Join Log in
Score:-1
Ocelot avatar Ubuntu

Install only Security packages in Ubuntu

US flag
Ocelot

I hope you're doing fine,

I'm looking for a way to install manually only security updates in an ubuntu machine

Anyone can help? thanks

81
1 + 8
pl flag
popey
I assume you mistakenly added the `12.04` tag to this question, as that release is long out of support. What release of Ubuntu are you actually using?
0
Reply
cn flag
Rinzwind
You will not be able to: 12.04 does not have anything to install as there are no repositories anymore.
0
Reply
Ocelot avatar
md
Ocelot
Hello, Yes you're right, it's just a mistake, the currect version of our systems is 20.04
0
Reply
Ocelot avatar
md
Ocelot
I just corrected the tag, sorry !
1
Reply
karel avatar
sa flag
karel
Does this answer your question? [How can I install just security updates from the command line?](https://askubuntu.com/questions/194/how-can-i-install-just-security-updates-from-the-command-line)
0
Reply
Ocelot avatar
md
Ocelot
Thank you karel for your help but no, because this topic is disccusing an automatic security update install, in my case, i want it to be manual
0
Reply
user535733 avatar
cn flag
user535733
This seems like a possible [XY Question](https://en.wikipedia.org/wiki/XY_problem). "*Manually installing security updates*" is, for most users, a Very Bad Idea because it's already handled automatically. So perhaps we misunderstand what you are actually seeking, or some other problem has led you to the conclusion that manual is a great solution. Editing the question to clearly explain the actual problem (not how to implement the desired solution) is likely to result in more useful answers.
0
Reply
Ocelot avatar
md
Ocelot
Hello user535733, The actual issue is that i want to make sure that my linux VMs are patched for a security perspective. While patching the VMs, i do not want to update all the linux related components (Kernel,bin,dll...Etc) because it can have an impact on the VM and the application it is hosting. That's why i want to find to apply only security updates on my linux VMs. (We do the same thing for windows VMs)
0
Reply
Score:2
avatar Ubuntu
pl flag
popey

While possible, this is not recommended. But here you go anyway.

The software on your Ubuntu system comes (mostly) from repositories. They're divided up into pockets and sections. The sections are main, restricted, universe and multiverse. The pockets on a typical release like Ubuntu 22.04 LTS (Jammy) are called lunar (sometimes called release) updates, security, proposed and backports.

The repositories are typically configured with a file called /etc/apt/sources.list. That might look like this at a minimum.

Note: The order and formatting may be slightly different.

deb http://archive.ubuntu.com/ubuntu lunar main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu lunar-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu lunar-updates main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-proposed main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu lunar-security main restricted universe multiverse

The ones with a # hash at the start are commented out. That means when updating, your package manager won't see these lines, and won't look in those pockets.

If you only want to get security updates, you can comment out every line except the ones which mention security, thus:


#deb http://archive.ubuntu.com/ubuntu lunar main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu lunar-security main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-updates main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-proposed main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu lunar-security main restricted universe multiverse

The byproduct of this is you won't be able to install any new software, and won't get any bug-fixes that aren't delivered as security updates. But that's what I assume you're asking for.

What this won't deal with is updates via any other package managers like snap, flatpak or other third party packaging systems like npm, pip and so on.

+ 3
Ocelot avatar
md
Ocelot
Thank you for the detailed feedback, Why it is not recommended ? my need actually, is to upgrade only security related packages, the libs,bins and other applicative/OS packages will be upgraded on demanded (by the customer). So if i modify the source file, i will be able to install the security packages by : apt-get update then apt-get upgrade ?
0
Reply
pl flag
popey
Correct. My suggestion it's not recommended is just because they'll never get bug fixes. So if they have buggy software, it'll stay buggy, even if the Ubuntu developers patch it.
0
Reply
Ocelot avatar
md
Ocelot
Yes i understand it, but in the case of a buggy software we will remodify the source file, and then install all the bug & Software fixes. This is just a temporar solution, in the next month, we will implement azure update management center to patch automatically our linux VMs
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.