Linux - display or upgrade security updates only using apt
Solution 1
apt
can’t (yet) provide the information you’re after. aptitude
can though, albeit somewhat confusingly:
aptitude search '~U ~ODebian' -F "%p %O"|awk '/Debian-Security/ {print $1}'
This searches all upgradable (~U
) packages from official Debian repositories (~ODebian
), and displays their package name (%p
) and “origin” (%O
). The latter actually displays the repository label, which is “Debian-Security:9/stable” for the Debian 9 security repositories. You end up with a list of upgradable package names from the security repositories.
There are a variety of ways to install only security upgrades, none of them ideal though.
aptitude
’s text interface allows only security upgrades to be applied, simply by scrolling to the “Security Updates” header (which should be the first one) and hitting +.-
You can feed the list of packages extracted above to
apt
to install the upgrades:aptitude search '~U ~ODebian' -F "%p %O" | awk '/Debian-Security/ {print $1}' | xargs apt-get install --only-upgrade
This has the unfortunate side-effect of clearing the “automatically installed” marker on upgraded packages.
-
You can use
unattended-upgrades
, whose default action is to only apply security upgrades:unattended-upgrades -v
If you don’t want upgrades to be installed automatically, you’ll need to disable
unattended-upgrades
’s daily cron job.
Solution 2
To display the security update you can use:
apt-get --just-print upgrade | grep -i security | awk '{print $2}' | awk '!seen[$0]++'
To apply only the security updates for 1 package:
apt-get install --only-upgrade pckg_name
To apply only the security updates from list:
list=$(apt-get --just-print upgrade | grep -i security | awk '{print $2}' | awk '!seen[$0]++')
apt-get install --only-upgrade $list
Related videos on Youtube
Comments
-
nath over 1 year
is there a way to list or install security upgrades only using apt?
if I list upgrades with:
apt list --upgradable
can I also see without knowing packages and libraries which upgrades are relevant security upgrades.
and furthermore is there an option to only apply those by skipping any others, so the non-security-relevant upgrades would be prompted again next time I run
apt upgrade
?-
Brian Salehi over 6 yearsso you have two questions, 1.print security updates, 2.update only selected packages, well I know that there are 6 links in sources.list and two of them are security related repo links, you can see which upgradable packages would be downloaded from each link by following command: sudo apt upgrade --no-upgrade --assume-no --print-uris
-
Brian Salehi over 6 yearsbut about second question, apparently you can choose a single package to be upgraded by the following command sudo apt upgrade --upgrade-only <package name> but this doesn't work for me, sorry
-