16

yum update --security installs only security updates. I think it's an extension from the yum-security plugin.

Is there an equivalent dnf command? (dnf replaced yum in Fedora 22)

Thomas Dickey
  • 75,040
  • 9
  • 171
  • 268
marcin
  • 663
  • 8
  • 13
  • 1
    JFTR : by https://bugzilla.redhat.com/show_bug.cgi?id=1234930 , this feature only is available in DNF 2 and upcoming Fedora 26 – Sérgio Mar 04 '17 at 01:03
  • 1
    Now dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2019-7cafbe66ba – Sérgio Dec 14 '19 at 00:36

4 Answers4

11

You can use dnf-automatic with three settings:

apply_updates = yes
download_updates = yes
upgrade_type = security

(Default configuration file is /etc/dnf/automatic.conf)

or using:

dnf updateinfo list security

to get all available updates, then update them manually.

cuonglm
  • 150,973
  • 38
  • 327
  • 406
8

Based on http://forums.fedoraforum.org/showthread.php?t=305905

#!/bin/bash

SECURITY_UPDATES_LIST=$( dnf --refresh -q updateinfo list sec | awk '{print $3}' )
SECURITY_UPDATES_NUM=`echo "$SECURITY_UPDATES_LIST" | sed '/^$/d' | wc -l`

if [ "$SECURITY_UPDATES_NUM" -eq 0 ]; then
  exit
fi

dnf upgrade -y $SECURITY_UPDATES_LIST
  • --refresh force repo sync
  • -y install automatically
  • SECURITY_UPDATES_NUM refined/fixed counting method, works for 0/1/infinity
Tomot
  • 205
  • 2
  • 4
  • 1
    The same as one-liner in bash (`-y` and `--refresh` can be added): `up=$(sudo dnf -q updateinfo list sec | awk '{print $3}'); [[ $up ]] && sudo dnf upgrade $up` – marcin Apr 05 '16 at 16:51
  • As a one-liner alias `alias security-update="pkgs=\$(sudo dnf --refresh -q updateinfo list sec | awk '{print \$3}'); [[ \$pkgs ]] && sudo dnf upgrade -y \$pkgs"` – Weston Ganger Jul 12 '19 at 03:32
3

You can put the dnf updateinfo list updates security in a for loop on the cli or bash script. I still highly recommend to review the security updates but you can always allow to throw in the -y command to dnf update

this is what works for me depending on some needs:

for i in $(dnf updateinfo list updates security | grep -Ei ^fedora | cut -d' ' -f3) ; do dnf update $i; done

Or a bit shorter with awk ( be aware this doesn't work with --refresh )

for i in $(dnf updateinfo list updates security | awk 'NR>1 {print $3}') ; do dnf update $i; done

for a dnf --refresh

for i in $(dnf updateinfo list updates security| dnf updateinfo list updates security| awk 'NR>1 {print $3}') ; do dnf update $i; done
GrandPuba
  • 31
  • 1
0

The before proposed methods didn't satisfy in my case. You can try this one and it's perhaps more perfect. Create file with name "dnfupdate-security" then paste python lines below or execute cmd:

cmd1: sudo touch /usr/bin/dnfupdate-security && sudo chmod +x /usr/bin/dnfupdate-security

cmd2: sudo gedit /usr/bin/dnfupdate-security

Next paste the python code into file 'dnfupdate-security', save it

Execution cmd: sudo dnfupdate-security

#!/usr/bin/python
"""
DESCRIPTION: Check for security updates and insert all the packages into "dnf update" as argument.
"""
import os

updateList = ''; x = ''

for x in os.popen("dnf -q updateinfo list sec | awk '{print $3}'"):
    x = x.strip()
    updateList = updateList+' '+x

if x != '':
    os.system('dnf update '+updateList)
else:
    print 'No security updates available at this time!'
LecTos Lacius
  • 1
  • 1
  • 1
    "more perfect" ? – don_crissti Mar 29 '16 at 13:47
  • This more perfect solution gives an IndentationError (because `import os` is in not at the beginning of the line (even if you remove the 3 leading spaces from each line). And even if I correct your inconsistent indentation, I get a SyntaxError. – Anthon Mar 29 '16 at 14:10
  • Dissing old answers is not something you should do. Some people may think the same thing about your code, i.e. it sucks. – MelBurslan Mar 29 '16 at 14:11
  • All critique's accepted positively. I done few edits. I tested all and it should work on fedora/redhat based systems... I didn't mean to say method before didn't work but in my case sucks?! :) – LecTos Lacius Mar 29 '16 at 15:03
  • so you put shell commands from Tomot's answer into python scripts changing `dnf upgrade -y` to `dnf update`. Any other substantial differences? – marcin Mar 29 '16 at 15:35
  • Indeed Im not sure what was wrong with tomot's code or it was very similar to someone else proposed from other place and it didn't work as it should. So I did it my way. But it works at least. I should probably verify tomots method first before i done my own, well...? At least we have one more method and is pyhtonian one... – LecTos Lacius Mar 29 '16 at 17:01