How do you use apt-get to only install critical security updates on ubuntu?
We'd like to only upgrade packages that need to be upgraded for security reasons, without upgrading all other packages.
How do you use apt-get to only install critical security updates on ubuntu?
We'd like to only upgrade packages that need to be upgraded for security reasons, without upgrading all other packages.
I read the apt-get man page carefully when I got tired of manually editing the sources.list every time I wanted to only apply security updates (that means the second time).
Figured this solution out:
sudo cp /etc/apt/sources.list /etc/apt/security.sources.list
Edit the latter to contain only security repositories, then:
sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list
Tadaaaa... Scriptable stuff.
If you are just looking to do this quickly once, instead of creating a separate repository and scripting up some automation and all that. Great if you aren't supposed to be making changes while auditing a system or whatever.
These two commands will spit out the list. Pipe to wc -l to see how many are behind. ;-)
grep security /etc/apt/sources.list > /tmp/security.list
sudo apt-get upgrade -oDir::Etc::Sourcelist=/tmp/security.list -s
Still valid for older distros or if you have update repos off, but security on:
sudo apt-get upgrade -s| grep ^Inst |grep Security
I don't know if it will work, but apt has it's sources in /etc/apt/sources.list and/or /etc/sources.list.d/
Why not edit the file, and comment all lines that are not part of the security updates ?
The security lines for apt should be something like this:
deb http://security.ubuntu.com/ubuntu ..... ..... ...
Leave those lines alone and comment all the others.
What I do:
apt-get update
apt-get install -y --only-upgrade $( apt-get --just-print upgrade | awk 'tolower($4) ~ /.*security.*/ || tolower($5) ~ /.*security.*/ {print $2}' | sort | uniq )