5

I'm trying to create a list of only the security updates available to an Ubuntu system using apt-get.

I'm very aware of this post How do I check only security updates from the command-line? but that only seems to work if there aren't any source lists present in /etc/apt/sources.list.d/

So far my code looks like this

#!/bin/bash
set -x

setup(){
        APTSRC="/etc/apt/sources.list"
        SECSRC="/etc/apt/secsource.list"
}

cleanup(){
        rm ${SECSRC}
}

get_updates(){
    grep trusty-security ${APTSRC} > ${SECSRC}
    apt-get -o Dir::Etc::sourcelist="${SECSRC##/*/}" -o Dir::Etc:sourceparts="." update &&  apt-get --assume-no upgrade
}

setup
get_updates
cleanup

It works for the most part, but because I have a few source lists present in /etc/apt/sources.list.d/ and it pulls those in. Is there a way I can avoid that via command line options?

I would like to add that we won't set up automatic updates. We just want a list of the updates.

Community
  • 1
Matthew
  • 51
  • 1
  • 3
  • I'm sure you can hack something together using this answer: http://askubuntu.com/a/443891/1736. It gives you the links of all installed packages that have updates available. Go through the result in a for loop and check if $(apt-cache policy $PACKAGE | grep trusty-security) is not empty. – mniess Dec 04 '14 at 01:39

1 Answers1

3

Install the package apt-show-versions and run

apt-show-versions | grep upgradeable | grep security

to get a listing like this:

firefox:amd64/trusty-security 33.0+build2-0ubuntu0.14.04.1 upgradeable to 34.0+build2-0ubuntu0.14.04.1
firefox-locale-en:amd64/trusty-security 33.0+build2-0ubuntu0.14.04.1 upgradeable to 34.0+build2-0ubuntu0.14.04.1
mniess
  • 10,546
  • This doesn't always list all of them. See https://askubuntu.com/questions/774805/how-to-get-a-list-of-all-pending-security-updates – Reinier Post May 11 '20 at 11:22