Upgrading from Debian 11 Bullseye to Debian 12 Bookworm

Debian 12 Bookworm will be released very soon, on June 10 2023. The Debian Testing tree is now very close to the final release, so now is a good moment to start testing Bookworm if you did not do so. I already upgraded some of my server systems to Bookworm and I’m also running on all my desktop systems, so here are some notes of the upgrade process. Keep in mind that upgrading to Bookworm is only supported if you are running Bullseye. If you are running an older version of Debian (Buster), you will need to upgrade to Bullseye first and after that upgrade to Bookworm.

First of all, start with reading the release notes, it contains a very detailed howto guide describing all steps to upgrade your system to Bookworm. It also lists all major changes and important things to know before you upgrade.

First check which packages you have installed which do not come from the official Debian repositories with this command:

# apt list '?narrow(?installed, ?not(?origin(Debian)))'

Because these are not official Debian packages, Debian developers cannot guarantee that they will work correctly and will not conflict or cause compatibility problems when upgrading your system. For that reason, you should seriously consider uninstalling them during the upgrade process.

On one system I had a locally built snuffleupagus package installed. This package was built against a particular PHP version and because a newer Debian release will also include a newer PHP version, this could break things. So i removed this package:

# apt remove snuffleupagus

Then you need to verify whether you have put any packages on hold. Packages on hold will never be upgraded, so this can prevent a correct upgrade. Check all held packages with this command:

# apt-mark showhold

You can unhold them with this command:

# apt-mark unhold packagename

Then we need to adapt our apt sources.list and preferences.

You should have this in /etc/apt/sources.list (or in a .list file /etc/apt/sources.list.d):

deb [arch=amd64,i386] http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware

deb [arch=amd64,i386] http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

deb [arch=amd64,i386] http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware

deb [arch=amd64,i386] http://deb.debian.org/debian/ bookworm-proposed-updates main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-proposed-updates main contrib non-free non-free-firmware

Note the new non-free-firmware repository: non-free firmware used to be included in the non-free repository, but now they are in a new separate repository, so you will need to add that.

Then we need to set up the priorities of the different repositories in /etc/apt/preferences (or a ;pref file in /etc/apt/preferences.d):

Package: *
Pin: release n=bookworm
Pin-Priority: 810

Package: *
Pin: release n=bookworm-security
Pin-Priority: 810

Package: *
Pin: release n=bookworm-proposed-updates
Pin-Priority: 809

Package: *
Pin: release n=bookworm-backports
Pin-Priority: 808


Package: *
Pin: release n=bullseye
Pin-Priority: 710

Package: *
Pin: release n=bullseye-security
Pin-Priority: 710

Package: *
Pin: release n=bullseye-proposed-updates
Pin-Priority: 709

Package: *
Pin: release n=bullseye-backports
Pin-Priority: 708


Package: *
Pin: release n=trixie
Pin-Priority: 310


Package: *
Pin: release a=unstable
Pin-Priority: 200


Package: *
Pin: release a=experimental
Pin-Priority: 160

This gives the highest priority to all packages in Bookworm and the security updates, with a lower priority to the Bookworm proposed updates and then Bookworm backports. I added Bullseye in case you still need the Bullseye repositories for some reason. I also add Trixie (code name for what will become testing when Bullseye gets released) and sid (unstable) and experimental on the lowest priorities. Of course you can remove them from your preferences file if you don’t have set up these repositories.

I strongly recommend installing apt-listchanges, because it will give you information about important changes which might affect you before packages are upgraded:

# apt install apt-listchanges

I upgrade dpkg and apt first. I personally prefer to take advantages of eventual new improvements and bug fixes during the upgrade process.

# apt install -t bookworm apt dpkg

In Bookworm the systemd-resolved service now is in a seperate package. If you are currently using systemd-resolved, this can cause failures in DNS resolution. Before upgrading, make sure you know the addresses of your DNS servers, so that you can set them up manually if required; You can run the resolvectl command to find them. If DNS resolution breaks during the upgrade process later on, you can add them to /etc/resolv.conf manually to fix the problem. But I prefer to immediately install the new systemd-resolved package before upgrading everything else to take care of this problem:

# apt install -t bookworm systemd-resolved

Then we can upgrade all packages which can be upgraded without installing new packages:

# apt upgrade -t bookworm --without-new-pkgs

Once that’s done we proceed with the upgrade of all remaining packages, which will also install new dependencies:

# apt full-upgrade

During these two steps pay attention to which packages are going to be removed. It’s expected that old unused libraries and other packages (old PHP and Perl versions for example) will be removed, but you might to check this.

When the upgrade is done, I remove all unneeded packages with this command:

# apt autoremove --purge

Then run this command to remove all library packages which have no other packages depending on them any more:

# deborphan | xargs dpkg --purge

A package which often stays behind is libssl1.1. Normally you don’t need it any more so you can remove it safely:

# apt remove libssl1.1

Finally I also prefer to remove rsyslog. It is not installed any more by default on Debian Bookworm and everything is already logged to the systemd journal and I don’t want any double logging.

# apt remove rsyslog

Then personally I also install dbus-broker on Debian Bookworm. It replaces the traditional dbus implementation and is supposed to be more performant.

# apt install dbus-broker

I always recommend to verify that the metapackage linux-image-amd64 is installed, so that you are really running the latest kernel version.

# apt install linux-image-amd64

After upgrading all packages, reboot your system.

Debian 12 Bookworm and OpenLDAP

One major change in Debian 12 Bookworm is that it ships with OpenLDAP 2.5 which has removed the BDB and HDB back-ends. If your LDAP directory is still using this backend, you will have to convert it to the new MDB backend. There are some instructions in /usr/share/doc/slapd/README.Debian.gz and I might write some post here in the future about this. In any case, make sure you have recent backups of your LDAP directory in the form of LDIF gerenated with slapcat.

Is Debian Bookworm stable?

I’m permanently running Debian Testing on my laptop, and now I have also installed Bookworm on some servers. I strongly recommend using Testing for all desktop usage (even after Bookworm has been released), and to start using Bookworm on any new server installations. For upgrades of critical and more complicated server systems, I generally recommend to wait until at least the first point release.

At the moment I can think of two problems I am encountering on my systems. On my HP Elitebook 845 G8 when suspending the system (s2idle), Linux fails to read the current time from the RTC, resulting in the clock jumping years into the future. At the next resume you can fix the clock by restarting systemd-timesyncd, but the uptime command will continue to give a wrong output. I’m currently testing version 6.3 of the Linux kernel from experimental to see whether this bug also happens with this version.

Another problem is that in Debian 12 Bookworm the Spice plugin of Remmina is disabled. There is a work-around using packages from sid and experimental: upgrade to libspice-client-glib-2.0-8 version 0.42-2, which is currently in sid and then install remmina and remmina-plugin-spice from experimental. Maybe this problem will be fixed in a point release for Debian Bookworm, but that remains to be seen.

3 thoughts on “Upgrading from Debian 11 Bullseye to Debian 12 Bookworm

  1. @frederik thought this was going to be a copy'n'paste if the Debian instructions but was pleasantly surprised. I'm going to be happy to not have to use backports for a kernel anymore so must remember to boot into 5.10 before doing the upgrade. Good point about rsyslog. Not convinced systemd-resolved is required, I'm still using plain old resolv.conf on sid

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.