How do I get security updates for restricted/partner packages?

I want to perform just security updates on Ubuntu 12.04 LTS, keeping the rest of the system unchanged. I need to do this from the command line, no the GUI update manager. I have implemented the solution described here, which seems to work great for this purpose. I merely substituted 'precise' for 'lucid' given that I am on 12.04.

My question is: by using apt pinning as described in that answer, will I still receive security updates for packages distributed through the "other" repositories - partner, restricted, multiverse, etc? Or will it only get me updates for the packages in the "core" distribution?

thanks! ~l


No security updates for partner by default

You will get security updates for all your regular repositories, including main, restricted, universe and multiverse, but not for partner.

The top-level structure of the precise-security repository makes this quite clear:

top-level structure of security repo showing partner is not included

Why not?

The packages in partners are basically proprietary binaries wrapped in a .deb. Incremental "security" updates are not released for these, just regular updates (new versions), which may include security updates. To find out if an update addresses security issues, either look at the provider's page for the update or in the changelog at the launchpad "source" page. The latter is typically easier, e.g. for Adobe Reader (acroread), go to:

https://launchpad.net/ubuntu/+source/acroread
  • Expanding the latest release for Precise 12.04 shows you the changelog (emphasis added):

    New upstream release, addresses security issues:
    http://www.adobe.com/support/security/bulletins/apsb12-08.html
    CVE-2012-0774
    CVE-2012-0775
    CVE-2012-0776
    CVE-2012-0777
    

Well, how do I quickly check for regular updates to partner, then?

The partners repository contains just fifteen packages, and I imagine even regular updates are infrequent (think Adobe Reader). Given the tiny size (5 kb) of the partner update file, I'd just add the actual repository (deb http://archive.canonical.com/ubuntu precise partner) to any "quick check" sources.list file.

Note: While precise-security exists on the partner server, it is (as expected) empty.


The Security Updates includes all the repositories (restricted, multiverse, etc.).

And the solution you say (which is useful and I recommend it) is only to receive Security Updates. But it doesn't include the partners security updates.

I hope I helped you.