Updated 10 months ago by Hannah Siwiec

• Table of contents
• Debian 11 to 12
  • Pre update check
    • Stretch check
    • Metapackage check
    • Purged package check
    • Hold check
    • Update sources list
  • Upgrade the system
    • Update the sources
    • Check for Necessary Disk Space
    • Minimal Upgrade
    • Full Upgrade
    • Upgrade MySQL databases (if MySQL/MariaDB installed)
  • Validation Testing and Auditing Changes
    • Check what packages were removed
  • Common problems
    • NO_PUBKEY during update
    • Backupninja changes

Debian 11 to 12¶

Pre update check¶

Stretch check¶

Check if any sources still point to buster

cd /etc/apt
grep -nr buster .

If so, bring those up to bullseye and run updates first
https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11

Metapackage check¶

Check to make sure kernel metapackage is installed, not just specific kernel

dpkg -l "linux-image*" | grep ^ii | grep -i meta

should have results

If not, install metapackage
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage

Purged package check¶

List and purge removed packages with config files remaining
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#purge-removed-packages

aptitude search '~c'
aptitude purge '~c'

Hold check¶

These commands should have no results

aptitude search "~ahold" 
dpkg --get-selections | grep 'hold$'

Update sources list¶

Check which sources exist that point to bullseye

cd /etc/apt
grep -nr bullseye .

Edit the main list, and any others that come up

vim /etc/apt/sources.list

replace bullseye with bookworm

:%s/bullseye/bookworm/g

Good to check but should be done if upgraded from Debian 10 to 11
replace bullseye/updates with bookworm-security

:%s/bookworm\/updates/bookworm-security/g

https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#security-archive

Upgrade the system¶

Update the sources¶

apt-get update

Check for Necessary Disk Space¶

apt-get -o APT::Get::Trivial-Only=true dist-upgrade

Minimal Upgrade¶

 apt-get upgrade

if it asks whether to change /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg, say yes
other things it asks to change, say no, keep the existing file

Full Upgrade¶

apt-get dist-upgrade

Change configs during full upgrade?

package	change configs
nrpe	no
sudoers	no
journald	no
backupninja	no
nginx	yes but recheck after
redis	yes but recheck after
sshd_config	yes but recheck after
glibc	yes
logrotate.d/apache2	yes

Upgrade MySQL databases (if MySQL/MariaDB installed)¶

mysql_upgrade

Validation Testing and Auditing Changes¶

if a web server, make sure websites are up
    if an infrastructure server, test and make sure all parts of the infrastructure are working properly
    if a PTC server check the recovery plan entry for that server to make sure everything has recovered

Check what packages were removed¶

    cat /var/log/apt/history.log | grep Remove

copy that into ongoing updates documentation for records
Make sure there was nothing important in there
If there were important packages in there

• check aptitude to see if newer versions were already installed
• check debian package search to search for what version is appropriate (https://packages.debian.org/)

Common problems¶

NO_PUBKEY during update¶

When issues are encountered they should be listed here to ease future troubleshooting!

Backupninja changes¶

After update, backupninja likely needs to be patched
https://redmine.palantetech.coop/projects/pt/wiki/Icinga2#Patch-the-backupninja-binary

Borg backup jobs to May First need to have port = 2201 added to the destination section.