How to Check Available Package Updates in Ubuntu/Debian Without Installing Them


2 views

As a Linux system administrator, I often need to review available package updates before actually installing them. This is crucial when managing production servers where certain packages must remain at specific versions for compatibility reasons. The standard apt-get upgrade command would immediately apply all available updates, which isn't always desirable.

The simplest method is to use the --dry-run flag with apt-get:

sudo apt-get upgrade --dry-run

This command simulates the upgrade process without making any actual changes to your system. It will display a list of packages that would be upgraded if you ran the command without the flag.

For a more detailed view of available updates, you can use:

apt list --upgradable

This command shows all packages that have newer versions available in your configured repositories, along with version information.

To refresh your package lists and then check for upgrades in one command:

sudo apt-get update && apt list --upgradable

If you want to prevent specific packages from being upgraded in future operations, you can hold them:

sudo apt-mark hold package_name

To view currently held packages:

sudo apt-mark showhold

For scripting purposes, you might want to parse the output. Here's a simple example using awk:

apt list --upgradable 2>/dev/null | awk -F/ '{print $1}'

This extracts just the package names from the upgradable list.

To check specifically for security updates:

sudo apt-get -s dist-upgrade | grep "^Inst" | grep -i security

Regularly checking for available updates without immediately installing them is a best practice for system maintenance. These techniques give you the information needed to make informed decisions about package updates while maintaining system stability.

When managing Debian/Ubuntu systems, administrators often need to audit available updates before applying them. The concern arises when certain packages (like kernel versions or critical dependencies) must remain unchanged while allowing other updates.

To see available updates without installing:

sudo apt update
apt list --upgradable

This shows all upgradable packages in the format:

package-name/version architecture [upgradable from: current-version]

For advanced preview with exclusions:

sudo apt -s upgrade

The -s flag performs a dry run. To exclude specific packages:

sudo apt -s upgrade | grep -v "excluded-package"

When you need to persistently block updates:

sudo apt-mark hold package-name
apt-mark showhold  # Verify held packages

Example workflow:

sudo apt update
sudo apt-mark hold nginx
apt list --upgradable
sudo apt upgrade  # Will skip nginx

The aptitude tool provides interactive preview:

sudo aptitude -s safe-upgrade

Key navigation:

  • Press u to preview updates
  • +/- to select/deselect packages
  • g twice to see the full change plan

For documentation purposes:

apt-get -s upgrade | grep "^Inst" > upgrade-report.txt

Or for JSON output (requires jq):

apt list --upgradable -a | awk -F/ '{print $1}' | \
xargs apt-cache show | jq -nR '[inputs|select(.!="")]' > packages.json