How to selectively apply updates

I’ve installed Fedora Linux on a Raspberry Pi, but my /boot partition has filled up. I haven’t explored what is taking too much space, but in the meantime that means I can only keep a few kernels installed at any one time, or the /boot partition fills up:

# df -h /boot
Filesystem      Size  Used Avail Use% Mounted on
/dev/mmcblk0p2  974M  725M  182M  80% /boot

Whenever I apply updates, I have to be careful not to install a new kernel without meaning to. Here’s how I selectively apply updates, excluding any kernel packages:

List the updates

I don’t run a graphical desktop on the Raspberry Pi; instead, I’m using it entirely from the command line. To check what updates are available for my system, I use the dnf command:

# dnf list --updates
Updating and loading repositories:
Repositories loaded.
Available upgrades
coreutils.aarch64           9.6-4.fc42        updates
coreutils-common.aarch64    9.6-4.fc42        updates
kernel.aarch64              6.14.9-300.fc42   updates
kernel-core.aarch64         6.14.9-300.fc42   updates
kernel-modules.aarch64      6.14.9-300.fc42   updates
kernel-modules-core.aarch64 6.14.9-300.fc42   updates
perf.aarch64                6.14.9-300.fc42   updates
systemd.aarch64             257.6-1.fc42      updates
systemd-libs.aarch64        257.6-1.fc42      updates
systemd-networkd.aarch64    257.6-1.fc42      updates
systemd-pam.aarch64         257.6-1.fc42      updates
systemd-resolved.aarch64    257.6-1.fc42      updates
systemd-shared.aarch64      257.6-1.fc42      updates
systemd-sysusers.aarch64    257.6-1.fc42      updates
systemd-udev.aarch64        257.6-1.fc42      updates
vim-common.aarch64          2:9.1.1418-1.fc42 updates
vim-data.noarch             2:9.1.1418-1.fc42 updates
vim-enhanced.aarch64        2:9.1.1418-1.fc42 updates
vim-filesystem.noarch       2:9.1.1418-1.fc42 updates
vim-minimal.aarch64         2:9.1.1418-1.fc42 updates
xxd.aarch64                 2:9.1.1418-1.fc42 updates

That’s a lot of updates, but I can’t just install all of them or I’ll fill up my /boot partition. Instead, I need to tell dnf to only update certain packages and not others.

Excluding packages from an update

One way to be selective about which packages to update is to use the exclude option. This is a list or pattern match of which packages to not include in the update. The syntax looks like -x PACKAGE-SPEC,... or --exclude=PACKAGE-SPEC,....

I find it’s easiest to use a wildcard here to not include the kernel updates. Just for reference, the kernel packages all start with the word kernel:

# dnf list --updates | grep kernel
Updating and loading repositories:
Repositories loaded.
kernel.aarch64              6.14.9-300.fc42   updates
kernel-core.aarch64         6.14.9-300.fc42   updates
kernel-modules.aarch64      6.14.9-300.fc42   updates
kernel-modules-core.aarch64 6.14.9-300.fc42   updates

So if I want to update all packages except for the kernel, I can add the -x option to my dnf command like this:

# dnf update -x 'kernel*'

This applies all of the outstanding updates such as coreutils, perf, systemd, vim, and xxd. But it does not update my kernel.

Automate it

The Linux philosophy for sysadmins is David’s list of excellent advice for anyone who manages Linux systems. Item 8 on this list is that you should always use shell scripts where you can, because that makes it easier to do your work. And in this case, I like to use a shell script so that I don’t accidentally forget to exclude the kernel when I update my system.

I created a shell script called update that is just a few lines: The first line applies updates except for the kernel. The second line lists any available updates; that way, I’ll have a reminder if I still need to update my kernel.

#!/bin/bash
dnf update -x 'kernel*'
dnf list --updates

When I run this, my script automatically runs dnf to update the system except for the kernel. At the end, it lists the remaining updates, which shows that I have a kernel update available:

# bin/update
Updating and loading repositories:
Repositories loaded.

...

Transaction Summary:
 Upgrading:         17 packages
 Replacing:         17 packages

Total size of inbound packages is 26 MiB. Need to download 26 MiB.
After this operation, 463 KiB extra will be used (install 109 MiB, remove 109 MiB).
Is this ok [y/N]: y

...

Complete!
Updating and loading repositories:
Repositories loaded.
Available upgrades
kernel.aarch64              6.14.9-300.fc42 updates
kernel-core.aarch64         6.14.9-300.fc42 updates
kernel-modules.aarch64      6.14.9-300.fc42 updates
kernel-modules-core.aarch64 6.14.9-300.fc42 updates

And that’s my reminder that I need to update the kernel. That requires a few extra steps, but I can do that later. Until then, the rest of my system is up-to-date.

InLinux, SysAdmin

Cyndi: My open source story — Linux, the loyal friend

How to remove a stuck kernel from GRUB

What USB device is that?