Did it ever happen to you that you have to upgrade a server to the latest available security packages only to find out – for whatever reason – that there are way to much packages in the pipe? Doing a complete upgrade might break things… But security packages have to be applied, of course. There are many things to do it, manually if you know what package you want. Or visually with aptitude. Or with one of these solutions here.
Solution 1: „As a service“ with unattended-upgrades
You might already know the unattended-upgrades package. As the name implies it upgrades packages automatically and so keeps things up-to-date with little effort. There’s an option to only update security patches.
Solution 2: On demand with apt
But if you don’t want or can use unattended-upgrades, there is another quick way using „apt-get“ only.
Create a new package sources file first that includes only the security repositories, for example by grepping and piping like this:
cat /etc/apt/sources.list|grep secu >/etc/apt/security.sources.list
The file should contain a list of the relevant repositories. Take a look at this example from a little outdated Ubuntu box (10.10):
deb http://security.ubuntu.com/ubuntu maverick-security main restricted deb-src http://security.ubuntu.com/ubuntu maverick-security main restricted deb http://security.ubuntu.com/ubuntu maverick-security universe deb-src http://security.ubuntu.com/ubuntu maverick-security universe deb http://security.ubuntu.com/ubuntu maverick-security multiverse deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse
The trick is then to pass apt-get an option to read the sources from the created file like this:
apt-get upgrade -oDir::Etc::SourceList=/etc/apt/security.sources.list
You’re done.
(And now give unattended-upgrades a try…)