How do I check only security updates from the command-line?
My question is just about detecting the availability of security updates
Yes, that's doable with the caveat that the normal apt-get update will do a full refresh when you next run it (20 MB means it's doing that anyway).
sudo sh -c 'grep precise-security /etc/apt/sources.list > /etc/apt/secsrc.listAnd if you then run the following, you'll see if there are any security updates available (sample output):
sudo sh -c 'apt-get -o Dir::Etc::sourcelist="secsrc.list" \ -o Dir::Etc::sourceparts="-" update && \ apt-get --assume-no upgrade'
This tells
apt-getto temporarily use the special security-only sources list, and then runsupgrade, automatically answering no.If there are any, run proper
apt-get update(which will do a full refresh), and then upgrade.You could make the above a bash script with a simple grep/exit code check at the end if you don't feel like parsing the apt-get output :)
This may not be exactly what the question is asking, but if you've already run apt update, you can see what security updates are available using:
sudo apt list --upgradable | grep -e "-security"
which will give you something like:
libssl1.0.0/xenial-updates,xenial-security 1.0.2g-1ubuntu4.9 i386 [upgradable from: 1.0.2g-1ubuntu4.8]
openssl/xenial-updates,xenial-security 1.0.2g-1ubuntu4.9 i386 [upgradable from: 1.0.2g-1ubuntu4.8]