"apt upgrade" says "The following packages have been kept back"

Continuing the discussion from Call Audio Update:

I just ran into this again, this time on a PureOS laptop but I think the reasons behind it are the same.

In my case now, when diong apt upgrade it said this:

The following packages have been kept back:
  gstreamer1.0-plugins-bad libavcodec-extra libavcodec-extra58 libavfilter7 libavformat58 libavresample4 libavutil56 libgstreamer-plugins-bad1.0-0 libpostproc55 libswresample3 libswscale5
0 upgraded, 0 newly installed, 0 to remove and 11 not upgraded.

Then I tried apt install for the first one of the “kept back” packages, like this:

sudo apt install gstreamer1.0-plugins-bad

Then it said this:

The following additional packages will be installed:
  libgstreamer-plugins-bad1.0-0 libsrt1.4-gnutls
Suggested packages:
The following packages will be REMOVED:
The following NEW packages will be installed:
The following packages will be upgraded:
  gstreamer1.0-plugins-bad libgstreamer-plugins-bad1.0-0

and after that I could do apt upgrade without any “kept back” problem.

I think the most interesting part is this:

The following packages will be REMOVED:
The following NEW packages will be installed:

that I think shows what happened: one dependency had changed from libsrt1-gnutls to libsrt1.4-gnutls and probably those are not compatible, so to install the new one, the old one must be removed. My theory is that the apt upgrade command has a policy of never removing anything, and when it encounters a situation where updates would require removal of some package, it does the “kept back” thing instead. In contrast, the apt install command is allowed to remove things, so therefore that workaround is possible.

I’m happy with this because I think I now understand what happens. However, it remains slightly annoying and I still wonder if it’s supposed to work like this or if something should be done differently in the distribution (in this case PureOS) repositories to avoid the “kept back” issue.


apt nor apt-get will remove installed packages during an upgrade.

If you are using apt then sudo apt full-upgrade should be used.

From man apt

Full-upgrade performs the function of upgrade but will remove currently installed packages if this is needed to upgrade the system as a whole.

If you prefer apt-get then sudo apt-get dist-upgrade can be used.

From man apt-get

In addition to performing the function of upgrade , this option also intelligently handles changing dependencies with new versions of packages; apt-get has a “smart” conflict resolution system, and it will attempt to upgrade the most important packages at the expense of less important ones, if necessary.


I’m waiting until this next happens.

One tricky thing is that if you use the GUI then you don’t really know whether it is doing upgrade or full-upgrade.

There was some similar discussion in one of the Matrix rooms.

Indeed, apt upgrade will not remove any packages, nor will it install any new packages, and so should either action be required for an upgrade, one needs to do apt full-upgrade or apt dist-upgrade (I think one just maps to the other, so they are equivalent)

1 Like

To add to the confusion, the man page for apt-get documents dist-upgrade but not full-upgrade while the man page for the apt command is the opposite … but apt dist-upgrade is not rejected as an error and does do something.

apt full-upgrade and apt-get dist-upgrade are not mapped to each other, they are different tools, similar in operation but subtly different. For example, apt full-upgrade IIRC will physically remove packages that it deems no longer have any other packages dependent them while apt-get dist-upgrade will remove the dependency but it will not physically remove the package from system, it’s output will list it as being installed but no longer required and leave it up to you to decide to keep, remove or purge.

apt and apt-get are separate utilities, there are subtle differences in some of the commands they share. To me, apt takes the more commonly used higher level commands of apt-get and apt-cache rolls them into one with a touch more user friendliness.


Now I got confused. Do you mean that apt is using apt-get and apt-cache?
In that case, I guess apt-get and apt-cache could be called lower level commands, when compared to the higher level command apt?

apt is it’s own standalone utility, it implements it’s own version of the commands.

see https://mvogt.wordpress.com/2014/04/04/apt-1-0/ for a little more detail.