"The following packages have been kept back:" Why and how do I solve it?

apt package-management

1,198,032

Solution 1

According to an article on debian-administration.org,

If the dependencies have changed on one of the packages you have installed so that a new package must be installed to perform the upgrade then that will be listed as "kept-back".

Cautious solution 1:

Per Pablo's answer, you can run sudo apt-get --with-new-pkgs upgrade, and it will install the kept-back packages.

This has the benefit of not marking the kept-back packages as "manually installed," which could force more user intervention down the line (see comments).

If Pablo's solution works for you, please upvote it. If not, please comment what went wrong.

Cautious solution 2:

The cautious solution is to run sudo apt-get install <list of packages kept back>. In most cases this will give the kept-back packages what they need to successfully upgrade.

Aggressive solution:

A more aggressive solution is to run sudo apt-get dist-upgrade, which will force the installation of those new dependencies.

But dist-upgrade can be quite dangerous. Unlike upgrade it may remove packages to resolve complex dependency situations. Unlike you, APT isn't always smart enough to know whether these additions and removals could wreak havoc.

So if you find yourself in a place where the "cautious solution" doesn't work, dist-upgrade may work... but you're probably better off learning a bit more about APT and resolving the dependency issues "by hand" by installing and removing packages on a case-by-case basis.

Think of it like fixing a car... if you have time and are handy with a wrench, you'll get some peace of mind by reading up and doing the repair yourself. If you're feeling lucky, you can drop your car off with your cousin dist-upgrade and hope she knows her stuff.

Solution 2

Whenever you receive from the command apt-get upgrade the message

The following packages have been kept back:

then to upgrade one or all of the kept-back packages, without doing a distribution upgrade (this is what dist-upgrade does, if I remember correctly) is to issue the command:

apt-get install <list of packages kept back>

this will resolve the kept-back issues and will ask to install additional packages, etc. as was explained by other answers.

Solution 3

_{I answered a similar question here.}

Try this Unix SE answer:

sudo apt-get --with-new-pkgs upgrade

This allows new packages to be installed. It will let you know what packages would be installed and prompt you before actually doing the install.

apt command (friendly alternative to apt-get) share this option.

Using apt install <pkg> instead will mark pkg as "manually installed"!! To mark it again as "automatically installed" use apt-mark auto <pkg> (see also subcommand showmanual). More info on this answer.

Solution 4

There are normally two reasons you may see this message.

If upgrading the program (via sudo apt-get upgrade) would cause packages to be added or removed, then the program will be held back. You can use sudo apt-get dist-upgrade in this case, which will then offer to add or remove the additional packages.

This is pretty common and usually not an issue. Occasionally (particularly during an Ubuntu alpha) a dist-upgrade will offer to remove a lot of other programs, in which case you probably want to cancel it.

If the package depends on packages or versions that are not available, then the program will be held back. You really can't do anything but wait in this circumstance, since the package is basically uninstallable. This can happen when packages get added to the repository out of order, when a package is renamed, or when a package stops providing a virtual package.

Solution 5

You can also try:

sudo aptitude safe-upgrade

It's safer than full-upgrade (originally named dist-upgrade) because "packages will not be removed unless they are unused".

From man aptitude:

safe-upgrade

Upgrades installed packages to their most recent version. Installed packages will not be removed unless they are unused /.../ Packages which are not currently installed may be installed to resolve dependencies unless the --no-new-installs command-line option is supplied.

View more solutions

1,198,032

jfoucher

Updated on September 17, 2022

Comments

jfoucher about 1 month
I just added a PPA repository for the development version of the GIMP, but I get this error:
```
$ apt-get update && apt-get upgrade
...
The following packages have been kept back:
  gimp gimp-data libgegl-0.0-0 libgimp2.0
```
Why and how can I solve it so that I can use the latest version instead of the one I have now?
- Admin about 1 year
  
  What a garbage message. Why can't the OS just do the needful?
andol about 12 years

What do you base that likelihood on, without knowing whatever he ran an apt-get upgrade or an apt-get dist-upgrade (alt. the aptitude equivalents)?
txwikinger about 12 years

this is the most occurring problem in support questions and bugs
Umang about 12 years

Agreed. You should probably wait and check you apt_preferences. This is often caused by development archives where the and available packages dependencies are changing very quickly. Wait for them to settle down and you may not need to dist-upgrade at all. If you'd still like to dist-upgrade, then look at the NEW packages to be installed and the packages to be removed before going ahead.
Postadelmaga about 10 years

This is my case because I get the "kept back" message using dist-upgrade
Cas about 10 years

As this is an accepted answer needs, it really needs updating to warn about using dist-upgrade on a stable system as many of the other answers below have pointed out. Personally I think there is a simpler/safer answer that needs promoted: apt-get install <list of pkgs>
crenshaw-dev about 10 years

Cas, should I just add that it could be dangerous to run a dist-upgrade on a stable system? Why exactly is that dangerous? (I honestly don't know apt all that well.)
Cas about 10 years

There is a Server Fault answer that explains dist-upgrade in a bit more detail. I think its just worth clarifying (not dangerous as such) that it may upgrade the entire system which may be beyond what the user expects/wants i.e. in the OP example they are wondering why gimp is being held back.
Admin almost 10 years

apt-get dist-upgrade is only dangerous if you have bad repositories in /etc/apt/sources.list*. It's good to be aware that dist-upgrade upgrades all packages, but with the default repositories, that should be fine. Not using dist-upgrade could be dangerous, as you might miss security updates.
Eliah Kagan over 9 years

Please note that sudo apt-get dist-upgrade can also remove packages. Consequently, it's best always to inspect the list of changes that will be made before agreeing to them, when running sudo apt-get dist-upgrade.
Admin over 9 years

apt-get dist-upgrade can remove as well as add packages, but it is not really dangerous. Any package installation command can cause serious damage if you have problems in your sources.list file! A regular apt-get upgrade command will install any package from any software source that is enabled; dist-upgrade is not unique in this way. Furthermore, using aptitude to perform any operation at all, at least on amd64, is much more dangerous than running apt-get dist-upgrade, in a release where bug 831768 isn't fixed.
Bibhas almost 9 years

Even aptitude upgrade worked for me.
tanius over 8 years

In cases where this problem is due to a messup with apt preferences (pinning), I found reinstallation of the kept packages helped me: apt-get install --reinstall <packages>.
ahmed hamdy over 7 years

I`am using Ubuntu 14.04 and I does not have aptitude command line
f.ardelian over 7 years

apt-get dist-upgrade gave me the same message, but this solved it for me. I had a package which was breaking the upgrade of another package. I didn't need the one I installed, so aptitude full-upgrade gave me the option to remove it so it could upgrade everything else.
Aaron McDaid over 7 years

I've extended the note warning that dist-upgrade is dangerous. I'm not very satisfied with what I've written. But I want a much more emphatic warning
Admin about 7 years

For me, it was easier (local machine with X running) to just open synaptic and force the package's upgrade. For some reason it didn't seem to show up at all where you described in synaptic.
John Mee about 7 years

Upgrades specific packages (and their dependencies) without the commitment (risks) of a dist-upgrade.
DevZer0 about 7 years

i had to use dist-upgrade to resume a failed release-upgrade the release-upgrade failed because of a previously broken package and after fixing that problem the only way to resume the remaining package upgrade was via dist-upgrade
syntaxerror about 7 years

@EliahKagan May I add that even apt-get upgrade can remove packages? It will always do that when there would be a version conflict otherwise. Think of llvm3.6 vs. llvm3.6v5 (with the "v5" meaning that it was compiled with gcc 5). These two cannot co-exist, only either of both can be kept on the system. So yes dist-upgrade may remove some packages as well, but it's not only dist-upgrade that would do this; under certain circumstances, upgrade would, as well.
Admin almost 7 years

If you tried dist-upgrade and some packages are still "kept back", you can try diagnosing the issue with sudo apt-get install <package>; you may find that it is failing because some dependencies are unresolvable (which dist-upgrade alone apparently will not tell you)
Admin over 6 years

Also sudo aptitude safe-upgrade
Alexis Wilke over 6 years

The graphical tool that offers you to upgrade your computer software that appears every day there are new software available... does an apt-get dist-upgrade every single time. It has nothing to do with upgrading to a new version of the OS (i.e. going from 12.04 to 14.04). It is more a form of distinction between kernel upgrades and other upgrades. In any event, you always want to do a dist-upgrade unless you need to keep running with some old version of software.
Jake almost 6 years

Is there a way to determine whether the held package needs a dependency that can't be installed or if it is being held because other packages depend on it. I have many held packages and I believe both of these cases may apply on my system.
geekQ almost 6 years

There is less dangerous option, which does not need listing every package manually: sudo apt-get --with-new-pkgs upgrade from unix.stackexchange.com/questions/38837/…
cram2208 over 5 years

When packages are kept back this way and I manually apt-get upgrade <list of packages>, if I redo apt-get upgrade, it will list the packages in question as no longer required and that I can use apt autoremove to remove them, which I do, and then one last apt-get upgrade and they are no longer listed as kept back... Very weird. Any thoughts?
nyxee about 5 years

I just attempted to upgrade from 14.04LTS to 16.04LTS. somehow i just got scared that i was lagging behind. so, if we can't upgrade smoothly, i wonder whats the point of keeping our systems. I wonder whether its advizeable tostay on LTS.
dinosaur about 5 years

@mac9416, you said "Think of it as upgrading from Ubuntu 12.04 to 14.04". Do you mean this literally? Will sudo apt-get dist-upgrade change which release of Ubuntu I am using?
crenshaw-dev about 5 years

@dinosaur it was a confusing analogy, so I edited it out. dist-upgrade does not change the release, because your sources.list files do not change. This answer should help you out.
crenshaw-dev about 5 years

Does apt-get install also remove packages when necessary to resolve gnarly dependency situations, or would you have to run a separate apt-get remove command to accomplish that part of the upgrade process?
Alex about 5 years

@cram2208 I believe that's the expected behaviour. The packages that were "automatically installed and [...] no longer required" are the previous versions of the upgraded packages, which are now no longer needed. apt autoremove then removes these unused dependencies.
ctrl-alt-delor about 5 years

apt-get install will also mark packages as manually installed, you may not want that. They wont un-install when you remove the package that depends on them.
ctrl-alt-delor about 5 years

+1 because it does not have side affect of causing packages to be marked as manually installed.
Eliah Kagan about 5 years

@syntaxerror Sorry, I just saw this. What you've described is precisely the situation where one must use dist-upgrade. Running apt-get upgrade does not remove packages. As the apt-get manual page says in the description of the upgrade action: "Packages currently installed with new versions available are retrieved and upgraded; under no circumstances are currently installed packages removed, or packages not already installed retrieved and installed." So dist-upgrade is categorically more powerful than upgrade.
l --marc l almost 5 years

If the upgrade would require a new package to be installed, the package will be "kept back." First consider using: sudo apt-get --with-new-pkgs upgrade which would not have side affect of causing packages to be marked as manually installed
Chai T. Rex over 4 years

Please don't use screenshots for terminal text, since that makes it unsearchable by Google and unreadable by some people. Instead, paste the terminal text into your answer, select that text, and press the {} button in the editor to properly format it.
Vasyl Lyashkevych over 4 years

@ChaiT.Rex Thanks for remarks, I will take it in opinion for the future.
jarno over 4 years

You could do it without --reinstall, too.
jarno over 4 years

@mac9416 yes it does.
jarno over 4 years

Funny thing is that it removes the libjpeg-turbo-progs package.
jarno over 4 years

@mac9416 see e.g. askubuntu.com/a/818101/21005
crenshaw-dev over 4 years

@jarno this leaves me to wonder what the difference between install and dist-upgrade truly is. Thanks for the heads-up.
jarno over 4 years

@mac9416 apt-get dist-upgrade decides which packages it will upgrade and may keep back packages. With apt-get install you have to name those packages expect maybe when using --fix-broken option.
crenshaw-dev over 4 years

@jarno well that's fair. I meant more in terms of how they handle un-installation of packages. Say you do an apt-get upgrade and packages foo and bar are held back. Previously I'd believed that apt-get install foo bar would upgrade the packages, but only if it didn't have to un-install anything to resolve dependencies; whereas apt-get dist-upgrade would upgrade the packages, uninstalling anything necessary to resolve dependencies. But now it seems as if they are both willing to un-install things.
jarno over 4 years

@mac9416 Use --no-remove with apt-get if you do not want to remove packages.
rew over 4 years

FYI, I tried the "cautious" method, apt-get install, and because i'm explicitly teling it to install a certain package, apt feels justified to remove others... You do get a chance to say "no, lets not go that way". I got into this mess with an apt-get autoremove that removed a "no longer necessary" package and now two packages are "kept back" and upgrading either will remove 12-15 other packages. Odd.
crenshaw-dev over 4 years

@rew the plot thickens. this comment agrees apt-get install removes packages. I'm honestly stumped now which is the "safer" solution.
ctrl-alt-delor over 4 years

The first “cautious” option, will also mark packages as manually installed. This may have a detrimental affect when installing another package that depends on them. E.g. You did apt install games then one day pingus is held back, so you do the fix, then next week you do apt remove games. But pingus will not be removed, as it was manually installed.
ctrl-alt-delor over 4 years

Note to who ever reads my comment above: not having the side effect of marking as manually installed is a good thing. I like this answer.
crenshaw-dev over 4 years

@ctrl-alt-delor is there a scenario where that "sticky" package will cause other (truly damaging) package management issues? Or does it just add the inconvenience of having to run an additional apt remove pingus to force the removal of that package?
jlh over 4 years

Thanks, the second reason was the issue for me. Even apt-get dist-upgrade refused to install it. Inspecting the package with aptitude showed that it depends on a package that isn't available. I guess I'll have to wait.
ctrl-alt-delor over 4 years

@mac9416 Probably not. Let me have a go at a scinario. What if it was a library, then it caused you to remove some library by mistake.
Markus Zeller over 4 years

Installing the kept package helped me also with open-vm-tools. Thank you for the solution and explanation.
crenshaw-dev over 4 years

@ctrl-alt-delor I feel like that's solved by just keeping an eye on the list of packages to be removed when you manually uninstall (for example) pingus.
ctrl-alt-delor over 4 years

@mac9416 if you want to do the job of apt, then you can do this. However I am not a computer, so I let apt manage my dependencies.
crenshaw-dev over 4 years

@ctrl-alt-delor if you're upgrading "kept-back" packages, you're already dabbling in the role of "human package manager" by altering its default behavior.
ctrl-alt-delor over 4 years

@mac9416 this answer askubuntu.com/a/862799/10473 is better. Dabble as little as possible. The argument that I dabbled a little, so I dabble a lot, is not valid. If you are just trying to legitimise your own dabbling, by telling others to do like wise, then please realise that you are legitimate and loved. You can do what ever you want on your own system.
crenshaw-dev over 4 years

@ctrl-alt-delor, that does look like a better solution. I'll edit to point folks further down the page.
crenshaw-dev over 4 years

So if you use sudo apt-get --with-new-pkgs upgrade without running apt-mark auto <pkg>, will everything be fine? Is the second command only necessary if you do choose to manually install held-back packages?
Pablo Bianchi over 4 years

Yes. apt-mark auto <pkg> should only be necessary to mark a package as being automatically installed (here the man page).
Franklin Yu almost 4 years

For some reason sudo apt-get --with-new-pkgs upgrade still shows the packages as "kept back". No error message.
Julius almost 4 years

Just want to add that for many up to date debian 9.6 server instances this was the absolute safest solution without breaking things. Thank you for this, Pablo, as I had luckily tested other options on staging environments beforehand, and could admin many servers up to security standards thanks to the --with-new-pkgs inclusion with much cleaner results for general future package management. Really, this UNIX SE answer should be upvoted!
drevicko over 3 years

@MichaelCrenshaw yes, that's the point here. apt-mark auto <pkg>' is for when you apt-get install <pkg>` for a pkg that was previously marked auto.
Andrew over 3 years

You can also add the --simulate switch to see what this command would do, without it actually doing it.
Admin over 2 years

@msanford Thank you! Your solution fixed it for me where sudo apt-get --with-new-pkgs upgrade did not.
Arun Panneerselvam over 2 years

After this operation, 2,548 MB disk space will be freed. You are about to do something potentially harmful. To continue type in the phrase 'Yes, do as I say!'
yucer about 2 years

I wonder if some of those actions in ubuntu LTS would break the LTS guaranty.
bernie over 1 year

full-upgrade does the same thing as dist-upgrade! This answer is wrong! See here askubuntu.com/questions/770135/…
l --marc l over 1 year

@bernie Answer updated per your observation.
sovemp over 1 year

First solution doesn't work at all, it just does nothing then says again "following packages have been kept back..."
DaVince over 1 year

I think something might have changed about the mechanism, because for me, dist-upgrade actually did nothing and it was the regular install command that asked me to remove the :i386 version of a package. Luckily, apt reports in detail what packages it affects and so I could successfully update the package that was being held back.
iRaS over 1 year

I have a strong opinion that it should be possible to force the release upgrade anyway. For example I have installed conky 1.11.3 because in 1.11.4 they introduced reparsing of lua-conky-parse expressions what makes it unusable. It seems they don't want to fix it: github.com/brndnmtthws/conky/issues/967 And I defenetly don't want to upgrade it - I set it to kept back manually.
Andrew Koster about 1 year

This solution doesn't have the side effect of causing packages to be marked as "manually installed". It also doesn't have the side effect of "actually installing the dang packages".
Andrew Koster about 1 year

This is the only answer that works and doesn't require a full distro upgrade.
Andrew Koster about 1 year

The package manager doesn't want to manage packages "without my permission" even though I manually typed sudo apt upgrade. Lol.
Andyc about 1 year

In my case even dist-upgrade didn't do anything (at least it didn't do any damage). I had to use both "Cautious solution #1" and "Cautious solution #2" in that sequence.
geneorama 11 months

"Unlike you, APT isn't always smart enough to know whether these additions and removals could wreak havoc." I've been using Ubuntu for 10+ years and I still don't know what 90% of the packages do when I update/upgrade, which is why I rely on the package manger. I have no idea what's using libsmbclient or libfreerdp-client2-2:amd64 or bamfdaemon is doing. I've come to this answer many times and been frustrated by the warning of dist-upgrade, which I always considered to be safe.
crenshaw-dev 11 months

@geneorama very fair criticism. 12+ years after writing this answer, I'm so far removed from APT internals that I'm not super confident in what's written there. Unless an APT developer can hop in and make authoritative edits (or someone w/ good references), I'm inclined to leave the answer as-is, especially since the "warn about dist-upgrade comment has 208 upvotes. But I share your frustration with the aggressive warning having so little to support it.
geneorama 11 months

@MichaelCrenshaw For the records, I appreciate your wonderful answer and follow up comments. Your first suggestion of installing the packages solved my "kept back" issue this time, but I know it hasn't in the past. I've installed R a dozen different ways, and I get this kept back thing often. I've also run dist-upgrade without obvious issue for about 10 years now. I still feel like a Linux Noob and I try to keep my important files in the cloud where they're safe from me.
UpTheCreek 7 months

This had no effect for me - packages still kept back.
Admin 7 months

dist-upgrade will not update/upgrade the whole distribution (like do-release-upgrade). It is a misnomer. Use full-upgrade equivalent.