Ubuntu – Can we apply security updates only to a persistent live system

Security Updates in persistent live drives

If there is enough free space in the partition for persistence you can apply security updates (and with more free space even all updates, sudo apt full-upgrade).

I tested security updates right now in a fresh persistent live Xubuntu 20.04 LTS system in an SSD with 60 GB. The used size of the partition for persistence increased to 1.7 GiB according to df -h. (See the line for /cow ... /), 1.8 GB according to df -H.

So 'security updates'

• is definitely a bad idea in your 4GB drive,
• should work in your 8 GB drive,
• but I would recommend it only in drives with at least 16 GB.

You might be able to tweak the settings to avoid such huge security updates, but I don't know exactly how to do it, and it would reduce the security.

Workaround 1: Installed system in a USB drive

If security is important for you, I would recommend an installed system, installed like into an internal drive, but into a fast USB 3 drive with at least 16 GB.

See the following links

• Step-wise instructions for installed system in a USB drive
• Notes about speed (and size)

Workaround 2: Switch to daily iso files of released LTS versions

You can switch to a current daily iso file of a released LTS version (18.04 LTS, 20.04 LTS ...). Before point release #5 there will be daily iso files, and these are rather stable for released LTS versions. So instead of security updates you can simply create new persistent live drives.

You can be almost 100% sure that you can re-use the content of the home directory, and if there are not too big modifications, you can reuse the system part of the whole partition for persistence. Tools for backup are bundled with mkusb, and you can use them for transfer of your persistent data to a new persistent live system.

zsyncing command line and shellscript

This command line:

zsync http://cdimage.ubuntu.com/cdimage/xubuntu/focal/daily-live/current/focal-desktop-amd64.iso.zsync

should work for you with Xubuntu Focal Fossa alias Xubuntu 20.04 LTS.

You might prefer a more general shellscript. It can be used with all desktop flavours and the developing version (now groovy) and the newest LTS version (now focal). It can be a bit tricky to identify the web address for zsyncing to a released LTS version, and the shellscript can help you.

The following shellscript can be run in your main computer is a subdirectory with the name of the flavour of Ubuntu (with lower case), so in your case, when you make it executable an put it in PATH,

cd some-path/xubuntu
getdaily focal

Shellscript:

#!/bin/bash

inversvid="\0033[7m"
resetvid="\0033[0m"

if [ $# -eq 1 ] || [ $# -eq 2 ]
then
 version="$1"
 version="${1%%-*}"
else
 echo "Usage:   $0 <version-nickname>"
 echo "Example: $0 bionic"
 echo "Flavour selected automatically for this directory"
 exit
fi

flavour=$(pwd)
flavour=${flavour##*/}
echo -e "$inversvid    zsyncing $flavour $version ... $resetvid"

if [ "$flavour" == "ubuntu" ]
then
 flavour=
 currpend=pending
else
 flavour="${flavour}/"
 currpend=current
fi

if [ "$flavour" == "ubuntustudio/" ]
then
 desktop=dvd
 daily_dvd=dvd
else
  desktop=desktop
  daily_dvd=daily-live
fi
echo "first try:"
echo zsync http://cdimage.ubuntu.com/"$flavour$daily_dvd"/"$currpend"/"$version"-"$desktop"-amd64.iso.zsync
     zsync http://cdimage.ubuntu.com/"$flavour$daily_dvd"/"$currpend"/"$version"-"$desktop"-amd64.iso.zsync
if [ $? -ne 0 ] && [ "$flavour" != "ubuntustudio/" ]
then
 echo "second try:"
 echo zsync http://cdimage.ubuntu.com/cdimage/"$flavour$version/$daily_dvd"/"$currpend"/"$version"-"$desktop"-amd64.iso.zsync
      zsync http://cdimage.ubuntu.com/cdimage/"$flavour$version/$daily_dvd"/"$currpend"/"$version"-"$desktop"-amd64.iso.zsync
fi

if [ $? -eq 0 ]
then
 if [ $# -eq 1 ]
 then
  ls -l "$version"-"$desktop"-amd64.iso
  <<< "I am ready now" espeak
 fi
else
 <<< "something went wrong" tee /dev/stderr | espeak
fi