Debian 12 Bookworm will be released very soon, on June 10 2023. The Debian Testing tree is now very close to the final release, so now is a good moment to start testing Bookworm if you did not do so. I already upgraded some of my server systems to Bookworm and I’m also running on all my desktop systems, so here are some notes of the upgrade process. Keep in mind that upgrading to Bookworm is only supported if you are running Bullseye. If you are running an older version of Debian (Buster), you will need to upgrade to Bullseye first and after that upgrade to Bookworm.
First of all, start with reading the release notes, it contains a very detailed howto guide describing all steps to upgrade your system to Bookworm. It also lists all major changes and important things to know before you upgrade.
First check which packages you have installed which do not come from the official Debian repositories with this command:
# apt list '?narrow(?installed, ?not(?origin(Debian)))'
Because these are not official Debian packages, Debian developers cannot guarantee that they will work correctly and will not conflict or cause compatibility problems when upgrading your system. For that reason, you should seriously consider uninstalling them during the upgrade process.
On one system I had a locally built snuffleupagus package installed. This package was built against a particular PHP version and because a newer Debian release will also include a newer PHP version, this could break things. So i removed this package:
# apt remove snuffleupagus
Then you need to verify whether you have put any packages on hold. Packages on hold will never be upgraded, so this can prevent a correct upgrade. Check all held packages with this command:
# apt-mark showhold
You can unhold them with this command:
# apt-mark unhold packagename
Then we need to adapt our apt sources.list and preferences.
You should have this in
/etc/apt/sources.list (or in a
deb [arch=amd64,i386] http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
deb [arch=amd64,i386] http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb [arch=amd64,i386] http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
deb [arch=amd64,i386] http://deb.debian.org/debian/ bookworm-proposed-updates main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-proposed-updates main contrib non-free non-free-firmware
Note the new
non-free-firmware repository: non-free firmware used to be included in the
non-free repository, but now they are in a new separate repository, so you will need to add that.
Then we need to set up the priorities of the different repositories in
/etc/apt/preferences (or a ;pref file in
Pin: release n=bookworm
Pin: release n=bookworm-security
Pin: release n=bookworm-proposed-updates
Pin: release n=bookworm-backports
Pin: release n=bullseye
Pin: release n=bullseye-security
Pin: release n=bullseye-proposed-updates
Pin: release n=bullseye-backports
Pin: release n=trixie
Pin: release a=unstable
Pin: release a=experimental
This gives the highest priority to all packages in Bookworm and the security updates, with a lower priority to the Bookworm proposed updates and then Bookworm backports. I added Bullseye in case you still need the Bullseye repositories for some reason. I also add Trixie (code name for what will become testing when Bullseye gets released) and sid (unstable) and experimental on the lowest priorities. Of course you can remove them from your preferences file if you don’t have set up these repositories.
I strongly recommend installing
apt-listchanges, because it will give you information about important changes which might affect you before packages are upgraded:
# apt install apt-listchanges
apt first. I personally prefer to take advantages of eventual new improvements and bug fixes during the upgrade process.
# apt install -t bookworm apt dpkg
In Bookworm the
systemd-resolved service now is in a seperate package. If you are currently using systemd-resolved, this can cause failures in DNS resolution. Before upgrading, make sure you know the addresses of your DNS servers, so that you can set them up manually if required; You can run the
resolvectl command to find them. If DNS resolution breaks during the upgrade process later on, you can add them to
/etc/resolv.conf manually to fix the problem. But I prefer to immediately install the new
systemd-resolved package before upgrading everything else to take care of this problem:
# apt install -t bookworm systemd-resolved
Then we can upgrade all packages which can be upgraded without installing new packages:
# apt upgrade -t bookworm --without-new-pkgs
Once that’s done we proceed with the upgrade of all remaining packages, which will also install new dependencies:
# apt full-upgrade
During these two steps pay attention to which packages are going to be removed. It’s expected that old unused libraries and other packages (old PHP and Perl versions for example) will be removed, but you might to check this.
When the upgrade is done, I remove all unneeded packages with this command:
# apt autoremove --purge
Then run this command to remove all library packages which have no other packages depending on them any more:
# deborphan | xargs dpkg --purge
A package which often stays behind is libssl1.1. Normally you don’t need it any more so you can remove it safely:
# apt remove libssl1.1
Finally I also prefer to remove
rsyslog. It is not installed any more by default on Debian Bookworm and everything is already logged to the systemd journal and I don’t want any double logging.
# apt remove rsyslog
Then personally I also install
dbus-broker on Debian Bookworm. It replaces the traditional dbus implementation and is supposed to be more performant.
# apt install dbus-broker
I always recommend to verify that the metapackage
linux-image-amd64 is installed, so that you are really running the latest kernel version.
# apt install linux-image-amd64
After upgrading all packages, reboot your system.
Debian 12 Bookworm and OpenLDAP
One major change in Debian 12 Bookworm is that it ships with OpenLDAP 2.5 which has removed the BDB and HDB back-ends. If your LDAP directory is still using this backend, you will have to convert it to the new MDB backend. There are some instructions in /usr/share/doc/slapd/README.Debian.gz and I might write some post here in the future about this. In any case, make sure you have recent backups of your LDAP directory in the form of LDIF gerenated with slapcat.
Is Debian Bookworm stable?
I’m permanently running Debian Testing on my laptop, and now I have also installed Bookworm on some servers. I strongly recommend using Testing for all desktop usage (even after Bookworm has been released), and to start using Bookworm on any new server installations. For upgrades of critical and more complicated server systems, I generally recommend to wait until at least the first point release.
At the moment I can think of two problems I am encountering on my systems. On my HP Elitebook 845 G8 when suspending the system (s2idle), Linux fails to read the current time from the RTC, resulting in the clock jumping years into the future. At the next resume you can fix the clock by restarting
systemd-timesyncd, but the
uptime command will continue to give a wrong output. I’m currently testing version 6.3 of the Linux kernel from experimental to see whether this bug also happens with this version.
Another problem is that in Debian 12 Bookworm the Spice plugin of Remmina is disabled. There is a work-around using packages from sid and experimental: upgrade to libspice-client-glib-2.0-8 version 0.42-2, which is currently in sid and then install
remmina-plugin-spice from experimental. Maybe this problem will be fixed in a point release for Debian Bookworm, but that remains to be seen.