In short it just means it installs the exact same packages every time. If you write `apt install something` without an explicit version you may get a newer version depending on how recently you've updated your package manager.
Our build server got burned by this because we wrote the line `apt update` within a Docker image. We did this at the time to get the most recent version of a package. Ideally we should have locked the version there, but we weren't really thinking of it until half a year later all our builds started failing. The package inadvertently updated and had breaking changes in it. With apt-lock you don't need to manually specify, you can just install once and then every reinstall will be the same (such as in a Docker image, or a new member joins your team and you're setting up their machine).
5 comments
[ 2.7 ms ] story [ 21.3 ms ] threadOur build server got burned by this because we wrote the line `apt update` within a Docker image. We did this at the time to get the most recent version of a package. Ideally we should have locked the version there, but we weren't really thinking of it until half a year later all our builds started failing. The package inadvertently updated and had breaking changes in it. With apt-lock you don't need to manually specify, you can just install once and then every reinstall will be the same (such as in a Docker image, or a new member joins your team and you're setting up their machine).
> future work > Rewrite in C or C++ to make it considerably smaller
if all it does is install via apt, record the version, and then refer to the lock file the next time it's called, why on earth would you use C?
I'd be surprised if you need more than ~50 lines of shell to do that, including help output, error handling, etc