dnf equivalent of "yum update --security"

You can use dnf-automatic with three settings:

apply_updates = yes
download_updates = yes
upgrade_type = security

(Default configuration file is /etc/dnf/automatic.conf)

or using:

dnf updateinfo list security

to get all available updates, then update them manually.


Based on http://forums.fedoraforum.org/showthread.php?t=305905

#!/bin/bash

SECURITY_UPDATES_LIST=$( dnf --refresh -q updateinfo list sec | awk '{print $3}' )
SECURITY_UPDATES_NUM=`echo "$SECURITY_UPDATES_LIST" | sed '/^$/d' | wc -l`

if [ "$SECURITY_UPDATES_NUM" -eq 0 ]; then
  exit
fi

dnf upgrade -y $SECURITY_UPDATES_LIST
  • --refresh force repo sync
  • -y install automatically
  • SECURITY_UPDATES_NUM refined/fixed counting method, works for 0/1/infinity

You can put the dnf updateinfo list updates security in a for loop on the cli or bash script. I still highly recommend to review the security updates but you can always allow to throw in the -y command to dnf update

this is what works for me depending on some needs:

for i in $(dnf updateinfo list updates security | grep -Ei ^fedora | cut -d' ' -f3) ; do dnf update $i; done

Or a bit shorter with awk ( be aware this doesn't work with --refresh )

for i in $(dnf updateinfo list updates security | awk 'NR>1 {print $3}') ; do dnf update $i; done

for a dnf --refresh

for i in $(dnf updateinfo list updates security| dnf updateinfo list updates security| awk 'NR>1 {print $3}') ; do dnf update $i; done

Tags:

Fedora

Dnf