package management - Is this command to remove old kernels safe to use?

While browsing the internet for Ubuntu articles, I came across this command:

sudo dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purge

The author said that this is a single line command which will delete all the previous versions of Linux, leaving only the current one!

I'm actually looking for such a command, but I'm not so sure on how safe this is. I'd like to know:

• Whether it is safe to execute this command?


• How does this command work? i.e. explanation of small parts of such a big command


• If this command serves some different purpose, then what would be the correct command to achieve what the author claims it to do?

I become very confused and frustrated when I try to infer out all by myself. How does this command work for it contains numerous /, |, \, *, and ^ characters which are hard to Google for.

I am looking for a step by step translation & explanation for this command which I was unable to find across the internet!

I'd say: don't use it in the current form

1. It makes changes without asking you. The apt-get -y purge part allows the one-liner to start executing purging packages, without your confirmation. If any error in the script exists, then you could be screwed.




2. No source, no author given. The source of it makes a difference here. In case it would come from a thoroughly tested system package we can trace the testing being done onto it. From a random source, we can't trust it.




3. dpkg -l runs fine without sudo. I don't see why the original author thought this was necessary.

Use common sense

Remove the harmful parts and leave out anything that runs as root.

For example, cut it down to this:

dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d'

which just only outputs stuff and runs with regular user permissions. Once you agree with these kernels to be removed, you can append | xargs sudo apt-get purge yourself. It's without the -y option, intentionally, so you'll be asked for confirmation on the changes about to be made to your system.

Explanation

• dpkg -l Outputs the list of all packages. In this case it will only list packages starting with linux- as the name.


• | (a pipe) pipes the output of the command on the left (we call that stdout) to the input of the command on the right (we call that stdin).


• sed is a tool to manipulate strings using regular expressions. In this case it manipulates the output of the command on the left of the pipe and filters for installed packages (relying on the ii as given by dpkg). It is even being nested in this case. It would be too hard to explain the whole use of sed here, as its use is very complicated with the complex regular expressions. (the \(.*\)-\([^0-9]\+\)" is an example of a regular expression.


• Regular expressions are very widely used to find matches based on the expression they represent. \1 is the replacement reference to do a sort of universal search-and-replace (referencing to the first 'hit' with 1). The regular expression themselves can't do any harm. However, if they manipulate the input in a wrong way, they can have you remove the wrong packages or even do shell injection. In this case it looks like a way to find the name of the kernel package based on the version provided by uname -r.



• uname -r outputs the current version of the kernel running.


• xargs appends the lines of the input left of the pipe as arguments to the command. In this case, the kernel versions on each line are converted to a horizontal space-separated list and appended to the sudo apt-get command.


• sudo apt-get -y purge [packagename] purges (removes everything) of the packages given (as arguments).

Alternatives

Quite some question are probably already asked about this. Relevant ones I found so far: