Site Tools


start:orphanedcleanup

DATE CHECKED THIS PAGE WAS VALID: 14/09/2023

On testing it is possible a package is removed that you have installed, due to some issue with the package or that is is abandoned. For this reason it is a good idea to every now and again check that the packages on your system have not become orphaned and you still have a pretty clean system.

Note: You should keep a log of any orphaned packages you remove in case they are added back to testing, then you can install them again on the system.

Its also worthwhile checking if any recommended packages are missing from time to time. Its essentially just checking that what your system has is logical and will be kept up to date by apt. By doing this you will reduce the amount of problems you have as well as avoid having to reinstall your OS clean because you are auditing it and keeping it under control.

The first thing I like to do is ensure I have cleaned up any unneeded packages apt detects itself:

sudo apt-get dist-upgrade
sudo apt-get autoremove

If there were a lot of updates I would reboot here also just in case.

That is safe to do as apt is detecting what it needs and removes what it does not. However you should always read what it wants to remove and check you agree its logical.

Next thing I like to do is check if there were any recommended packages that I needed but did not get installed:

sudo apt-get install aptitude
sudo aptitude search '~RBrecommends:~i'

Aptitude can search for packages you have installed and then what packages they recommended you install. I dont suggest you install any or all of them, instead look to see fi there are any useful packages you would benefit from. Here is my list:

After reviewing the list I decided there was nothing appropriate for me. Its totally fine to not want anything in that list. Its simply what apt is suggesting.

Now I have a clean place to start from and the packages I want installed, I can now look for packages I dont want, and are orphaned.

Orphaned packages are bad, because they will never receive an update, can cause unexpected results if used by your system or have vulnerabilities that are known to everyone except your system. They no longer reside in any source in your apt package manager, for whatever reason, but can still be accessed by your box. So this is where we must tread carefully as we can break our install if we remove packages that we need, but somehow became orphaned, or didnt get replaced correctly.

In any case our overall goal should be to decide, do we want this? If yes - try to find why its no longer in the repositories we have configured. If no - see if removing it is dangerous.

We ideally want all packages to be in our repositories so they can get updated when needed. In practice this will almost be certainly impossible, but we can get close and ensure that things we cant resolve are at least known to us.

So here is the command:

sudo aptitude search '~o'

Here is my output:

So this output is interesting. I see that several packages are orphaned that need critical attention. The first package gcc-9-base is no longer in the testing repository. This is actually an issue that needs a resolution. It is a library. If I check what I have installed I can see I have installed gcc-10-base, gcc11-base and gcc-12-base.

I can see this by issuing command:

sudo dpkg-query -l 'gcc-*'

Here is example output:

This indicates that I dont need to have this outdated library on my box anymore, but I cannot be sure, so I first take a timeshift snapshot so I can revert if my box no longer reboots. Then I can remove the package and undo my change if there is a massive problem.

I will let you take a timeshift snapshot in your own time, but once done, I remove the package:

One thing that indicates to me I probably dont need it is that I did not get a bunch of other packages wanting to be removed afterwards.

I now move onto the next package listed by sudo aptitude search '~o'. It is hddtemp. This seems like something I might need, but I am going to remove it anyway. Im pretty sure I can fix getting my temps back if they stop showing and I dont believe it is critical to the functioning of the system.

I also remove it with apt-get.

Next is the libraries for DVD decoding. im going to remove these also as I dont have a DVD drive in the machine. I do an apt-get purge libdvdcss-dev libdvdcss2 libdvdcss2-dbgsym and the 3 packages come off.

Libffi7 is similar to the gcc-9-base we had earlier. There is a later library installed when I check with sudo dpkg-query -l 'libffi*' so I will remove it also.

I dont need libogmrip1 so I also remove it.

You will note I do each package one at a time so I can be very sure I dont take off too many things.

When I try purge this package I see it wants to remove quite a few packages. These allow me to play various media such as ogg vorbis so instead I dont remove this package:

Instead I must now investigate why this is orphaned. Debian has a package tracker at tracker.debian.org

Going here and entering this package I get the reason its orphaned:

So here is a problem when running testing. This package is blocked from entering testing as it has a problem, so it exists in stable and unstable(sid) but not in testing. Either this will be fixed by the maintainer of when debian finally ships as stable it will be resolved some other way (ie removed, replaced etc). We will need to keep this orphaned package for now and revisit this problem in the future to see if it is fixed and if and when testing becomes stable, decide how to overcome this hurdle at that point (ie abandon these packages, or fins suitable replacements etc).

So I leave this problem for later in the hopes the bugs surrounding it will be fixed. If you able to help the debian project, you can also volunteer to help resolve problems and contribute code etc.

I carry on removing and or resolving issue in this way with all the packages listed. i wont go over all of them but essentially I remove libsepol1 linux-headers-5.16.0-6-amd64 linux-headers-5.16.0-6-common linux-image-5.16.0-6-amd64 linux-kbuild-5.16 (I am using a later kernel). That is about it.

One other package I did not remove was nomachine, as I knew why that was orphaned (it has no repo and you download it from the manufacturers website). Also steam libs as this package is used for games and managed by the steam installer. Also I am leaving xserver-xorg-video-qxl for now.

My orphaned packages are now:

So you can see I am not removing everything, but I am keeping track, and when bookworm becomes stable, before upgrading to the next testing branch I will resolve all of the problems so that there are zero orphaned packages, before upgrading to testing again (with the exception of packages I can identify why they are orphaned such as steam-libs and nomachine).

I then reboot my machine and check everything is working. I recommend keeping the timeshift snapshot a few days in case you don't notice something broken right away.


Another thing that can happen is that packages get marked for manual install that over time you no longer need.

You can check what packages are marked for manual installation by running:

sudo aptitude search '!~M ~i !~E !~prequired !~pimportant !~pstandard' 

Or alternatively a less filtered option

aptitude search '!~M ~i'

You will have to check carefully if you want all the packages in there. Removing all of them without any thought would break your system and there should be no harm leaving them alone but if you do want to clean your system a bit its another thing to check. Output example:

start/orphanedcleanup.txt · Last modified: 2023/09/14 20:47 by peter