Article proposal: How to only install security and bugfixes updates with dnf

Hello, all.

This article builds up on my previous one about reading changelogs with updateinfo and is also based on a comment on that article (that hasn’t been approved yet) but that asks if there’s any way to only update packages which have security fixes available.

So, after some reading of the dnf --help text, the man page and some testing I noticed that adding --security to a dnf command such as dnf check-update, dnf updateinfo and dnf update will only filter by security fixes.

The article plan right now is:

  • Present the reader with --security, --bugfix and --enhancement, and explain how they can act as a filter to some dnf commands
  • Show the user how filtering works by demonstrating dnf check-update --security, dnf check-update --bugfix and dnf check-update --security --bugfix
  • Show dnf updateinfo to the user again and mention the previous article
  • Comment on how dnf updateinfo and its subcommands can also be filtered
  • Show dnf updateinfo info only for the security updates
  • Finally show the output for dnf update --security --bugfix

I think showing how to install both bugfix and security updates at once is better than just showing for security updates, but ideally the article should be clear enough so the reader can understand that he can use any combination of --security, --bugfix and --enhancement.

Waiting for feedback!

1 Like

Sounds great! +1 :slight_smile:

+1, @mateusrodcosta I’ve created Taiga card #376 to track you article progress.

Thank you for your contribution.

Keep in mind that partial updates are not supported at all. You can easily wind up installing updates that depend on other updates that are not installed.

Also keep in mind that installing only updates marked “security” is going to miss updates where the CVEs aren’t issued until after the Fedora updates are already released.

1 Like