This just reminded me: when will Ubuntu (and Debian?) fix apt’s broken kernel update process? I have never seen a kernel update - security or otherwise - installed via a normal “apt update; apt upgrade” on any of our machines, it’s always “the following updates have been held back” and then it’s time to manually use dpkg to install the relevant updates.
“apt full-upgrade” will upgrade everything. It may also remove packages to fix higher priority dependencies, though I’ve never seen this happen in real life.
Happened to me yesterday with my Proxmox host. It wanted to install firmware-linux-free, which conflicted with pve-firmware. It decided it wanted to remove pve-firmware which would also completely remove proxmox-ve... Had to upgrade with --no-recommends.
You need to run dist-upgrade or some other variant that will install new packages to pull in kernel upgrades. The reason is that each new kernel is its own package, depended on by (in the case of Ubuntu for example), the linux-generic package. apt upgrade wont install new packages, dist-upgrade will.
other options include "apt upgrade --with-new-pkgs" or using unattended-upgrades to automatically install them.
apt's kernel update process is not broken, you've just somewhat borked your system either by removing the kernel meta package or messing with repository sources/priorities.
Make sure "linux-image-amd64" package is installed for Debian (and whatever equivalent package name for Ubuntu) and "apt upgrade" will install new kernel packages just fine.
(And this is actually not even needed for most kernel updates in Debian because most of the time package name stays same and updated in place, package name is only changed if ABI is changed and requires recompilation of DKMS modules)
It's not supposed to install via "apt upgrade", as that command won't pull in new packages or remove packages. Unlike most, kernel packages can co exist so they are all separate packages. Thus need the extra "apt-get dist-upgrade" or "apt full-upgrade" variants as they are new dependencies.
"apt upgrade" (unlike "apt-get upgrade") does pull in new packages, but it won't remove existing ones.
I don't see why "apt upgrade" wouldn't install the new kernel. It's hard to tell what when wrong without knowing any details.
Anyway, if apt decided to hold back a package for some reason, most of the time you should be able to install it with "apt(-get) install". Do not install packages with dpkg unless you know what you're doing.
