Improve package cleanup

README.md

@@ -1,2 +1,15 @@
 # debian-scripts
-Scripts to keep debian updated with ALL patches, remove old kernels and more.
+Scripts to keep Debian-based systems updated with all patches while removing
+stale packages and kernels.
+
+## Notes on deborphan
+
+Debian dropped the `deborphan` package because it was unmaintained and largely
+superseded by modern APT features. Kali follows Debian and no longer ships this
+utility. These scripts therefore remove the package if it is installed and do
+not attempt to use it.
+
+With `deborphan` removed, the recommended approach to clean unused packages is
+to rely on `apt autoremove` in combination with `apt-mark minimize-manual`.
+`remove-all-old-packages.sh` automates this process, looping `apt autoremove`
+up to ten times and purging `deborphan` itself if it is still installed.

autoupdate-and-reboot.sh

@@ -1,11 +1,16 @@
 #!/usr/bin/env bash
 PATH=/bin:/usr/sbin:/sbin:/usr/local/sbin
+
+# Determine the directory where this script lives so we can invoke
+# companion scripts reliably when called from any location.
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
 if [ -n "$1" ]; then
-  touch /var/run/reboot-required
+    touch /var/run/reboot-required
 fi
-/bin/check-if-already-updating.sh && \
-/bin/remove-old-kernels.sh && \
-/bin/remove-all-old-packages.sh && \
-/bin/remove-old-snaps.sh && \
-/bin/autoupdate.sh
-/bin/reboot-if-required.sh
+
+"${SCRIPT_DIR}/check-if-already-updating.sh" && \
+"${SCRIPT_DIR}/remove-old-kernels.sh" && \
+"${SCRIPT_DIR}/autoupdate.sh" && \
+"${SCRIPT_DIR}/remove-old-snaps.sh" && \
+"${SCRIPT_DIR}/reboot-if-required.sh"

autoupdate-and-shutdown.sh

@@ -1,7 +1,10 @@
 #!/usr/bin/env bash
 PATH=/bin:/usr/sbin:/sbin:/usr/local/sbin
-/bin/remove-old-kernels.sh
-/bin/remove-all-old-packages.sh
-/bin/remove-old-snaps.sh
-/bin/autoupdate.sh
+
+# Use SCRIPT_DIR for consistent invocation of companion scripts
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+"${SCRIPT_DIR}/remove-old-kernels.sh"
+"${SCRIPT_DIR}/autoupdate.sh"
+"${SCRIPT_DIR}/remove-old-snaps.sh"
 shutdown -h now

autoupdate.sh

@@ -5,5 +5,6 @@ export DEBIAN_FRONTEND=noninteractive
 dpkg --configure -a --force-confdef --force-confold && \
 apt-get update && \
 apt-get dist-upgrade -y && \
-apt-get purge $(deborphan --guess-all | grep -v "$(apt-mark showmanual)" | tr '\n' ' ') -y && \
-/bin/check-requirements.sh
+"$(dirname "$0")/remove-all-old-packages.sh" && \
+"/bin/check-requirements.sh"
+

check-if-already-updating.sh

@@ -3,4 +3,4 @@
 if pidof apt-get > /dev/null || pidof dpkg > /dev/null; then
     echo "An update process is already running. Exiting..."
     exit 1
-fi
+fi

check-requirements.sh

@@ -1,26 +1,28 @@
 #!/usr/bin/env bash
 export DEBIAN_FRONTEND=noninteractive
-# List of packages to check and install if necessary
+# List of packages to check and install if necessary. `deborphan` has been
+# removed from modern Debian-based systems and will be purged if present.
 
 # Detect the distribution
 if [ -f /etc/os-release ]; then
     . /etc/os-release
 fi
 
-# Define package lists specific to each distribution
-if [ "$ID" == "kali" ]; then
-    # Kali-specific package list (netcat is already included by default)
-    packages=("nc" "sed" "deborphan" "needrestart")
-elif [ "$ID" == "ubuntu" ]; then
-    # Ubuntu-specific package list
-    packages=("netcat-openbsd" "sed" "deborphan" "needrestart")
-elif [ "$ID" == "debian" ]; then
-    # Debian-specific package list
-    packages=("netcat-openbsd" "sed" "deborphan" "needrestart")
-else
-    echo "Unsupported distribution: $ID"
-    exit 1
-fi
+# Define package lists specific to each distribution using a case statement
+case "$ID" in
+    kali)
+        # Kali-specific package list (netcat is already included by default)
+        packages=("nc" "sed" "needrestart")
+        ;;
+    ubuntu|debian)
+        # Ubuntu and Debian package list
+        packages=("netcat-openbsd" "sed" "needrestart")
+        ;;
+    *)
+        echo "Unsupported distribution: $ID"
+        exit 1
+        ;;
+esac
 
 # Loop through the list of packages and install them if they are not already installed
 for pkg in "${packages[@]}"; do
@@ -42,3 +44,9 @@ for pkg in "${packages[@]}"; do
 done
 
 echo "All packages checked and necessary ones installed."
+
+# Purge deborphan if it still exists
+if dpkg -s deborphan >/dev/null 2>&1; then
+    apt-get purge -y deborphan
+fi
+

checkserver.sh

@@ -1,5 +1,16 @@
 #!/usr/bin/env bash
-nc -z $1 $2
+
+if [ "$#" -lt 2 ]; then
+    echo "Usage: $0 <host> <port>" >&2
+    exit 1
+fi
+
+# Determine the directory of this script to call helpers reliably
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+nc -z "$1" "$2"
 if [ $? -eq 1 ]; then
-	/bin/autoupdate-and-reboot.sh
+    "${SCRIPT_DIR}/autoupdate-and-reboot.sh"
 fi
+
+

reboot-if-required.sh

@@ -10,4 +10,4 @@ else
     # Restart affected services
     echo "Restarting affected services..."
     /usr/sbin/needrestart -r a
-fi
+fi

remove-all-old-packages.sh

@@ -3,8 +3,19 @@
 
 PATH=/bin:/usr/sbin:/sbin:/usr/local/sbin
 
-# Loop autoremove until no more packages are removed
-while ! sudo apt-get autoremove -y | grep -q '0 upgraded, 0 newly installed, 0 to remove'; do
+# Mark packages that are no longer explicitly required as automatic
+apt-mark minimize-manual
+
+# Remove deborphan if it is present
+if dpkg -s deborphan >/dev/null 2>&1; then
+    apt-get purge -y deborphan
+fi
+
+# Run autoremove repeatedly with an upper attempt limit to avoid infinite loops
+for attempt in $(seq 1 10); do
+    if sudo apt-get autoremove -y | grep -q '0 upgraded, 0 newly installed, 0 to remove'; then
+        break
+    fi
     echo "Running autoremove again to ensure all unnecessary packages are removed."
 done
 

tests/test_autoupdate.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+set -e
+script="$(dirname "$0")/../autoupdate.sh"
+
+# positive: script calls remove-all-old-packages.sh
+if ! grep -q "remove-all-old-packages.sh" "$script"; then
+  echo "Expected call to remove-all-old-packages.sh" >&2
+  exit 1
+fi
+
+# positive: script performs dist-upgrade
+if ! grep -q "dist-upgrade" "$script"; then
+  echo "Expected dist-upgrade command" >&2
+  exit 1
+fi
+
+# negative: script should not reference deborphan
+if grep -q deborphan "$script"; then
+  echo "Script must not reference deborphan" >&2
+  exit 1
+fi
+
+echo "All tests passed."

tests/test_autoupdate_and_reboot.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -e
+script="$(dirname "$0")/../autoupdate-and-reboot.sh"
+
+# positive: script defines SCRIPT_DIR variable
+if ! grep -q 'SCRIPT_DIR=' "$script"; then
+  echo "Expected SCRIPT_DIR variable" >&2
+  exit 1
+fi
+
+# positive: uses SCRIPT_DIR when calling check-if-already-updating.sh
+if ! grep -q "\${SCRIPT_DIR}/check-if-already-updating.sh" "$script"; then
+  echo "Expected SCRIPT_DIR usage for check-if-already-updating.sh" >&2
+  exit 1
+fi
+
+# positive: script calls autoupdate.sh via SCRIPT_DIR
+if ! grep -q "\${SCRIPT_DIR}/autoupdate.sh" "$script"; then
+  echo "Expected call to autoupdate.sh" >&2
+  exit 1
+fi
+
+# negative: script should not use hard-coded /bin path
+if grep -q '/bin/check-if-already-updating.sh' "$script"; then
+  echo "Script should not use absolute /bin path" >&2
+  exit 1
+fi
+
+# negative: script should not call remove-all-old-packages.sh
+if grep -q 'remove-all-old-packages.sh' "$script"; then
+  echo "Script should not call remove-all-old-packages.sh" >&2
+  exit 1
+fi
+
+echo "All tests passed."

tests/test_autoupdate_and_shutdown.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -e
+script="$(dirname "$0")/../autoupdate-and-shutdown.sh"
+
+# positive: script defines SCRIPT_DIR variable
+if ! grep -q 'SCRIPT_DIR=' "$script"; then
+  echo "Expected SCRIPT_DIR variable" >&2
+  exit 1
+fi
+
+# positive: uses SCRIPT_DIR when calling remove-old-snaps.sh
+if ! grep -q "\${SCRIPT_DIR}/remove-old-snaps.sh" "$script"; then
+  echo "Expected SCRIPT_DIR usage for remove-old-snaps.sh" >&2
+  exit 1
+fi
+
+# positive: script calls autoupdate.sh via SCRIPT_DIR
+if ! grep -q "\${SCRIPT_DIR}/autoupdate.sh" "$script"; then
+  echo "Expected call to autoupdate.sh" >&2
+  exit 1
+fi
+
+# negative: script should not use hard-coded /bin path
+if grep -q '/bin/remove-old-snaps.sh' "$script"; then
+  echo "Script should not use absolute /bin path" >&2
+  exit 1
+fi
+
+# negative: script should not call remove-all-old-packages.sh
+if grep -q 'remove-all-old-packages.sh' "$script"; then
+  echo "Script should not call remove-all-old-packages.sh" >&2
+  exit 1
+fi
+
+echo "All tests passed."

tests/test_check_if_already_updating.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -e
+script="$(dirname "$0")/../check-if-already-updating.sh"
+
+# positive: script exits with code 1 when apt-get is running
+if ! grep -q "exit 1" "$script"; then
+  echo "Expected script to exit with status 1 when update is running" >&2
+  exit 1
+fi
+
+# negative: ensure script closes with fi
+if ! tail -n 1 "$script" | grep -q '^fi$'; then
+  echo "Script should end with fi" >&2
+  exit 1
+fi
+
+echo "All tests passed."

tests/test_check_requirements.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -e
+script="$(dirname "$0")/../check-requirements.sh"
+
+# positive: uses a case statement for distro detection
+if ! grep -q "case \"\$ID\"" "$script"; then
+  echo "Expected case statement for distro detection" >&2
+  exit 1
+fi
+
+# positive: script purges deborphan if present
+if ! grep -q "purge -y deborphan" "$script"; then
+  echo "Expected deborphan purge step" >&2
+  exit 1
+fi
+
+# negative: script should not attempt to install deborphan
+if grep -q "apt-cache show deborphan" "$script"; then
+  echo "Script should not install deborphan" >&2
+  exit 1
+fi
+
+# negative: script must handle unsupported distributions
+if ! grep -q "Unsupported distribution" "$script"; then
+  echo "Expected unsupported distribution handler" >&2
+  exit 1
+fi
+
+echo "All tests passed."

tests/test_checkserver.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -e
+script="$(dirname "$0")/../checkserver.sh"
+
+# positive: script validates argument count
+if ! grep -q "Usage" "$script"; then
+  echo "Expected usage message" >&2
+  exit 1
+fi
+
+# positive: script defines SCRIPT_DIR and uses it when calling autoupdate
+if ! grep -q 'SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"' "$script"; then
+  echo "Expected SCRIPT_DIR variable" >&2
+  exit 1
+fi
+if ! grep -q '\${SCRIPT_DIR}/autoupdate-and-reboot.sh' "$script"; then
+  echo "Expected SCRIPT_DIR usage for autoupdate-and-reboot.sh" >&2
+  exit 1
+fi
+
+# negative: script should not use unquoted positional parameters
+if grep -q "nc -z \$1 \$2" "$script"; then
+  echo "Script should quote positional parameters" >&2
+  exit 1
+fi
+
+# negative: script should not use hard-coded /bin path
+if grep -q '/bin/autoupdate-and-reboot.sh' "$script"; then
+  echo "Script should not use absolute /bin path" >&2
+  exit 1
+fi
+
+echo "All tests passed."

tests/test_reboot_if_required.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -e
+script="$(dirname "$0")/../reboot-if-required.sh"
+
+# positive: script checks for reboot-required file
+if ! grep -q '/var/run/reboot-required' "$script"; then
+  echo "Expected check for /var/run/reboot-required" >&2
+  exit 1
+fi
+
+# negative: ensure script ends with fi
+if ! tail -n 1 "$script" | grep -q '^fi$'; then
+  echo "Script should end with fi" >&2
+  exit 1
+fi
+
+echo "All tests passed."