Setup Debian’s security repository

The Debian security team provides regular security fixes in a dedicated software repository. It is enabled by default. This guide move the security repository configuration from APT main repository configuration to a satellite file.

This howto is tested on:

• Debian 10.0 Buster

Installation

Detect if sudo is available (“command” is used if not):

cmdProxy='command'
command type -f 'sudo' &>'/dev/null' && cmdProxy='sudo'

Install the required software:

${cmdProxy} apt install 'lsb-release'

Detect the distribution version name:

debianVersion="$(command lsb_release -cs)"

Copy the security repository configuration to a satellite file:

if [ ! -e '/etc/apt/sources.list.d/security.list' ]; then
    ${cmdProxy} tee '/etc/apt/sources.list.d/security.list' \
        <<< "#  Security updates"
    command grep -e '^deb.*security\.debian' '/etc/apt/sources.list' \
        | ${cmdProxy} tee -a tee '/etc/apt/sources.list.d/security.list'
fi

Disable the security repository configuration in the main sources.list file:

[ -e '/etc/apt/sources.list.d/security.list' ] \
  && ${cmdProxy} sed -i -e 's/^deb.*security\.debian/# &/' '/etc/apt/sources.list'

Update the list of available packages:

${cmdProxy} apt update

Bibliography

• The Debian Administrator’s Handbook.
• Linux Bible.
• Linux Pocket Guide: Essential Commands.