Re: Update only of security vulnerabilities?
Op 09-04-15 om 11:31 schreef Rafał Radecki:
> Hi All :)
>
> Is usage of
>
> 1) # unattended-upgrade --dry-run
>
> command with proper configuration of
> /etc/apt/apt.conf.d/50unattended-upgrades file the best choice for
> checking available security updates?
>
> Another options as I found are:
>
> 2) #apt-get -s dist-upgrade | grep "^Inst" | grep -i security"
> 3) put all security repositories to a dedicated file (for example
> /etc/apt/security.sources.list) and run
>
> #apt-get -u upgrade --assume-no -o
> Dir::Etc::SourceList=/etc/apt/security.sources.list
>
> I found that in CentOS for example checking of available security
> updates is broken because of lack of errata info in their official
> repositories. So I want to be SURE that I am using the best command for
> the task :)
>
> How are you performing such checking?
Maybe unattented-upgrade is fine for you if you want only the security
updates. But I want a full "apt-get dist-upgrade". So I don't use the
stock unattended-upgrade of Wheezy. But unattended-upgrade in Jessie is
fine, when using a "*" config. See
/usr/share/doc/unattended-upgrade/README or something like that for the
details.
For Wheezy I use a backport what I've made myself. This is what I do:
Wheezy: http://vandervlis.nl/files/unat7
Jessie: http://vandervlis.nl/files/unat8
What I would like is autmatic install but only after a few days. I am
working on a script what does that. It's not well tested at the moment:
http://vandervlis.nl/files/updateafter
With regards,
Paul van der Vlis.
--
Paul van der Vlis Linux systeembeheer, Groningen
http://www.vandervlis.nl/
Reply to: