Debian 11 to 12 » History » Revision 8
Revision 7 (Hannah Atkinson, 01/26/2024 03:59 PM) → Revision 8/9 (Hannah Atkinson, 01/26/2024 04:00 PM)
{{lastupdated_at}} by {{lastupdated_by}}
{{>toc}}
h1. Debian 11 to 12
h2. Pre update check
h3. Stretch check
Check if any sources still point to buster
<pre>
cd /etc/apt
grep -nr buster .
</pre>
If so, bring those up to bullseye and run updates first
https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11
h3. Metapackage check
Check to make sure kernel metapackage is installed, not just specific kernel
<pre>
dpkg -l "linux-image*" | grep ^ii | grep -i meta
</pre>
should have results
If not, install metapackage
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage
h3. Purged package check
List and purge removed packages with config files remaining
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#purge-removed-packages
<pre>
aptitude search '~c'
aptitude purge '~c'
</pre>
h3. Hold check
These commands should have no results
<pre>
aptitude search "~ahold"
dpkg --get-selections | grep 'hold$'
</pre>
h3. Update sources list
Check which sources exist that point to bullseye
<pre>
cd /etc/apt
grep -nr bullseye .
</pre>
Edit the main list, and any others that come up
<pre>
vim /etc/apt/sources.list
</pre>
replace bullseye with bookworm
<pre>
:%s/bullseye/bookworm/g
</pre>
replace bullseye/updates with bookworm-security (this is already done, don't need to change this)
<pre>
:%s/bookworm\/updates/bookworm-security/g
</pre>
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#security-archive
h2. Upgrade the system
h3. Update the sources
<pre>
apt-get update
</pre>
If you get a NO_PUBKEY error, see https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11#Common-problems
h3. Check for Necessary Disk Space
<pre>
apt-get -o APT::Get::Trivial-Only=true dist-upgrade
</pre>
h3. Minimal Upgrade
<pre>
apt-get upgrade
</pre>
if it asks whether to change /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg, say yes
other things it asks to change, say no, keep the existing file
h3. Full Upgrade
<pre>
apt-get dist-upgrade
</pre>
Change configs during full upgrade?
|package | change configs|
| nrpe | no |
| sudoers | no |
| journald | no |
| backupninja | no |
| nginx | yes but recheck after |
| redis | yes but recheck after |
| sshd_config | yes but recheck after |
| glibc | yes |
| logrotate.d/apache2 | yes |
h3. Upgrade MySQL databases (if MySQL/MariaDB installed)
<pre>
mysql_upgrade
</pre>
h2. Validation Testing and Auditing Changes Check that things are up
if a web server, make sure websites are up
if an infrastructure server, test and make sure all parts of the infrastructure are working properly
if a PTC server check the recovery plan entry for that server to make sure everything has recovered
h3.
Check what packages were removed
<pre>
cat /var/log/apt/history.log | grep Remove
</pre>
copy that into ongoing updates documentation for records
Make sure there was nothing important in there
If there were important packages in there
check aptitude to see if newer versions were already installed
check debian package search to search for what version is appropriate
https://packages.debian.org/
h2. Common problems
h3. NO_PUBKEY during update
W: GPG error: https://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FCC7D46ACCC4CF8
Add the key for the specified repository:
<pre>
0 meat:/etc/apt# sudo gpg -a --export 7FCC7D46ACCC4CF8 | sudo apt-key add -
</pre>
See https://askubuntu.com/questions/13065/how-do-i-fix-the-gpg-error-no-pubkey for more information
h3. Backupninja changes
After update, backupninja likely needs to be patched
https://redmine.palantetech.coop/projects/pt/wiki/Icinga2#Patch-the-backupninja-binary
Borg backup jobs to May First need to have port = 2201 added to the destination section.
Go to top