Howto upgrade Debian 3.1 Sarge to Debian 4.0 Etch stable

by on April 8, 2007 · 17 comments· LAST UPDATED October 24, 2008

in , ,

Debian 4.0 has been released. It is recommended that you upgrade the system to latest version. Upgrading remote Debian server is a piece of cake :D

Currently many of our boxes are powered by Debian 3.1 Sarge. For example typical web server may have following packages only:
=> Apache
=> PHP
=> Postfix and other mail server software
=> Iptables and backup scripts
=> MySQL 5.x etc

Procedure

Following are essential steps to upgrade your system:
1. Verify current system
2. Update package list
3. Update distribution
4. Update /etc/apt/sources.list file
5. Reboot system
6. Test everything is working

Backup your system

Before upgrading your Debian systems make sure you have backup (I’m assuming that you make backup copies of all important data/files everyday:):

  1. User data / files / Emails (/home, /var/www etc)
  2. Important system files and configuration file stored in /etc
  3. MySQL and other database backup
  4. Backup Installed package list [Get list of installed software for reinstallation / restore software]

Step # 1: Verify current system

File /etc/debian_version stores current Debian version number :
$ cat /etc/debian_version
Output:

3.1

Find out kernel version
$ uname -mrs
Output:

Linux 2.6.8-3-386 i686

Step #2: Update package list

Use apt-get command:
# apt-get update

Step #3 : Update distribution

Pass dist-upgrade option to apt-get command. This will upgrade Sarge to Etch. dist-upgrade' in addition to performing the function of upgrade, also intelligently handles changing dependencies with new versions of packages; apt-get has a "smart" conflict resolution system, and it will attempt to upgrade the most important packages at the expense of less important ones if necessary.
# apt-get dist-upgrade

This upgrade procedure takes time. Depend upon installed softwares and other factors such as network-speed you may need to wait from 10 minutes to 1+ hour(s).

Step #4 : Update /etc/apt/sources.list file

There seems to be a small bug in upgrade procedure. You need to manually update Debian security source line. You will see an error as follows:
W: Conflicting distribution: http://security.debian.org stable/updates Release (expected stable but got sarge)
W: You may want to run apt-get update to correct these problems

Just open /etc/apt/sources.list file:
# vi /etc/apt/sources.list
Find line that read as follows:
deb http://security.debian.org/ stable/updates main contrib
Replace with :
deb http://security.debian.org/ etch/updates main contrib non-free

Save and close the file. Now type the following command:
# apt-get update

Step #5: Reboot system

You are done. Just reboot the system:
# reboot

Step #6: Make sure everything is working...

See Debian distro version:
$ cat /etc/debian_version
Output:

4.0

Make sure all services are running, just go thought all log files once.
# netstat -tulpn
# tail -f /var/log/log-file-name
# less /var/log/dmesg
# top
....
...
....

Use apt-key command to manage the list of keys used by apt to authenticate packages. Packages which have been authenticated using these keys will be considered trusted. Make sure you see package etch related keys:
# apt-key list

/etc/apt/trusted.gpg
--------------------
pub   1024D/2D230C5F 2006-01-03 [expired: 2007-02-07]
uid                  Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org>
pub   1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid                  Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>
pub   1024D/ADB11277 2006-09-17
uid                  Etch Stable Release Key <debian-release@lists.debian.org>

If there is a problem use following command to update the local keyring with the keyring of Debian archive keys and removes from the keyring the archive keys which are no longer valid.
# apt-key update
# apt-key list

Finally just see if any new updates/security updates are available:
# apt-get update
# apt-get upgrade

Further readings

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 17 comments… read them below or add one }

1 iadm April 9, 2007 at 1:19 am

Simple, straight forward, good work … keep it up!

Reply

2 Chmouel April 9, 2007 at 5:39 am

You probably want to use aptitude instead of apt-get which is now the recommended upgrade method.

Reply

3 chris rattis April 9, 2007 at 6:21 am

A few notes;

Because Etch is now stable, you don’t need to change lines in the sources.list file. Doing that means the user will have to change that line in the future when the new testing is made stable.

Changing from stable, testing or unstable in the sources.list file to the code name means that you’ve locked yourself to that version. In fact people that don’t want to upgrade would change stable to Sarge to keep the same repositories they already have.

Reply

4 nixCraft April 9, 2007 at 8:30 pm

@Chmouel, Yes you can use aptitude :)

@chris, I Need to change because of an error otherwise no need to change the sources.list file.

Appreciate your posts!

Reply

5 Robert middleswarth April 10, 2007 at 6:33 pm

Warning. Before you reboot check you mdadm settings. This bit me baddly. There was a major change in mdadm and if you do remove and file and update /etc/mdadm/mdadm.conf before you reboot you will have a paper wait if you depend on raid at all.

Thanks
robert

Reply

6 Jon April 11, 2007 at 11:32 am

Or you can do it properly and follow the release notes:

http://www.us.debian.org/releases/stable/releasenotes

There are a couple of issues to be aware of.

Reply

7 nixCraft April 11, 2007 at 2:17 pm

@Robert

Good hint.

@Jon

Yup, upgrade may create a problem.

Appreciate your posts!

Reply

8 Marco April 11, 2007 at 4:15 pm

if your debian server runs as a mail server with postfix with amavis (and some more), please keep in mind that amavis changes configuration file and layout completely.

after the upgrade, your old config file will be renamed and amavis is not able to start again. this means, that your postfix will accept mail, put them in the mailqueue because it is not able to connect to amavis for the virus and spam checks.

you need to manually configure amavis with the new config layout and move your old config file to somewhere else. after this, you can restart amavis again.

after amavis is up and running again, use “postqueue -f” to deliver the deferred mails from the mailqueue.

there are some more things to keep an eye on, but generally, the upgrade is not a problem for some medium experienced people.

Reply

9 John April 17, 2007 at 9:07 pm

It’s Sarge not Sarga.

Reply

10 nixCraft April 18, 2007 at 5:39 am

John,

Thanks for the heads up!

Reply

11 gunnerbcn April 25, 2007 at 5:00 pm

I´ve upgrade from a lenny/sid and now when I look to /etc/debian_version it remains like lenny/sid, Help me please!!!!

Reply

12 Gary V May 3, 2007 at 8:35 pm

As mentioned, upgrading amavisd-new may result in a broken mail system. I have put together a few notes that may give you ideas on how to make the amavisd-new upgrade painless.

http://www200.pair.com/mecham/spam/upgrade_amavisd-new.html

Reply

13 Nada June 26, 2007 at 6:45 pm

nice guidelines thanks :-)
please add ministep
/usr/sbin/update-grub
before step #5 reboot

Reply

14 pranav March 13, 2008 at 11:28 am

Hello!
May i get info on how to upgrade
Debian sarge 3.1r2 kernel 2.4
to
Debian etch 4.0r1 kernel 2.6

Thanking You

Reply

15 Joe Tannenbaum September 1, 2008 at 10:17 pm

I did this and now lib_php5.so is not recognized as an apache module? Also, at end of upgrade
the deb ver is 4.0 but kernel is still 2.4.27-2-386???? The upgrade doesn’t upgrade the kernel?

Thanks,
Joe

Reply

16 Donald Axel February 17, 2009 at 10:37 am

I guess that you are aware that the main upgrade can take a long
time and probably will recommend that you reboot, whereas your
recommended reboot after changing the sources.list strictly spoken
is not necessary as far as I know.

Otherwise I appreciate the text, which takes you by the hand nicely.

I Googled your blog becuase I needed to know why the system suddenly
whines about “stable” not being “etch”.

You should run aptitude up_grade_ once in a while, as far as I know.

Reply

17 alex March 23, 2009 at 9:33 pm

I can’t find “deb http://security.debian.org/ stable/updates main contrib” Help anyone?

Reply

Leave a Comment

Tagged as: , , , , , , , , ,

Previous post:

Next post: