Skip to content

Instantly share code, notes, and snippets.

@rrottmann
Created August 20, 2023 12:29
Show Gist options
  • Save rrottmann/b0f371a62950a9e149c4358772c5a647 to your computer and use it in GitHub Desktop.
Save rrottmann/b0f371a62950a9e149c4358772c5a647 to your computer and use it in GitHub Desktop.
Dist-Upgrade Debian 10 Buster to Debian 12 Bookworm
# Dist-Upgrade Debian 10 Buster to Debian 12 Bookworm
# Debian 10
apt-get -y update
apt-get -y upgrade
apt-get -y full-upgrade
cat > /etc/apt/sources.list <<"EOF"
deb http://deb.debian.org/debian/ bullseye main
deb-src http://deb.debian.org/debian/ bullseye main
deb http://security.debian.org/debian-security stable-security/updates main
deb-src http://security.debian.org/debian-security stable-security/updates main
deb http://deb.debian.org/debian/ bullseye-updates main
deb-src http://deb.debian.org/debian/ bullseye-updates main
EOF
apt-get clean
apt-get -y update
apt-get -y upgrade
apt-get -y full-upgrade
shutdown -r now
# Debian 11
cat > /etc/apt/sources.list <<"EOF"
deb http://deb.debian.org/debian/ bookworm main
deb-src http://deb.debian.org/debian/ bookworm main
deb http://security.debian.org/debian-security stable-security/updates main
deb-src http://security.debian.org/debian-security stable-security/updates main
deb http://deb.debian.org/debian/ bookworm-updates main
deb-src http://deb.debian.org/debian/ bookworm-updates main
EOF
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BDE6D2B9216EC7A8
apt-get clean
apt-get -y update
apt-get -y upgrade
apt-get -y full-upgrade
# issue with libcrypt.so.1
cd /tmp
apt -y download libcrypt1
dpkg-deb -x libcrypt1_1%3a4.4.25-2_amd64.deb .
cp -av lib/x86_64-linux-gnu/* /lib/x86_64-linux-gnu/
apt -y --fix-broken install
apt-get -y upgrade
apt-get -y full-upgrade
apt-get -y auto-remove
shutdown -r now
@eliliam
Copy link

eliliam commented Apr 25, 2024

Why run both apt-get upgrade and apt-get full-upgrade instead of just running apt-get full-upgrade to do all of the upgrades in one go?

@rrottmann
Copy link
Author

AFAIK apt-get -y upgrade only updates existing packages without removing installed packages or installing new dependencies. That way I want to make sure to install the latest bug fixes of the existing tooling. apt-get -y full-upgrade then is more invasive, as it also might install new packages or remove packages in the process.

@johannesobier
Copy link

johannesobier commented May 30, 2024

Modified one little detail:
Instead of
apt-get -y upgrade
I used
apt-get -y upgrade --without-new-pkgs

Otherwise I always got problems of type "broken dependencies"

But overall I'm very happy I found your Gist. Thanks!

@laszlomakk
Copy link

The "issue with libcrypt.so.1" (line 43) happens because you are accidentally double-upgrading directly from debian 10 to 12 already in the first round of upgrades, because of incorrect apt sources:

deb http://security.debian.org/debian-security stable-security/updates main
deb-src http://security.debian.org/debian-security stable-security/updates main

Instead of stable-security, it should e.g. be bullseye-security.
That is, do not use the term stable, instead always use codenames of specific versions.

See also https://groups.google.com/g/linux.debian.bugs.dist/c/3rZpOKvCh5E

@johannesobier
Copy link

Nope, I didn't make a direct upgrade from debian 10 to 12. But your hint about stable-security/updates vs. bullseye-security is correct. Because stable is time-dependend, not distribution-dependend.

@rrottmann
Copy link
Author

Thanks for pointing that out with stable-security.
Originally, I created this gist to update the baseimage of a lowend box, where this configuration was present in the base install. This already caused the grief during upgrade and I documented the process how to get it working again.

@damianharouff
Copy link

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BDE6D2B9216EC7A8 is likely also unnecessary if not using mismatched repos during upgrade, e.g. stable-security with bullseye when stable-security is pointing at bookworm.

@seigneurao
Copy link

Can confirm that the upgrades run flawlessly when using the respective bullseye-security and bookworm-security instead of stable-security.
Both libcrypt and keyserver tricks are not needed with the correct security repo links.
Thanks for the gist tho !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment