{{lastupdated_at}} by {{lastupdated_by}}
{{>toc}}
h1. Debian 11 to 12
h2. Pre update check
h3. Stretch check
Check if any sources still point to buster
cd /etc/apt
grep -nr buster .
If so, bring those up to bullseye and run updates first
https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11
h3. Metapackage check
Check to make sure kernel metapackage is installed, not just specific kernel
dpkg -l "linux-image*" | grep ^ii | grep -i meta
should have results
If not, install metapackage
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage
h3. Purged package check
List and purge removed packages with config files remaining
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#purge-removed-packages
aptitude search '~c'
aptitude purge '~c'
h3. Hold check
These commands should have no results
aptitude search "~ahold"
dpkg --get-selections | grep 'hold$'
h3. Update sources list
Check which sources exist that point to bullseye
cd /etc/apt
grep -nr bullseye .
Edit the main list, and any others that come up
vim /etc/apt/sources.list
replace bullseye with bookworm
:%s/bullseye/bookworm/g
replace bullseye/updates with bookworm-security (this is already done, don't need to change this)
:%s/bookworm\/updates/bookworm-security/g
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#security-archive
h2. Upgrade the system
h3. Update the sources
apt-get update
If you get a NO_PUBKEY error, see https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11#Common-problems
h3. Check for Necessary Disk Space
apt-get -o APT::Get::Trivial-Only=true dist-upgrade
h3. Minimal Upgrade
apt-get upgrade
if it asks whether to change /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg, say yes
other things it asks to change, say no, keep the existing file
h3. Full Upgrade
apt-get dist-upgrade
Change configs during full upgrade?
|package | change configs|
| nrpe | no |
| sudoers | no |
| journald | no |
| backupninja | no |
| nginx | yes but recheck after |
| redis | yes but recheck after |
| sshd_config | yes but recheck after |
| glibc | yes |
| logrotate.d/apache2 | yes |
h3. Upgrade MySQL databases (if MySQL/MariaDB installed)
mysql_upgrade
h2. Validation Testing and Auditing Changes
if a web server, make sure websites are up
if an infrastructure server, test and make sure all parts of the infrastructure are working properly
if a PTC server check the recovery plan entry for that server to make sure everything has recovered
h3. Check what packages were removed
cat /var/log/apt/history.log | grep Remove
copy that into ongoing updates documentation for records
Make sure there was nothing important in there
If there were important packages in there
check aptitude to see if newer versions were already installed
check debian package search to search for what version is appropriate
https://packages.debian.org/
h2. Common problems
h3. NO_PUBKEY during update
W: GPG error: https://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FCC7D46ACCC4CF8
Add the key for the specified repository:
0 meat:/etc/apt# sudo gpg -a --export 7FCC7D46ACCC4CF8 | sudo apt-key add -
See https://askubuntu.com/questions/13065/how-do-i-fix-the-gpg-error-no-pubkey for more information
h3. Backupninja changes
After update, backupninja likely needs to be patched
https://redmine.palantetech.coop/projects/pt/wiki/Icinga2#Patch-the-backupninja-binary
Borg backup jobs to May First need to have port = 2201 added to the destination section.