Linux - display or upgrade security updates only using apt
apt can’t (yet) provide the information you’re after. aptitude can though, albeit somewhat confusingly:
aptitude search '~U ~ODebian' -F "%p %O"|awk '/Debian-Security/ {print $1}'
This searches all upgradable (~U) packages from official Debian repositories (~ODebian), and displays their package name (%p) and “origin” (%O). The latter actually displays the repository label, which is “Debian-Security:9/stable” for the Debian 9 security repositories. You end up with a list of upgradable package names from the security repositories.
There are a variety of ways to install only security upgrades, none of them ideal though.
aptitude’s text interface allows only security upgrades to be applied, simply by scrolling to the “Security Updates” header (which should be the first one) and hitting +.You can feed the list of packages extracted above to
aptto install the upgrades:aptitude search '~U ~ODebian' -F "%p %O" | awk '/Debian-Security/ {print $1}' | xargs apt-get install --only-upgradeThis has the unfortunate side-effect of clearing the “automatically installed” marker on upgraded packages.
You can use
unattended-upgrades, whose default action is to only apply security upgrades:unattended-upgrades -vIf you don’t want upgrades to be installed automatically, you’ll need to disable
unattended-upgrades’s daily cron job.
To display the security update you can use:
apt-get --just-print upgrade | grep -i security | awk '{print $2}' | awk '!seen[$0]++'
To apply only the security updates for 1 package:
apt-get install --only-upgrade pckg_name
To apply only the security updates from list:
list=$(apt-get --just-print upgrade | grep -i security | awk '{print $2}' | awk '!seen[$0]++')
apt-get install --only-upgrade $list