I hope you're doing fine,
I'm looking for a way to install manually only security updates in an ubuntu machine
Anyone can help? thanks
Asked
Active
Viewed 166 times
-1
1 Answers
2
While possible, this is not recommended. But here you go anyway.
The software on your Ubuntu system comes (mostly) from repositories. They're divided up into pockets and sections. The sections are main, restricted, universe and multiverse. The pockets on a typical release like Ubuntu 22.04 LTS (Jammy) are called lunar (sometimes called release) updates, security, proposed and backports.
The repositories are typically configured with a file called /etc/apt/sources.list. That might look like this at a minimum.
Note: The order and formatting may be slightly different.
deb http://archive.ubuntu.com/ubuntu lunar main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu lunar-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu lunar-updates main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-proposed main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu lunar-security main restricted universe multiverse
The ones with a # hash at the start are commented out. That means when updating, your package manager won't see these lines, and won't look in those pockets.
If you only want to get security updates, you can comment out every line except the ones which mention security, thus:
#deb http://archive.ubuntu.com/ubuntu lunar main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu lunar-security main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-updates main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-proposed main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu lunar-security main restricted universe multiverse
The byproduct of this is you won't be able to install any new software, and won't get any bug-fixes that aren't delivered as security updates. But that's what I assume you're asking for.
What this won't deal with is updates via any other package managers like snap, flatpak or other third party packaging systems like npm, pip and so on.
popey
- 23,667
-
Thank you for the detailed feedback,
Why it is not recommended ? my need actually, is to upgrade only security related packages, the libs,bins and other applicative/OS packages will be upgraded on demanded (by the customer).
So if i modify the source file, i will be able to install the security packages by : apt-get update then apt-get upgrade ?
– Ocelot Apr 06 '23 at 09:09 -
Correct. My suggestion it's not recommended is just because they'll never get bug fixes. So if they have buggy software, it'll stay buggy, even if the Ubuntu developers patch it. – popey Apr 06 '23 at 09:13
-
1Yes i understand it, but in the case of a buggy software we will remodify the source file, and then install all the bug & Software fixes.
This is just a temporar solution, in the next month, we will implement azure update management center to patch automatically our linux VMs
– Ocelot Apr 06 '23 at 09:18
12.04tag to this question, as that release is long out of support. What release of Ubuntu are you actually using? – popey Apr 06 '23 at 08:28Yes you're right, it's just a mistake, the currect version of our systems is 20.04
– Ocelot Apr 06 '23 at 09:02The actual issue is that i want to make sure that my linux VMs are patched for a security perspective.
While patching the VMs, i do not want to update all the linux related components (Kernel,bin,dll...Etc) because it can have an impact on the VM and the application it is hosting.
That's why i want to find to apply only security updates on my linux VMs. (We do the same thing for windows VMs)
– Ocelot Apr 10 '23 at 08:57