Feature changed by: Duncan Mac-Vicar (dmacvicar) Feature #310085, revision 23 Title: Zypper: Filter Security Needed patches Package Wishlist: Unconfirmed Priority Requester: Desirable Info Provider: (Novell) Requested by: Michael Moser (mose) Product Manager: (Novell) Project Manager: (Novell) Engineering Manager: (Novell) Developer: (Novell) Technical Contact: (Novell) Technical Contact: (Novell) Partner organization: openSUSE.org Description: I would be nice if there was a way to install only security patches that are 'Needed'. I have a multitude of SuSE based servers under management where I work, and we need to keep boxes up to date with security releases. Since we dont manage the applications the customer uses, we have no way of knowing if recommended patches for any given package will have adverse affects on their software. Currently we zypper pch | grep security | grep '| Needed' then copy & paste the output of that list to zypper patch. I've thought about trying to write a script to generate the list, but thought an intrinsic feature would be cleaner, especially when cssh'd into 30+ boxes at a time. I've seen alot of threads on google on this subject, so it seems that others are trying to accomplish the same task. I think such a feature would be a worthwhile implementation. Something to the order of: * zypper patch -s (security only) * zypper patch -r (recommended only) * zypper patch (Defaults to all patches) Or implement it similar to "zypper lp --issue=security", i.e. "zypper patch --issue=security". + References: + packages: zypper Discussion: #1: Carl Linden (carllinden) (2010-11-01 15:47:12) Hi I have several customer asking for this feature. We used to have "rug up -t patch -g security" which worked fine on SLES10 but with SLES11 and zypper this is not yet availble. #2: Matthias Eckermann (mge1512) (2010-11-01 17:17:39) In my view, the commandline should be similar to "zypper lp -- issue=security", i.e. "zypper patch --issue=security". #3: Rob Fortune (rob-fortune) (2011-03-11 20:53:17) zypper -n in --auto-agree-with-licenses `zypper -A list-patches | grep 'needed$' | cut -f2 -d\|` #4: Rob Fortune (rob-fortune) (2011-03-11 20:54:31) (reply to #3) You could grep out recommended if you didn't want them after grepping for needed. #5: Federico Lucifredi (flucifredi) (2011-03-26 00:43:33) (reply to #4) valid use case. Let's do this, unless Engineering reports it as a significant effort, I think it is clearly worth it. #7: Dominik Heidler (dheidler) (2011-04-07 14:50:47) (reply to #5) Feature is implemented. See git commit a9d08b88d753c72faa375530c5d093117b371bf8 (zypper 1.5.5) #8: Duncan Mac-Vicar (dmacvicar) (2011-04-07 16:01:40) (reply to #7) Implemented in master, we need to backport it. We will do for the first snapshot. -- openSUSE Feature: https://features.opensuse.org/310085