When updating your packages using apt-get, you might get the following message:
# apt-get upgrade
Building Dependency Tree… Done
The following packages have been kept back:
xxxxxx xxxxxx xxxxxx xxxxxx
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
This means that there are packages which can be updated but they were not. So what are the reasons why some packages wouldn’t be updated ?
First let’s look at what apt-get upgrade does:
apt-get upgrade installs the newest versions of all packages which are already installed on the system from the configured sources. What apt-get upgrade doesn’t do is install additional packages or remove existing ones. The fact that it doesn’t install new packages is the reason why your packages are being kept back. These packages have an updated list of dependencies and apt-get would need to install new packages in order to install the new version of the software.
So what can you do about it ? There are basically 3 ways to handle it.
dist-upgrade
The first one is to use dist-upgrade. apt-get dist-upgrade does basically the same as upgrade. But additionally, it removes and installs packages in order to accommodate the updated list of dependencies of newer versions of the install packages.
When using diet-upgrade, you will be presented with a list of changes which will be applied. There will be a list of packages being additionally installed and a list of packages which will be removed.
You have to especially pay attention to the list of packages to be removed. In the list of packages to be removed, you will not only find packages being removed because they are not needed anymore but also packages which will be removed because they are not compatible with the latest version of the packages you are updating.
On my system, this is very often the case for Plesk which tends to force me to keep outdated packages for a little longer. Forcing an update of these packages would result in Plesk being uninstalled. Recovering from this is not very easy… Also, if you install beta versions of some software, you might also end up getting long list of packages to be removed because they would not be compatible anymore.
Also, you might in some cases have packages required by others but not cleanly listed as a dependency (once had this problem with subversion).
install
If you want to have the required packages installed but do not want to have packages removed, you can use apt install:
apt-get install <list of packages>This will first resolve the kept-back dependencies and will offer to install additionally required packages.
aptitude
Start aptitude, select the list of upgradable packages, press “g” twice to install.
Then answer the questions and follow the instructions.
Still problems?
If all of this doesn’t work, you may want to give some of the following a try. These are various things I’ve needed in some cases to get rid of conflicts using apt-get.
Reinstalling the packages kept back:
apt-get install --reinstall <list of packages>Checking for a given package, the installed and the versions available from the configured sources:
apt-cache policy <package name>Use aptitude instead of apt-get:
aptitude update && aptitude upgradeUse aptitude safe-upgrade to upgrade currently installed packages as well as install new packages to resolve new dependencies, but without removing installed packages:
aptitude safe-upgrade
On my Debian servers, I usually use apt-get dist-upgrade to make sure I will install the latest packages, specially security updates.
In many cases, dist-upgrade is a good solution, since it makes sure that the packages are installed even though the list of dependencies might change. I currently mostly use upgrade instead since I once almost uninstalled Plesk because of a dist-upgrade late in the night. So if you trust yourself to properly look at the list of packages to be uninstalled dist-upgrade is a good solution. Otherwise it might be safer to do an upgrade and use dist-upgrade only in those cases where packages are kept back.