I am curious regarding how many packages existed on my system. Then I got to wondering how many are Google projects? How many are Apache projects? Are all packages fully installed?
§Get a list of packages into sqlite
First, one needs to create the sqlite3 file. The following bash script generates a
.csv file with a header (that’s the echo command on the third line) and a
dpkg-query incantation. Then the script prepares a sqlite file and imports
the .csv as a SQLite table.
Yup, the .csv generation contains a minute hack. There are no restrictions
on where commas may appear in most of these fields printed out using
dpkg-query. However, by convention & in practice, I didn’t find any
commas. But, you have been warned™.
tempfile=$(mktemp -t debianpackagecsv.XXXXXXXXXXXXX)
{
echo 'Package,Version,Architecture,Homepage,Status'
dpkg-query -W -f '"${Package}","${Version}","${Architecture}","${Homepage}","${Status}"\n'
} > "$tempfile"
sqlite3 packages.sqlite3 <<EOF
DROP TABLE IF EXISTS packages;
.mode csv
.import ${tempfile} packages
EOF
rm "$tempfile"
sqlite3 packages.sqlite3 'SELECT COUNT(*) FROM packages'
6143
As of my typing this text on my daily driver, this computer has 6182 packages installed. If the above number does not match 6182, it is probably due to installing more bloat, er, I mean, packages.
§All fully installed packages (no config files)
Okay, now are all packages fully installed? This is Debian funny business.
sqlite3 packages.sqlite3 '
SELECT COUNT(*)
FROM packages
WHERE Status = "install ok installed"'
6034
Nope. The numbers don’t match. Something to look into, perhaps for another post.
If it ain’t broke, don’t fix it.
Or that’s what I like to remind myself when the personal computer tries to siphon off my time.
§Google installed packages
Now let’s see how many packages are installed with Google in the Homepage?
sqlite3 packages.sqlite3 '
SELECT Package,Architecture,Homepage
FROM packages
WHERE Status = "install ok installed" AND Homepage LIKE "%google%";'
Whew! Thanks for scrolling. 69 packages. I didn’t know about zopfli. Apparently zopfli is a C library for compressing data using DEFLATE, gzip, and zlib compression formats. Moreover, zopfli is designed to generate the most compressed DEFLATE, gzip, zlib data. Meaning it’s slow to run but the storage sizes of the compressed data are less than other existing libraries.
Sidenote, apparently libarchive exists on a LOT of computers. Most infosec fans would agree that zlib is already a great supply chain attack vector if only for the sheer number of developers deploying zlib. Libarchive is getting up there! Libarchive ships on modern Windows and macOS. File interchange formats are hard to get right. Could libarchive be ripe for security research?
§Apache packages
Similar invocation to the Google query. This time filter on Homepages with “Apache” in their text.
Yup 128 packages. Thanks for scrolling!
I hadn’t heard of ivy before. Upon a cursory flick through ivy’s homepage, it
purportedly is the dependency resolver used in Apache Ant. Ant is a build tool
not dissimilar to make in that it streamlines taking files and transforming
the said files into derived data. One common example: a dependency manager can
be employed to track dependencies when compiling a program from source code.
§Something to try?
Something to try, for the curious: basic package stats — how many packages do you have installed? More pressingly, consider a stroll through the installed package list. Research a few unfamiliar packages. Do this a lot and you’ll understand virtually every individual software package on your computer.