How to Configure Automatic Security Updates?

tomwardrop · October 2, 2013, 7:55am

Hi,

I’m running a fresh install of OpenSUSE 12.3. I’m just wondering how to configure automatic security updates. The only thing I’ve found in respect to automatic update in the yast online update configuration module. This seems like a generic updater though for all applications, rather than just security-related updates.

Can someone let me know how to keep my system up-to-date with security-related patches?

Cheers

caf4926 · October 2, 2013, 8:11am

Depending on which desktop (Gnome or KDE or other?)

Both Gnome and KDE have built in updaters

But are you saying you want to configure it to update without asking?

There are some specifics you might want to consider here:
https://forums.opensuse.org/blogs/caf4926/opensuse-12-3-multi-media-restricted-format-installation-guide-126/

You will likely want the multimedia
Once you have done this, including the switch. You can update easily like this:

Open a terminal and do

su -
zypper up

vazhavandan · October 2, 2013, 8:10am

tomwardrop wrote:
>
> Hi,
>
> I’m running a fresh install of OpenSUSE 12.3. I’m just wondering how to
> configure automatic security updates. The only thing I’ve found in
> respect to automatic update in the yast online update configuration
> module. This seems like a generic updater though for all applications,
> rather than just security-related updates.
>
> Can someone let me know how to keep my system up-to-date with
> security-related patches?
>
> Cheers
>
>

alt+F2 ==> xdg-open man:zypper


su -
zypper list-patches
zypper patch-check
zypper patch

–
GNOME 3.6.2
openSUSE Release 12.3 (Dartmouth) 64-bit
Kernel Linux 3.7.10-1.16-desktop

arvidjaar · October 2, 2013, 8:18am

If requirements are security updates only, “zypper patch” would be more close. I’m not sure whether it is possible to filter further only security (as opposed to recommended) patches.

caf4926 · October 2, 2013, 8:31am

Correct
If you only want security patches and not application updates.
zypper patch is correct.

wolfi323 · October 2, 2013, 8:31am

In the YaST Online Update Configuration module you can configure which patch categories are to be installed:
Enable “Filter by Category”, select a wanted category in the drop down list (“Security” f.e., but you might want to add “Packagemanager and YaST” as well) and click on “Add”.
But I never tried this myself, so I don’t know how well it works…

caf4926 · October 2, 2013, 8:38am

What is great though, is you can configure openSUSE to do pretty much whatever you need.
It makes it one of the top distros IMO

Most here use the advanced features of openSUSE and enjoy system wide updates and even more if you enable certain OBS repos. Some caution is needed though.

robin_listas · October 2, 2013, 3:48pm

On 2013-10-02 07:56, tomwardrop wrote:
>
> Hi,
>
> I’m running a fresh install of OpenSUSE 12.3. I’m just wondering how to
> configure automatic security updates. The only thing I’ve found in
> respect to automatic update in the yast online update configuration
> module. This seems like a generic updater though for all applications,
> rather than just security-related updates.

It is actually security updates only, or mostly.

YaST Online Update, aka YOU, called automatically or manually, only
pulls updates from the official update repo, which carries security
updates (patches), and some version upgrades for some packages.

The policy is to backport patches into the same release as originally
published; but some packages, like firefox, are upgraded instead because
the task is complex and not worth the time invested to backport.

So yes, “YOU” is considered “security updates only”. But I have not
looked at the module recently, because I do not trust automatic updates.
After some updates you need to reboot, and this might happen at an
inconvenient time. Sometimes the machine does not work on reboot - so I
prefer to choose what to upgrade and when.

It would be OK to download automatically the patches, but not install them.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

gogalthorp · October 2, 2013, 6:43pm

Another point is that simply installing an update does not change running processes. Generally you need to stop and restart them to get the security benefit often logging out back in will do it for single user system and a full reboot for kernel updates.

robin_listas · October 3, 2013, 12:38am

On 2013-10-02 18:46, gogalthorp wrote:
>
> Another point is that simply installing an update does not change
> running processes. Generally you need to stop and restart them to get
> the security benefit often logging out back in will do it for single
> user system and a full reboot for kernel updates.

Or glibc. There is one such update about now.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

gogalthorp · October 3, 2013, 1:16am

Should have mentioned that you can see what processes need a restart with
zypper ps