This article will explore how to filter the updates available to your Fedora Linux system by type. This way you can choose to, for example, only install security or bug fixes updates. This article will demo running the dnf commands inside toolbox instead of using a real Fedora Linux install.
You might also want to read Use dnf updateinfo to read update changelogs before reading this article.
Introduction
If you have been managing system updates for Fedora Linux or any other GNU/Linux distro, you might have noticed how, when you run a system update (with dnf update, in the case of Fedora Workstation), you usually are not installing only security updates.
Due to how package management in a GNU/Linux distro works, generally (with the exception of software running in a container, under Flatpak, or similar technologies) you are updating every single package regardless of whether it’s a “system” software or an “app”.
DNF divides updates in three types: “security”, “bugfix” and “enhancement”. And, as you will see, DNF allows filtering which types you want to operate on.
But, why would you want to update only a subset of packages?
Well, this might depend on how you personally choose to deal with system updates. If you are not comfortable at the moment with updating everything, then restricting the current update to only security updates might be a good choice. You could also install bug fix updates as well and only install enhancements and other types of updates during a future opportunity.
How to filter security and bug fix updates
Start by creating a Fedora Linux 34 toolbox:
toolbox create --distro fedora --release f34 updatefilter-demo
Then enter that toolbox:
toolbox enter updatefilter-demo
From now on commands can be run on a real Fedora Linux install.
First, run dnf check-update to see the unfiltered list of packages:
$ dnf check-update
audit-libs.x86_64 3.0.5-1.fc34 updates
avahi.x86_64 0.8-14.fc34 updates
avahi-libs.x86_64 0.8-14.fc34 updates
...
vim-minimal.x86_64 2:8.2.3318-1.fc34 updates
xkeyboard-config.noarch 2.33-1.fc34 updates
yum.noarch 4.8.0-1.fc34 updates
DNF supports passing the types of updates to operate on as parameter: ‐‐security for security updates, ‐‐bugfix for bug fix updates and ‐‐enhancement for enhancement updates. Those work on commands such as dnf check-update, dnf update and dnf updateinfo.
For example, this is how you filter the list of available updates by security updates only:
$ dnf check-update --security
avahi.x86_64 0.8-14.fc34 updates
avahi-libs.x86_64 0.8-14.fc34 updates
curl.x86_64 7.76.1-7.fc34 updates
...
libgcrypt.x86_64 1.9.3-3.fc34 updates
nettle.x86_64 3.7.3-1.fc34 updates
perl-Encode.x86_64 4:3.12-460.fc34 updates
And now same thing but by bug fix updates only:
$ dnf check-update --bugfix
audit-libs.x86_64 3.0.5-1.fc34 updates
ca-certificates.noarch 2021.2.50-1.0.fc34 updates
coreutils.x86_64 8.32-30.fc34 updates
...
systemd-pam.x86_64 248.7-1.fc34 updates
systemd-rpm-macros.noarch 248.7-1.fc34 updates
yum.noarch 4.8.0-1.fc34 updates
They can even be combined, so you can use two or more of them at the same time. For example, you can filter the list to show both security and bug fix updates:
$ dnf check-update --security --bugfix
audit-libs.x86_64 3.0.5-1.fc34 updates
avahi.x86_64 0.8-14.fc34 updates
avahi-libs.x86_64 0.8-14.fc34 updates
...
systemd-pam.x86_64 248.7-1.fc34 updates
systemd-rpm-macros.noarch 248.7-1.fc34 updates
yum.noarch 4.8.0-1.fc34 updates
As mentioned, dnf updateinfo also works with this filtering, so you can filter dnf updateinfo, dnf updateinfo list and dnf updateinfo info. For example, for the list of security updates and their IDs:
$ dnf updateinfo list --security
FEDORA-2021-74ebf2f06f Moderate/Sec. avahi-0.8-14.fc34.x86_64
FEDORA-2021-74ebf2f06f Moderate/Sec. avahi-libs-0.8-14.fc34.x86_64
FEDORA-2021-83fdddca0f Moderate/Sec. curl-7.76.1-7.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec. glibc-2.33-20.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec. glibc-common-2.33-20.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec. glibc-minimal-langpack-2.33-20.fc34.x86_64
FEDORA-2021-8b25e4642f Low/Sec. krb5-libs-1.19.1-14.fc34.x86_64
FEDORA-2021-83fdddca0f Moderate/Sec. libcurl-7.76.1-7.fc34.x86_64
FEDORA-2021-31fdc84207 Moderate/Sec. libgcrypt-1.9.3-3.fc34.x86_64
FEDORA-2021-d1fc0b9d32 Moderate/Sec. nettle-3.7.3-1.fc34.x86_64
FEDORA-2021-92e07de1dd Important/Sec. perl-Encode-4:3.12-460.fc34.x86_64
If desired, you can install only security updates:
# dnf update --security
================================================================================
Package Arch Version Repository Size
================================================================================
Upgrading:
avahi x86_64 0.8-14.fc34 updates 289 k
avahi-libs x86_64 0.8-14.fc34 updates 68 k
curl x86_64 7.76.1-7.fc34 updates 297 k
...
perl-Encode x86_64 4:3.12-460.fc34 updates 1.7 M
Installing weak dependencies:
glibc-langpack-en x86_64 2.33-20.fc34 updates 563 k
Transaction Summary
================================================================================
Install 1 Package
Upgrade 11 Packages
Total download size: 9.7 M
Is this ok [y/N]:
Or even to install both security and bug fix updates while ignoring enhancement updates:
# dnf update --security --bugfix
================================================================================
Package Arch Version Repo Size
================================================================================
Upgrading:
audit-libs x86_64 3.0.5-1.fc34 updates 116 k
avahi x86_64 0.8-14.fc34 updates 289 k
avahi-libs x86_64 0.8-14.fc34 updates 68 k
...
rpm-plugin-systemd-inhibit x86_64 4.16.1.3-1.fc34 fedora 23 k
shared-mime-info x86_64 2.1-2.fc34 fedora 374 k
sqlite x86_64 3.34.1-2.fc34 fedora 755 k
Transaction Summary
================================================================================
Install 11 Packages
Upgrade 45 Packages
Total download size: 32 M
Is this ok [y/N]:
Install only specific updates
You may also choose to only install the updates with a specific ID, such as FEDORA-2021-74ebf2f06f for avahi by using –advisory and specifying the ID:
# dnf update --advisory=FEDORA-2021-74ebf2f06f
================================================================================
Package Architecture Version Repository Size
================================================================================
Upgrading:
avahi x86_64 0.8-14.fc34 updates 289 k
avahi-libs x86_64 0.8-14.fc34 updates 68 k
Transaction Summary
================================================================================
Upgrade 2 Packages
Total download size: 356 k
Is this ok [y/N]:
Or even multiple updates, with ‐‐advisories:
# dnf update --advisories=FEDORA-2021-74ebf2f06f,FEDORA-2021-83fdddca0f
================================================================================
Package Architecture Version Repository Size
================================================================================
Upgrading:
avahi x86_64 0.8-14.fc34 updates 289 k
avahi-libs x86_64 0.8-14.fc34 updates 68 k
curl x86_64 7.76.1-7.fc34 updates 297 k
libcurl x86_64 7.76.1-7.fc34 updates 284 k
Transaction Summary
================================================================================
Upgrade 4 Packages
Total download size: 937 k
Is this ok [y/N]:
Conclusion
In the end it all comes down to how you personally prefer to manage your updates. But if you need, for whichever reason, to only install security updates, then these filters will surely come in handy!
Like this:
Like Loading...
Sanjay
This is an awesome article. I never knew updates could be applied this way. Thank you
Pascal V Calarco
Very helpful, thank you!
iMaster7
Boa Mateus parabéns pela matéria.
Robert
Thanks.
hammerhead corvette
Bravo !
Nate
Love it. dnf is why I still use Fedora for everything by default.
Leon
Wow This is very nice
szydell
Very useful. Thanks!
Stepan Putilo
This is incredible! Long live the White Goose!
Rose Peach
Helpful article. I didn’t know that you could use DNF in this way before.
svsv sarma
A good article, explaining the piecemeal updates using DNF. Can anyone explain why we should avoid some updates? For me the best option is to use the default DNF update / upgrade, to keep the system uptodate. I really wonder if anyone ever used peacemeal updates regularly, except for live OS.
thank you.
Matthew Darnell
svsv sarma From my experience I’ve avoided a general updates for things like Microsoft Teams. Sometimes getting the latest update is not ideal.
ss
thank you great info, and very useful.
Paulimer
Very informative, thanks for the article!
Is there a way to pair that with dnf-automatic, to have security and bugfixes updates automatically, and the others manually?
Matthew Darnell
Thank you Mateus good article and great info to have.
rtqate
Is creating a toolbox actually needed? I tried just this, without anything else, and it appeared to do the magic (hope it doesn’t break anything, lol):
sudo dnf update –security –bugfix
Pstall
Unfortunately partial updates are dangerous and can break a Fedora system. Here is an example:
Install Fedora Workstation 34 official iso “Fedora-Workstation-Live-x86_64-34-1.2.iso” published on April 23rd in a VirtualBox virtual machine having EFI enabled. After standard installation and first reboot, disable Location Services, let Automatic Problem Reporting on, create a user.
1694 packages are installed. “dnf check-update” shows 811 package updates available. “dnf check-update –security” shows 99 updates available. Let’s install them “sudo dnf update –security” and reboot.
Now “dnf check-update –bugfix” shows 501 updates available. Let’s install them “sudo dnf update –bugfix” and reboot.
The VM cannot boot anymore. An image is displayed: “:-( Oh no! Something has gone wrong. A problem has occurred and the system can’t recover. Please contact a system administrator”.