One of those routine system management tasks these days is checking to make sure that I'm up to date on vendor security releases and other updates. And when I'm not up to date, I generally want to know what's out of date; being out of date on diff is one thing, being out of date on a kernel or glibc is quite another. (For a start, I probably want to test the kernel a bit more before pushing it into our local update queue.)

Since I have a lot of systems, I like a concise report; say, one line with all the pending packages for systems that need updates, and total silence from systems that are current (in other words, I'm a Unix geek and I like Unix-style output).

Unfortunately, most package management systems are not quite as eager to accommodate my minimalism as I would like, so it takes some scripting work.

For anything with yum (Fedora Core, current Red Hat Enterprise, and probably others):

yum -d 1 check-update |
  awk '{print $1}'

In at least Fedora Core 4, this doesn't give you the literal package names; you get a bonus architecture glued on the back that you'll have to slice off if you really care. You also get a bonus blank line at the start (this may be a yum bug).

Debian makes it a little bit more annoying. I get to do:

apt-get -qq update
apt-get -qq -s -u upgrade |
  awk '$1 == "Inst" {print $2}'

(Assuming that Debian does not change apt-get's output someday. They might, and this is one reason apt is not my favorite program.)

In theory 'apt-get -qq update' could be dangerous, but I think the odds are pretty low.

Converting these to produce single-line output is left as an exercise to the reader.