List Upgradable Packages in Linux

Last updated: March 18, 2024

Reviewed by: Michal Aibin

1. Introduction

Knowing what packages have upgrades available can be critical to the stability and security of a system. On the other hand, upgrading a package to a locally-unsupported, unsuitable, or unstable version can be equally bad.

In this tutorial, we’ll look at ways to check which packages are upgradable with different package managers.

We tested the code in this tutorial on Debian 11 (Bullseye) with GNU Bash 5.1.4 and apt 2.2.4. In addition, we used (yum) dnf 4.14.0 and snap 2.56.2 on Fedora 37, as well as zypper 1.14.57 on openSUSE 15.4 (Leap). Any code should work in most POSIX-compliant environments.

2. List apt Upgradable Packages

The Advanced Packaging Tool (APT) is the package manager of choice for Debian-based distributions.

For updating the source repository metadata, apt uses the update subcommand, while the upgrade subcommand downloads and installs new package versions. Along with synchronizing, installing, listing, and upgrading packages, apt can also show which packages are available for upgrade.

As usual, to know the current versions, we should synchronize our data with the repositories:

$ apt update
[...]
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
10 packages can be upgraded. Run 'apt list --upgradable' to see them.

In fact, we can already see and apply the first solution from the end of the output above:

$ apt list --upgradable
Listing... Done
[...]
linux-image-amd64/stable-security 5.10.149-2 amd64 [upgradable from: 5.10.140-1]

With the –upgradable argument to the list subcommand of apt, we list all packages that have a more recent version, providing information about the upgrade.

To actually perform the operations for installing that version, we run apt upgrade as usual. Alternatively, we can perform a dry run by adding one of several flags to apt upgrade:

  • -s
  • –simulate
  • –just-print
  • –dry-run
  • –recon
  • –no-act

Consequently, the command just prints a simulation of the potential actions without performing any:

$ apt --dry-run upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
  linux-image-5.10.0-19-amd64
The following packages will be upgraded:
[...]
Inst linux-image-5.10.0-19-amd64 (5.10.149-2 Debian-Security:11/stable-security [amd64])
Conf linux-image-5.10.0-19-amd64 (5.10.149-2 Debian-Security:11/stable-security [amd64])
Conf linux-image-amd64 (5.10.149-2 Debian-Security:11/stable-security [amd64])

Each line after the initial header information starts with an operation type:

  • Conf for configuration
  • Remv for removal
  • Inst for unpacking

Here, square brackets mean broken packages. Critically, kernel upgrades might be only partially listed since new versions there are usually treated as new packages.

3. List yum and dnf Upgradable Packages

On RPM-based Linux versions, either the Yellowdog Updater, Modified (YUM) package manager, or its successor, Dandified YUM (DNF), are usually preinstalled. Because of their close relationship and the deprecation of the former, yum is now commonly a symbolic link to dnf:

$ ls -l /usr/bin/yum
lrwxrwxrwx. 1 root root 5 Oct 10 01:01 /usr/bin/yum -> dnf-3

Still, the older deprecated yum is in use with earlier versions of some Linux distributions. While dnf uses the update subcommand as an alias for upgrade, in the original yum, upgrade removes obsolete packages, but update doesn’t. In all cases, metadata is fetched automatically.

Due to the deprecation of the original yum, we only use the dnf syntax, which should work for recent dnf and yum implementations.

In fact, synchronizing the list of current package versions also shows any upgradable packages:

$ dnf check-update
Last metadata expiration check: 6:56:00 ago on Mon 22 Nov 2022 06:56:00 AM EST.

NetworkManager.x86_64               1:1.40.2-1.fc37     updates
[...]
Obsoleting Packages
grub2-tools.x86_64                  1:2.06-63.fc37      updates
    grub2-tools.x86_64              1:2.06-58.fc37      @anaconda

Here, we see the check-update subcommand of dnf outputs each upgradable package on a separate line with its name and version.

4. List zypper Upgradable Packages

The main package management tool on SUSE, openSUSE, and their derivatives, is zypper.

Here, the refresh subcommand synchronizes the current metadata while update performs the actual upgrade. Again, unlike apt, zypper uses update instead of upgrade as the subcommand name.

Let’s start by refreshing all sources to get any potential new package versions:

$ zypper refresh
[...]
All repositories have been refreshed.

Next, we can show which of our current packages are upgradable:

$ zypper list-updates --all
zypper list-updates
Loading repository data...
Reading installed packages...
[...]

In this case, we use the list-updates subcommand of zypper to output the status, repository, name, current and available versions, as well as the architecture of –all packages that can be upgraded. There are ways to filter the list by supplying additional arguments to list-updates.

Of course, we perform the actual upgrade with zypper update. However, similar to apt, zypper has a –dry-run or -D flag to only show what would happen during an update without performing any actions:

$ zypper update --dry-run
Loading repository data...
Reading installed packages...

The following package update will NOT be installed:
  kernel-firmware

The following 66 packages are going to be upgraded:
[...]

The following 10 packages are going to be REMOVED:
[...]

The following package requires a system reboot:
[...]

66 packages to upgrade, 64 new, 10 to remove.
Overall download size: 666.0 MiB. Already cached: 0 B. After
the operation, 66.0 MiB will be freed.

    Note: System reboot required.
Continue? [y/n/v/...? shows all options] (y):

Naturally, continuing doesn’t actually perform the upgrade.

5. List snap Upgradable Packages

As a rising star, the distribution-agnostic Snap package manager can be installed on many systems.

Unlike other package managers, by default, snap automatically fetches metadata about new package versions at regular intervals:

$ snap refresh --time
timer: 00:00~24:00/4
[...]

Thus, we can directly check what an upgrade would include:

$ snap refresh --list
Name     Version   Rev    Size   Publisher   Notes
core20   20221027  1695   66MB   canonical✓  base
snapd    2.57.5    17576  52MB   canonical✓  snapd

By passing –list to the refresh subcommand of snap, we can list all upgradable packages. The output includes the name, version, revision, size, and publisher of the package, along with some notes.

6. Summary

In this article, we explored ways to check which packages on a given system currently have upgrades.

In conclusion, while there are different package managers, most have options to list upgradable packages without performing the actual upgrade operation.

Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.