≡ Menu

Howto upgrade Debian 3.1 Sarge to Debian 4.0 Etch stable

Debian 4.0 has been released. It is recommended that you upgrade the system to latest version. Upgrading remote Debian server is a piece of cake :D

Currently many of our boxes are powered by Debian 3.1 Sarge. For example typical web server may have following packages only:
=> Apache
=> PHP
=> Postfix and other mail server software
=> Iptables and backup scripts
=> MySQL 5.x etc


Following are essential steps to upgrade your system:
1. Verify current system
2. Update package list
3. Update distribution
4. Update /etc/apt/sources.list file
5. Reboot system
6. Test everything is working

Backup your system

Before upgrading your Debian systems make sure you have backup (I’m assuming that you make backup copies of all important data/files everyday:):

  1. User data / files / Emails (/home, /var/www etc)
  2. Important system files and configuration file stored in /etc
  3. MySQL and other database backup
  4. Backup Installed package list [Get list of installed software for reinstallation / restore software]

Step # 1: Verify current system

File /etc/debian_version stores current Debian version number :
$ cat /etc/debian_version


Find out kernel version
$ uname -mrs

Linux 2.6.8-3-386 i686

Step #2: Update package list

Use apt-get command:
# apt-get update

Step #3 : Update distribution

Pass dist-upgrade option to apt-get command. This will upgrade Sarge to Etch. dist-upgrade' in addition to performing the function of upgrade, also intelligently handles changing dependencies with new versions of packages; apt-get has a "smart" conflict resolution system, and it will attempt to upgrade the most important packages at the expense of less important ones if necessary.
# apt-get dist-upgrade

This upgrade procedure takes time. Depend upon installed softwares and other factors such as network-speed you may need to wait from 10 minutes to 1+ hour(s).

Step #4 : Update /etc/apt/sources.list file

There seems to be a small bug in upgrade procedure. You need to manually update Debian security source line. You will see an error as follows:
W: Conflicting distribution: http://security.debian.org stable/updates Release (expected stable but got sarge)
W: You may want to run apt-get update to correct these problems

Just open /etc/apt/sources.list file:
# vi /etc/apt/sources.list
Find line that read as follows:
deb http://security.debian.org/ stable/updates main contrib
Replace with :
deb http://security.debian.org/ etch/updates main contrib non-free

Save and close the file. Now type the following command:
# apt-get update

Step #5: Reboot system

You are done. Just reboot the system:
# reboot

Step #6: Make sure everything is working...

See Debian distro version:
$ cat /etc/debian_version


Make sure all services are running, just go thought all log files once.
# netstat -tulpn
# tail -f /var/log/log-file-name
# less /var/log/dmesg
# top

Use apt-key command to manage the list of keys used by apt to authenticate packages. Packages which have been authenticated using these keys will be considered trusted. Make sure you see package etch related keys:
# apt-key list

pub   1024D/2D230C5F 2006-01-03 [expired: 2007-02-07]
uid                  Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org>
pub   1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid                  Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>
pub   1024D/ADB11277 2006-09-17
uid                  Etch Stable Release Key <debian-release@lists.debian.org>

If there is a problem use following command to update the local keyring with the keyring of Debian archive keys and removes from the keyring the archive keys which are no longer valid.
# apt-key update
# apt-key list

Finally just see if any new updates/security updates are available:
# apt-get update
# apt-get upgrade

Further readings

Share this on:

{ 17 comments… add one }

  • iadm April 9, 2007, 1:19 am

    Simple, straight forward, good work … keep it up!

  • Chmouel April 9, 2007, 5:39 am

    You probably want to use aptitude instead of apt-get which is now the recommended upgrade method.

  • chris rattis April 9, 2007, 6:21 am

    A few notes;

    Because Etch is now stable, you don’t need to change lines in the sources.list file. Doing that means the user will have to change that line in the future when the new testing is made stable.

    Changing from stable, testing or unstable in the sources.list file to the code name means that you’ve locked yourself to that version. In fact people that don’t want to upgrade would change stable to Sarge to keep the same repositories they already have.

  • nixCraft April 9, 2007, 8:30 pm

    @Chmouel, Yes you can use aptitude :)

    @chris, I Need to change because of an error otherwise no need to change the sources.list file.

    Appreciate your posts!

  • Robert middleswarth April 10, 2007, 6:33 pm

    Warning. Before you reboot check you mdadm settings. This bit me baddly. There was a major change in mdadm and if you do remove and file and update /etc/mdadm/mdadm.conf before you reboot you will have a paper wait if you depend on raid at all.


  • Jon April 11, 2007, 11:32 am

    Or you can do it properly and follow the release notes:


    There are a couple of issues to be aware of.

  • nixCraft April 11, 2007, 2:17 pm


    Good hint.


    Yup, upgrade may create a problem.

    Appreciate your posts!

  • Marco April 11, 2007, 4:15 pm

    if your debian server runs as a mail server with postfix with amavis (and some more), please keep in mind that amavis changes configuration file and layout completely.

    after the upgrade, your old config file will be renamed and amavis is not able to start again. this means, that your postfix will accept mail, put them in the mailqueue because it is not able to connect to amavis for the virus and spam checks.

    you need to manually configure amavis with the new config layout and move your old config file to somewhere else. after this, you can restart amavis again.

    after amavis is up and running again, use “postqueue -f” to deliver the deferred mails from the mailqueue.

    there are some more things to keep an eye on, but generally, the upgrade is not a problem for some medium experienced people.

  • John April 17, 2007, 9:07 pm

    It’s Sarge not Sarga.

  • nixCraft April 18, 2007, 5:39 am


    Thanks for the heads up!

  • gunnerbcn April 25, 2007, 5:00 pm

    I´ve upgrade from a lenny/sid and now when I look to /etc/debian_version it remains like lenny/sid, Help me please!!!!

  • Gary V May 3, 2007, 8:35 pm

    As mentioned, upgrading amavisd-new may result in a broken mail system. I have put together a few notes that may give you ideas on how to make the amavisd-new upgrade painless.


  • Nada June 26, 2007, 6:45 pm

    nice guidelines thanks :-)
    please add ministep
    before step #5 reboot

  • pranav March 13, 2008, 11:28 am

    May i get info on how to upgrade
    Debian sarge 3.1r2 kernel 2.4
    Debian etch 4.0r1 kernel 2.6

    Thanking You

  • Joe Tannenbaum September 1, 2008, 10:17 pm

    I did this and now lib_php5.so is not recognized as an apache module? Also, at end of upgrade
    the deb ver is 4.0 but kernel is still 2.4.27-2-386???? The upgrade doesn’t upgrade the kernel?


  • Donald Axel February 17, 2009, 10:37 am

    I guess that you are aware that the main upgrade can take a long
    time and probably will recommend that you reboot, whereas your
    recommended reboot after changing the sources.list strictly spoken
    is not necessary as far as I know.

    Otherwise I appreciate the text, which takes you by the hand nicely.

    I Googled your blog becuase I needed to know why the system suddenly
    whines about “stable” not being “etch”.

    You should run aptitude up_grade_ once in a while, as far as I know.

  • alex March 23, 2009, 9:33 pm

    I can’t find “deb http://security.debian.org/ stable/updates main contrib” Help anyone?

Leave a Comment

   Tagged with: , , , , , , , , ,