Open webmozart opened 2 years ago
We're encountering this issue as well. FWIW you can purge all such packages with this command: dpkg --list |grep "^rc" | cut -d " " -f 3 | xargs sudo dpkg --purge
which purges all packages in the DPKG registry of status rc
(configuration remains but the package is uninstalled).
It would be great if rc
packages were ignored instead however.
On Ubuntu 20.04, the package list collected by SSM contains not only installed packages, but all packages in the DPKG registry, i.e. also those already uninstalled but where configuration is not purged yet. Like that, the package list is unusable. Furthermore, AWS Inspector (which is the reason I'm here) reports vulnerabilities for packages that are not even installed anymore.
Is this a bug?
I already traced it back to this commit: https://github.com/aws/amazon-ssm-agent/commit/87594da86a50c859caada0d49d1cfb4c8ae3290f
On Debian-based systems,
dpkg-query -W
is used to collect the list of packages. From the docs:(emphasis put on "regardless of their status")
Why is that so? I can't believe nobody reported this so far?