I’ve used Debian and Ubuntu for a long while now, and managing its list of software sources has never been that much of a joy. It’s easy enough to add things in, but removing them is not always a great thing to do. If you have software installed from one of these sources, you probably want the updates, for security reasons if nothing else.

Still, I managed to go on a tear, installing all sorts of applications, and when the smoke cleared I was pretty sure I didn’t need everything that I had. It was time for a bit of cleaning up. Problem is, the APT tools don’t give you a lot of insight into how to proceed.

Disclaimer

I should add that there’s a good reason for this obscurity: if you have a package, and you drop the source, again, you run a good risk of having that software installed and never able to be updated.

Generate list

With your safety hat on, you can now proceed to running the following command:

for i in `dpkg --get-selections | cut -f1`; do \
  grep -lr "^Filename: .*/${i}" \
    /var/lib/apt/lists/ 2>/dev/null >> /tmp/list; \
done

The first line gets a list of the software which you have either installed or half installed (“deinstall”). For each of these packages, then, we perform a grep to look for that package in all the files in /var/lib/apt/lists/.

Process list

This list which you created is a bit of a mess. Each line is the filename from which you found the package, which corresponds to one of your software sources. Luckily, two stock utilities can clean this up:

sed 's/-[a-z0-9]\+_Packages$//' list | sort | uniq

You can omit the sed command if you’d like, but it will filter out duplicates for each architecture — well, in my case anyway, for amd64 and i386. The list still needs room for a bit of interpretation, but it should be easy enough to tie each line to a record in the /etc/apt/sources.list file, or in one of potentially many files in /etc/apt/sources.list.d/.

I’ve had a self-signed certificate for my own site for a long while now, and it’s served me quite well. It’s free, after all, and I’m not running any sort of commerce or anything else for other users.

With Android, Chrome will give a warning every time you visit a site with a self-signed cert, and the only way to bypass that is to add the certificate to your device manually. This also affects the Android WordPress application, and any other connections in the system that access those resources.

As is in Google’s documentation, you can add your own certificates to the phone, but it has to be in the DER or PKCS#12 format. This is different from the usual PEM format which you would set up for your website, but thankfully a few lines of a shell script and the OpenSSL toolkit will get you on your way:

echo | \
  openssl s_client -connect ${SERVER}:${PORT} 2>&1 | \
  sed -n '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | \
  openssl x509 -outform DER -out ${SERVER}.crt

First, you want the echo command because you do not want to communicate too long with the server, via the first s_client method. It’s just the first handshake that you need, at which point you will close the connection.

The sed utility then takes that output, and isolates the lines which are tied to the PEM key. This PEM is then piped into the x509 method, converting to the DER format.

Pop that resulting .crt file into the root directory of your phone, then go to the Settings -> Personal -> Security -> Credential Storage -> Install from storage. It’ll find your self-signed cert, at which point you can use it without the error messages in any of your applications.

You can then remove any of these certificates via “Trusted credentials” under the similar “Credential Storage” area, and clicking on the “User” tab. Click on the certificate, and scroll the detail view to the bottom to reveal the (otherwise hidden) “Remove” button.