Upgrading packages with APT keeps a Debian host current within the release and repositories it already uses. A routine package upgrade refreshes metadata, reviews the pending transaction, applies same-release package changes, and confirms that no expected upgrades remain.

apt upgrade installs available upgrades for installed packages and can add new dependency packages when needed, but it does not remove installed packages. apt full-upgrade gives the resolver permission to remove packages, so use it only after a separate simulation and review.

Do not change source codenames during a normal package upgrade. Moving from one Debian release to another is a release-upgrade workflow with backups, source-file edits, package transitions, and reboot checks.

Steps to upgrade Debian packages with apt:

  1. Refresh the APT package lists.
    $ sudo apt update
    Get:1 http://deb.debian.org/debian trixie InRelease [140 kB]
    Get:2 http://deb.debian.org/debian trixie-updates InRelease [47.3 kB]
    Get:3 http://deb.debian.org/debian-security trixie-security InRelease [43.4 kB]
    ##### snipped #####
    Reading package lists...
    Building dependency tree...
    Reading state information...
    All packages are up to date.

    If this command reports signature, certificate, suite, or release-file errors, fix the source problem before upgrading packages.

  2. List packages that can be upgraded.
    $ apt list --upgradable
    Listing...

    No package lines after Listing… means APT has no available upgrades from the enabled repositories. When package lines appear, check the package names, suites, versions, and architecture before continuing.

  3. Check whether any packages are held.
    $ apt-mark showhold

    No output means no package is held by apt-mark. Held packages can explain an unexpected Not Upgrading count in a simulated upgrade.
    Related: How to hold a Debian package

  4. Simulate the routine upgrade.
    $ sudo apt --simulate upgrade
    Reading package lists...
    Building dependency tree...
    Reading state information...
    Calculating upgrade...
    Summary:
      Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0

    The simulation prints the resolver plan without changing installed packages. Stop when the package list does not match the maintenance window.

  5. Apply the package upgrades.
    $ sudo apt upgrade
    Reading package lists...
    Building dependency tree...
    Reading state information...
    Calculating upgrade...
    Summary:
      Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0

    Review the Summary before confirming on production hosts. Do not continue if the plan includes removals or package changes outside the intended maintenance window.

  6. Confirm no same-release package upgrades remain.
    $ apt list --upgradable
    Listing...

    An empty list means APT has no remaining upgradable package from the enabled sources. If packages remain, review holds, pins, backports, and repository mixing before considering apt full-upgrade.
    Related: How to pin a Debian package version

  7. Simulate a full upgrade only when dependency transitions remain.
    $ sudo apt --simulate full-upgrade
    Reading package lists...
    Building dependency tree...
    Reading state information...
    Calculating upgrade...
    Summary:
      Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0

    apt full-upgrade may remove installed packages. Treat any removal as a separate change decision, not as part of a routine same-release upgrade.