[Q] Raspi: Is there any repository for security updates

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
74cmonty
Posts: 18
Joined: Tue Jan 15, 2019 5:25 pm

[Q] Raspi: Is there any repository for security updates

Post by 74cmonty »

Hi,
in a standard Debian installation a repository for security updates is available, e.g.

Code: Select all

http://security.debian.org stretch/updates main contrib
Is there any comparable repo for Raspi's platform armhf?

THX
User avatar
MichaIng
Site Admin
Posts: 2421
Joined: Sat Nov 18, 2017 6:21 pm

Re: [Q] Raspi: Is there any repository for security updates

Post by MichaIng »

Nope, sadly Raspbian does not have a security repo, but I guess the updates, shipped via Debian security repo, will be ported after some delay into the Raspbian main repo.

The security repos aim is only, that on production-critical systems, one can only apply the security-relevant APT package upgrades from the security repo, instead of applying all minor updates from main repo as well. This reduces the risk of issues due to package updates. Although in very most cases you want all of them, and there are very rarely issues. Generally running an apt upgrade on Debian/Raspbian stable (currently Stretch) can be considered as very stable and safe.
User avatar
WarHawk
Posts: 631
Joined: Thu Jul 20, 2017 8:55 am

Re: [Q] Raspi: Is there any repository for security updates

Post by WarHawk »

You can also install/configure unattended-upgrades that will install security updates for you

https://wiki.debian.org/UnattendedUpgrades

But once a week or so just run

Code: Select all

# apt update && apt upgrade -y
And you should be good to go
User avatar
MichaIng
Site Admin
Posts: 2421
Joined: Sat Nov 18, 2017 6:21 pm

Re: [Q] Raspi: Is there any repository for security updates

Post by MichaIng »

Jep, but note that this does not more then apt update && apt upgrade, AFAIK, so will still apply from the main branch on Raspbian. But not 100% sure to be true.

And, more importantly, on DietPi we masked the required APT systemd time, since those randomly occur and block APT while running. This can lead to error messages and failing scripts, if those as well contain APT updates/upgrades.

If you want that feature, you need to:

Code: Select all

systemctl unmask apt-daily.service
systemctl unmask apt-daily.timer
systemctl unmask apt-daily-upgrade.service
systemctl unmask apt-daily-upgrade.timer
And you need to know, that DietPi scripts might fail, if those attempt to run APT parallel to the systemd timers. But this should not be an issue, since you can usually choose to retry the APT step, if error prompts.
74cmonty
Posts: 18
Joined: Tue Jan 15, 2019 5:25 pm

Re: [Q] Raspi: Is there any repository for security updates

Post by 74cmonty »

Actually my intention was to use Debian's UnattendedUpgrades https://wiki.debian.org/UnattendedUpgrades, however I prefer to auto-update security patches only.

If Raspbian does not provide a security update it makes no sense to use UnattendedUpgrades here.
User avatar
MichaIng
Site Admin
Posts: 2421
Joined: Sat Nov 18, 2017 6:21 pm

Re: [Q] Raspi: Is there any repository for security updates

Post by MichaIng »

If I see the linked wiki correctly, then you can configure UnattendedUpgrades and choose which updates/upgrades to install. I guess on Raspbian this will be by default configured differently compared to Debian, due to missing dedicated security repo. But not sure honestly.

Yeah, if you want auto upgrades for security updates only, then I think this is indeed not possible on Raspbian. I also prefer to run APT upgrades only when I watch the terminal, so I can see what's going on.
74cmonty
Posts: 18
Joined: Tue Jan 15, 2019 5:25 pm

Re: [Q] Raspi: Is there any repository for security updates

Post by 74cmonty »

MichaIng wrote: Sun Jan 27, 2019 9:33 pm If I see the linked wiki correctly, then you can configure UnattendedUpgrades and choose which updates/upgrades to install. I guess on Raspbian this will be by default configured differently compared to Debian, due to missing dedicated security repo. But not sure honestly.

Yeah, if you want auto upgrades for security updates only, then I think this is indeed not possible on Raspbian. I also prefer to run APT upgrades only when I watch the terminal, so I can see what's going on.
This is exactly what I think.
Post Reply