Debian 11 to 12 » History » Revision 9
Revision 8 (Hannah Siwiec, 01/26/2024 04:00 PM) → Revision 9/13 (Hannah Siwiec, 01/26/2024 04:03 PM)
{{lastupdated_at}} by {{lastupdated_by}}
{{>toc}}
h1. Debian 11 to 12
h2. Pre update check
h3. Stretch check
Check if any sources still point to buster
<pre>
cd /etc/apt
grep -nr buster .
</pre>
If so, bring those up to bullseye and run updates first
https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11
h3. Metapackage check
Check to make sure kernel metapackage is installed, not just specific kernel
<pre>
dpkg -l "linux-image*" | grep ^ii | grep -i meta
</pre>
should have results
If not, install metapackage
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage
h3. Purged package check
List and purge removed packages with config files remaining
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#purge-removed-packages
<pre>
aptitude search '~c'
aptitude purge '~c'
</pre>
h3. Hold check
These commands should have no results
<pre>
aptitude search "~ahold"
dpkg --get-selections | grep 'hold$'
</pre>
h3. Update sources list
Check which sources exist that point to bullseye
<pre>
cd /etc/apt
grep -nr bullseye .
</pre>
Edit the main list, and any others that come up
<pre>
vim /etc/apt/sources.list
</pre>
replace bullseye with bookworm
<pre>
:%s/bullseye/bookworm/g
</pre>
*Good to check but should be done if upgraded from Debian 10 to 11*
replace bullseye/updates with bookworm-security
(this is already done, don't need to change this)
<pre>
:%s/bookworm\/updates/bookworm-security/g
</pre>
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#security-archive
h2. Upgrade the system
h3. Update the sources
<pre>
apt-get update
</pre>
If you get a NO_PUBKEY error, see https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11#Common-problems
h3. Check for Necessary Disk Space
<pre>
apt-get -o APT::Get::Trivial-Only=true dist-upgrade
</pre>
h3. Minimal Upgrade
<pre>
apt-get upgrade
</pre>
if it asks whether to change /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg, say yes
other things it asks to change, say no, keep the existing file
h3. Full Upgrade
<pre>
apt-get dist-upgrade
</pre>
Change configs during full upgrade?
|package | change configs|
| nrpe | no |
| sudoers | no |
| journald | no |
| backupninja | no |
| nginx | yes but recheck after |
| redis | yes but recheck after |
| sshd_config | yes but recheck after |
| glibc | yes |
| logrotate.d/apache2 | yes |
h3. Upgrade MySQL databases (if MySQL/MariaDB installed)
<pre>
mysql_upgrade
</pre>
h2. Validation Testing and Auditing Changes
if a web server, make sure websites are up
if an infrastructure server, test and make sure all parts of the infrastructure are working properly
if a PTC server check the recovery plan entry for that server to make sure everything has recovered
h3. Check what packages were removed
<pre>
cat /var/log/apt/history.log | grep Remove
</pre>
copy that into ongoing updates documentation for records
Make sure there was nothing important in there
If there were important packages in there
*
check aptitude to see if newer versions were already installed
*
check debian package search to search for what version is appropriate (https://packages.debian.org/)
https://packages.debian.org/
h2. Common problems
h3. NO_PUBKEY during update
When issues are encountered they should W: GPG error: https://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease: The following signatures couldn't be listed here to ease future troubleshooting! verified because the public key is not available: NO_PUBKEY 7FCC7D46ACCC4CF8
Add the key for the specified repository:
<pre>
0 meat:/etc/apt# sudo gpg -a --export 7FCC7D46ACCC4CF8 | sudo apt-key add -
</pre>
See https://askubuntu.com/questions/13065/how-do-i-fix-the-gpg-error-no-pubkey for more information
h3. Backupninja changes
After update, backupninja likely needs to be patched
https://redmine.palantetech.coop/projects/pt/wiki/Icinga2#Patch-the-backupninja-binary
Borg backup jobs to May First need to have port = 2201 added to the destination section.
Go to top