17

Is there a way to quickly check for the availability of security updates from the command line?

On my 12.04 system running apt-get update fetches 20MB of data about available packages every time I run it, hitting many repositories along the way. Then I can use any of the methods described here to actually perform the update.

My question is just about detecting the availability of security updates (ie, not performing the actual upgrade using apt-get/aptitude/etc): is there a quick check that can be done from the command line that provides a yes-no answer the question "are there security updates available?". I would like to run that before running the lengthy apt-get update + actual upgrade.

I suppose I don't need to download 20MB of data to know the answer to that every day.

Community
  • 1
laramichaels
  • 545
  • Check this: http://askubuntu.com/questions/65245/apt-get-update-only-for-a-specific-repository http://askubuntu.com/questions/27362/how-to-only-install-updates-from-a-specific-repository –  Jun 17 '12 at 17:31
  • You mean the apt-get update fetches 20MB of package metadata? – Jeremy Kerr Jun 18 '12 at 03:28
  • @JeremyKerr: yes, it does if you are on the main (archive/us.archive) server because the package lists are updated every half-hour...there's one or two long threads about it on AU from international/low-speed users who are very disappointed about it. – ish Jun 18 '12 at 07:55
  • @izx: interesting, just ran a test using apt-get update using an Australian mirror (I'm in .au); total downloaded was 1.3MB. – Jeremy Kerr Jun 18 '12 at 07:59

2 Answers2

11

My question is just about detecting the availability of security updates

Yes, that's doable with the caveat that the normal apt-get update will do a full refresh when you next run it (20 MB means it's doing that anyway).

  • sudo sh -c 'grep precise-security /etc/apt/sources.list > /etc/apt/secsrc.list

  • And if you then run the following, you'll see if there are any security updates available (sample output):

    sudo sh -c 'apt-get -o Dir::Etc::sourcelist="secsrc.list" \
-o Dir::Etc::sourceparts="-" update && \
apt-get --assume-no upgrade'

  • This tells apt-get to temporarily use the special security-only sources list, and then runs upgrade, automatically answering no.

  • If there are any, run proper apt-get update (which will do a full refresh), and then upgrade.

  • You could make the above a bash script with a simple grep/exit code check at the end if you don't feel like parsing the apt-get output :)

ish
  • 139,926
  • this is exactly what I was looking for, many thanks!:) one quick question: my /etc/apt/secsrc.list file makes no reference to the 'partners' repository (just to 'main restricted', 'universe' and 'multiverse'), will I still get notified of security updates for the packages in that repository? – laramichaels Jun 20 '12 at 12:05
  • @laramichaels, the partners repository contains just fifteen packages, and these are basically proprietary binaries wrapped in a .deb. Incremental "security" updates are not released for these, and I imagine even regular updates are infrequent (think Adobe Reader). I'd just add the actual repository (deb http://archive.canonical.com/ubuntu precise partner) to secsrc.list given the tiny size (5 kb) of the partner update file. – ish Jun 21 '12 at 00:43
  • @laramichaels, I also added a more detailed answer to your previous question about the partner security updates aspect. The accepted answer was erroneous IMO, so please have a look when you have a free moment and accept mine instead if you think it's better. – ish Jun 21 '12 at 01:24
  • 1
    What is this bit for? -o Dir::Etc::sourceparts="-" – ChocoDeveloper Dec 04 '12 at 19:16
  • @ChocoDeveloper I guess (after searching online) because there is a bug reported online, with title Bug#449386: To use a separate sources.list, OPTIONS needs to set Dir::Etc::SourceParts along with Dir::Etc::SourceList. – NoOne Sep 26 '20 at 19:44
2

This may not be exactly what the question is asking, but if you've already run apt update, you can see what security updates are available using:

sudo apt list --upgradable | grep -e "-security"

which will give you something like:

libssl1.0.0/xenial-updates,xenial-security 1.0.2g-1ubuntu4.9 i386 [upgradable from: 1.0.2g-1ubuntu4.8]
openssl/xenial-updates,xenial-security 1.0.2g-1ubuntu4.9 i386 [upgradable from: 1.0.2g-1ubuntu4.8]
Steve
  • 202