Debian 11 to 12

Pre update check

Stretch check

Check if any sources still point to buster

cd /etc/apt
grep -nr buster .

If so, bring those up to bullseye and run updates first
https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11

Metapackage check

Check to make sure kernel metapackage is installed, not just specific kernel

dpkg -l "linux-image*" | grep ^ii | grep -i meta

should have results

If not, install metapackage
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage

Purged package check

List and purge removed packages with config files remaining
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#purge-removed-packages

aptitude search '~c'
aptitude purge '~c'

Hold check

These commands should have no results

aptitude search "~ahold" 
dpkg --get-selections | grep 'hold$'

Update sources list

Check which sources exist that point to bullseye

cd /etc/apt
grep -nr bullseye .

Edit the main list, and any others that come up

vim /etc/apt/sources.list

replace bullseye with bookworm

:%s/bullseye/bookworm/g

replace bullseye/updates with bookworm-security (this is already done, don't need to change this)

:%s/bookworm\/updates/bookworm-security/g

https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#security-archive

Upgrade the system

Update the sources

apt-get update

If you get a NO_PUBKEY error, see https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11#Common-problems

Check for Necessary Disk Space

apt-get -o APT::Get::Trivial-Only=true dist-upgrade

Minimal Upgrade

 apt-get upgrade
if it asks whether to change /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg, say yes
other things it asks to change, say no, keep the existing file

Full Upgrade

apt-get dist-upgrade
Change configs during full upgrade?
package change configs
nrpe no
sudoers no
journald no
backupninja no
nginx yes but recheck after
redis yes but recheck after
sshd_config yes but recheck after
glibc yes
logrotate.d/apache2 yes

Upgrade MySQL databases (if MySQL/MariaDB installed)

mysql_upgrade

Check that things are up

if a web server, make sure websites are up
    if an infrastructure server, test and make sure all parts of the infrastructure are working properly
    if a PTC server check the recovery plan entry for that server to make sure everything has recovered


Check what packages were removed

    cat /var/log/apt/history.log | grep Remove

copy that into ongoing updates documentation for records
Make sure there was nothing important in there
If there were important packages in there
check aptitude to see if newer versions were already installed
check debian package search to search for what version is appropriate
https://packages.debian.org/

Common problems

NO_PUBKEY during update

W: GPG error: https://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FCC7D46ACCC4CF8

Add the key for the specified repository:

0 meat:/etc/apt# sudo gpg -a --export 7FCC7D46ACCC4CF8 | sudo apt-key add -

See https://askubuntu.com/questions/13065/how-do-i-fix-the-gpg-error-no-pubkey for more information

Backupninja changes

After update, backupninja likely needs to be patched
https://redmine.palantetech.coop/projects/pt/wiki/Icinga2#Patch-the-backupninja-binary

Borg backup jobs to May First need to have port = 2201 added to the destination section.