TranslateProject/sources/tech/20210830 How to install only security and bugfixes updates with DNF.md
DarkSun 80161a267d 选题[tech]: 20210830 How to install only security and bugfixes updates with DNF
sources/tech/20210830 How to install only security and bugfixes updates with DNF.md
2021-08-31 05:03:16 +08:00

11 KiB
Raw Blame History

How to install only security and bugfixes updates with DNF

Photo by Scott Webb on Unsplash

This article will explore how to filter the updates available to your Fedora Linux system by type. This way you can choose to, for example, only install security or bug fixes updates. This article will demo running the dnf commands inside toolbox instead of using a real Fedora Linux install.

You might also want to read Use dnf updateinfo to read update changelogs before reading this article.

Introduction

If you have been managing system updates for Fedora Linux or any other GNU/Linux distro, you might have noticed how, when you run a system update (with dnf update, in the case of Fedora Workstation), you usually are not installing only security updates.

Due to how package management in a GNU/Linux distro works, generally (with the exception of software running in a container, under Flatpak, or similar technologies) you are updating every single package regardless of whether its a “system” software or an “app”.

DNF divides updates in three types: “security”, “bugfix” and “enhancement”. And, as you will see, DNF allows filtering which types you want to operate on.

But, why would you want to update only a subset of packages?

Well, this might depend on how you personally choose to deal with system updates. If you are not comfortable at the moment with updating everything, then restricting the current update to only security updates might be a good choice. You could also install bug fix updates as well and only install enhancements and other types of updates during a future opportunity.

How to filter security and bug fix updates

Start by creating a Fedora Linux 34 toolbox:

toolbox create --distro fedora --release f34 updatefilter-demo

Then enter that toolbox:

toolbox enter updatefilter-demo

From now on commands can be run on a real Fedora Linux install.

First, run dnf check-update to see the unfiltered list of packages:

$ dnf check-update
audit-libs.x86_64                        3.0.5-1.fc34                   updates
avahi.x86_64                             0.8-14.fc34                    updates
avahi-libs.x86_64                        0.8-14.fc34                    updates
...
vim-minimal.x86_64                       2:8.2.3318-1.fc34              updates
xkeyboard-config.noarch                  2.33-1.fc34                    updates
yum.noarch                               4.8.0-1.fc34                   updates

DNF supports passing the types of updates to operate on as parameter: security for security updates, bugfix for bug fix updates and enhancement for enhancement updates. Those work on commands such as dnf check-update, dnf update and dnf updateinfo.

For example, this is how you filter the list of available updates by security updates only:

$ dnf check-update --security
avahi.x86_64                               0.8-14.fc34                  updates
avahi-libs.x86_64                          0.8-14.fc34                  updates
curl.x86_64                                7.76.1-7.fc34                updates
...
libgcrypt.x86_64                           1.9.3-3.fc34                 updates
nettle.x86_64                              3.7.3-1.fc34                 updates
perl-Encode.x86_64                         4:3.12-460.fc34              updates

And now same thing but by bug fix updates only:

$ dnf check-update --bugfix
audit-libs.x86_64                      3.0.5-1.fc34                     updates
ca-certificates.noarch                 2021.2.50-1.0.fc34               updates
coreutils.x86_64                       8.32-30.fc34                     updates
...
systemd-pam.x86_64                     248.7-1.fc34                     updates
systemd-rpm-macros.noarch              248.7-1.fc34                     updates
yum.noarch                             4.8.0-1.fc34                     updates

They can even be combined, so you can use two or more of them at the same time. For example, you can filter the list to show both security and bug fix updates:

$ dnf check-update --security --bugfix
audit-libs.x86_64                      3.0.5-1.fc34                     updates
avahi.x86_64                           0.8-14.fc34                      updates
avahi-libs.x86_64                      0.8-14.fc34                      updates
...
systemd-pam.x86_64                     248.7-1.fc34                     updates
systemd-rpm-macros.noarch              248.7-1.fc34                     updates
yum.noarch                             4.8.0-1.fc34                     updates

As mentioned, dnf updateinfo also works with this filtering, so you can filter dnf updateinfo, dnf updateinfo list and dnf updateinfo info. For example, for the list of security updates and their IDs:

$ dnf updateinfo list --security
FEDORA-2021-74ebf2f06f Moderate/Sec.  avahi-0.8-14.fc34.x86_64
FEDORA-2021-74ebf2f06f Moderate/Sec.  avahi-libs-0.8-14.fc34.x86_64
FEDORA-2021-83fdddca0f Moderate/Sec.  curl-7.76.1-7.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec.  glibc-2.33-20.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec.  glibc-common-2.33-20.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec.  glibc-minimal-langpack-2.33-20.fc34.x86_64
FEDORA-2021-8b25e4642f Low/Sec.       krb5-libs-1.19.1-14.fc34.x86_64
FEDORA-2021-83fdddca0f Moderate/Sec.  libcurl-7.76.1-7.fc34.x86_64
FEDORA-2021-31fdc84207 Moderate/Sec.  libgcrypt-1.9.3-3.fc34.x86_64
FEDORA-2021-d1fc0b9d32 Moderate/Sec.  nettle-3.7.3-1.fc34.x86_64
FEDORA-2021-92e07de1dd Important/Sec. perl-Encode-4:3.12-460.fc34.x86_64

If desired, you can install only security updates:

# dnf update --security
================================================================================
 Package                     Arch        Version             Repository    Size
================================================================================
Upgrading:
 avahi                       x86_64      0.8-14.fc34         updates      289 k
 avahi-libs                  x86_64      0.8-14.fc34         updates       68 k
 curl                        x86_64      7.76.1-7.fc34       updates      297 k
...
 perl-Encode                 x86_64      4:3.12-460.fc34     updates      1.7 M
Installing weak dependencies:
 glibc-langpack-en           x86_64      2.33-20.fc34        updates      563 k

Transaction Summary
================================================================================
Install   1 Package
Upgrade  11 Packages

Total download size: 9.7 M
Is this ok [y/N]:

Or even to install both security and bug fix updates while ignoring enhancement updates:

# dnf update --security --bugfix
================================================================================
 Package                      Arch     Version                  Repo       Size
================================================================================
Upgrading:
 audit-libs                   x86_64   3.0.5-1.fc34             updates   116 k
 avahi                        x86_64   0.8-14.fc34              updates   289 k
 avahi-libs                   x86_64   0.8-14.fc34              updates    68 k
...
 rpm-plugin-systemd-inhibit   x86_64   4.16.1.3-1.fc34          fedora     23 k
 shared-mime-info             x86_64   2.1-2.fc34               fedora    374 k
 sqlite                       x86_64   3.34.1-2.fc34            fedora    755 k

Transaction Summary
================================================================================
Install  11 Packages
Upgrade  45 Packages

Total download size: 32 M
Is this ok [y/N]:

Install only specific updates

You may also choose to only install the updates with a specific ID, such as FEDORA-2021-74ebf2f06f for avahi by using advisory and specifying the ID:

# dnf update --advisory=FEDORA-2021-74ebf2f06f
================================================================================
 Package             Architecture    Version             Repository        Size
================================================================================
Upgrading:
 avahi               x86_64          0.8-14.fc34         updates          289 k
 avahi-libs          x86_64          0.8-14.fc34         updates           68 k

Transaction Summary
================================================================================
Upgrade  2 Packages

Total download size: 356 k
Is this ok [y/N]:

Or even multiple updates, with advisories:

# dnf update --advisories=FEDORA-2021-74ebf2f06f,FEDORA-2021-83fdddca0f
================================================================================
 Package            Architecture   Version                Repository       Size
================================================================================
Upgrading:
 avahi              x86_64         0.8-14.fc34            updates         289 k
 avahi-libs         x86_64         0.8-14.fc34            updates          68 k
 curl               x86_64         7.76.1-7.fc34          updates         297 k
 libcurl            x86_64         7.76.1-7.fc34          updates         284 k

Transaction Summary
================================================================================
Upgrade  4 Packages

Total download size: 937 k
Is this ok [y/N]:

Conclusion

In the end it all comes down to how you personally prefer to manage your updates. But if you need, for whichever reason, to only install security updates, then these filters will surely come in handy!


via: https://fedoramagazine.org/how-to-install-only-security-and-bugfixes-updates-with-dnf/

作者:Mateus Rodrigues Costa 选题:lujun9972 译者:译者ID 校对:校对者ID

本文由 LCTT 原创编译,Linux中国 荣誉推出