1

Is it possible to get more details (source code) on the updates in Ubuntu?

enter image description here

I feel like I'm just installing handfuls of opaque binaries every time...

It would be nice to be able to dive in and do random audits of the changes...

Edit: I just want more information on what the 143 kb patch is... This is open source right...

Edit 2:

So here's how I ended up doing it (thanks to the answers below)

enter image description here

Ben Winding
  • 733
  • This might be wholly or partially related to this question: https://askubuntu.com/questions/36088/how-to-fetch-the-code-of-the-binary-installed-on-a-machine?rq=1. I'm not sure that the facility you want is there -- if you want to inspect the source of a single app then you can find their repos, usually git, and inspect the changes. In sudo aptitude at a command line if you do shift-C on a package you'll get the changelog, I think those show in the sudo synaptic GUI too (and probably in "Software Updater" somewhere?). It will be impossible, due to time, to check all changes! – pbhj Sep 24 '19 at 22:51
  • 1
    A more useful time to audit the code is when the package is in the -proposed pocket. Better to discover issues before the package is pushed to millions of users. Afterward seems rather a waste of your effort. – user535733 Sep 24 '19 at 23:44

2 Answers2

1

I scrolled up my terminal & looked for a recent update of my system, and am using this as an example of how I might do it on my 19.10/eoan system :-

I see

Get:41 http://ftp.iinet.net.au/pub/ubuntu eoan/universe amd64 mate-applets amd64 1.22.2-0ubuntu1 [176 kB]

from the apt dist-upgrade but this information could come from a /var/log/apt, I just wanted an example package name for a change... I'll chase up mate-applets noting it's package version.

Opening https://packages.ubuntu.com/source/eoan/mate-applets for my package, I can click on the "Ubuntu Changelog" to the right (I just opened packages.ubuntu.com & searched for mate-applets - the latest was visible & chosen)

https://changelogs.ubuntu.com/changelogs/pool/universe/m/mate-applets/mate-applets_1.22.2-0ubuntu1/changelog

so I can see the changelog for this change, ie.

mate-applets (1.22.2-0ubuntu1) eoan; urgency=medium

  • New upstream release. * debian/patches:

    • Drop 1001_FTBFS-against-libcpupower.patch. Applied upstream.

    -- Martin Wimpress Mon, 23 Sep 2019 20:06:13 +0100

I rarely want more than this, but you could follow links on the packages.ubuntu.com site to also go to view source code, ie. https://salsa.debian.org/debian-mate-team/mate-applets/commit/671413c11c8d9e362f2d8b7473679a3c78119bd6 to see

2 changed files with 0 additions and 164 deletions

in summary; plus the diff of the changes with the source visible.

this was an update picked randomly

guiverc
  • 30,396
1

Pretty simple.

Make software-updater's window bigger or maximize

On any update with a black arrow, click on arrow to expand & expose the individual updates. Also expand the Technical description section. You'll see the package name & version at the top, the written changelog below.

For actual code changes you need to find that package in launchpad. An example of a simple search based on info shown would be libc-bin 2.30-ubuntu1 launchpad

Screen shows best link into launchpad, i.e, source package, glibc package. From that page pick release, expand & look for Available diffs You can either view the diff in your browser or download to view.

An alt search for the example update, (libc-bin) would be to search glibc package launchpad . Software-updater doesn't list the source name, synaptic does & also lists all updates individually unlike software-updater which can place them in bulk under descriptive names.enter image description here

doug
  • 17,026