diff --git a/bin/netupgrade b/bin/netupgrade index cc99a1b..3aa478e 100755 --- a/bin/netupgrade +++ b/bin/netupgrade @@ -219,8 +219,8 @@ runCmd() { # $1=host $2=name $3=cmd ERROR=1 fi echo "" | tee -a "${LOGFILENAME}" - echo "apt-get ${YESARG} autoremove" | tee -a "${LOGFILENAME}" - runSSH "${HOST}" apt-get ${YESARG} autoremove | tee -a "${LOGFILENAME}" + echo "apt-get ${YESARG} autoremove --purge" | tee -a "${LOGFILENAME}" + runSSH "${HOST}" apt-get ${YESARG} autoremove --purge | tee -a "${LOGFILENAME}" echo "" | tee -a "${LOGFILENAME}" echo "apt-get ${YESARG} autoclean" | tee -a "${LOGFILENAME}" runSSH "${HOST}" apt-get ${YESARG} autoclean | tee -a "${LOGFILENAME}" @@ -228,9 +228,6 @@ runCmd() { # $1=host $2=name $3=cmd echo "apt-get ${YESARG} clean" | tee -a "${LOGFILENAME}" runSSH "${HOST}" apt-get ${YESARG} clean | tee -a "${LOGFILENAME}" echo "" | tee -a "${LOGFILENAME}" - echo "apt-get ${YESARG} purge" | tee -a "${LOGFILENAME}" - runSSH "${HOST}" apt-get ${YESARG} purge | tee -a "${LOGFILENAME}" - echo "" | tee -a "${LOGFILENAME}" fi ;; yum) @@ -293,8 +290,8 @@ runCmd() { # $1=host $2=name $3=cmd if ! runSSH "${HOST}" apk update | tee -a "${LOGFILENAME}"; then ERROR=1 fi - echo "apk upgrade" | tee -a "${LOGFILENAME}" - if ! runSSH "${HOST}" apk upgrade | tee -a "${LOGFILENAME}"; then + echo "apk upgrade ${YESARG}" | tee -a "${LOGFILENAME}" + if ! runSSH "${HOST}" apk upgrade ${YESARG} | tee -a "${LOGFILENAME}"; then ERROR=1 fi ;; diff --git a/state.md b/state.md index 4af6450..fa477a0 100644 --- a/state.md +++ b/state.md @@ -90,7 +90,6 @@ Supported action types currently include: ### Short term - Tackle the next hardening work as small, reviewable commits instead of one broad patch -- Review package-manager cleanup steps that look incorrect or misleading, such as `apt-get purge` without arguments and the current `apk` `-y` handling - Review the remaining quoting-sensitive areas, especially around remote shell command construction ### Medium term @@ -121,6 +120,8 @@ Supported action types currently include: - `whiptail` checklist defaults are now passed explicitly as `ON`/`OFF`, and selected items are parsed through a dedicated helper instead of relying on raw shell word splitting - The CLI help and README now clarify that `-f` preselects all nodes in the interactive checklist - Log summary generation no longer uses `sed -i` interpolation; the script now writes a temporary file with the summary header plus the existing log content and replaces the original log atomically +- The `apk` action now applies `-y` to `apk upgrade` when the CLI `-y` flag is set, making its behavior consistent with the documented intent for supported package managers +- The `apt` action now uses `apt-get autoremove --purge` and no longer runs `apt-get purge` without arguments, which makes the cleanup step more meaningful and avoids a misleading command in the log ## Change guidance - Preserve backward compatibility for existing config files where possible