Home_greyopenFATE - openSUSE feature tracking > #310085
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

Zypper: Filter Security Needed patches

Feature state

Package Wishlist


I would be nice if there was a way to install only security patches that are 'Needed'. I have a multitude of SuSE based servers under management where I work, and we need to keep boxes up to date with security releases. Since we dont manage the applications the customer uses, we have no way of knowing if recommended patches for any given package will have adverse affects on their software.

Currently we zypper pch | grep security | grep '| Needed' then copy & paste the output of that list to
zypper patch.

I've thought about trying to write a script to generate the list, but thought an intrinsic feature would be cleaner, especially when cssh'd into 30+ boxes at a time.

I've seen alot of threads on google on this subject, so it seems that others are trying to accomplish the same task. I think such a feature would be a worthwhile implementation.

Something to the order of:

  • zypper patch -s (security only)
  • zypper patch -r (recommended only)
  • zypper patch (Defaults to all patches)

Or implement it similar to "zypper lp --issue=security", i.e. "zypper patch --issue=security".


packages: zypper




icons/user_comment.png C. L. wrote: (7 years ago)


I have several customer asking for this feature. We used to have "rug up -t patch -g security" which worked fine on SLES10 but with SLES11 and zypper this is not yet availble. 

icons/user_comment.png M. E. wrote: (7 years ago)

In my view, the commandline should be similar to "zypper lp --issue=security", i.e. "zypper patch --issue=security".

icons/user_comment.png R. F. wrote: (7 years ago)

zypper -n in --auto-agree-with-licenses `zypper -A list-patches | grep 'needed$' | cut -f2 -d\|`

icons/user_comment.png R. F. wrote: (7 years ago)

You could grep out recommended if you didn't want them after grepping for needed.

icons/user_comment.png F. L. wrote: (7 years ago)

valid use case. Let's do this, unless Engineering reports it as a significant effort, I think it is clearly worth it.

icons/user_comment.png D. H. wrote: (7 years ago)

Feature is implemented.

See git commit a9d08b88d753c72faa375530c5d093117b371bf8 (zypper 1.5.5)

icons/user_comment.png D. M. wrote: (7 years ago)

Implemented in master, we need to backport it. We will do for the first snapshot.

icons/user_comment.png D. M. wrote: (7 years ago)

Can be set to done when request id 69749 is accepted.

Last change: 5 years ago
Score: 8
  • Negative: 1
  • Neutral: 1
  • Positive: 9
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint