0

I'm again and again wondering why there isn't (or did I just not find it?) any tool which can reliably and effortlessly rollback changes done by updates. Let me take an update with apt on Debian as example. There's this new package and there are the dependencies it has. Every package has a list of files which will be created / modified / deleted. Additionally, other files may be modified by configuration scripts.

My research on this topic brought up strace as possible best solution. With strace it's possible to monitor the syscalls of a single process (lets assume apt-get) and it's possible to filter out syscalls that are relevant to what I'm looking for.

Having this list, it would be possible to reliably rollback the update with a single command. Maybe it's even possible to add some kind of hook to a modified strace executable which triggers the backup of every file just before it's modified.

Are my assumptions correct? If yes, does such a tool exist?

didi_X8
  • 137
  • 1
  • 6
  • 1
    What's the use case for rolling back a package update? This is why reading release notes is essential for any patch applied to a production system. – Joel E Salas Feb 10 '12 at 23:07

1 Answers1

3

Packages don't necessarily exist in a vacuum - take the example of updating a database package, and having it convert its data files to a new format when it starts up. There's no capture of that during the package upgrade process.

The most consistent rollback method you'll find is a snapshot and rollback of the entire system (snap the VM, or a snapshot-capable filesystem), and even that's not bullet-proof - a package update on one system can potentially affect other nodes on the network.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
  • You're right, didn't think about that. But shouldn't a sane package management system be able to at least get back into a consistent state if one of the dependency updates fail? – didi_X8 Feb 11 '12 at 00:12
  • @didi_x8 no. Any sane package management system will install the new dependencies first. So if it makes it to the package that got upgraded, then all the dependencies must have made it. If the dependency fails to install then yes, that dependency can be downgraded again. – phemmer Feb 11 '12 at 02:50