When talking about Patches in Ubuntu, it is needed first to understand the following patch related parts:
Packages
The collection of items that are updated on the endpoint.
Channel (Component)
For each pocket, there are 4 different components (from the Ubuntu wiki)
-
Main - Canonical-supported free and open-source software (supported by the Ubuntu Security team).
- Restricted - Proprietary drivers for devices (supported by the Ubuntu Security team).
-
Universe - Community-maintained free and open-source software.
- Multiverse - Software restricted by copyright or legal issues.
Note1: the standard Ubuntu installation is a collection of software from the main and restricted components. You can install additional software from the Ubuntu Software Center.
Repository (Pocket)
There are several pocket types for each version of Ubuntu (from the Ubuntu wiki)
-
release: during the development cycle, this is the only pocket that is used. Once the development version is released, the release pocket is frozen and does not change (supported by the Ubuntu Security team).
-
security: built with release and security. UpdateProcedures gives the process used for creating security updates (supported by the Ubuntu Security team).
-
updates: as a matter of Ubuntu policy, packages in updates are not directly built, but rather copied from proposed after they have been tested. See StableReleaseUpdates for details (supported by the Ubuntu Security team).
-
backports: built with release, security, updates and backports. See UbuntuBackports for details.
Note1: Packages in backports are supported by the community
Note2: There is another pocket, proposed, but we do not recommend using that pocket, because packages in proposed are the responsibility of the uploader.
Rollup
Represent a combination of Component and Pocket.
Example - A package that exists in the "release" pocket and belongs to "main" component is part of the "release main" rollups.
Ubuntu Beta Support
In JetPatch, the user will have the ability to update the Ubuntu packages at the "rollup" level. In other words, there will be up 16 different rollups (based on the customer environment) that are applicable to update for each ubuntu version in the environment.
In an environment with all supported Ubuntu versions (16.04 - 20.04) and configured to work with all the possible components in all repositories there will be 48 applicable updates in JetPatch:
4 Components * 4 Pockets * 3 Ubuntu versions
Updates Information In JetPatch Patches Catalog
JetPatch will analyze the supported rollups in each endpoint and will present the following information for each patch in the Patch Catalog:
Patch ID
The ID will be generated by JetPatch and will be determined by the Ubuntu version, Component, and Pocket in the following logic:
|
Main |
Restricted |
Universe |
Multiverse |
Release |
UBRM-JP:XX11 |
UBRR-JP:XX12 |
UBRU-JP:XX13 |
UBRT-JP:XX14 |
Security |
UBSM-JP:XX21 |
UBSR-JP:XX22 |
UBSU-JP:XX23 |
UBST-JP:XX24 |
Updates |
UBUM-JP:XX31 |
UBUR-JP:XX32 |
UBUU-JP:XX33 |
UBUT-JP:XX34 |
Backports |
UBBM-JP:XX41 |
UBBR-JP:XX42 |
UBBU-JP:XX43 |
UBBT-JP:XX44 |
Note - the XX in the ID will be determined based on the Ubuntu version. In Ubuntu 20.04 the XX will be “20”. For example, the patch from "release main" rollup will be “UBRM-JP:2011”.
Patch Description
Same as the Patch ID, the patch description will be generated by JetPatch and will be determined by the Ubuntu version, Component, and Pocket in the following logic:
|
Main |
Restricted |
Universe |
Multiverse |
Release |
version-main |
version-restricted |
version-universe |
version-multiverse |
Security |
version-security main |
version-security restricted |
version-release security universe |
version-security multiverse |
Updates |
version-updates main |
version-updates restricted |
version-updates universe |
version-updates multiverse |
Backports |
version-backports main |
version-backports restricted |
version-backports universe |
version-backports multiverse |
Note - the version variable will be the codename of the Ubuntu version (bionic, focal, xenial). For example, title from "release main" on Xenial will be xenial-main. Bionic = 20.04, Focal = 19.04, Xenial = 16.04
Patch Title
Combines the Patch ID + Patch Description. Example UBRM-JP:2011 bionic-main
Operating System
Each patch will belong to a single Operating System that will be visible in the Patches Catalog table.
Category
The patch Category will be determined by the pocket it belongs to:
- Release
- Security
- Updates
- Backports
Release Date
The Release Date for a patch will remain empty
Needed On
JetPatch will determine if there is a patch for Ubuntu is needed if there is an available update for a package that belongs to the rollup.
In case that there are no updates for any package in a specific rollup, the patch will be marked as compliant.
Rollback
Removal of Ubuntu patches is currently not supported.
Example1: Install all available security packages supported by the Ubuntu Security team
First, understand the security Patch IDs that are supported by the Ubuntu Security team
|
Main |
Restricted |
Security |
UBSM-JP:XX21 |
UBSR-JP:XX22 |
Why?
- Packages in the main and restricted channels are supported by the Ubuntu Security team (source)
- Packages the security pocket are supported by the Ubuntu Security team (source)
- These packages are under http://security.ubuntu.com/
Example with Ubuntu 16.04 (xenial)
Relevant Security Patch Titles to install in JetPatch
- UBSM-JP:1621 xenial-security main
- UBSR-JP:1622 xenial-security restricted
Example with Ubuntu 18.04 (bionic)
Relevant Patch Titles to install in JetPatch
- UBSM-JP:2021 bionic-security main
- UBSR-JP:2022 bionic-security restricted
Example with Ubuntu 20.04 (focal)
Relevant Patch Titles to install in JetPatch
- UBSM-JP:2021 focal-security main
- UBSR-JP:2022 focal-security restricted
Once a patch is deployed, it will only show as needed on again once there are new updates to deploy.
Example2: Install all available packages supported by the Ubuntu Security team
First, understand the Patch IDs that are supported by the Ubuntu Security team
|
Main |
Restricted |
Release |
UBRM-JP:XX11 |
UBRR-JP:XX12 |
Security |
UBSM-JP:XX21 |
UBSR-JP:XX22 |
Updates |
UBUM-JP:XX31 |
UBUR-JP:XX32 |
Why?
- Packages in the main and restricted channels are supported by the Ubuntu Security team (source)
- Packages in the release, security, and updates pockets are supported by the Ubuntu Security team (source)
Example with Ubuntu 16.04 (xenial)
Relevant Patch Titles to install in JetPatch
- UBRM-JP:1611 xenial-main
- UBRR-JP:1612 xenial-restricted
- UBSM-JP:1621 xenial-security main
- UBSR-JP:1622 xenial-security restricted
- UBUM-JP:1631 xenial-updates main
- UBUR-JP:1632 xenial-updates restricted
Example with Ubuntu 18.04 (bionic)
Relevant Patch Titles to install in JetPatch
- UBRM-JP:2011 bionic-main
- UBRR-JP:2012 bionic-restricted
- UBSM-JP:2021 bionic-security main
- UBSR-JP:2022 bionic-security restricted
- UBUM-JP:2031 bionic-updates main
- UBUR-JP:2032 bionic-updates restricted
Example with Ubuntu 20.04 (focal)
Relevant Patch Titles to install in JetPatch
- UBRM-JP:2011 focal-main
- UBRR-JP:2012 focal-restricted
- UBSM-JP:2021 focal-security main
- UBSR-JP:2022 focal-security restricted
- UBUM-JP:2031 focal-updates main
- UBUR-JP:2032 focal-updates restricted
Once a patch is deployed, it will only show as needed on again once there are new updates to deploy.
FAQ: How do I know which packages are going to be deployed during patch execution?

- Go to the Activities table
- Filter by the relevant Remediation Plan
- View the output of the "execute patch installation for single computer" activity on your Ubuntu machines.
- Download the output to view as shown below.
The following NEW packages will be installed:
linux-headers-5.4.0-80 linux-headers-5.4.0-80-generic
linux-image-5.4.0-80-generic linux-modules-5.4.0-80-generic
linux-modules-extra-5.4.0-80-generic
The following packages will be upgraded:
alsa-ucm-conf apt apt-utils cloud-init initramfs-tools initramfs-tools-bin
initramfs-tools-core libapt-pkg6.0 libnss-systemd libpam-modules
libpam-modules-bin libpam-runtime libpam-systemd libpam0g libprocps8
libssl1.1 libsystemd0 libudev1 linux-base linux-firmware linux-generic
linux-headers-generic linux-image-generic openssl procps python-apt-common
python3-apt python3-distupgrade snapd sosreport systemd systemd-sysv
systemd-timesyncd ubuntu-release-upgrader-core udev update-notifier-common
36 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Comments
0 comments
Please sign in to leave a comment.