mirrors update, they still refuse to widely roll out mechanisms which would make upgrades fail with an error when receiving an authentic but outdated Release file (e.g. apt `valid-until`) – anx Jan 28 '21 at 23:02

2 Answers2

3

Launchpad, the primary platform used to track building & releasing packages for Ubuntu, offers an API.

You are likely interested in the object Publishing history.

Example in Python - you might need to complicate this a bit if you need to map binary package name to source package name first:

from launchpadlib.launchpad import Launchpad
lp = Launchpad.login_anonymously("https://github.com/example/ex")
ubuntu = lp.distributions["ubuntu"]
archive = ubuntu.main_archive
focal = ubuntu.getSeries(name_or_version="focal")
firefox_releases = archive.getPublishedSources(
     distro_series=focal,
     source_name="firefox", exact_match=True,
     status="Published")
for s in firefox_releases:
    print(s.source_package_version, s.pocket, s.date_published)

If this does not suit your needs, there is a chance it will be changed so it does if only you spell out a compelling reason.

Warning: Using this approach offers the ability to gracefully handle some of the annoying failure modes of your approach. But whatever you do with the resulting data, it will still be your job to decide what to do with Superseded and Deleted states. Example: The latest package queried today might be older than the latest package queries yesterday, so do not assume strictly monotone increments.

anx
  • 6,875
  • 4
  • 22
  • 45
1

If you're willing to scrape HTML, you can get the package release date for any package from launchpad.

Consider the recently released sudo package. For this example let's say you are using Ubuntu 20.04 LTS (focal). You have the latest package, version 1.8.31-1ubuntu1.2. You can then fetch:

https://launchpad.net/ubuntu/+source/sudo/1.8.31-1ubuntu1.2/+publishinghistory

You will find its publishing dates in numerous places on this page. Pick whichever one you think you can get your script to parse most easily.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940