How often do you update your Fedora ? 3 questions

OS : Fedora 33 Workstation

I have 3 questions regarding updating my Fedora OS. By ‘updating’, I mean updating all the packages in the OS and not a release upgrade , for eg: from Fedora 32 to Fedora 33.

Question 1. How often do you update the packages in your OS ?

Question 2. UPDATE or UPGRADE
I use dnf upgrade command by which the obsolete packages are removed.

dnf update command on the other hand will only do the update and won’t remove the obselete packages.
But, is it safe to run “dnf upgrade” command ? Another reason I run “dnf upgrade” is that it will save space by removing obselete packages.

Question 3. A silly question about long kernel entries in the GRUB screen

Personally, I like to update all the packages once every 2 weeks.
But, every dnf upgrade run will upgrade to a new kernel and a new line will be listed in the GRUB screen shown during boot up.
Example screenshot below.

I am worried that my boot up screen will become large if do frequent updates. Is that the case ?
What if I want to see only the last 3 or 5 kernel entries and remove all the remaining kernel entries during the boot up screen ? BTW I need to retain my Windows boot loader entry as I want to use the dual boot configuration.

  1. I usually update every day I use my computer, but it really is up to you. As long as you are getting security upgrades regularly (sudo dnf upgrade --security) you should be fine (and with a fire walled desktop OS even this has some wiggle room.) If you want a rule of thumb, once a week.

  2. dnf update and dnf upgrade do the same thing. upgrade is technically the “right” way, however.

  3. By default, I believe it only keeps 3 GRUB entries.


I think it used to be that update was to get the most up-to-date packages and upgrade was to get a new grade (release) of Fedora Linux. People found that confusing though so now they both just update the packages and there is a separate option (--releasever=XX) to upgrade the operating system.

  1. Everyday.
  2. They do the same thing. From the dnf man page:
   Upgrade Command
       Command: upgrade
       Aliases: up
       Deprecated aliases: update, upgrade-to, update-to, localupdate
  1. Number of installed kernels is controlled by installonly_limit option in the /etc/dnf/dnf.conf file. From the dnf.conf man page:

        Number of installonly packages allowed to be installed concurrently.
        Defaults to 3. The minimal number of installonly packages is 2.
        Value 0 or 1 means unlimited number of installonly packages.
  1. Every day minimum
  2. dnf up -y —refresh
  3. Default 3

For releases I normally can’t wait for GA. Normally I upgrade release around Beta release time for my workstations.

For my servers I use auter and corn apply nightly with reboot. At work is a different story for servers.


Thanks Bengt.
In “dnf up -y --refresh” , what exactly does the refresh option do ?

dnf’s man page reads the following. But, I didn’t quite understand it

              Set metadata as expired before running the command.

I didn’t quite understand what you meant by “For my servers I use auter and corn apply nightly with reboot”

1 Like

AFAIK, metadata contains the info’s what to update by dnf and lay on the update server.
a copy of that metadata is fetch to your box (under: /var/cache/dnf/ [1]) through an service called “dnf-makecache.timer” which runs in intervals (every ~1h ?)
But that copy on your box might become outdated.

“–refresh” here means get the lastest metadata and what package to update from the server and don’t respect what is currently on your box or in other words: get the lastest packages installed.

you can delete all under /var/cache/dnf/ cause it get filled again by the next “dnf upgrade” run.

to your questions:

  1. daily, cause I’m on F34 Beta
  2. upgrade (see man dnf: update is obsolete)
  3. AFAIK, in sum only 3 (?) kernels are installed. The oldest gets removed when a new is installed.
    you could easy remove the other elder yourself [2], but only if you’re sure the current kernel runs well [3] and no need to run the elder.

you should think about your update policy, cause nearly every few days (3-7) a new stable kernel comes out, what fixes bug’s and/or security holes.
even if you run btrfs, which -AFAIK- has no e2fsck-like tool to get a damaged filesystem caused by btrfs bugs repaired, you should keep your kernel current, so I recommend an update intervall of 5-7 days and lower.
(For the completeness it should be mentioned: newer kernels could also introduce newer bugs slipped through the review processes, but that has been rare !)
if you run F34 beta it should be 1-2 days to report the bugs still in it to get them out before release.

you got an OS for free so you should help to get the bugs out.
What in turn is a sort of “self help”

you should anyway make backup’s of your user data (office documents, mail client, browser, …)

I do the following to get a list what kernels are installed:

rpm -qa | grep kernel-core


sudo dnf remove <copy-paste-from the above list>

e.g. sudo dnf remove kernel-core-5.11.12-300.fc34.x86_64

to get an idea if so I do:

dmesg|grep -iEw ‘bad|bug|conflict|corrupted|error|fail|failed|fault|fatal|invalid|Lock|NULL|segfault|stack|trace|warn’

this is one line with a space between “-iEw” and “'bad…”


I’ll update my wife Fedora once a week or whenever I can get my hands on her laptop :rofl: . I liked F32 because it was updating automagicaly every time there was an update, but F33 doesn’t have it or it disabled this feature. I am eagerly waiting for F34 for an upgrade or maybe fresh install.
After three years of nagging dealing with the W10 dreaded updates, she gave up and on her new laptop I installed F32. It’s amazing, she doesn’t even realize any difference in its daily use, but she does in her dealing of W10 updates, shutdowns and reboots, and I am happy :sunglasses: :man_dancing:

1 Like

My F33, running in a virtual machine, often offers to install updates on shutdown. I don’t know whether it will install all or just security updates. I did nothing special to activate this feature. (This was an F31 installation from ISO, update to F32 and F33.)

Furthermore, there’s this page:
I don’t know whether the content is still valid, I don’t use these methods.



First of all, great topic and thank you @nickavem for this cool command sudo dnf upgrade --security. Just copied it now to my terminal, basically it has updated all, starting from my kernel to firefox :rofl: but it’s cool to mark it as “security”: it comes always first…

By the way, little marginal digression, related to virtual machine, indeed I’m thinking about provisioning services in the cloud: the typical way to access windows is RDP, while I see often SSH in action for Linux in general, but I find it a bit sad, just a terminal, without the graphical X display (well, I see there’s a tutorial of X11 Forwarding or this for windows)

Back to the point, I’ve updated from Fedora 32 (5.8.7-200.fc32.x86_64) to Fedora 32 (5.11.11-100.fc32.x86_64) just now with the above said command sudo dnf upgrade --security and here we go after the reboot I’ve lost my wifi adapter that is no longer detected :face_with_raised_eyebrow: and I’ve had to reboot again into my previous kernel to come back here… So that’s way I don’t usually update Fedora, not even with the security flag, to avoid all the issues and the risks to lose important features and to have them fixed only after a long troubleshooting. (not to mention that after every update the default boot OS I set in GRUB is changed, that’s the minor hassle)

  1. Usually update daily.
  2. After installing dnf plugin-system-upgrade
    I usually do dnf offline-upgrade download followed by dnf offline-upgrade reboot

I still sometimes do just an upgrade depending on what the updates are but for the most part I do the offline just to be a little safer.

  1. For reference if you want to change the number of kernel packages retained.

May want to have a look at:

Depending on which wifi adapter you’re using, you may want to start a new thread here or perhaps file a bug.

1 Like

Thanks, I’ll consider the option --exclude=kernel* for next time or maybe otherwise I’d avoid the --security instead. In the meantime I plugged a usb wifi adapter and I found the other thread already discussed in the past about broadcom. I’ve solved it with a sudo dnf upgrade -y and a reboot and I’ve returned to my internal wifi.


Fedora Silverblue 34 user here, so I will simply share the Silverblue way here. :grinning:

  1. I run rpm-ostree upgrade every one or two hours (until the moment I get in bed) although I know it will give me the output No upgrade available in most of the time. I developed this habit when I was using Arch and later Fedora Rawhide and the mirror site I was using was syning with the upstream every hour.

  2. Thanks to OSTree, I can do a rollback risklessly, so I always rpm-ostree upgrade with confidence.

  3. I haven’t pinned a deployment yet. So rpm-ostree status always tells me I have 2 deployments available, and the GRUB menu always keeps 4 entries for me (2 for each deployment).

1 Like

I personally update in 3-4 days and usually have 3-4 packages average. If there is a update to mesa or kernel I do it. you can check package update status on
if there is a specific software you are excited for you can check when it will arrive in stable.

dnf update is same as dnf upgrade as
dnf update is - Deprecated alias for the Upgrade Command . You can read dnf man page to learn more dnf: DNF Command Reference - Linux Man Pages (8)

For the grub screen - It will keep 2 previous kernel updates so in case of a kernel bug you can easily roll back to the old kernels. If you have kernel 5.11.9, 5.11.10, 5.11.11 installed and 5.11.12 update comes it will automaticaly remove 5.11.9 kernel (oldest kernel installed). And 1 is a rescue option. So you will always have 3 kernels installed. Not more not less.

I hope this answers the questions.@kraljic37 Also for additional packages like spotify, telegram, steam etc. you can enable rpm fusion free and non free repositories.
sudo dnf install$(rpm -E %fedora).noarch.rpm$(rpm -E %fedora).noarch.rpm


Sorry for late reply.
–refresh get new metadata from fedora repo. Default dnf will update metadata every 48 hours. So dnf will only contact reposerver every 48 hours to update metadata. If you are familiar with apt, this is the same as running apt update. dnf will do it for you with dnf upgrade, but only after metadata is expired, default 48 hours. You can of course set shorter lifetime on the metadata. I do not want that, because I want to decide when to wait for the metadata update, not have it do it when I just want to install an app or something.

auter is a package in Fedora that you can configure to update your computer/server. It should have been cron and not corn. You can set it to upgrade and also reboot. I run this on all my home servers, I have 40-50 home servers so it is a tedious task to keep them all updated.


A post was split to a new topic: Upgrading advices

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.