How to install only security patches from the command line on Debian and Ubuntu

Did it ever happen to you that you have to upgrade a server to the latest available security packages only to find out – for whatever reason – that there are way to much packages in the pipe? Doing a complete upgrade might break things… But security packages have to be applied, of course. There are many things to do it, manually if you know what package you want. Or visually with aptitude. Or with one of these solutions here.

Solution 1: „As a service“ with unattended-upgrades

You might already know the unattended-upgrades package. As the name implies it upgrades packages automatically and so keeps things up-to-date with little effort. There’s an option to only update security patches.

Solution 2: On demand with apt

But if you don’t want or can use unattended-upgrades, there is another quick way using „apt-get“ only.

Create a new package sources file first that includes only the security repositories, for example by grepping and piping like this:

cat /etc/apt/sources.list|grep secu >/etc/apt/security.sources.list

The file should contain a list of the relevant repositories. Take a look at this example from a little outdated Ubuntu box (10.10):

deb maverick-security main restricted
deb-src maverick-security main restricted
deb maverick-security universe
deb-src maverick-security universe
deb maverick-security multiverse
deb-src maverick-security multiverse

The trick is then to pass apt-get an option to read the sources from the created file like this:

apt-get upgrade -oDir::Etc::SourceList=/etc/apt/security.sources.list

You’re done.

(And now give unattended-upgrades a try…)


Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.