Fli
10-04-2024, 12:26 PM
Some steps that may be done and issues faced during upgrade from a Debian 11 to Debian 12.
Commenting out bullseye-backports repositories in apt sources list /etc/apt/sources.list
Many steps mentioned below, are based on https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html (note that your architecture in the URL may be different than amd64 in URL)
Possibly good to check also: https://wiki.debian.org/DebianUpgrade
# Listed some non-standard packages and removed ones I have installed and no longer used:
apt list '?narrow(?installed, ?not(?origin(Debian)))'
# cleaned-up some leftover files:
sudo find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error' -delete
# unhold some packages that i have set to be hold from any upgrades (shown by "apt-mark showhold" or "apt update"):
apt-mark showhold
sudo apt-mark unhold packagename && sudo apt update
# Make a packages audit, save list of packages, ensure no holds:
dpkg --audit
dpkg --get-selections | grep 'hold$' # i guess it should not output anything, we want to upgrade everything and do not hold upgrades of any package
dpkg --get-selections "*" > ~/curr-pkgs.${old}.txt
aptitude search "~ahold" # i guess it should not output anything, we want to upgrade everything and do not hold upgrades of any package
# Made sure there has been no "proposed-updates" containing lines in source-list files (in my case none, so no commenting using # has been needed):
grep -Ria proposed-updates /etc/apt/sources.list.d/
# replaced non-free by non-free-firmware in /etc/apt/sources.list and then checked if no errors during "sudo apt update".
# Removed some unnecessary pinning by removing appropriate files in output of a "ls /etc/apt/preferences.d/; cat /etc/apt/preferences" to allow the upgrade of packages to the versions in the new stable release.
# check free space. It should be able to save downloaded and installed packages (2-6GB?): df /
# converting apt sources for using new release by replacing possible bullseye (Debian 11) labels by a bookworm:
export new=bookworm; export old=bullseye
sudo sed -e "s/${old}/${new}/gi" -i /etc/apt/sources.list /etc/apt/sources.list.d/*.list
sudo sed -e 's:bullseye/updates:bullseye-security:g' -i /etc/apt/sources.list /etc/apt/sources.list.d/*.list
screen -U
script -t 2>~/upgrade-${new}.time -a ~/upgrade-${new}.script # enable logging terminal output and times into a two files
sudo apt-get clean && sudo apt update && sudo apt upgrade && sudo apt full-upgrade
# it prompted several times.
# upgrade had updated version of a /etc/security/limits.conf . Showing differences shown i had some cutomizations like:
* soft nofile 100000
* hard nofile 100000
# so i have taken a note about this, used updated version and then will add my changes again manually.
# Spotted some weird thing. It kind of warned about removing cron dependency even the cron new version was apparently installed again after old cron removal. Seems redundant such "warning":
dpkg: cron: dependency problems, but removing anyway as you requested:
backintime-common depends on cron | cron-daemon; however:
Package cron is to be removed.
Package cron-daemon is not installed.
Package cron which provides cron-daemon is to be removed.
backintime-common depends on cron | cron-daemon; however:
Package cron is to be removed.
Package cron-daemon is not installed.
Package cron which provides cron-daemon is to be removed.
(Reading database ... 272966 files and directories currently installed.)
Removing cron (3.0pl1-137) ...
Selecting previously unselected package cron-daemon-common.
(Reading database ... 272946 files and directories currently installed.)
Preparing to unpack .../cron-daemon-common_3.0pl1-162_all.deb ...
Unpacking cron-daemon-common (3.0pl1-162) ...
Setting up cron-daemon-common (3.0pl1-162) ...
Installing new version of config file /etc/crontab ...
Selecting previously unselected package cron.
(Reading database ... 272953 files and directories currently installed.)
Preparing to unpack .../cron_3.0pl1-162_amd64.deb ...
Unpacking cron (3.0pl1-162) ...
Preparing to unpack .../anacron_2.3-36_amd64.deb ...
Unpacking anacron (2.3-36) over (2.3-30) ...
Preparing to unpack .../logrotate_3.21.0-1_amd64.deb ...
Following customizations (again reported during upgrade) should be later IMO pasted into custom new conf files not into default files (to prevent the need to re-apply changes on each upgrade), if possible:
/etc/systemd/journald.conf
SystemMaxUse=100M
/etc/sudoers
-user ALL=(ALL:ALL) /usr/bin/systemctl
-user ALL=(ALL:ALL) /usr/sbin/zpool
-user ALL=(ALL:ALL) /usr/sbin/zfs
-user ALL=(ALL:ALL) /home/user/.local/bin/tt
-user ALL=(ALL:ALL) /usr/bin/backintime
/etc/logrotate.d/rsyslog
/var/log/syslog
-/var/log/mail.info
-/var/log/mail.warn
-/var/log/mail.err
/var/log/mail.log
-/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
-/var/log/lpr.log
/var/log/cron.log
-/var/log/debug
-/var/log/messages
{
- rotate 0
+ rotate 4
weekly
missingok
notifempty
- maxsize 5M
- maxage 30
-# compress
-# delaycompress
+ compress
+ delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
/etc/rsyslog.conf
*.*;auth,authpriv.none,cron.none -/var/log/syslog
$ systemctl restart rsyslog
│ multicast dns register = no |
│ path = /var/spool/samba | path = /var/tmp
│ -; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u │ ???????????
Setting up udev (252.30-1~deb12u2) ...
configuration error - unknown item 'NONEXISTENT' (notify administrator)
configuration error - unknown item 'PREVENT_NO_AUTH' (notify administrator)
Setting up openssh-client (1:9.2p1-2+deb12u3) ...
configuration error - unknown item 'NONEXISTENT' (notify administrator)
configuration error - unknown item 'PREVENT_NO_AUTH' (notify administrator)
$ sudo update-initramfs -u
update-initramfs: Generating /boot/initrd.img-6.1.0-25-amd64
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8156b-2.fw for module r8152
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8156a-2.fw for module r8152
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8153c-1.fw for module r8152
cryptsetup: ERROR: sdb5_crypt: Source mismatch
-→ module r8152 missing firmware has been fixed by "sudo apt install firmware-realtek" which resulted in:
The following additional packages will be installed:
firmware-amd-graphics firmware-misc-nonfree
The following packages will be upgraded:
firmware-amd-graphics firmware-misc-nonfree firmware-realtek
$ grep crypt /etc/crypttab
sdb5_crypt UUID=fUIDhere none luks,discard
$ sudo blkid|grep crypt
/dev/nvme0n1p5: UUID="fUIDhere" TYPE="crypto_LUKS" PARTUUID="..."
/dev/mapper/sdb5_crypt: UUID="3UIDhere" TYPE="LVM2_member"
/dev/sda5: UUID="fUIDhere" TYPE="crypto_LUKS" PARTUUID="..."
(/dev/nvme0n1p5 is the clone of the /dev/sda5 if i am not mistaken)
This works to get rid of the mismatch error in initramfs update: sudo cryptsetup luksUUID --uuid=newuuid /dev/sda5
I am unsure if it is good.
I have replaced "errors=remount-ro" by "errors=remount-ro,nofail" inside /etc/fstab as someone suggested.
reboot
Under kernel 6 boot fails (older one works):
kernel6:
cryptsetup: sd5_crypt: set up successfully
/dev/mapper/computer--vg-root: clean...
systemd[1]: Failed to look up module alias 'autofs4': function not implemented
[UNSUPP] Starting of Arbitrary Executable File Formats File System Automount Point not supported.
systemd[1]: Failed to start Load Kernel Modules
[FAILED] Failed to start Load Kernel Modules
[FAILED] Failed to start Install ZFS kernel module.
[DEPEND] Dependency failed for Import ZFS pools by cache file.
[FAILED] Failed to mount /boot/efi.
[DEPEND] Dependency failed for Local File Systems.
[FAILED] Failed to start netfilter persistent configuration.
Reached target network
...
You are in emergency mode.
So under older kernel 5.10.0-32-amd64 it booted OK.
uname -a ; lsb_release -a
"sudo apt update" returned:
W: http://ppa.launchpad.net/nicotine-team/stable/ubuntu/dists/lunar/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/dists/debian/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
I have got rid of the first warning by removing /etc/apt/sources.list.d/*nicotine* files.
Possibly remove absolete packages: https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html#obsolete
If things are working, cleanup can be done:
sudo apt clean # remove the packages that have been previously downloaded for installation
sudo apt autoremove # remove no longer needed packages downloaded to satisfy dependencies for other packages and are now no longer needed..
Commenting out bullseye-backports repositories in apt sources list /etc/apt/sources.list
Many steps mentioned below, are based on https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html (note that your architecture in the URL may be different than amd64 in URL)
Possibly good to check also: https://wiki.debian.org/DebianUpgrade
# Listed some non-standard packages and removed ones I have installed and no longer used:
apt list '?narrow(?installed, ?not(?origin(Debian)))'
# cleaned-up some leftover files:
sudo find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error' -delete
# unhold some packages that i have set to be hold from any upgrades (shown by "apt-mark showhold" or "apt update"):
apt-mark showhold
sudo apt-mark unhold packagename && sudo apt update
# Make a packages audit, save list of packages, ensure no holds:
dpkg --audit
dpkg --get-selections | grep 'hold$' # i guess it should not output anything, we want to upgrade everything and do not hold upgrades of any package
dpkg --get-selections "*" > ~/curr-pkgs.${old}.txt
aptitude search "~ahold" # i guess it should not output anything, we want to upgrade everything and do not hold upgrades of any package
# Made sure there has been no "proposed-updates" containing lines in source-list files (in my case none, so no commenting using # has been needed):
grep -Ria proposed-updates /etc/apt/sources.list.d/
# replaced non-free by non-free-firmware in /etc/apt/sources.list and then checked if no errors during "sudo apt update".
# Removed some unnecessary pinning by removing appropriate files in output of a "ls /etc/apt/preferences.d/; cat /etc/apt/preferences" to allow the upgrade of packages to the versions in the new stable release.
# check free space. It should be able to save downloaded and installed packages (2-6GB?): df /
# converting apt sources for using new release by replacing possible bullseye (Debian 11) labels by a bookworm:
export new=bookworm; export old=bullseye
sudo sed -e "s/${old}/${new}/gi" -i /etc/apt/sources.list /etc/apt/sources.list.d/*.list
sudo sed -e 's:bullseye/updates:bullseye-security:g' -i /etc/apt/sources.list /etc/apt/sources.list.d/*.list
screen -U
script -t 2>~/upgrade-${new}.time -a ~/upgrade-${new}.script # enable logging terminal output and times into a two files
sudo apt-get clean && sudo apt update && sudo apt upgrade && sudo apt full-upgrade
# it prompted several times.
# upgrade had updated version of a /etc/security/limits.conf . Showing differences shown i had some cutomizations like:
* soft nofile 100000
* hard nofile 100000
# so i have taken a note about this, used updated version and then will add my changes again manually.
# Spotted some weird thing. It kind of warned about removing cron dependency even the cron new version was apparently installed again after old cron removal. Seems redundant such "warning":
dpkg: cron: dependency problems, but removing anyway as you requested:
backintime-common depends on cron | cron-daemon; however:
Package cron is to be removed.
Package cron-daemon is not installed.
Package cron which provides cron-daemon is to be removed.
backintime-common depends on cron | cron-daemon; however:
Package cron is to be removed.
Package cron-daemon is not installed.
Package cron which provides cron-daemon is to be removed.
(Reading database ... 272966 files and directories currently installed.)
Removing cron (3.0pl1-137) ...
Selecting previously unselected package cron-daemon-common.
(Reading database ... 272946 files and directories currently installed.)
Preparing to unpack .../cron-daemon-common_3.0pl1-162_all.deb ...
Unpacking cron-daemon-common (3.0pl1-162) ...
Setting up cron-daemon-common (3.0pl1-162) ...
Installing new version of config file /etc/crontab ...
Selecting previously unselected package cron.
(Reading database ... 272953 files and directories currently installed.)
Preparing to unpack .../cron_3.0pl1-162_amd64.deb ...
Unpacking cron (3.0pl1-162) ...
Preparing to unpack .../anacron_2.3-36_amd64.deb ...
Unpacking anacron (2.3-36) over (2.3-30) ...
Preparing to unpack .../logrotate_3.21.0-1_amd64.deb ...
Following customizations (again reported during upgrade) should be later IMO pasted into custom new conf files not into default files (to prevent the need to re-apply changes on each upgrade), if possible:
/etc/systemd/journald.conf
SystemMaxUse=100M
/etc/sudoers
-user ALL=(ALL:ALL) /usr/bin/systemctl
-user ALL=(ALL:ALL) /usr/sbin/zpool
-user ALL=(ALL:ALL) /usr/sbin/zfs
-user ALL=(ALL:ALL) /home/user/.local/bin/tt
-user ALL=(ALL:ALL) /usr/bin/backintime
/etc/logrotate.d/rsyslog
/var/log/syslog
-/var/log/mail.info
-/var/log/mail.warn
-/var/log/mail.err
/var/log/mail.log
-/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
-/var/log/lpr.log
/var/log/cron.log
-/var/log/debug
-/var/log/messages
{
- rotate 0
+ rotate 4
weekly
missingok
notifempty
- maxsize 5M
- maxage 30
-# compress
-# delaycompress
+ compress
+ delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
/etc/rsyslog.conf
*.*;auth,authpriv.none,cron.none -/var/log/syslog
$ systemctl restart rsyslog
│ multicast dns register = no |
│ path = /var/spool/samba | path = /var/tmp
│ -; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u │ ???????????
Setting up udev (252.30-1~deb12u2) ...
configuration error - unknown item 'NONEXISTENT' (notify administrator)
configuration error - unknown item 'PREVENT_NO_AUTH' (notify administrator)
Setting up openssh-client (1:9.2p1-2+deb12u3) ...
configuration error - unknown item 'NONEXISTENT' (notify administrator)
configuration error - unknown item 'PREVENT_NO_AUTH' (notify administrator)
$ sudo update-initramfs -u
update-initramfs: Generating /boot/initrd.img-6.1.0-25-amd64
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8156b-2.fw for module r8152
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8156a-2.fw for module r8152
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8153c-1.fw for module r8152
cryptsetup: ERROR: sdb5_crypt: Source mismatch
-→ module r8152 missing firmware has been fixed by "sudo apt install firmware-realtek" which resulted in:
The following additional packages will be installed:
firmware-amd-graphics firmware-misc-nonfree
The following packages will be upgraded:
firmware-amd-graphics firmware-misc-nonfree firmware-realtek
$ grep crypt /etc/crypttab
sdb5_crypt UUID=fUIDhere none luks,discard
$ sudo blkid|grep crypt
/dev/nvme0n1p5: UUID="fUIDhere" TYPE="crypto_LUKS" PARTUUID="..."
/dev/mapper/sdb5_crypt: UUID="3UIDhere" TYPE="LVM2_member"
/dev/sda5: UUID="fUIDhere" TYPE="crypto_LUKS" PARTUUID="..."
(/dev/nvme0n1p5 is the clone of the /dev/sda5 if i am not mistaken)
This works to get rid of the mismatch error in initramfs update: sudo cryptsetup luksUUID --uuid=newuuid /dev/sda5
I am unsure if it is good.
I have replaced "errors=remount-ro" by "errors=remount-ro,nofail" inside /etc/fstab as someone suggested.
reboot
Under kernel 6 boot fails (older one works):
kernel6:
cryptsetup: sd5_crypt: set up successfully
/dev/mapper/computer--vg-root: clean...
systemd[1]: Failed to look up module alias 'autofs4': function not implemented
[UNSUPP] Starting of Arbitrary Executable File Formats File System Automount Point not supported.
systemd[1]: Failed to start Load Kernel Modules
[FAILED] Failed to start Load Kernel Modules
[FAILED] Failed to start Install ZFS kernel module.
[DEPEND] Dependency failed for Import ZFS pools by cache file.
[FAILED] Failed to mount /boot/efi.
[DEPEND] Dependency failed for Local File Systems.
[FAILED] Failed to start netfilter persistent configuration.
Reached target network
...
You are in emergency mode.
So under older kernel 5.10.0-32-amd64 it booted OK.
uname -a ; lsb_release -a
"sudo apt update" returned:
W: http://ppa.launchpad.net/nicotine-team/stable/ubuntu/dists/lunar/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/dists/debian/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
I have got rid of the first warning by removing /etc/apt/sources.list.d/*nicotine* files.
Possibly remove absolete packages: https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html#obsolete
If things are working, cleanup can be done:
sudo apt clean # remove the packages that have been previously downloaded for installation
sudo apt autoremove # remove no longer needed packages downloaded to satisfy dependencies for other packages and are now no longer needed..