Rpm-ostree upgrade --security

I’m using Fedora IoT 40 and was wondering if there is a way to only perform security updates using rpm-ostree, like dnf update --security as mentioned here. The device running Fedora IoT has a slow internet connection and I’d like to use the internet budget for just the bare necessities, such as security updates.

I have tried rpm-ostree upgrade --security and got Unknown option --security.

This is not possible, due to the architecture of ostree/rpm-ostree.

Updates that are shipped via ostree commit, as Fedora IoT uses, are an all or nothing approach. That means that the ostree commit is composed on a server with all the updated packages and delivered as a single unit. Contrasted with dnf, where that client individually fetches updated packages and has more control about which packages are fetched.

If you were interested in a “security-only” update mechanism for Fedora IoT, you would have to explore creating your own custom ostree commits.

Good to know. Thank you for the explanation.