6

Just ran this and it looks unancellable.

MUCH is being cleared out.

I simply want to remove and re-insall all ssl ssh apparatus.

There is horrible version mismatch.

mathtick
  • 589
  • 12
    The dangerous part is the -y. You just told the system that you don't want a chance to review or cancel. Do not interrupt. When it finishes, install ubuntu-desktop, which should reinstall most of what was lost. – user535733 Jul 26 '23 at 16:45
  • Yes, the '-y' was an accident copy/paste.

    Can't believe Ubuntu upgrade has left in broken ssl ssh state. These are fundamental things. They should be packaged together I on Ubuntu surely.

     – mathtick Jul 26 '23 at 16:55
  • 8
    "I 90% understand the risk scope of the command." - It seems you got bitten by the other 10% though ;) - "I generally expect ssh and family to just work and I NEVER want to touch them." - Then don't remove important packages! I don't know what problem you were having before this command, but the problems you have after this command are entirely of your own making. – marcelm Jul 27 '23 at 10:26
  • 12
    @mathtick While I agree that an extra guard against removing "critical" packages might be useful, there's always two problems with such measures: 1) someone has to define which actions are "extra dangerous", and there's always a lot of different ways you can mess up a running system; 2) there always needs to be a way of doing it when you really need to - in this case, you already turned off two levels of protection with sudo and -y, so if there was a third level of protection you might still have turned that off accidentally as well. – IMSoP Jul 27 '23 at 10:54
  • 2
    @IMSoP There is an extra level which guards against uninstalling packages labelled as “essential”, which you can't do with just apt-get remove -y. But that only covers things that are truly critical, basically the minimum to boot to a local shell. It doesn't cover things that not everybody would want, such as an SSH server. – Gilles 'SO- stop being evil' Jul 28 '23 at 12:58
  • 2
    apt-get remove openssl -y does not remove SSH. Not that “remove and reinstall” is a good idea in the first place: whatever problem you're trying to solve, this probably won't resolve it, or if it does then apt-get install --reinstall would be a less risky way of resolving it. – Gilles 'SO- stop being evil' Jul 28 '23 at 13:00

2 Answers2

17

You can easily reinstall the removed packages.

Apt has a history file. This file is /var/log/apt/history.log. Run the following command to view it in the terminal:

cat /var/log/apt/history.log

You will see a Start date, Commandline used, Requested-By username, etc.

So run:

grep -hA5 "remove openssl" /var/log/apt/history.log | grep "Remove"

This should print out the packages that were removed. The word "Remove" should only appear once, at the beginning of the list.

If this list appears to be what was removed, then proceed.

First, cd into your user's home directory and then send the list to a file named "removedpackages".

cd
grep -hA5 "remove openssl" /var/log/apt/history.log | grep "Remove" > removedpackages

Now we need to clean up the list before sending it to apt.

This command should print everything on a new line:

sed -e "s/ [a-z0-9(]/\n&/g" removedpackages

This should grep for only the package names (lines that begin with a blank space followed by a lower case letter or number).

sed -e "s/ [a-z0-9(]/\n&/g" removedpackages | grep '^ [a-z0-9]'

Now the packages should be listed in the form of packagename:amd64 or packagename:all or packagename:i386 etc.

If so, then send the list to a new file named removedlist.

sed -e "s/ [a-z0-9(]/\n&/g" removedpackages | grep '^ [a-z0-9]' > removedlist

Finally to reinstall the packages, send the contents of the file to apt.

sudo apt update
sudo apt install $(cat removedlist)

And remove your work files:

rm removedlist removedpackages

An explanation of the options used for:

sed -e "s/ [a-z0-9(]/\n&/g"
  • -e prints or echos the output instead of editing the file
  • s///g is the standard form of a substitute string
  • [a-z0-9(] match any blank space followed by a lowercase letter or number or open parenthesis.
  • \n& substitute with a new line \n before the match &.

Also:

For grep -hA5

  • -h says do not list the file name in the output and
  • A5 says to also list the 5 lines after the match
mchid
  • 43,546
  • 8
  • 97
  • 150
  • 3
    And luckily, since you only removed the packages (as opposed to using purge), you should've retained your configuration files and everything should be back to normal. Although, I suggest opening a specific question about the mismatch problem and please remember to include the exact error, copied and pasted. – mchid Jul 27 '23 at 03:15
  • 3
    Love this. Going to try to commit this "apt has history" to memory for exactly these scenarios. – mathtick Jul 27 '23 at 08:31
  • 7
    Lucky that apt uses gnutls, not openssl :) – hobbs Jul 27 '23 at 14:40
  • 1
    Even if apt did use openssl, the "openssl" package only contains the application binaries, not the libraries. The libraries are in libssl. – Peter Green Jul 28 '23 at 21:26
11

It's the operating system's command line interface.

In this environment, a lot of commands can become very dangerous, especially when they are being copy-pasted, and especially when unintended, or unaware options, such as -y are being left in them.

I seem to observe that a lot of people —novices, but on occasion, sysadmins alike— appear to learn to respect this environment only at their own, sometimes significant expenses.

In the meanwhile, I suggest relying on the apt-get command's --simulate or equivalent --dry-run options to review the impact of such commands without having to live with the consequences.

Levente
  • 3,961