-
-
Save rrottmann/b0f371a62950a9e149c4358772c5a647 to your computer and use it in GitHub Desktop.
| # Debian 10 | |
| apt-get -y update | |
| apt-get -y upgrade --without-new-pkgs | |
| apt-get -y full-upgrade | |
| cat > /etc/apt/sources.list <<"EOF" | |
| deb http://deb.debian.org/debian/ bullseye main | |
| deb-src http://deb.debian.org/debian/ bullseye main | |
| deb http://security.debian.org/bullseye-security bullseye-security/updates main | |
| deb-src http://security.debian.org/bullseye-security bullseye-security/updates main | |
| deb http://deb.debian.org/debian/ bullseye-updates main | |
| deb-src http://deb.debian.org/debian/ bullseye-updates main | |
| EOF | |
| apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 605C66F00D6C9793 6ED0E7B82643E131 0E98404D386FA1D9 | |
| apt-get clean | |
| apt-get -y update | |
| apt-get -y upgrade --without-new-pkgs | |
| apt-get -y full-upgrade | |
| shutdown -r now | |
| # Debian 11 | |
| cat > /etc/apt/sources.list <<"EOF" | |
| deb http://deb.debian.org/debian/ bookworm main | |
| deb-src http://deb.debian.org/debian/ bookworm main | |
| deb http://security.debian.org/bookworm-security bookworm-security/updates main | |
| deb-src http://security.debian.org/bookworm-security bookworm-security/updates main | |
| deb http://deb.debian.org/debian/ bookworm-updates main | |
| deb-src http://deb.debian.org/debian/ bookworm-updates main | |
| EOF | |
| apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BDE6D2B9216EC7A8 | |
| apt-get clean | |
| apt-get -y update | |
| apt-get -y upgrade --without-new-pkgs | |
| apt-get -y full-upgrade | |
| # issue with libcrypt.so.1 | |
| cd /tmp | |
| apt -y download libcrypt1 | |
| dpkg-deb -x libcrypt1_1*a4.4.25-2_amd64.deb . | |
| cp -av lib/x86_64-linux-gnu/* /lib/x86_64-linux-gnu/ | |
| apt -y --fix-broken install | |
| apt-get -y upgrade --without-new-pkgs | |
| apt-get -y full-upgrade | |
| apt-get -y auto-remove | |
| shutdown -r now |
AFAIK apt-get -y upgrade only updates existing packages without removing installed packages or installing new dependencies. That way I want to make sure to install the latest bug fixes of the existing tooling. apt-get -y full-upgrade then is more invasive, as it also might install new packages or remove packages in the process.
Modified one little detail:
Instead of
apt-get -y upgrade
I used
apt-get -y upgrade --without-new-pkgs
Otherwise I always got problems of type "broken dependencies"
But overall I'm very happy I found your Gist. Thanks!
The "issue with libcrypt.so.1" (line 43) happens because you are accidentally double-upgrading directly from debian 10 to 12 already in the first round of upgrades, because of incorrect apt sources:
deb http://security.debian.org/debian-security stable-security/updates main
deb-src http://security.debian.org/debian-security stable-security/updates main
Instead of stable-security, it should e.g. be bullseye-security.
That is, do not use the term stable, instead always use codenames of specific versions.
See also https://groups.google.com/g/linux.debian.bugs.dist/c/3rZpOKvCh5E
Nope, I didn't make a direct upgrade from debian 10 to 12. But your hint about stable-security/updates vs. bullseye-security is correct. Because stable is time-dependend, not distribution-dependend.
Thanks for pointing that out with stable-security.
Originally, I created this gist to update the baseimage of a lowend box, where this configuration was present in the base install. This already caused the grief during upgrade and I documented the process how to get it working again.
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BDE6D2B9216EC7A8 is likely also unnecessary if not using mismatched repos during upgrade, e.g. stable-security with bullseye when stable-security is pointing at bookworm.
Can confirm that the upgrades run flawlessly when using the respective bullseye-security and bookworm-security instead of stable-security.
Both libcrypt and keyserver tricks are not needed with the correct security repo links.
Thanks for the gist tho !
When my provider notified me of an irreparable RAID error on a root server, I had to reinstall it using an outdated provider image. This gave me an opportunity to test the script and implement the changes, though I still needed the libcrypt1 fix.
Okay, interesting. I guess it's a regular case of YMMV.
I got error
Err:5 http://security.debian.org/bookworm-security bookworm-security/updates Release
404 Not Found [IP: 199.232.170.132 80]
Hit:6 http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-buster InRelease
Hit:7 http://packages.cloud.google.com/apt google-compute-engine-buster-stable InRelease
Reading package lists... Done
E: The repository 'http://security.debian.org/bookworm-security bookworm-security/updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
For me works next fix:
cat > /etc/apt/sources.list <<"EOF"
deb http://deb.debian.org/debian/ bookworm main
deb-src http://deb.debian.org/debian/ bookworm main
deb http://security.debian.org/debian-security bookworm-security main
deb-src http://security.debian.org/debian-security bookworm-security main
deb http://deb.debian.org/debian/ bookworm-updates main
deb-src http://deb.debian.org/debian/ bookworm-updates main
EOF
instead of: deb http://security.debian.org/bookworm-security bookworm-security/updates main
I have used deb http://security.debian.org/debian-security bookworm-security main
In the first update of the source, I have an error:
E: The repository 'http://security.debian.org/bullseye-security bullseye-security/updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
I changed it to :
deb http://security.debian.org/debian-security bullseye-security/updates main
deb-src http://security.debian.org/debian-security bullseye-security/updates main
Perfect for me. Tk's. I use PostgreSQL, MySQL, VMware, and apache2, php 5.6, 7.3, 8.1 and everything was perfect
apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Ign:2 http://security.debian.org/bullseye-security bullseye-security/updates InRelease
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Err:4 http://security.debian.org/bullseye-security bullseye-security/updates Release
404 Not Found [IP: 146.75.118.132 80]
Hit:5 http://repo.mysql.com/apt/debian buster InRelease
Hit:6 https://deb.nodesource.com/node_20.x nodistro InRelease
Reading package lists... Done
E: The repository 'http://security.debian.org/bullseye-security bullseye-security/updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Little error in your script:
deb http://security.debian.org/bullseye-security bullseye-security/updates main
deb-src http://security.debian.org/bullseye-security bullseye-security/updates main
replace by
deb http://security.debian.org/debian-security bullseye-security/updates main
deb-src http://security.debian.org/debian-security bullseye-security/updates main
thx for the script :)
I got error
Err:5 http://security.debian.org/bookworm-security bookworm-security/updates Release 404 Not Found [IP: 199.232.170.132 80] Hit:6 http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-buster InRelease Hit:7 http://packages.cloud.google.com/apt google-compute-engine-buster-stable InRelease Reading package lists... Done E: The repository 'http://security.debian.org/bookworm-security bookworm-security/updates Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.For me works next fix:
cat > /etc/apt/sources.list <<"EOF" deb http://deb.debian.org/debian/ bookworm main deb-src http://deb.debian.org/debian/ bookworm main deb http://security.debian.org/debian-security bookworm-security main deb-src http://security.debian.org/debian-security bookworm-security main deb http://deb.debian.org/debian/ bookworm-updates main deb-src http://deb.debian.org/debian/ bookworm-updates main EOFinstead of:
deb http://security.debian.org/bookworm-security bookworm-security/updates mainI have useddeb http://security.debian.org/debian-security bookworm-security main
Agree with Alexey and others after - change the url its fine.
The libcrypt I didn't have to deal with. However! usrmerge!
They are merging filesystems and links in /usr
I did NOT install usrmerge prior to upgrade from 11 to 12 - and ran into issues. If I installed the usrmerge after 11, but before 12, it all worked fine.
Note
2024-9-29 for the total updated scripts including all the suggestion above and tested well
Tags: Debain
Created: September 29, 2024 12:50 PM
Updated: September 29, 2024 1:09 PM
1. Debian10 - Debian11
apt-get -y update
apt-get -y upgrade --without-new-pkgs
apt-get -y full-upgrade
cat > /etc/apt/sources.list <<"EOF"
deb http://deb.debian.org/debian/ bullseye main
deb-src http://deb.debian.org/debian/ bullseye main
deb http://security.debian.org/debian-security bullseye-security/updates main
deb-src http://security.debian.org/debian-security bullseye-security/updates main
deb http://deb.debian.org/debian/ bullseye-updates main
deb-src http://deb.debian.org/debian/ bullseye-updates main
EOF
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 605C66F00D6C9793 6ED0E7B82643E131 0E98404D386FA1D9
apt-get clean
apt-get -y update
apt-get -y upgrade --without-new-pkgs
apt-get -y full-upgrade
shutdown -r now2. Debian11 - Debian12
cat > /etc/apt/sources.list <<"EOF"
deb http://deb.debian.org/debian/ bookworm main
deb-src http://deb.debian.org/debian/ bookworm main
deb http://security.debian.org/debian-security bookworm-security main
deb-src http://security.debian.org/debian-security bookworm-security main
deb http://deb.debian.org/debian/ bookworm-updates main
deb-src http://deb.debian.org/debian/ bookworm-updates main
EOF
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BDE6D2B9216EC7A8
apt-get clean
apt-get -y update
apt-get -y upgrade --without-new-pkgs
apt-get -y full-upgrade
# issue with libcrypt.so.1
cd /tmp
apt -y download libcrypt1
dpkg-deb -x libcrypt1_*.deb .
cp -av lib/x86_64-linux-gnu/* /lib/x86_64-linux-gnu/
apt -y --fix-broken install
apt-get -y upgrade --without-new-pkgs
apt-get -y full-upgrade
apt-get -y auto-remove
shutdown -r now
Why run both
apt-get upgradeandapt-get full-upgradeinstead of just runningapt-get full-upgradeto do all of the upgrades in one go?
Because that's what you do, stop asking such questions.
Why run both
apt-get upgradeandapt-get full-upgradeinstead of just runningapt-get full-upgradeto do all of the upgrades in one go?