Release Notes for Debian 12 (bookworm), IBM System z


---------------------------------------------------------------------

The Debian Documentation Project (https://www.debian.org/doc/)

    This document is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public License,
    version 2, as published by the Free Software Foundation.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
    General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
    02110-1301 USA.

    The license text can also be found at https://www.gnu.org/
    licenses/gpl-2.0.html (https://www.gnu.org/licenses/gpl-2.0.html)
    and /usr/share/common-licenses/GPL-2 on Debian systems.

---------------------------------------------------------------------

Table of Contents

1. Introduction

    1.1. Reporting bugs on this document
    1.2. Contributing upgrade reports
    1.3. Sources for this document

2. What's new in Debian 12

    2.1. Supported architectures
    2.2. Archive areas
    2.3. What's new in the distribution?

        2.3.1. Desktops and well known packages
        2.3.2. More translated man pages
        2.3.3. News from Debian Med Blend
        2.3.4. News from Debian Astro Blend

3. Installation System

    3.1. What's new in the installation system?
    3.2. Container and Virtual Machine images

4. Upgrades from Debian 11 (bullseye)

    4.1. Preparing for the upgrade

        4.1.1. Back up any data or configuration information
        4.1.2. Inform users in advance
        4.1.3. Prepare for downtime on services
        4.1.4. Prepare for recovery
        4.1.5. Prepare a safe environment for the upgrade

    4.2. Start from “pure” Debian

        4.2.1. Upgrade to Debian 11 (bullseye)
        4.2.2. Upgrade to latest point release
        4.2.3. Debian Backports
        4.2.4. Prepare the package database
        4.2.5. Remove obsolete packages
        4.2.6. Remove non-Debian packages
        4.2.7. Clean up leftover configuration files
        4.2.8. The non-free and non-free-firmware components
        4.2.9. The proposed-updates section
        4.2.10. Unofficial sources
        4.2.11. Disabling APT pinning
        4.2.12. Check gpgv is installed
        4.2.13. Check package status

    4.3. Preparing APT source-list files

        4.3.1. Adding APT Internet sources
        4.3.2. Adding APT sources for a local mirror
        4.3.3. Adding APT sources from optical media

    4.4. Upgrading packages

        4.4.1. Recording the session
        4.4.2. Updating the package list
        4.4.3. Make sure you have sufficient space for the upgrade
        4.4.4. Stop monitoring systems
        4.4.5. Minimal system upgrade
        4.4.6. Upgrading the system

    4.5. Possible issues during upgrade

        4.5.1. Full-upgrade fails with “Could not perform immediate
            configuration”
        4.5.2. Expected removals
        4.5.3. Conflicts or Pre-Depends loops
        4.5.4. File conflicts
        4.5.5. Configuration changes
        4.5.6. Change of session to console

    4.6. Upgrading your kernel and related packages

        4.6.1. Installing a kernel metapackage

    4.7. Preparing for the next release

        4.7.1. Purging removed packages

    4.8. Obsolete packages

        4.8.1. Transitional dummy packages

5. Issues to be aware of for bookworm

    5.1. Upgrade specific items for bookworm

        5.1.1. Non-free firmware moved to its own component in the
            archive
        5.1.2. Changes to packages that set the system clock
        5.1.3. Puppet configuration management system upgraded to 7
        5.1.4. youtube-dl replaced with yt-dlp
        5.1.5. Fcitx versions no longer co-installable
        5.1.6. MariaDB package names no longer include version
            numbers
        5.1.7. Changes to system logging
        5.1.8. rsyslog changes affecting log analyzers such as
            logcheck
        5.1.9. rsyslog creates fewer log files
        5.1.10. slapd upgrade may require manual intervention
        5.1.11. GRUB no longer runs os-prober by default
        5.1.12. GNOME has reduced accessibility support for screen
            readers
        5.1.13. Changes to polkit configuration
        5.1.14. A “merged-/usr” is now required
        5.1.15. Unsupported upgrades from buster fail on libcrypt1
        5.1.16. Things to do post upgrade before rebooting

    5.2. Items not limited to the upgrade process

        5.2.1. Limitations in security support
        5.2.2. Python Interpreters marked externally-managed
        5.2.3. Limited hardware-accelerated video encoding/decoding
            support in VLC
        5.2.4. systemd-resolved has been split into a separate
            package
        5.2.5. systemd-boot has been split into a separate package
        5.2.6. systemd-journal-remote no longer uses GnuTLS
        5.2.7. Extensive changes in adduser for bookworm
        5.2.8. Predictable naming for Xen network interfaces
        5.2.9. Change in dash handling of circumflex
        5.2.10. netcat-openbsd supports abstract sockets

    5.3. Obsolescence and deprecation

        5.3.1. Noteworthy obsolete packages
        5.3.2. Deprecated components for bookworm

    5.4. Known severe bugs

6. More information on Debian

    6.1. Further reading
    6.2. Getting help

        6.2.1. Mailing lists
        6.2.2. Internet Relay Chat

    6.3. Reporting bugs
    6.4. Contributing to Debian

A. Managing your bullseye system before the upgrade

    A.1. Upgrading your bullseye system
    A.2. Checking your APT source-list files
    A.3. Performing the upgrade to latest bullseye release
    A.4. Removing obsolete configuration files

B. Contributors to the Release Notes
Index
Glossary

Chapter 1. Introduction

    This document informs users of the Debian distribution about
    major changes in version 12 (codenamed bookworm).

    The release notes provide information on how to upgrade safely
    from release 11 (codenamed bullseye) to the current release and
    inform users of known potential issues they could encounter in
    that process.

    You can get the most recent version of this document from https:/
    /www.debian.org/releases/bookworm/releasenotes (https://
    www.debian.org/releases/bookworm/releasenotes) .

    Caution

    Note that it is impossible to list every known issue and that
    therefore a selection has been made based on a combination of the
    expected prevalence and impact of issues.

    Please note that we only support and document upgrading from the
    previous release of Debian (in this case, the upgrade from
    bullseye). If you need to upgrade from older releases, we suggest
    you read previous editions of the release notes and upgrade to
    bullseye first.

1.1. Reporting bugs on this document

    We have attempted to test all the different upgrade steps
    described in this document and to anticipate all the possible
    issues our users might encounter.

    Nevertheless, if you think you have found a bug (incorrect
    information or information that is missing) in this
    documentation, please file a bug in the bug tracking system
    (https://bugs.debian.org/) against the release-notes package. You
    might first want to review the existing bug reports (https://
    bugs.debian.org/release-notes) in case the issue you've found has
    already been reported. Feel free to add additional information to
    existing bug reports if you can contribute content for this
    document.

    We appreciate, and encourage, reports providing patches to the
    document's sources. You will find more information describing how
    to obtain the sources of this document in Section 1.3, “Sources
    for this document”.

1.2. Contributing upgrade reports

    We welcome any information from users related to upgrades from
    bullseye to bookworm. If you are willing to share information
    please file a bug in the bug tracking system (https://
    bugs.debian.org/) against the upgrade-reports package with your
    results. We request that you compress any attachments that are
    included (using gzip).

    Please include the following information when submitting your
    upgrade report:

      * The status of your package database before and after the
        upgrade: dpkg's status database available at /var/lib/dpkg/
        status and apt's package state information, available at /var
        /lib/apt/extended_states. You should have made a backup
        before the upgrade as described at Section 4.1.1, “Back up
        any data or configuration information”, but you can also find
        backups of /var/lib/dpkg/status in /var/backups.

      * Session logs created using script, as described in
        Section 4.4.1, “Recording the session”.

      * Your apt logs, available at /var/log/apt/term.log, or your 
        aptitude logs, available at /var/log/aptitude.

    Note

    You should take some time to review and remove any sensitive and/
    or confidential information from the logs before including them
    in a bug report as the information will be published in a public
    database.

1.3. Sources for this document

    The source of this document is in DocBook XML format. The HTML
    version is generated using docbook-xsl and xsltproc. The PDF
    version is generated using dblatex or xmlroff. Sources for the
    Release Notes are available in the Git repository of the Debian
    Documentation Project. You can use the web interface (https://
    salsa.debian.org/ddp-team/release-notes/) to access its files
    individually through the web and see their changes. For more
    information on how to access Git please consult the Debian
    Documentation Project VCS information pages (https://
    www.debian.org/doc/vcs) .

Chapter 2. What's new in Debian 12

    The Wiki (https://wiki.debian.org/NewInBookworm) has more
    information about this topic.

2.1. Supported architectures

    The following are the officially supported architectures for
    Debian 12:

      * 32-bit PC (i386) and 64-bit PC (amd64)

      * 64-bit ARM (arm64)

      * ARM EABI (armel)

      * ARMv7 (EABI hard-float ABI, armhf)
   
      * little-endian MIPS (mipsel)

      * 64-bit little-endian MIPS (mips64el)

      * 64-bit little-endian PowerPC (ppc64el)

      * IBM System z (s390x)

    You can read more about port status, and port-specific
    information for your architecture at the Debian port web pages
    (https://www.debian.org/ports/) .

2.2. Archive areas

    The following archive areas, mentioned in the Social Contract and
    in the Debian Policy, have been around for a long time:

      * main: the Debian distribution;

      * contrib: supplemental packages intended to work with the
        Debian distribution, but which require software outside of
        the distribution to either build or function;

      * non-free: supplemental packages intended to work with the
        Debian distribution that do not comply with the DFSG or have
        other problems that make their distribution problematic.

    Following the 2022 General Resolution about non-free firmware
    (https://www.debian.org/vote/2022/vote_003) , the 5th point of
    the Social Contract was extended with the following sentence:

            The Debian official media may include firmware that is
            otherwise not part of the Debian system to enable use of
            Debian with hardware that requires such firmware.

    While it's not mentioned explicitly in either the Social Contract
    or Debian Policy yet, a new archive area was introduced, making
    it possible to separate non-free firmware from the other non-free
    packages:

      * non-free-firmware

    Most non-free firmware packages have been moved from non-free to
    non-free-firmware in preparation for the Debian 12 release. This
    clean separation makes it possible to build official installation
    images with packages from main and from non-free-firmware,
    without contrib or non-free. In turn, these installation images
    make it possible to install systems with only main and
    non-free-firmware, without contrib or non-free.

    See Section 4.2.8, “The non-free and non-free-firmware
    components” for upgrades from bullseye.

2.3. What's new in the distribution?

    This new release of Debian again comes with a lot more software
    than its predecessor bullseye; the distribution includes over
    11089 new packages, for a total of over 64419 packages. Most of
    the software in the distribution has been updated: over 43254
    software packages (this is 67% of all packages in bullseye).
    Also, a significant number of packages (over 6296, 10% of the
    packages in bullseye) have for various reasons been removed from
    the distribution. You will not see any updates for these packages
    and they will be marked as "obsolete" in package management
    front-ends; see Section 4.8, “Obsolete packages”.

2.3.1. Desktops and well known packages

    Debian again ships with several desktop applications and
    environments. Among others it now includes the desktop
    environments GNOME 43, KDE Plasma 5.27, LXDE 11, LXQt 1.2.0, MATE
    1.26, and Xfce 4.18.

    Productivity applications have also been upgraded, including the
    office suites:

      * LibreOffice is upgraded to version 7.4;
   
      * GNUcash is upgraded to 4.13;

    Among many others, this release also includes the following
    software updates:

    +---------------------------------------------------------------+
    |        Package        |   Version in 11   |   Version in 12   |
    |                       |    (bullseye)     |    (bookworm)     |
    |-----------------------+-------------------+-------------------|
    |Apache                 |2.4.54             |2.4.57             |
    |-----------------------+-------------------+-------------------|
    |Bash                   |5.1                |5.2.15             |
    |-----------------------+-------------------+-------------------|
    |BIND DNS Server        |9.16               |9.18               |
    |-----------------------+-------------------+-------------------|
    |Cryptsetup             |2.3                |2.6                |
    |-----------------------+-------------------+-------------------|
    |Emacs                  |27.1               |28.2               |
    |-----------------------+-------------------+-------------------|
    |Exim default e-mail    |4.94               |4.96               |
    |server                 |                   |                   |
    |-----------------------+-------------------+-------------------|
    |GNU Compiler Collection|10.2               |12.2               |
    |as default compiler    |                   |                   |
    |-----------------------+-------------------+-------------------|
    |GIMP                   |2.10.22            |2.10.34            |
    |-----------------------+-------------------+-------------------|
    |GnuPG                  |2.2.27             |2.2.40             |
    |-----------------------+-------------------+-------------------|
    |Inkscape               |1.0.2              |1.2.2              |
    |-----------------------+-------------------+-------------------|
    |the GNU C library      |2.31               |2.36               |
    |-----------------------+-------------------+-------------------|
    |Linux kernel image     |5.10 series        |6.1 series         |
    |-----------------------+-------------------+-------------------|
    |                       |9.0.1 and 11.0.1   |13.0.1 and 14.0    |
    |LLVM/Clang toolchain   |(default) and      |(default) and      |
    |                       |13.0.1             |15.0.6             |
    |-----------------------+-------------------+-------------------|
    |MariaDB                |10.5               |10.11              |
    |-----------------------+-------------------+-------------------|
    |Nginx                  |1.18               |1.22               |
    |-----------------------+-------------------+-------------------|
    |OpenJDK                |11                 |17                 |
    |-----------------------+-------------------+-------------------|
    |OpenLDAP               |2.4.57             |2.5.13             |
    |-----------------------+-------------------+-------------------|
    |OpenSSH                |8.4p1              |9.2p1              |
    |-----------------------+-------------------+-------------------|
    |OpenSSL                |1.1.1n             |3.0.8              |
    |-----------------------+-------------------+-------------------|
    |Perl                   |5.32               |5.36               |
    |-----------------------+-------------------+-------------------|
    |PHP                    |7.4                |8.2                |
    |-----------------------+-------------------+-------------------|
    |Postfix MTA            |3.5                |3.7                |
    |-----------------------+-------------------+-------------------|
    |PostgreSQL             |13                 |15                 |
    |-----------------------+-------------------+-------------------|
    |Python 3               |3.9.2              |3.11.2             |
    |-----------------------+-------------------+-------------------|
    |Rustc                  |1.48               |1.63               |
    |-----------------------+-------------------+-------------------|
    |Samba                  |4.13               |4.17               |
    |-----------------------+-------------------+-------------------|
    |Systemd                |247                |252                |
    |-----------------------+-------------------+-------------------|
    |Vim                    |8.2                |9.0                |
    +---------------------------------------------------------------+

2.3.2. More translated man pages

    Thanks to our translators, more documentation in man-page format
    is available in more languages than ever. For example, many man
    pages are now available in Czech, Danish, Greek, Finnish,
    Indonesian, Macedonian, Norwegian (Bokmål), Russian, Serbian,
    Swedish, Ukrainian and Vietnamese, and all systemd man pages are
    now available in German.

    To ensure the man command shows the documentation in your
    language (where possible), install the right manpages-lang
    package and make sure your locale is correctly configured by
    using

    dpkg-reconfigure locales

    .

2.3.3. News from Debian Med Blend

    As in every release new packages have been added in the fields of
    medicine and life sciences. The new package shiny-server might be
    worth a particular mention, since it simplifies scientific web
    applications using R. We also kept up the effort to provide
    Continuous Integration support for the packages maintained by the
    Debian Med team.

    The Debian Med team is always interested in feedback from users,
    especially in the form of requests for packaging of
    not-yet-packaged free software, or for backports from new
    packages or higher versions in testing.

    To install packages maintained by the Debian Med team, install
    the metapackages named med-*, which are at version 3.8.x for
    Debian bookworm. Feel free to visit the Debian Med tasks pages
    (https://blends.debian.org/med/tasks) to see the full range of
    biological and medical software available in Debian.

2.3.4. News from Debian Astro Blend

    Debian bookworm comes with version 4.0 of the Debian Astro Pure
    Blend, which continues to represent a great one-stop solution for
    professional astronomers, enthusiasts and everyone who is
    interested in astronomy. Almost all packages in Debian Astro were
    updated to new versions, but there are also several new software
    packages.

    For radio astronomers, the open source correlator openvlbi is now
    included. The new packages astap and planetary-system-stacker are
    useful for image stacking and astrometry resolution. A large
    number of new drivers and libraries supporting the INDI protocol
    were packaged and are now shipped with Debian.

    The new Astropy affiliated packages python3-extinction,
    python3-sncosmo, python3-specreduce, and python3-synphot are
    included, as well as packages created around python3-yt and
    python3-sunpy. Python support for the ASDF file format is much
    extended, while the Java ecosystem is extended with libraries
    handling the ECSV and TFCAT file formats, primarily for use with
    topcat.

    Check the Astro Blend page (https://blends.debian.org/astro) for
    a complete list and further information.

Chapter 3. Installation System

    The Debian Installer is the official installation system for
    Debian. It offers a variety of installation methods. The methods
    that are available to install your system depend on its
    architecture.

    Images of the installer for bookworm can be found together with
    the Installation Guide on the Debian website (https://
    www.debian.org/releases/bookworm/debian-installer/) .

    The Installation Guide is also included on the first media of the
    official Debian DVD (CD/blu-ray) sets, at:

    /doc/install/manual/language/index.html

    You may also want to check the errata (https://www.debian.org/
    releases/bookworm/debian-installer/index#errata) for
    debian-installer for a list of known issues.

3.1. What's new in the installation system?

    There has been a lot of development on the Debian Installer since
    its previous official release with Debian 11, resulting in
    improved hardware support and some exciting new features or
    improvements.

    If you are interested in an overview of the changes since
    bullseye, please check the release announcements for the bookworm
    beta and RC releases available from the Debian Installer's news
    history (https://www.debian.org/devel/debian-installer/News/) .

3.2. Container and Virtual Machine images

    Multi-architecture Debian bookworm container images are available
    on Docker Hub (https://hub.docker.com/_/debian) . In addition to
    the standard images, a “slim” variant is available that reduces
    disk usage.

    Virtual machine images for the Hashicorp Vagrant VM manager are
    published to Vagrant Cloud (https://app.vagrantup.com/debian) .

Chapter 4. Upgrades from Debian 11 (bullseye)

4.1. Preparing for the upgrade

    We suggest that before upgrading you also read the information in
    Chapter 5, Issues to be aware of for bookworm. That chapter
    covers potential issues which are not directly related to the
    upgrade process but could still be important to know about before
    you begin.

4.1.1. Back up any data or configuration information

    Before upgrading your system, it is strongly recommended that you
    make a full backup, or at least back up any data or configuration
    information you can't afford to lose. The upgrade tools and
    process are quite reliable, but a hardware failure in the middle
    of an upgrade could result in a severely damaged system.

    The main things you'll want to back up are the contents of /etc,
    /var/lib/dpkg, /var/lib/apt/extended_states and the output of:

    $ dpkg --get-selections '*' # (the quotes are important)


    If you use aptitude to manage packages on your system, you will
    also want to back up /var/lib/aptitude/pkgstates.

    The upgrade process itself does not modify anything in the /home
    directory. However, some applications (e.g. parts of the Mozilla
    suite, and the GNOME and KDE desktop environments) are known to
    overwrite existing user settings with new defaults when a new
    version of the application is first started by a user. As a
    precaution, you may want to make a backup of the hidden files and
    directories (“dotfiles”) in users' home directories. This backup
    may help to restore or recreate the old settings. You may also
    want to inform users about this.

    Any package installation operation must be run with superuser
    privileges, so either log in as root or use su or sudo to gain
    the necessary access rights.

    The upgrade has a few preconditions; you should check them before
    actually executing the upgrade.

4.1.2. Inform users in advance

    It's wise to inform all users in advance of any upgrades you're
    planning, although users accessing your system via an ssh
    connection should notice little during the upgrade, and should be
    able to continue working.

    If you wish to take extra precautions, back up or unmount the /
    home partition before upgrading.

    You will have to do a kernel upgrade when upgrading to bookworm,
    so a reboot will be necessary. Typically, this will be done after
    the upgrade is finished.

4.1.3. Prepare for downtime on services

    There might be services that are offered by the system which are
    associated with packages that will be included in the upgrade. If
    this is the case, please note that, during the upgrade, these
    services will be stopped while their associated packages are
    being replaced and configured. During this time, these services
    will not be available.

    The precise downtime for these services will vary depending on
    the number of packages being upgraded in the system, and it also
    includes the time the system administrator spends answering any
    configuration questions from package upgrades. Notice that if the
    upgrade process is left unattended and the system requests input
    during the upgrade there is a high possibility of services being
    unavailable^[1] for a significant period of time.

    If the system being upgraded provides critical services for your
    users or the network^[2], you can reduce the downtime if you do a
    minimal system upgrade, as described in Section 4.4.5, “Minimal
    system upgrade”, followed by a kernel upgrade and reboot, and
    then upgrade the packages associated with your critical services.
    Upgrade these packages prior to doing the full upgrade described
    in Section 4.4.6, “Upgrading the system”. This way you can ensure
    that these critical services are running and available through
    the full upgrade process, and their downtime is reduced.

4.1.4. Prepare for recovery

    Although Debian tries to ensure that your system stays bootable
    at all times, there is always a chance that you may experience
    problems rebooting your system after the upgrade. Known potential
    issues are documented in this and the next chapters of these
    Release Notes.

    For this reason it makes sense to ensure that you will be able to
    recover if your system should fail to reboot or, for remotely
    managed systems, fail to bring up networking.

    If you are upgrading remotely via an ssh link it is recommended
    that you take the necessary precautions to be able to access the
    server through a remote serial terminal. There is a chance that,
    after upgrading the kernel and rebooting, you will have to fix
    the system configuration through a local console. Also, if the
    system is rebooted accidentally in the middle of an upgrade there
    is a chance you will need to recover using a local console.

    For emergency recovery we generally recommend using the rescue
    mode of the bookworm Debian Installer. The advantage of using the
    installer is that you can choose between its many methods to find
    one that best suits your situation. For more information, please
    consult the section “Recovering a Broken System” in chapter 8 of
    the Installation Guide (https://www.debian.org/releases/bookworm/
    installmanual) and the Debian Installer FAQ (https://
    wiki.debian.org/DebianInstaller/FAQ) .

    If that fails, you will need an alternative way to boot your
    system so you can access and repair it. One option is to use a
    special rescue or live install (https://www.debian.org/CD/live/)
    image. After booting from that, you should be able to mount your
    root file system and chroot into it to investigate and fix the
    problem.

4.1.4.1. Debug shell during boot using initrd

    The initramfs-tools package includes a debug shell^[3] in the
    initrds it generates. If for example the initrd is unable to
    mount your root file system, you will be dropped into this debug
    shell which has basic commands available to help trace the
    problem and possibly fix it.

    Basic things to check are: presence of correct device files in /
    dev; what modules are loaded (cat /proc/modules); output of dmesg
    for errors loading drivers. The output of dmesg will also show
    what device files have been assigned to which disks; you should
    check that against the output of echo $ROOT to make sure that the
    root file system is on the expected device.

    If you do manage to fix the problem, typing exit will quit the
    debug shell and continue the boot process at the point it failed.
    Of course you will also need to fix the underlying problem and
    regenerate the initrd so the next boot won't fail again.

4.1.4.2. Debug shell during boot using systemd

    If the boot fails under systemd, it is possible to obtain a debug
    root shell by changing the kernel command line. If the basic boot
    succeeds, but some services fail to start, it may be useful to
    add systemd.unit=rescue.target to the kernel parameters.

    Otherwise, the kernel parameter systemd.unit=emergency.target
    will provide you with a root shell at the earliest possible
    point. However, this is done before mounting the root file system
    with read-write permissions. You will have to do that manually
    with:

    # mount -o remount,rw /


    Another approach is to enable the systemd “early debug shell” via
    the debug-shell.service. On the next boot this service opens a
    root login shell on tty9 very early in the boot process. It can
    be enabled with the kernel boot parameter systemd.debug-shell=1,
    or made persistent with systemctl enable debug-shell (in which
    case it should be disabled again when debugging is completed).

    More information on debugging a broken boot under systemd can be
    found in the Freedesktop.org Diagnosing Boot Problems (https://
    freedesktop.org/wiki/Software/systemd/Debugging/) article.

4.1.5. Prepare a safe environment for the upgrade

    Important

    If you are using some VPN services (such as tinc) consider that
    they might not be available throughout the upgrade process.
    Please see Section 4.1.3, “Prepare for downtime on services”.

    In order to gain extra safety margin when upgrading remotely, we
    suggest that you run upgrade processes in the virtual console
    provided by the screen program, which enables safe reconnection
    and ensures the upgrade process is not interrupted even if the
    remote connection process temporarily fails.

4.2. Start from “pure” Debian

    The upgrade process described in this chapter has been designed
    for “pure” Debian stable systems. APT controls what is installed
    on your system. If your APT configuration mentions additional
    sources besides bullseye, or if you have installed packages from
    other releases or from third parties, then to ensure a reliable
    upgrade process you may wish to begin by removing these
    complicating factors.

    The main configuration file that APT uses to decide what sources
    it should download packages from is /etc/apt/sources.list, but it
    can also use files in the /etc/apt/sources.list.d/ directory -
    for details see sources.list(5) (https://manpages.debian.org//
    bookworm/apt/sources.list.5.html) . If your system is using
    multiple source-list files then you will need to ensure they stay
    consistent.

4.2.1. Upgrade to Debian 11 (bullseye)

    Only upgrades from Debian 11 (bullseye) are supported. Display
    your Debian version with:

    $ cat /etc/debian_version
   

    Please follow the instructions in the Release Notes for Debian 11
    (https://www.debian.org/releases/bullseye/releasenotes) to
    upgrade to Debian 11 first if needed.

4.2.2. Upgrade to latest point release

    This procedure assumes your system has been updated to the latest
    point release of bullseye. If you have not done this or are
    unsure, follow the instructions in Section A.1, “Upgrading your
    bullseye system”.

4.2.3. Debian Backports

    Debian Backports (https://backports.debian.org/) allows users of
    Debian stable to run more up-to-date versions of packages (with
    some tradeoffs in testing and security support). The Debian
    Backports Team maintains a subset of packages from the next
    Debian release, adjusted and recompiled for usage on the current
    Debian stable release.

    Packages from bullseye-backports have version numbers lower than
    the version in bookworm, so they should upgrade normally to
    bookworm in the same way as “pure” bullseye packages during the
    distribution upgrade. While there are no known potential issues,
    the upgrade paths from backports are less tested, and
    correspondingly incur more risk.

    Caution

    While regular Debian Backports are supported, there is no clean
    upgrade path from sloppy (https://backports.debian.org/
    Instructions/#index4h2) backports (which use APT source-list
    entries referencing bullseye-backports-sloppy).

    As with Section 4.2.10, “Unofficial sources”, users are advised
    to remove bullseye-backports entries from their APT source-list
    files before the upgrade. After it is completed, they may
    consider adding bookworm-backports (https://backports.debian.org/
    Instructions/) .

    For more information, consult the Backports Wiki page (https://
    wiki.debian.org/Backports) .

4.2.4. Prepare the package database

    You should make sure the package database is ready before
    proceeding with the upgrade. If you are a user of another package
    manager like aptitude or synaptic, review any pending actions. A
    package scheduled for installation or removal might interfere
    with the upgrade procedure. Note that correcting this is only
    possible if your APT source-list files still point to bullseye
    and not to stable or bookworm; see Section A.2, “Checking your
    APT source-list files”.

4.2.5. Remove obsolete packages

    It is a good idea to remove obsolete packages from your system
    before upgrading. They may introduce complications during the
    upgrade process, and can present security risks as they are no
    longer maintained.

4.2.6. Remove non-Debian packages

    Below there are two methods for finding installed packages that
    did not come from Debian, using either apt or apt-forktracer.
    Please note that neither of them are 100% accurate (e.g. the apt
    example will list packages that were once provided by Debian but
    no longer are, such as old kernel packages).

    $ apt list '?narrow(?installed, ?not(?origin(Debian)))'
    $ apt-forktracer | sort


4.2.7. Clean up leftover configuration files

    A previous upgrade may have left unused copies of configuration
    files; old versions of configuration files, versions supplied by
    the package maintainers, etc. Removing leftover files from
    previous upgrades can avoid confusion. Find such leftover files
    with:

    # find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error'


4.2.8. The non-free and non-free-firmware components

    If you have non-free firmware installed it is recommended to add
    non-free-firmware to your APT sources-list. For details see
    Section 2.2, “Archive areas” and Section 5.1.1, “ Non-free
    firmware moved to its own component in the archive ”.

4.2.9. The proposed-updates section

    If you have listed the proposed-updates section in your APT
    source-list files, you should remove it before attempting to
    upgrade your system. This is a precaution to reduce the
    likelihood of conflicts.

4.2.10. Unofficial sources

    If you have any non-Debian packages on your system, you should be
    aware that these may be removed during the upgrade because of
    conflicting dependencies. If these packages were installed by
    adding an extra package archive in your APT source-list files,
    you should check if that archive also offers packages compiled
    for bookworm and change the source item accordingly at the same
    time as your source items for Debian packages.

    Some users may have unofficial backported “newer” versions of
    packages that are in Debian installed on their bullseye system.
    Such packages are most likely to cause problems during an upgrade
    as they may result in file conflicts^[4]. Section 4.5, “Possible
    issues during upgrade” has some information on how to deal with
    file conflicts if they should occur.

4.2.11. Disabling APT pinning

    If you have configured APT to install certain packages from a
    distribution other than stable (e.g. from testing), you may have
    to change your APT pinning configuration (stored in /etc/apt/
    preferences and /etc/apt/preferences.d/) to allow the upgrade of
    packages to the versions in the new stable release. Further
    information on APT pinning can be found in apt_preferences(5)
    (https://manpages.debian.org//bookworm/apt/
    apt_preferences.5.en.html) .

4.2.12. Check gpgv is installed

    APT needs gpgv version 2 or greater to verify the keys used to
    sign releases of bookworm. Since gpgv1 technically satisfies the
    dependency but is useful only in specialized circumstances, users
    may wish to ensure the correct version is installed with:

    # apt install gpgv


4.2.13. Check package status

    Regardless of the method used for upgrading, it is recommended
    that you check the status of all packages first, and verify that
    all packages are in an upgradable state. The following command
    will show any packages which have a status of Half-Installed or
    Failed-Config, and those with any error status.

    $ dpkg --audit


    You could also inspect the state of all packages on your system
    using aptitude or with commands such as

    $ dpkg -l | pager


     or

    # dpkg --get-selections '*' > ~/curr-pkgs.txt


    Alternatively you can also use apt.

    # apt list --installed > ~/curr-pkgs.txt


    It is desirable to remove any holds before upgrading. If any
    package that is essential for the upgrade is on hold, the upgrade
    will fail.

    $ apt-mark showhold


    If you changed and recompiled a package locally, and didn't
    rename it or put an epoch in the version, you must put it on hold
    to prevent it from being upgraded.

    The “hold” package state for apt can be changed using:

    # apt-mark hold package_name


    Replace hold with unhold to unset the “hold” state.

    If there is anything you need to fix, it is best to make sure
    your APT source-list files still refer to bullseye as explained
    in Section A.2, “Checking your APT source-list files”.

4.3. Preparing APT source-list files

    Before starting the upgrade you must reconfigure APT source-list
    files (/etc/apt/sources.list and files under /etc/apt/
    sources.list.d/) to add sources for bookworm and typically to
    remove sources for bullseye.

    APT will consider all packages that can be found via any
    configured archive, and install the package with the highest
    version number, giving priority to the first entry in the files.
    Thus, if you have multiple mirror locations, list first the ones
    on local hard disks, then CD-ROMs, and then remote mirrors.

    A release can often be referred to both by its codename (e.g.
    bullseye, bookworm) and by its status name (i.e. oldstable,
    stable, testing, unstable). Referring to a release by its
    codename has the advantage that you will never be surprised by a
    new release and for this reason is the approach taken here. It
    does of course mean that you will have to watch out for release
    announcements yourself. If you use the status name instead, you
    will just see loads of updates for packages available as soon as
    a release has happened.

    Debian provides two announcement mailing lists to help you stay
    up to date on relevant information related to Debian releases:

      * By subscribing to the Debian announcement mailing list
        (https://lists.debian.org/debian-announce/) , you will
        receive a notification every time Debian makes a new release.
        Such as when bookworm changes from e.g. testing to stable.

      * By subscribing to the Debian security announcement mailing
        list (https://lists.debian.org/debian-security-announce/) ,
        you will receive a notification every time Debian publishes a
        security announcement.

4.3.1. Adding APT Internet sources

    On new installations the default is for APT to be set up to use
    the Debian APT CDN service, which should ensure that packages are
    automatically downloaded from a server near you in network terms.
    As this is a relatively new service, older installations may have
    configuration that still points to one of the main Debian
    Internet servers or one of the mirrors. If you haven't done so
    yet, it is recommended to switch over to the use of the CDN
    service in your APT configuration.

    To make use of the CDN service, add a line like this to your APT
    source configuration (assuming you are using main and contrib):

    deb https://deb.debian.org/debian bookworm main contrib

    After adding your new sources, disable the previously existing “
    deb” lines by placing a hash sign (#) in front of them.

    However, if you get better results using a specific mirror that
    is close to you in network terms, this option is still available.

    Debian mirror addresses can be found at https://www.debian.org/
    distrib/ftplist (https://www.debian.org/distrib/ftplist) (look at
    the “list of Debian mirrors” section).

    For example, suppose your closest Debian mirror is http://
    mirrors.kernel.org. If you inspect that mirror with a web
    browser, you will notice that the main directories are organized
    like this:

    http://mirrors.kernel.org/debian/dists/bookworm/main/binary-s390x/...
    http://mirrors.kernel.org/debian/dists/bookworm/contrib/binary-s390x/...


    To configure APT to use a given mirror, add a line like this
    (again, assuming you are using main and contrib):

    deb http://mirrors.kernel.org/debian bookworm main contrib

    Note that the “dists” is added implicitly, and the arguments
    after the release name are used to expand the path into multiple
    directories.

    Again, after adding your new sources, disable the previously
    existing archive entries.

4.3.2. Adding APT sources for a local mirror

    Instead of using remote package mirrors, you may wish to modify
    the APT source-list files to use a mirror on a local disk
    (possibly mounted over NFS).

    For example, your package mirror may be under /var/local/debian/,
    and have main directories like this:

    /var/local/debian/dists/bookworm/main/binary-s390x/...
    /var/local/debian/dists/bookworm/contrib/binary-s390x/...


    To use this with apt, add this line to your sources.list file:

    deb file:/var/local/debian bookworm main contrib

    Note that the “dists” is added implicitly, and the arguments
    after the release name are used to expand the path into multiple
    directories.

    After adding your new sources, disable the previously existing
    archive entries in the APT source-list files by placing a hash
    sign (#) in front of them.

4.3.3. Adding APT sources from optical media

    If you want to use only DVDs (or CDs or Blu-ray Discs), comment
    out the existing entries in all the APT source-list files by
    placing a hash sign (#) in front of them.

    Make sure there is a line in /etc/fstab that enables mounting
    your CD-ROM drive at the /media/cdrom mount point. For example,
    if /dev/sr0 is your CD-ROM drive, /etc/fstab should contain a
    line like:

    /dev/sr0 /media/cdrom auto noauto,ro 0 0


    Note that there must be no spaces between the words noauto,ro in
    the fourth field.

    To verify it works, insert a CD and try running

    # mount /media/cdrom    # this will mount the CD to the mount point
    # ls -alF /media/cdrom  # this should show the CD's root directory
    # umount /media/cdrom   # this will unmount the CD


    Next, run:

    # apt-cdrom add


    for each Debian Binary CD-ROM you have, to add the data about
    each CD to APT's database.

4.4. Upgrading packages

    The recommended way to upgrade from previous Debian releases is
    to use the package management tool apt.

    Note

    apt is meant for interactive use, and should not be used in
    scripts. In scripts one should use apt-get, which has a stable
    output better suitable for parsing.

    Don't forget to mount all needed partitions (notably the root and
    /usr partitions) read-write, with a command like:

    # mount -o remount,rw /mountpoint


    Next you should double-check that the APT source entries (in /etc
    /apt/sources.list and files under /etc/apt/sources.list.d/) refer
    either to “bookworm” or to “stable”. There should not be any
    sources entries pointing to bullseye.

    +--------------------------------------------------+
    |Note                                              |
    |                                                  |
    |Source lines for a CD-ROM might sometimes refer to|
    |“unstable”; although this may be confusing, you   |
    |should not change it.                             |
    +--------------------------------------------------+

4.4.1. Recording the session

    It is strongly recommended that you use the /usr/bin/script
    program to record a transcript of the upgrade session. Then if a
    problem occurs, you will have a log of what happened, and if
    needed, can provide exact information in a bug report. To start
    the recording, type:

    # script -t 2>~/upgrade-bookwormstep.time -a ~/upgrade-bookwormstep.script


    or similar. If you have to rerun the typescript (e.g. if you have
    to reboot the system) use different step values to indicate which
    step of the upgrade you are logging. Do not put the typescript
    file in a temporary directory such as /tmp or /var/tmp (files in
    those directories may be deleted during the upgrade or during any
    restart).

    The typescript will also allow you to review information that has
    scrolled off-screen. If you are at the system's console, just
    switch to VT2 (using Alt+F2) and, after logging in, use less -R
    ~root/upgrade-bookworm.script to view the file.

    After you have completed the upgrade, you can stop script by
    typing exit at the prompt.

    apt will also log the changed package states in /var/log/apt/
    history.log and the terminal output in /var/log/apt/term.log. 
    dpkg will, in addition, log all package state changes in /var/log
    /dpkg.log. If you use aptitude, it will also log state changes in
    /var/log/aptitude.

    If you have used the -t switch for script you can use the 
    scriptreplay program to replay the whole session:

    # scriptreplay ~/upgrade-bookwormstep.time ~/upgrade-bookwormstep.script


4.4.2. Updating the package list

    First the list of available packages for the new release needs to
    be fetched. This is done by executing:

    # apt update


    Note

    Users of apt-secure may find issues when using aptitude or 
    apt-get. For apt-get, you can use apt-get update
    --allow-releaseinfo-change.

4.4.3. Make sure you have sufficient space for the upgrade

    You have to make sure before upgrading your system that you will
    have sufficient hard disk space when you start the full system
    upgrade described in Section 4.4.6, “Upgrading the system”.
    First, any package needed for installation that is fetched from
    the network is stored in /var/cache/apt/archives (and the partial
    / subdirectory, during download), so you must make sure you have
    enough space on the file system partition that holds /var/ to
    temporarily download the packages that will be installed in your
    system. After the download, you will probably need more space in
    other file system partitions in order to both install upgraded
    packages (which might contain bigger binaries or more data) and
    new packages that will be pulled in for the upgrade. If your
    system does not have sufficient space you might end up with an
    incomplete upgrade that is difficult to recover from.

    apt can show you detailed information about the disk space needed
    for the installation. Before executing the upgrade, you can see
    this estimate by running:

    # apt -o APT::Get::Trivial-Only=true full-upgrade
    [ ... ]
    XXX upgraded, XXX newly installed, XXX to remove and XXX not upgraded.
    Need to get xx.xMB of archives.
    After this operation, AAAMB of additional disk space will be used.


    Note

    Running this command at the beginning of the upgrade process may
    give an error, for the reasons described in the next sections. In
    that case you will need to wait until you've done the minimal
    system upgrade as in Section 4.4.5, “Minimal system upgrade”
    before running this command to estimate the disk space.

    If you do not have enough space for the upgrade, apt will warn
    you with a message like this:

    E: You don't have enough free space in /var/cache/apt/archives/.


    In this situation, make sure you free up space beforehand. You
    can:

      * Remove packages that have been previously downloaded for
        installation (at /var/cache/apt/archives). Cleaning up the
        package cache by running apt clean will remove all previously
        downloaded package files.

      * Remove forgotten packages. If you have used aptitude or apt to
        manually install packages in bullseye it will have kept track of
        those packages you manually installed, and will be able to mark
        as redundant those packages pulled in by dependencies alone which
        are no longer needed due to a package being removed. They will
        not mark for removal packages that you manually installed. To
        remove automatically installed packages that are no longer used,
        run:

        # apt autoremove


        You can also use deborphan, debfoster, or cruft to find redundant
        packages. Do not blindly remove the packages these tools present,
        especially if you are using aggressive non-default options that
        are prone to false positives. It is highly recommended that you
        manually review the packages suggested for removal (i.e. their
        contents, sizes, and descriptions) before you remove them.

      * Remove packages that take up too much space and are not currently
        needed (you can always reinstall them after the upgrade). If you
        have popularity-contest installed, you can use 
        popcon-largest-unused to list the packages you do not use that
        occupy the most space. You can find the packages that just take
        up the most disk space with dpigs (available in the
        debian-goodies package) or with wajig (running wajig size). They
        can also be found with aptitude. Start aptitude in full-terminal
        mode, select Views → New Flat Package List, press l and enter ~i,
        then press S and enter ~installsize. This will give you a handy
        list to work with.

      * Remove translations and localization files from the system if
        they are not needed. You can install the localepurge package and
        configure it so that only a few selected locales are kept in the
        system. This will reduce the disk space consumed at /usr/share/
        locale.

      * Temporarily move to another system, or permanently remove, system
        logs residing under /var/log/.
   
      * Use a temporary /var/cache/apt/archives: You can use a temporary
        cache directory from another filesystem (USB storage device,
        temporary hard disk, filesystem already in use, ...).

        +-----------------------------------------------------+
        |Note                                                 |
        |                                                     |
        |Do not use an NFS mount as the network connection    |
        |could be interrupted during the upgrade.             |
        +-----------------------------------------------------+

        For example, if you have a USB drive mounted on /media/usbkey:

         1. remove the packages that have been previously downloaded for
            installation:

            # apt clean


         2. copy the directory /var/cache/apt/archives to the USB drive:

            # cp -ax /var/cache/apt/archives /media/usbkey/


         3. mount the temporary cache directory on the current one:

            # mount --bind /media/usbkey/archives /var/cache/apt/archives


         4. after the upgrade, restore the original /var/cache/apt/
            archives directory:

            # umount /var/cache/apt/archives


         5. remove the remaining /media/usbkey/archives.

        You can create the temporary cache directory on whatever
        filesystem is mounted on your system.

      * Do a minimal upgrade of the system (see Section 4.4.5, “Minimal
        system upgrade”) or partial upgrades of the system followed by a
        full upgrade. This will make it possible to upgrade the system
        partially, and allow you to clean the package cache before the
        full upgrade.

    Note that in order to safely remove packages, it is advisable to
    switch your APT source-list files back to bullseye as described
    in Section A.2, “Checking your APT source-list files”.

4.4.4. Stop monitoring systems

    As apt may need to temporarily stop services running on your
    computer, it's probably a good idea to stop monitoring services
    that can restart other terminated services during the upgrade. In
    Debian, monit is an example of such a service.

4.4.5. Minimal system upgrade

    In some cases, doing the full upgrade (as described below)
    directly might remove large numbers of packages that you will
    want to keep. We therefore recommend a two-part upgrade process:
    first a minimal upgrade to overcome these conflicts, then a full
    upgrade as described in Section 4.4.6, “Upgrading the system”.

    To do this, first run:

    # apt upgrade --without-new-pkgs


    This has the effect of upgrading those packages which can be
    upgraded without requiring any other packages to be removed or
    installed.

    The minimal system upgrade can also be useful when the system is
    tight on space and a full upgrade cannot be run due to space
    constraints.

    If the apt-listchanges package is installed, it will (in its
    default configuration) show important information about upgraded
    packages in a pager after downloading the packages. Press q after
    reading to exit the pager and continue the upgrade.

4.4.6. Upgrading the system

    Once you have taken the previous steps, you are now ready to
    continue with the main part of the upgrade. Execute:

    # apt full-upgrade


    This will perform a complete upgrade of the system, installing
    the newest available versions of all packages, and resolving all
    possible dependency changes between packages in different
    releases. If necessary, it will install some new packages
    (usually new library versions, or renamed packages), and remove
    any conflicting obsoleted packages.

    When upgrading from a set of CDs/DVDs/BDs, you will probably be
    asked to insert specific discs at several points during the
    upgrade. You might have to insert the same disc multiple times;
    this is due to inter-related packages that have been spread out
    over the discs.

    New versions of currently installed packages that cannot be
    upgraded without changing the install status of another package
    will be left at their current version (displayed as “held back”).
    This can be resolved by either using aptitude to choose these
    packages for installation or by trying apt install package.

4.5. Possible issues during upgrade

    The following sections describe known issues that might appear
    during an upgrade to bookworm.

4.5.1. Full-upgrade fails with “Could not perform immediate
configuration”

    In some cases the apt full-upgrade step can fail after downloading
    packages with:
   
    E: Could not perform immediate configuration on 'package'.  Please see man 5 apt.conf under APT::Immediate-Configure for details.


    If that happens, running apt full-upgrade -o
    APT::Immediate-Configure=0 instead should allow the upgrade to
    proceed.

    Another possible workaround for this problem is to temporarily
    add both bullseye and bookworm sources to your APT source-list
    files and run apt update.

4.5.2. Expected removals

    The upgrade process to bookworm might ask for the removal of
    packages on the system. The precise list of packages will vary
    depending on the set of packages that you have installed. These
    release notes give general advice on these removals, but if in
    doubt, it is recommended that you examine the package removals
    proposed by each method before proceeding. For more information
    about packages obsoleted in bookworm, see Section 4.8, “Obsolete
    packages”.

4.5.3. Conflicts or Pre-Depends loops

    Sometimes it's necessary to enable the APT::Force-LoopBreak
    option in APT to be able to temporarily remove an essential
    package due to a Conflicts/Pre-Depends loop. apt will alert you
    of this and abort the upgrade. You can work around this by
    specifying the option -o APT::Force-LoopBreak=1 on the apt
    command line.

    It is possible that a system's dependency structure can be so
    corrupt as to require manual intervention. Usually this means
    using apt or

    # dpkg --remove package_name


    to eliminate some of the offending packages, or

    # apt -f install
    # dpkg --configure --pending


    In extreme cases you might have to force re-installation with a
    command like

    # dpkg --install /path/to/package_name.deb


4.5.4. File conflicts

    File conflicts should not occur if you upgrade from a “pure”
    bullseye system, but can occur if you have unofficial backports
    installed. A file conflict will result in an error like:

    Unpacking <package-foo> (from <package-foo-file>) ...
    dpkg: error processing <package-foo> (--install):
    trying to overwrite `<some-file-name>',
    which is also in package <package-bar>
    dpkg-deb: subprocess paste killed by signal (Broken pipe)
    Errors were encountered while processing:
    <package-foo>


    You can try to solve a file conflict by forcibly removing the
    package mentioned on the last line of the error message:

    # dpkg -r --force-depends package_name


    After fixing things up, you should be able to resume the upgrade
    by repeating the previously described apt commands.

4.5.5. Configuration changes

    During the upgrade, you will be asked questions regarding the
    configuration or re-configuration of several packages. When you
    are asked if any file in the /etc/init.d directory, or the /etc/
    manpath.config file should be replaced by the package
    maintainer's version, it's usually necessary to answer “yes” to
    ensure system consistency. You can always revert to the old
    versions, since they will be saved with a .dpkg-old extension.

    If you're not sure what to do, write down the name of the package
    or file and sort things out at a later time. You can search in
    the typescript file to review the information that was on the
    screen during the upgrade.

4.5.6. Change of session to console

    If you are running the upgrade using the system's local console
    you might find that at some points during the upgrade the console
    is shifted over to a different view and you lose visibility of
    the upgrade process. For example, this may happen in systems with
    a graphical interface when the display manager is restarted.

    To recover the console where the upgrade was running you will
    have to use Ctrl+Alt+F1 (if in the graphical startup screen) or 
    Alt+F1 (if in the local text-mode console) to switch back to the
    virtual terminal 1. Replace F1 with the function key with the
    same number as the virtual terminal the upgrade was running in.
    You can also use Alt+Left Arrow or Alt+Right Arrow to switch
    between the different text-mode terminals.

4.6. Upgrading your kernel and related packages

    This section explains how to upgrade your kernel and identifies
    potential issues related to this upgrade. You can either install
    one of the linux-image-* packages provided by Debian, or compile
    a customized kernel from source.

    Note that a lot of information in this section is based on the
    assumption that you will be using one of the modular Debian
    kernels, together with initramfs-tools and udev. If you choose to
    use a custom kernel that does not require an initrd or if you use
    a different initrd generator, some of the information may not be
    relevant for you.

4.6.1. Installing a kernel metapackage

    When you full-upgrade from bullseye to bookworm, it is strongly
    recommended that you install a linux-image-* metapackage, if you
    have not done so before. These metapackages will automatically
    pull in a newer version of the kernel during upgrades. You can
    verify whether you have one installed by running:

    $ dpkg -l 'linux-image*' | grep ^ii | grep -i meta


    If you do not see any output, then you will either need to
    install a new linux-image package by hand or install a
    linux-image metapackage. To see a list of available linux-image
    metapackages, run:

    $ apt-cache search linux-image- | grep -i meta | grep -v transition


    If you are unsure about which package to select, run uname -r and
    look for a package with a similar name. For example, if you see “
    4.9.0-8-amd64”, it is recommended that you install
    linux-image-amd64. You may also use apt to see a long description
    of each package in order to help choose the best one available.
    For example:

    $ apt show linux-image-amd64


    You should then use apt install to install it. Once this new
    kernel is installed you should reboot at the next available
    opportunity to get the benefits provided by the new kernel
    version. However, please have a look at Section 5.1.16, “Things
    to do post upgrade before rebooting” before performing the first
    reboot after the upgrade.

    For the more adventurous there is an easy way to compile your own
    custom kernel on Debian. Install the kernel sources, provided in
    the linux-source package. You can make use of the deb-pkg target
    available in the sources' makefile for building a binary package.
    More information can be found in the Debian Linux Kernel Handbook
    (https://kernel-team.pages.debian.net/kernel-handbook/) , which
    can also be found as the debian-kernel-handbook package.

    If possible, it is to your advantage to upgrade the kernel
    package separately from the main full-upgrade to reduce the
    chances of a temporarily non-bootable system. Note that this
    should only be done after the minimal upgrade process described
    in Section 4.4.5, “Minimal system upgrade”.

4.7. Preparing for the next release

    After the upgrade there are several things you can do to prepare
    for the next release.

      * Remove newly redundant or obsolete packages as described in
        Section 4.4.3, “Make sure you have sufficient space for the
        upgrade” and Section 4.8, “Obsolete packages”. You should
        review which configuration files they use and consider
        purging the packages to remove their configuration files. See
        also Section 4.7.1, “Purging removed packages”.

4.7.1. Purging removed packages

    It is generally advisable to purge removed packages. This is
    especially true if these have been removed in an earlier release
    upgrade (e.g. from the upgrade to bullseye) or they were provided
    by third-party vendors. In particular, old init.d scripts have
    been known to cause issues.

    Caution
   
    Purging a package will generally also purge its log files, so you
    might want to back them up first.

    The following command displays a list of all removed packages
    that may have configuration files left on the system (if any):

    $ apt list '~c'


    The packages can be removed by using apt purge. Assuming you want
    to purge all of them in one go, you can use the following
    command:

    # apt purge '~c'


4.8. Obsolete packages

    Introducing lots of new packages, bookworm also retires and omits
    quite a few old packages that were in bullseye. It provides no
    upgrade path for these obsolete packages. While nothing prevents
    you from continuing to use an obsolete package where desired, the
    Debian project will usually discontinue security support for it a
    year after bookworm's release^[5], and will not normally provide
    other support in the meantime. Replacing them with available
    alternatives, if any, is recommended.

    There are many reasons why packages might have been removed from
    the distribution: they are no longer maintained upstream; there
    is no longer a Debian Developer interested in maintaining the
    packages; the functionality they provide has been superseded by
    different software (or a new version); or they are no longer
    considered suitable for bookworm due to bugs in them. In the
    latter case, packages might still be present in the “unstable”
    distribution.

    “Obsolete and Locally Created Packages” can be listed and purged
    from the commandline with:

    $ apt list '~o'
    # apt purge '~o'


    The Debian Bug Tracking System (https://bugs.debian.org/) often
    provides additional information on why the package was removed.
    You should review both the archived bug reports for the package
    itself and the archived bug reports for the ftp.debian.org
    pseudo-package (https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg
    =ftp.debian.org&archive=yes) .

    For a list of obsolete packages for Bookworm, please refer to
    Section 5.3.1, “Noteworthy obsolete packages”.

4.8.1. Transitional dummy packages

    Some packages from bullseye may have been replaced in bookworm by
    transitional dummy packages, which are empty placeholders
    designed to simplify upgrades. If for instance an application
    that was formerly a single package has been split into several, a
    transitional package may be provided with the same name as the
    old package and with appropriate dependencies to cause the new
    ones to be installed. After this has happened the redundant dummy
    package can be safely removed.

    The package descriptions for transitional dummy packages usually
    indicate their purpose. However, they are not uniform; in
    particular, some “dummy” packages are designed to be kept
    installed, in order to pull in a full software suite, or track
    the current latest version of some program. You might also find 
    deborphan with the --guess-* options (e.g. --guess-dummy) useful
    to detect transitional dummy packages on your system.


---------------------------------------------------------------------

    ^[1] If the debconf priority is set to a very high level you
    might prevent configuration prompts, but services that rely on
    default answers that are not applicable to your system will fail
    to start.

    ^[2] For example: DNS or DHCP services, especially when there is
    no redundancy or failover. In the DHCP case end-users might be
    disconnected from the network if the lease time is lower than the
    time it takes for the upgrade process to complete.

    ^[3] This feature can be disabled by adding the parameter panic=0
    to your boot parameters.

    ^[4] Debian's package management system normally does not allow a
    package to remove or replace a file owned by another package
    unless it has been defined to replace that package.

    ^[5] Or for as long as there is not another release in that time
    frame. Typically only two stable releases are supported at any
    given time.

Chapter 5. Issues to be aware of for bookworm

    Sometimes, changes introduced in a new release have side-effects
    we cannot reasonably avoid, or they expose bugs somewhere else.
    This section documents issues we are aware of. Please also read
    the errata, the relevant packages' documentation, bug reports,
    and other information mentioned in Section 6.1, “Further reading”
    .

5.1. Upgrade specific items for bookworm

    This section covers items related to the upgrade from bullseye to
    bookworm.

5.1.1.  Non-free firmware moved to its own component in the archive

    As described in Section 2.2, “Archive areas”, non-free firmware
    packages are now served from a dedicated archive component,
    called non-free-firmware. To ensure installed non-free firmware
    packages receive proper upgrades, changes to the APT
    configuration are required. Assuming the non-free component was
    only added to the APT sources-list to install firmware, the
    updated APT source-list entry could look like:

    deb https://deb.debian.org/debian bookworm main non-free-firmware

    If you were pointed to this chapter by apt you can prevent it
    from continuously notifying you about this change by creating an
    apt.conf(5) (https://manpages.debian.org//bookworm/apt/
    apt.conf.5.html) file named /etc/apt/apt.conf.d/
    no-bookworm-firmware.conf with the following content:

    APT::Get::Update::SourceListWarnings::NonFreeFirmware "false";

5.1.2. Changes to packages that set the system clock

    The ntp package, which used to be the default way to set the
    system clock from a Network Time Protocol (NTP) server, has been
    replaced by ntpsec.

    Most users will not need to take any specific action to
    transition from ntp to ntpsec.

    In bookworm there are also several other packages that provide a
    similar service. The Debian default is now systemd-timesyncd,
    which may be adequate for users who only need an ntp client to
    set their clock. bookworm also includes chrony and openntpd which
    support more advanced features, such as operating your own NTP
    server.

5.1.3. Puppet configuration management system upgraded to 7

    Puppet has been upgraded from 5 to 7, skipping the Puppet 6
    series altogether. This introduces major changes to the Puppet
    ecosystem.

    The classic Ruby-based Puppet Master 5.5.x application has been
    deprecated upstream and is no longer available in Debian. It is
    replaced by Puppet Server 7.x, provided by the puppetserver
    package. The package is automatically installed as a dependency
    of the transitional puppet-master package.

    In some cases, Puppet Server is a drop-in replacement for Puppet
    Master, but you should review the configuration files available
    under /etc/puppet/puppetserver to ensure the new defaults are
    suitable for your deployment. In particular the legacy format for
    the auth.conf file is deprecated, see the auth.conf documentation
    (https://www.puppet.com/docs/puppet/7/server/
    config_file_auth.html) for details.

    The recommended approach is to upgrade the server before clients.
    The Puppet 7 Server is backwards compatible with older clients
    (https://www.puppet.com/docs/puppet/7/server/
    compatibility_with_puppet_agent.html) ; a Puppet 5 Server can
    still handle upgraded agents but cannot register new Puppet 7
    agents. So if you deploy new Puppet 7 agents before upgrading the
    server, you will not be able to add them to the fleet.

    The puppet package has been replaced by the puppet-agent package
    and is now a transitional package to ensure a smooth upgrade.

    Finally, the puppetdb package was removed in bullseye but is
    reintroduced in bookworm.

5.1.4. youtube-dl replaced with yt-dlp

    The popular tool youtube-dl, which can download videos from a
    large variety of websites (including, but not limited to,
    YouTube) is no longer included in Debian. Instead, it has been
    replaced with an empty transitional package that pulls in the
    yt-dlp package instead. yt-dlp is a fork of youtube-dl where new
    development is currently happening.

    There are no compatibility wrappers provided, so you'll need to
    modify your scripts and personal behavior to call yt-dlp instead
    of youtube-dl. The functionality should be mostly the same,
    although some options and behavioral details have changed. Be
    sure to check yt-dlp's man page (https://manpages.debian.org//
    bookworm/yt-dlp/yt-dlp.1.html) for details, and in particular the
    Differences in default behavior (https://manpages.debian.org/
    bookworm/yt-dlp/yt-dlp.1.html#Differences_in_default_behavior)
    section.

5.1.5. Fcitx versions no longer co-installable

    The packages fcitx and fcitx5 provide version 4 and version 5 of
    the popular Fcitx Input Method Framework. Following upstream's
    recommendation, they can no longer be co-installed on the same
    operating system. Users should determine which version of Fcitx
    is to be kept if they had co-installed fcitx and fcitx5
    previously.

    Before the upgrade, users are strongly encouraged to purge all
    related packages for the unwanted Fcitx version (fcitx-* for
    Fcitx 4, and fcitx5-* for Fcitx 5). When the upgrade is finished,
    consider executing the im-config again to select the desired
    input method framework to be used in the system.

    You can read more background information in the announcement
    posted in the mailing list (https://lists.debian.org/
    debian-chinese-gb/2021/12/msg00000.html) (text written in
    Simplified Chinese).

5.1.6. MariaDB package names no longer include version numbers

    Unlike bullseye that had the MariaDB version in package names
    (e.g. mariadb-server-10.5 and mariadb-client-10.5), in bookworm
    the equivalent MariaDB 10.11 package names are fully versionless
    (e.g. mariadb-server or mariadb-client). The MariaDB version is
    still visible in the package version metadata.

    There is at least one known upgrade scenario (Bug #1035949)
    (https://bugs.debian.org/1035949) where the transition to
    versionless package names fails: running

    apt-get install default-mysql-server

    may fail when mariadb-client-10.5 and the file /usr/bin/
    mariadb-admin in it is removed before the MariaDB server SysV
    init service has issued a shutdown, which uses mariadb-admin. The
    workaround is to run

    apt upgrade

    before running

    apt full-upgrade

    .

    For more information about the package name changes in MariaDB,
    see /usr/share/doc/mariadb-server/NEWS.Debian.gz (https://
    salsa.debian.org/mariadb-team/mariadb-server/-/blob/
    280369f034bedae714af2f26111d1d9d1659f142/debian/
    mariadb-server.NEWS) .

5.1.7. Changes to system logging

    The rsyslog package is no longer needed on most systems and you
    may be able to remove it.

    Many programs produce log messages to inform the user of what
    they are doing. These messages can be managed by systemd's “
    journal” or by a “syslog daemon” such as rsyslog.

    In bullseye, rsyslog was installed by default and the systemd
    journal was configured to forward log messages to rsyslog, which
    writes messages into various text files such as /var/log/syslog.

    From bookworm, rsyslog is no longer installed by default. If you
    do not want to continue using rsyslog, after the upgrade you can
    mark it as automatically installed with

    apt-mark auto rsyslog

    and then an
   
    apt autoremove

    will remove it, if possible. If you have upgraded from older
    Debian releases, and not accepted the default configuration
    settings, the journal may not have been configured to save
    messages to persistent storage: instructions for enabling this
    are in journald.conf(5) (https://manpages.debian.org//bookworm/
    systemd/journald.conf.5.html) .

    If you decide to switch away from rsyslog you can use the 
    journalctl command to read log messages, which are stored in a
    binary format under /var/log/journal. For example,

    journalctl -e

    shows the most recent log messages in the journal and
   
    journalctl -ef

    shows new messages as they are written (similar to running

    tail -f /var/log/syslog

    ).

5.1.8. rsyslog changes affecting log analyzers such as logcheck

    rsyslog now defaults to “high precision timestamps” which may
    affect other programs that analyze the system logs. There is
    further information about how to customize this setting in
    rsyslog.conf(5) (https://manpages.debian.org//bookworm/rsyslog/
    rsyslog.conf.5.html) .

    The change in timestamps may require locally-created logcheck
    rules to be updated. logcheck checks messages in the system log
    (produced by systemd-journald or rsyslog) against a customizable
    database of regular expressions known as rules. Rules that match
    the time the message was produced will need to be updated to
    match the new rsyslog format. The default rules, which are
    provided by the logcheck-database package, have been updated, but
    other rules, including those created locally, may require
    updating to recognize the new format. See /usr/share/doc/
    logcheck-database/NEWS.Debian.gz (https://salsa.debian.org/debian
    /logcheck/-/blob/debian/1.4.0/debian/logcheck-database.NEWS) for
    a script to help update local logcheck rules.

5.1.9. rsyslog creates fewer log files

    rsyslog has changed which log files it creates, and some files in
    /var/log can be deleted.

    If you are continuing to use rsyslog (see Section 5.1.7, “Changes
    to system logging”), some log files in /var/log will no longer be
    created by default. The messages that were written to these files
    are also in /var/log/syslog but are no longer created by default.
    Everything that used to be written to these files will still be
    available in /var/log/syslog.

    The files that are no longer created are:

      * /var/log/mail.{info,warn,err}

        These files contained messages from the local mail transport
        agent (MTA), split up by priority.

        As /var/log/mail.log contains all mail related messages,
        these files (and their rotated counterparts) can be deleted
        safely. If you were using those files to monitor anomalies, a
        suitable alternative might be something like logcheck.

      * /var/log/lpr.log

        This file contained log messages relating to printing. The
        default print system in debian is cups which does not use
        this file, so unless you installed a different printing
        system this file (and its rotated counterparts) can be
        deleted.

      * /var/log/{messages,debug,daemon.log}

        These files (and their rotated counterparts) can be deleted.
        Everything that used to be written to these files will still
        be in /var/log/syslog.

5.1.10. slapd upgrade may require manual intervention

    OpenLDAP 2.5 is a major new release and includes several
    incompatible changes as described in the upstream release
    announcement (https://git.openldap.org/openldap/openldap/-/raw/
    OPENLDAP_REL_ENG_2_5/ANNOUNCEMENT) . Depending on the
    configuration, the slapd service might remain stopped after the
    upgrade, until necessary configuration updates are completed.

    The following are some of the known incompatible changes:

      * The slapd-bdb(5) (https://manpages.debian.org//bullseye/slapd
        /slapd-bdb.5.html) and slapd-hdb(5) (https://
        manpages.debian.org//bullseye/slapd/slapd-hdb.5.html)
        database backends have been removed. If you are using one of
        these backends under bullseye, it is strongly recommended to
        migrate to the slapd-mdb(5) (https://manpages.debian.org//
        bookworm/slapd/slapd-mdb.5.html) backend before upgrading to
        bookworm.

      * The slapd-shell(5) (https://manpages.debian.org//bullseye/
        slapd/slapd-shell.5.html) database backend has been removed.

      * The slapo-ppolicy(5) (https://manpages.debian.org//bookworm/
        slapd/slapo-ppolicy.5.html) overlay now includes its schema
        compiled into the module. The old external schema, if
        present, conflicts with the new built-in one.

      * The pw-argon2 (https://manpages.debian.org//bullseye/
        slapd-contrib/slapd-pw-argon2.5.html) contrib password module
        has been renamed to argon2 (https://manpages.debian.org//
        bookworm/slapd/slappw-argon2.5.html) .

    Instructions for completing the upgrade and resuming the slapd
    service can be found in /usr/share/doc/slapd/README.Debian.gz
    (https://sources.debian.org/src/openldap/bookworm/debian/
    slapd.README.Debian/) . You should also consult the upstream
    upgrade notes (https://openldap.org/doc/admin25/
    appendix-upgrading.html) .

5.1.11. GRUB no longer runs os-prober by default

    For a long time, grub has used the os-prober package to detect
    other operating systems installed on a computer so that it can
    add them to the boot menu. Unfortunately, that can be problematic
    in certain cases (e.g. where guest virtual machines are running),
    so this has now been disabled by default in the latest upstream
    release.

    If you are using GRUB to boot your system and want to continue to
    have other operating systems listed on the boot menu, you can
    change this. Either edit the file /etc/default/grub, ensure you
    have the setting GRUB_DISABLE_OS_PROBER=false and re-run 
    update-grub, or run

    dpkg-reconfigure <GRUB_PACKAGE>

    to change this and other GRUB settings in a more user-friendly
    way.

5.1.12.  GNOME has reduced accessibility support for screen readers

    Many GNOME apps have switched from the GTK3 graphics toolkit to
    GTK4. Sadly, this has made many apps much less usable with screen
    readers such as orca.

    If you depend on a screen reader you should consider switching to
    a different desktop such as Mate (https://mate-desktop.org) ,
    which has better accessibility support. You can do this by
    installing the mate-desktop-environment package. Information
    about how to use Orca under Mate is available at here (https://
    wiki.debian.org/Accessibility/Orca#MATE) .

5.1.13. Changes to polkit configuration

    For consistency with upstream and other distributions, the polkit
    (formerly PolicyKit) service, which allows unprivileged programs
    to access privileged system services, has changed the syntax and
    location for local policy rules. You should now write local rules
    for customizing the security policy in JavaScript (https://
    wikipedia.org/wiki/JavaScript) , and place them at /etc/polkit-1/
    rules.d/*.rules. Example rules using the new format can be found
    in /usr/share/doc/polkitd/examples/, and polkit(8) (https://
    manpages.debian.org//unstable/polkitd/polkit.8.html#
    AUTHORIZATION_RULES) has further information.

    Previously, rules could be written in pkla format, and placed in
    subdirectories of /etc/polkit-1/localauthority or /var/lib/
    polkit-1/localauthority. However, .pkla files should now be
    considered deprecated, and will only continue to work if the
    polkitd-pkla package is installed. This package will usually be
    installed automatically when you upgrade to bookworm, but it is
    likely not to be included in future Debian releases, so any local
    policy overrides will need to be migrated to the JavaScript
    format.

5.1.14.  A “merged-/usr” is now required

    Debian has adopted a filesystem layout, referred to as “merged-/
    usr”, which no longer includes the legacy directories /bin, /
    sbin, /lib, or optional variants such as /lib64. In the new
    layout, the legacy directories are replaced with symlinks to the
    corresponding locations /usr/bin, /usr/sbin, /usr/lib, and /usr/
    lib64. This means that, for example, both /bin/bash and /usr/bin/
    bash will launch bash.

    For systems installed as buster or bullseye there will be no
    change, as the new filesystem layout was already the default in
    these releases. However, the older layout is no longer supported,
    and systems using it will be converted to the new layout when
    they are upgraded to bookworm.

    The conversion to the new layout should have no impact on most
    users. All files are automatically moved to their new locations
    even if they were installed locally or come from packages not
    provided by Debian, and hardcoded paths such as /bin/sh continue
    to work. There are, however, some potential issues:

      * 
        dpkg --search

        will give wrong answers for files moved to the new locations:

        dpkg --search /usr/bin/bash

        will not identify that bash came from a package. (But

        dpkg --search /bin/bash

        still works as expected.)

      * Local software not provided by Debian may not support the new
        layout and may, for example, rely on /usr/bin/name and /bin/
        name being two different files. This is not supported on
        merged systems (including new installations since buster), so
        any such software must be fixed or removed before the
        upgrade.

      * Systems that rely on a “base layer” that is not directly
        writable (such as WSL1 (https://wiki.debian.org//https://
        wiki.debian.org/InstallingDebianOn/Microsoft/Windows/
        SubsystemForLinux) images or container systems using
        multi-layer overlayfs (https://en.wikipedia.org/wiki/
        OverlayFS) filesystems) cannot be safely converted and should
        either be replaced (e.g., by installing a new WSL1 image from
        the store) or have each individual layer upgraded (e.g., by
        upgrading the base Debian layer of the overlayfs
        independently) rather than dist-upgraded.

    For further information, see The Case for the /usr merge (https:/
    /www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge
    /) and the Debian Technical Committee resolution (https://
    bugs.debian.org/994388#110) .

5.1.15. Unsupported upgrades from buster fail on libcrypt1

    Debian officially supports upgrades only from one stable release to
    the next, e.g. from bullseye to bookworm. Upgrades from buster to
    bookworm are not supported, and will fail due to Bug #993755 (https:/
    /bugs.debian.org/993755) with the following error:
   
    Setting up libc6:s390x (2.36-9) ...
    /usr/bin/perl: error while loading shared libraries: libcrypt.so.1: cannot open shared object file: No such file or directory
    dpkg: error processing package libc6:s390x (--configure):
    installed libc6:s390x package post-installation script subprocess returned error exit status 127


    It is however possible to manually recover from this particular
    situation by forcibly installing the new libcrypt1:

    # cd $(mktemp -d)
    # apt download libcrypt1
    # dpkg-deb -x libcrypt1_*.deb .
    # cp -ra lib/* /lib/
    # apt --fix-broken install


5.1.16. Things to do post upgrade before rebooting

    When apt full-upgrade has finished, the “formal” upgrade is
    complete. For the upgrade to bookworm, there are no special
    actions needed before performing a reboot.

5.2. Items not limited to the upgrade process

5.2.1. Limitations in security support

    There are some packages where Debian cannot promise to provide
    minimal backports for security issues. These are covered in the
    following subsections.

    Note
   
    The package debian-security-support helps to track the security
    support status of installed packages.

5.2.1.1. Security status of web browsers and their rendering engines

    Debian 12 includes several browser engines which are affected by
    a steady stream of security vulnerabilities. The high rate of
    vulnerabilities and partial lack of upstream support in the form
    of long term branches make it very difficult to support these
    browsers and engines with backported security fixes.
    Additionally, library interdependencies make it extremely
    difficult to update to newer upstream releases. Applications
    using the webkit2gtk source package (e.g. epiphany ) are covered
    by security support, but applications using qtwebkit (source
    package qtwebkit-opensource-src ) are not.

    For general web browser use we recommend Firefox or Chromium.
    They will be kept up-to-date by rebuilding the current ESR
    releases for stable. The same strategy will be applied for
    Thunderbird.

    Once a release becomes oldstable, officially supported browsers
    may not continue to receive updates for the standard period of
    coverage. For example, Chromium will only receive 6 months of
    security support in oldstable rather than the typical 12 months.

5.2.1.2. Go- and Rust-based packages

    The Debian infrastructure currently has problems with rebuilding
    packages of types that systematically use static linking. With
    the growth of the Go and Rust ecosystems it means that these
    packages will be covered by limited security support until the
    infrastructure is improved to deal with them maintainably.

    In most cases if updates are warranted for Go or Rust development
    libraries, they will only be released via regular point releases.

5.2.2. Python Interpreters marked externally-managed

    The Debian provided python3 interpreter packages (python3.11 and
    pypy3) are now marked as being externally-managed, following
    PEP-668 (https://peps.python.org/pep-0668/) . The version of
    python3-pip provided in Debian follows this, and will refuse to
    manually install packages on Debian's python interpreters, unless
    the --break-system-packages option is specified.

    If you need to install a Python application (or version) that
    isn't packaged in Debian, we recommend that you install it with 
    pipx (in the pipx Debian package). pipx will set up an
    environment isolated from other applications and system Python
    modules, and install the application and its dependencies into
    that.

    If you need to install a Python library module (or version) that
    isn't packaged in Debian, we recommend installing it into a
    virtualenv, where possible. You can create virtualenvs with the
    venv Python stdlib module (in the python3-venv Debian package) or
    the virtualenv Python 3rd-party tool (in the virtualenv Debian
    package). For example, instead of running pip install --user foo,
    run: mkdir -p ~/.venvs && python3 -m venv ~/.venvs/foo && ~
    /.venvs/foo/bin/python -m pip install foo to install it in a
    dedicated virtualenv.

    See /usr/share/doc/python3.11/README.venv for more details.

5.2.3. Limited hardware-accelerated video encoding/decoding support
in VLC

    The VLC video player supports hardware-accelerated video decoding
    and encoding via VA-API and VDPAU. However, VLC's support for
    VA-API is tightly related to the version of FFmpeg. Because
    FFmpeg was upgraded to the 5.x branch, VLC's VA-API support has
    been disabled. Users of GPUs with native VA-API support (e.g.,
    Intel and AMD GPUs) may experience high CPU usage during video
    playback and encoding.

    Users of GPUs offering native VDPAU support (e.g., NVIDIA with
    non-free drivers) are not affected by this issue.

    Support for VA-API and VDPAU can be checked with vainfo and 
    vdpauinfo (each provided in a Debian package of the same name).

5.2.4. systemd-resolved has been split into a separate package

    The new systemd-resolved package will not be installed
    automatically on upgrades. If you were using the systemd-resolved
    system service, please install the new package manually after the
    upgrade, and note that until it has been installed, DNS
    resolution might no longer work since the service will not be
    present on the system. Installing this package will automatically
    give systemd-resolved control of /etc/resolv.conf. For more
    information about systemd-resolved, consult the official
    documentation (https://www.freedesktop.org/software/systemd/man/
    systemd-resolved.service.html) . Note that systemd-resolved was
    not, and still is not, the default DNS resolver in Debian. If you
    have not configured your machine to use systemd-resolved as the
    DNS resolver, no action is required.

5.2.5. systemd-boot has been split into a separate package

    The new systemd-boot package will not be installed automatically
    on upgrades. If you were using systemd-boot, please install this
    new package manually, and note that until you do so, the older
    version of systemd-boot will be used as the bootloader.
    Installing this package will automatically configure systemd-boot
    as the machine's bootloader. The default boot loader in Debian is
    still GRUB. If you have not configured the machine to use
    systemd-boot as the bootloader, no action is required.

5.2.6. systemd-journal-remote no longer uses GnuTLS

    The optional systemd-journal-gatewayd (https://
    www.freedesktop.org/software/systemd/man/
    systemd-journal-remote.service.html#--trust=) and
    systemd-journal-remote (https://www.freedesktop.org/software/
    systemd/man/systemd-journal-gatewayd.service.html#--trust=)
    services are now built without GnuTLS support, which means the
    --trust option is no longer provided by either program, and an
    error will be raised if it is specified.

5.2.7. Extensive changes in adduser for bookworm

    There have been several changes in adduser. The most prominent
    change is that --disabled-password and --disabled-login are now
    functionally identical. For further details, please read the /usr
    /share/doc/adduser/NEWS.Debian.gz.

5.2.8. Predictable naming for Xen network interfaces

    The predictable naming logic in systemd for network interfaces
    has been extended to generate stable names from Xen netfront
    device information. This means that instead of the former system
    of names assigned by the kernel, interfaces now have stable names
    of the form enX#. Please adapt your system before rebooting after
    the upgrade. Some more information can be found on the
    NetworkInterfaceNames wiki page (https://wiki.debian.org/
    NetworkInterfaceNames#bookworm-xen) .

5.2.9. Change in dash handling of circumflex

    dash, which by default provides the system shell /bin/sh in
    Debian, has switched to treating the circumflex (^) as a literal
    character, as was always the intended POSIX-compliant behavior.
    This means that in bookworm [^0-9] no longer means “not 0 to 9”
    but “0 to 9 and ^”.

5.2.10. netcat-openbsd supports abstract sockets

    The netcat utility for reading and writing data across network
    connections supports abstract sockets (https://
    manpages.debian.org//bookworm/manpages/unix.7.html#
    Abstract_sockets) , and uses them by default in some
    circumstances.

    By default, netcat is provided by netcat-traditional. However, if
    netcat is provided by the netcat-openbsd package and you are
    using an AF_UNIX socket, then this new default applies. In this
    case the -U option to nc will now interpret an argument starting
    with an @ as requesting an abstract socket rather than as a
    filename beginning with an @ in the current directory. This can
    have security implications because filesystem permissions can no
    longer be used to control access to an abstract socket. You can
    continue to use a filename starting with an @ by prefixing the
    name with ./ or by specifying an absolute path.

5.3. Obsolescence and deprecation

5.3.1. Noteworthy obsolete packages

    The following is a list of known and noteworthy obsolete packages
    (see Section 4.8, “Obsolete packages” for a description).

    The list of obsolete packages includes:

      * The libnss-ldap package has been removed from bookworm. Its
        functionalities are now covered by libnss-ldapd and
        libnss-sss.

      * The libpam-ldap package has been removed from bookworm. Its
        replacement is libpam-ldapd.

      * The fdflush package has been removed from bookworm. In its
        stead, please use blockdev --flushbufs from util-linux.

      * The libgdal-perl package has been removed from bookworm,
        because the Perl binding for GDAL is no longer supported
        upstream. If you need Perl support for GDAL, you can migrate
        to the FFI interface provided by the Geo::GDAL::FFI package,
        available on CPAN. You will have to build your own binaries
        as documented on the BookwormGdalPerl Wiki page (https://
        wiki.debian.org/BookwormGdalPerl) .

5.3.2. Deprecated components for bookworm

    With the next release of Debian 13 (codenamed trixie) some
    features will be deprecated. Users will need to migrate to other
    alternatives to prevent trouble when updating to Debian 13.

    This includes the following features:

      * Development of the NSS service gw_name stopped in 2015. The
        associated package libnss-gw-name may be removed in future
        Debian releases. The upstream developer suggests using
        libnss-myhostname instead.

      * dmraid has not seen upstream activity since end 2010 and has
        been on life support in Debian. bookworm will be the last
        release to ship it, so please plan accordingly if you're
        using dmraid.

      * request-tracker4 has been superseded by request-tracker5 in
        this release, and will be removed in future releases. We
        recommend that you plan to migrate from request-tracker4 to
        request-tracker5 during the lifetime of this release.

      * The isc-dhcp suite has been deprecated (https://www.isc.org/
        blogs/isc-dhcp-eol/) by the ISC (https://www.isc.org/) . The
        Debian Wiki (https://wiki.debian.org/) has a list of
        alternative implementations, see DHCP Client (https://
        wiki.debian.org/DHCP_Client) and DHCP Server (https://
        wiki.debian.org/DHCP_Server) pages for the latest. If you are
        using NetworkManager or systemd-networkd, you can safely
        remove the isc-dhcp-client package as they both ship their
        own implementation. If you are using the ifupdown package,
        you can experiment with udhcpc as a replacement. The ISC
        recommends the Kea package as a replacement for DHCP servers.

        The security team will support the isc-dhcp package during
        the bookworm lifetime, but the package will likely be
        unsupported in the next stable release, see bug #1035972
        (isc-dhcp EOL'ed) (https://bugs.debian.org/1035972) for more
        details.

5.4. Known severe bugs

    Although Debian releases when it's ready, that unfortunately
    doesn't mean there are no known bugs. As part of the release
    process all the bugs of severity serious or higher are actively
    tracked by the Release Team, so an overview of those bugs (https:
    //bugs.debian.org/cgi-bin/pkgreport.cgi?users=
    release.debian.org@packages.debian.org;tag=bookworm-can-defer)
    that were tagged to be ignored in the last part of releasing
    bookworm can be found in the Debian Bug Tracking System (https://
    bugs.debian.org/) . The following bugs were affecting bookworm at
    the time of the release and worth mentioning in this document:

    +------------------------------------------------------------------+
    |  Bug number   |Package (source or binary)|      Description      |
    |---------------+--------------------------+-----------------------|
    |1032240 (https:|                          |akonadi server fails to|
    |//             |akonadi-backend-mysql     |start since it cannot  |
    |bugs.debian.org|                          |connect to mysql       |
    |/1032240)      |                          |database               |
    |---------------+--------------------------+-----------------------|
    |918984 (https:/|                          |provide upgrade path   |
    |/              |src:fuse3                 |fuse -> fuse3 for      |
    |bugs.debian.org|                          |bookworm               |
    |/918984)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1016903 (https:|                          |tree-vectorize: Wrong  |
    |//             |g++-12                    |code at O2 level       |
    |bugs.debian.org|                          |(-fno-tree-vectorize is|
    |/1016903)      |                          |working)               |
    |---------------+--------------------------+-----------------------|
    |1020284 (https:|                          |                       |
    |//             |git-daemon-run            |fails to purge: deluser|
    |bugs.debian.org|                          |-f: Unknown option: f  |
    |/1020284)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |919296 (https:/|                          |fails with 'warning:   |
    |/              |git-daemon-run            |git-daemon: unable to  |
    |bugs.debian.org|                          |open supervise/ok: file|
    |/919296)       |                          |does not exist'        |
    |---------------+--------------------------+-----------------------|
    |1034752 (https:|                          |                       |
    |//             |src:gluegen2              |embeds non-free headers|
    |bugs.debian.org|                          |                       |
    |/1034752)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |               |                          |FTBFS in testing:      |
    |1036256 (https:|                          |dh_auto_test: error: cd|
    |//             |                          |_build && go test -vet=|
    |bugs.debian.org|src:golang-github-pin-tftp|off -v -p 8 github.com/|
    |/1036256)      |                          |pin/tftp github.com/pin|
    |               |                          |/tftp/netascii returned|
    |               |                          |exit code 1            |
    |---------------+--------------------------+-----------------------|
    |1036575 (https:|                          |missing Depends:       |
    |//             |groonga-bin               |libjs-jquery-flot,     |
    |bugs.debian.org|                          |libjs-jquery-ui        |
    |/1036575)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1036041 (https:|                          |upgrade-reports: Dell  |
    |//             |                          |XPS 9550 fails to boot |
    |bugs.debian.org|src:grub2                 |after bullseye to      |
    |/1036041)      |                          |bookworm upgrade - grub|
    |               |                          |/bios interaction bug? |
    |---------------+--------------------------+-----------------------|
    |558422 (https:/|                          |                       |
    |/              |grub-pc                   |upgrade hangs          |
    |bugs.debian.org|                          |                       |
    |/558422)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |913916 (https:/|                          |UEFI boot option       |
    |/              |grub-efi-amd64            |removed after update to|
    |bugs.debian.org|                          |grub2                  |
    |/913916)       |                          |2.02~beta3-5+deb9u1    |
    |---------------+--------------------------+-----------------------|
    |924151 (https:/|                          |wrong grub.cfg for efi |
    |/              |grub2-common              |boot and fully         |
    |bugs.debian.org|                          |encrypted disk         |
    |/924151)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |925134 (https:/|                          |grub-efi-amd64-signed: |
    |/              |grub-efi-amd64            |doesn't mount          |
    |bugs.debian.org|                          |cryptodisk             |
    |/925134)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |945001 (https:/|                          |                       |
    |/              |grub-efi-amd64            |GRUB-EFI messes up boot|
    |bugs.debian.org|                          |variables              |
    |/945001)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |965026 (https:/|                          |grub-emu hangs linux   |
    |/              |grub-emu                  |console when run as    |
    |bugs.debian.org|                          |root                   |
    |/965026)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |984760 (https:/|                          |upgrade works, boot    |
    |/              |grub-efi-amd64            |fails (error: symbol   |
    |bugs.debian.org|                          |`grub_is_lockdown` not |
    |/984760)       |                          |found)                 |
    |---------------+--------------------------+-----------------------|
    |1036263 (https:|                          |FTBFS in testing: make |
    |//             |src:guestfs-tools         |[6]: ***               |
    |bugs.debian.org|                          |[Makefile:1716:        |
    |/1036263)      |                          |test-suite.log] Error 1|
    |---------------+--------------------------+-----------------------|
    |916596 (https:/|                          |iptables.postinst      |
    |/              |iptables                  |failure on link        |
    |bugs.debian.org|                          |creation               |
    |/916596)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |919058 (https:/|                          |                       |
    |/              |itstool                   |its-tools: crashes when|
    |bugs.debian.org|                          |freeing xmlDocs        |
    |/919058)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1028416 (https:|                          |systemctl kexec doesn't|
    |//             |kexec-tools               |shutdown system        |
    |bugs.debian.org|                          |properly and corrupts  |
    |/1028416)      |                          |mounted filesystems    |
    |---------------+--------------------------+-----------------------|
    |935182 (https:/|                          |Concurrent file open on|
    |/              |libreoffice-core          |the same host results  |
    |bugs.debian.org|                          |file deletion          |
    |/935182)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1036755 (https:|                          |6.1.26 <= x < 6.1.30   |
    |//             |src:linux                 |breaks applications    |
    |bugs.debian.org|                          |using mmap(MAP_32BIT)  |
    |/1036755)      |                          |[affects ganeti]       |
    |---------------+--------------------------+-----------------------|
    |1036580 (https:|                          |please add some Breaks |
    |//             |src:llvm-defaults         |for smoother upgrades  |
    |bugs.debian.org|                          |from bullseye          |
    |/1036580)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1036359 (https:|                          |crashes with           |
    |//             |elpa-markdown-toc         |(wrong-type-argument   |
    |bugs.debian.org|                          |consp nil)             |
    |/1036359)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1032647 (https:|                          |Intermittent black     |
    |//             |nvidia-driver             |screen after updating  |
    |bugs.debian.org|                          |to 525.89.02-1         |
    |/1032647)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1029342 (https:|                          |jexec: can't locate    |
    |//             |openjdk-17-jre-headless   |java: No such file or  |
    |bugs.debian.org|                          |directory              |
    |/1029342)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1035798 (https:|                          |does not ship SONAME   |
    |//             |libphp8.2-embed           |link /usr/lib/libphp.so|
    |bugs.debian.org|                          |-> libphp8.2.so        |
    |/1035798)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1034993 (https:|                          |missing Breaks+Replaces|
    |//             |                          |for                    |
    |bugs.debian.org|software-properties-qt    |software-properties-kde|
    |/1034993)      |                          |when upgrading from    |
    |               |                          |bullseye               |
    |---------------+--------------------------+-----------------------|
    |1036388 (https:|                          |                       |
    |//             |sylpheed                  |account reset when mail|
    |bugs.debian.org|                          |is checked             |
    |/1036388)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1036424 (https:|                          |replying to an email   |
    |//             |sylpheed                  |you sent doesn't set   |
    |bugs.debian.org|                          |account accordingly    |
    |/1036424)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |994274 (https:/|                          |                       |
    |/              |src:syslinux              |FTBFS with gnu-efi     |
    |bugs.debian.org|                          |3.0.13                 |
    |/994274)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1031152 (https:|                          |unlock button in       |
    |//             |system-config-printer     |system-config-printer  |
    |bugs.debian.org|                          |provides no elevated   |
    |/1031152)      |                          |permissions dialog     |
    |---------------+--------------------------+-----------------------|
    |975490 (https:/|                          |A64-Olinuxino-eMMC boot|
    |/              |u-boot-sunxi              |stuck at "Starting     |
    |bugs.debian.org|                          |kernel ..."            |
    |/975490)       |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1034995 (https:|                          |missing Breaks+Replaces|
    |//             |                          |for                    |
    |bugs.debian.org|python-is-python3         |python-dev-is-python2  |
    |/1034995)      |                          |when upgrading from    |
    |               |                          |bullseye               |
    |---------------+--------------------------+-----------------------|
    |1036881 (https:|                          |                       |
    |//             |whitedune                 |segfaults              |
    |bugs.debian.org|                          |                       |
    |/1036881)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1036601 (https:|                          |                       |
    |//             |xenstore-utils            |missing Depends:       |
    |bugs.debian.org|                          |xen-utils-common       |
    |/1036601)      |                          |                       |
    |---------------+--------------------------+-----------------------|
    |1036578 (https:|                          |                       |
    |//             |python3-yade              |does not ship a python |
    |bugs.debian.org|                          |module                 |
    |/1036578)      |                          |                       |
    +------------------------------------------------------------------+

Chapter 6. More information on Debian

6.1. Further reading

    Beyond these release notes and the installation guide (https://
    www.debian.org/releases/bookworm/installmanual) , further
    documentation on Debian is available from the Debian
    Documentation Project (DDP), whose goal is to create high-quality
    documentation for Debian users and developers, such as the Debian
    Reference, Debian New Maintainers Guide, the Debian FAQ, and many
    more. For full details of the existing resources see the Debian
    Documentation website (https://www.debian.org/doc/) and the
    Debian Wiki (https://wiki.debian.org/) .

    Documentation for individual packages is installed into /usr/
    share/doc/package. This may include copyright information, Debian
    specific details, and any upstream documentation.

6.2. Getting help

    There are many sources of help, advice, and support for Debian
    users, though these should only be considered after researching
    the issue in available documentation. This section provides a
    short introduction to these sources which may be helpful for new
    Debian users.

6.2.1. Mailing lists

    The mailing lists of most interest to Debian users are the
    debian-user list (English) and other debian-user-language lists
    (for other languages). For information on these lists and details
    of how to subscribe see https://lists.debian.org/ (https://
    lists.debian.org/) . Please check the archives for answers to
    your question prior to posting and also adhere to standard list
    etiquette.

6.2.2. Internet Relay Chat

    Debian has an IRC channel dedicated to support and aid for Debian
    users, located on the OFTC IRC network. To access the channel,
    point your favorite IRC client at irc.debian.org and join #
    debian.

    Please follow the channel guidelines, respecting other users
    fully. The guidelines are available at the Debian Wiki (https://
    wiki.debian.org/DebianIRC) .

    For more information on OFTC please visit the website (http://
    www.oftc.net/) .

6.3. Reporting bugs

    We strive to make Debian a high-quality operating system; however
    that does not mean that the packages we provide are totally free
    of bugs. Consistent with Debian's “open development” philosophy
    and as a service to our users, we provide all the information on
    reported bugs at our own Bug Tracking System (BTS). The BTS can
    be browsed at https://bugs.debian.org/ (https://bugs.debian.org/)
    .

    If you find a bug in the distribution or in packaged software
    that is part of it, please report it so that it can be properly
    fixed for future releases. Reporting bugs requires a valid e-mail
    address. We ask for this so that we can trace bugs and developers
    can get in contact with submitters should additional information
    be needed.

    You can submit a bug report using the program reportbug or
    manually using e-mail. You can find out more about the Bug
    Tracking System and how to use it by reading the reference
    documentation (available at /usr/share/doc/debian if you have
    doc-debian installed) or online at the Bug Tracking System
    (https://bugs.debian.org/) .

6.4. Contributing to Debian

    You do not need to be an expert to contribute to Debian. By
    assisting users with problems on the various user support lists
    (https://lists.debian.org/) you are contributing to the
    community. Identifying (and also solving) problems related to the
    development of the distribution by participating on the
    development lists (https://lists.debian.org/) is also extremely
    helpful. To maintain Debian's high-quality distribution, submit
    bugs (https://bugs.debian.org/) and help developers track them
    down and fix them. The tool how-can-i-help helps you to find
    suitable reported bugs to work on. If you have a way with words
    then you may want to contribute more actively by helping to write
    documentation (https://www.debian.org/doc/vcs) or translate
    (https://www.debian.org/international/) existing documentation
    into your own language.

    If you can dedicate more time, you could manage a piece of the
    Free Software collection within Debian. Especially helpful is if
    people adopt or maintain items that people have requested for
    inclusion within Debian. The Work Needing and Prospective
    Packages database (https://www.debian.org/devel/wnpp/) details
    this information. If you have an interest in specific groups then
    you may find enjoyment in contributing to some of Debian's
    subprojects (https://www.debian.org/devel/#projects) which
    include ports to particular architectures and Debian Pure Blends
    (https://wiki.debian.org/DebianPureBlends) for specific user
    groups, among many others.

    In any case, if you are working in the free software community in
    any way, as a user, programmer, writer, or translator you are
    already helping the free software effort. Contributing is
    rewarding and fun, and as well as allowing you to meet new people
    it gives you that warm fuzzy feeling inside.

Appendix A. Managing your bullseye system before the upgrade

    This appendix contains information on how to make sure you can
    install or upgrade bullseye packages before you upgrade to
    bookworm.

A.1. Upgrading your bullseye system

    Basically this is no different from any other upgrade of bullseye
    you've been doing. The only difference is that you first need to
    make sure your package list still contains references to bullseye
    as explained in Section A.2, “Checking your APT source-list
    files”.

    If you upgrade your system using a Debian mirror, it will
    automatically be upgraded to the latest bullseye point release.

A.2. Checking your APT source-list files

    If any of the lines in your APT source-list files (see
    sources.list(5) (https://manpages.debian.org//bookworm/apt/
    sources.list.5.html) ) contain references to “stable”, this is
    effectively pointing to bookworm already. This might not be what
    you want if you are not yet ready for the upgrade. If you have
    already run apt update, you can still get back without problems
    by following the procedure below.

    If you have also already installed packages from bookworm, there
    probably is not much point in installing packages from bullseye
    anymore. In that case you will have to decide for yourself
    whether you want to continue or not. It is possible to downgrade
    packages, but that is not covered here.

    As root, open the relevant APT source-list file (such as /etc/apt
    /sources.list) with your favorite editor, and check all lines
    beginning with deb http:, deb https:, deb tor+http:, deb
    tor+https:, URIs: http:, URIs: https:, URIs: tor+http: or URIs:
    tor+https: for a reference to “stable”. If you find any, change
    stable to bullseye.

    If you have any lines starting with deb file: or URIs: file:, you
    will have to check for yourself if the location they refer to
    contains a bullseye or bookworm archive.

    Important

    Do not change any lines that begin with deb cdrom: or URIs:
    cdrom:. Doing so would invalidate the line and you would have to
    run apt-cdrom again. Do not be alarmed if a cdrom: source line
    refers to “unstable”. Although confusing, this is normal.

    If you've made any changes, save the file and execute

    # apt update

    to refresh the package list.

A.3. Performing the upgrade to latest bullseye release

    To upgrade all packages to the state of the latest point release
    for bullseye, do

    # apt full-upgrade

A.4. Removing obsolete configuration files

    Before upgrading your system to bookworm, it is recommended to
    remove old configuration files (such as *.dpkg-{new,old} files
    under /etc) from the system.

Appendix B. Contributors to the Release Notes

    Many people helped with the release notes, including, but not
    limited to

    Adam D. Barratt, Adam Di Carlo, Andreas Barth, Andrei Popescu, 
    Anne Bezemer, Bob Hilliard, Charles Plessy, Christian Perrier, 
    Christoph Berg, Daniel Baumann, David Prévot, Eddy Petrișor, 
    Emmanuel Kasper, Esko Arajärvi, Frans Pop, Giovanni Rapagnani, 
    Gordon Farquharson, Hideki Yamane, Holger Wansing, Javier 
    Fernández-Sanguino Peña, Jens Seidel, Jonas Meurer, Jonathan 
    Nieder, Joost van Baal-Ilić, Josip Rodin, Julien Cristau, Justin
    B Rye, LaMont Jones, Luk Claes, Martin Michlmayr, Michael Biebl, 
    Moritz Mühlenhoff, Niels Thykier, Noah Meyerhans, Noritada 
    Kobayashi, Osamu Aoki, Paul Gevers, Peter Green, Rob Bradford, 
    Samuel Thibault, Simon Bienlein, Simon Paillard, Stefan Fritsch, 
    Steve Langasek, Steve McIntyre, Tobias Scherer, victory, Vincent 
    McIntyre, and W. Martin Borgert.

    This document has been translated into many languages. Many
    thanks to the translators!

Index

A

Apache, Desktops and well known packages

B

Bash, Desktops and well known packages
BIND, Desktops and well known packages

C

Cryptsetup, Desktops and well known packages

D

DocBook XML, Sources for this document

E

Exim, Desktops and well known packages

G

GCC, Desktops and well known packages
GIMP, Desktops and well known packages
GNOME, Desktops and well known packages
GNUcash, Desktops and well known packages
GnuPG, Desktops and well known packages

I

Inkscape, Desktops and well known packages

K

KDE, Desktops and well known packages

L

LibreOffice, Desktops and well known packages
LXDE, Desktops and well known packages
LXQt, Desktops and well known packages

M

MariaDB, Desktops and well known packages
MATE, Desktops and well known packages

N

Nginx, Desktops and well known packages

O

OpenJDK, Desktops and well known packages
OpenSSH, Desktops and well known packages
OpenSSL, Desktops and well known packages

P

packages

    adduser, Extensive changes in adduser for bookworm
    akonadi-backend-mysql, Known severe bugs
    apt, Contributing upgrade reports, Adding APT sources for a local
        mirror
    apt-listchanges, Minimal system upgrade
    aptitude, Prepare the package database, Make sure you have
        sufficient space for the upgrade
    astap, News from Debian Astro Blend
    chrony, Changes to packages that set the system clock
    cups, rsyslog creates fewer log files
    dblatex, Sources for this document
    debian-goodies, Make sure you have sufficient space for the
        upgrade
    debian-kernel-handbook, Installing a kernel metapackage
    debian-security-support, Limitations in security support
    dmraid, Deprecated components for bookworm
    doc-debian, Reporting bugs
    docbook-xsl, Sources for this document
    dpkg, Contributing upgrade reports
    elpa-markdown-toc, Known severe bugs
    fcitx, Fcitx versions no longer co-installable
    fcitx5, Fcitx versions no longer co-installable
    fdflush, Noteworthy obsolete packages
    g++-12, Known severe bugs
    ganeti, Known severe bugs
    git-daemon-run, Known severe bugs
    gpgv1, Check gpgv is installed
    groonga-bin, Known severe bugs
    grub, GRUB no longer runs os-prober by default
    grub-efi-amd64, Known severe bugs
    grub-emu, Known severe bugs
    grub-pc, Known severe bugs
    grub2-common, Known severe bugs
    how-can-i-help, Contributing to Debian
    ifupdown, Deprecated components for bookworm
    initramfs-tools, Debug shell during boot using initrd, Upgrading
        your kernel and related packages
    iptables, Known severe bugs
    isc-dhcp, Deprecated components for bookworm
    isc-dhcp-client, Deprecated components for bookworm
    itstool, Known severe bugs
    Kea, Deprecated components for bookworm
    kexec-tools, Known severe bugs
    libcrypt1, Unsupported upgrades from buster fail on libcrypt1
    libgdal-perl, Noteworthy obsolete packages
    libnss-gw-name, Deprecated components for bookworm
    libnss-ldap, Noteworthy obsolete packages
    libnss-ldapd, Noteworthy obsolete packages
    libnss-myhostname, Deprecated components for bookworm
    libnss-sss, Noteworthy obsolete packages
    libpam-ldap, Noteworthy obsolete packages
    libpam-ldapd, Noteworthy obsolete packages
    libphp8.2-embed, Known severe bugs
    libreoffice-core, Known severe bugs
    linux-image-*, Upgrading your kernel and related packages
    linux-image-amd64, Installing a kernel metapackage
    linux-source, Installing a kernel metapackage
    localepurge, Make sure you have sufficient space for the upgrade
    logcheck, rsyslog changes affecting log analyzers such as
        logcheck
    logcheck-database, rsyslog changes affecting log analyzers such
        as logcheck
    manpages-lang, More translated man pages
    mariadb-client, MariaDB package names no longer include version
        numbers
    mariadb-client-10.5, MariaDB package names no longer include
        version numbers
    mariadb-server, MariaDB package names no longer include version
        numbers
    mariadb-server-10.5, MariaDB package names no longer include
        version numbers
    mate-desktop-environment, GNOME has reduced accessibility support
        for screen readers
    monit, Stop monitoring systems
    netcat-openbsd, netcat-openbsd supports abstract sockets
    netcat-traditional, netcat-openbsd supports abstract sockets
    NetworkManager, Deprecated components for bookworm
    ntp, Changes to packages that set the system clock
    ntpsec, Changes to packages that set the system clock
    nvidia-driver, Known severe bugs
    openjdk-17-jre-headless, Known severe bugs
    openntpd, Changes to packages that set the system clock
    openvlbi, News from Debian Astro Blend
    orca, GNOME has reduced accessibility support for screen readers
    pipx, Python Interpreters marked externally-managed
    planetary-system-stacker, News from Debian Astro Blend
    polkitd-pkla, Changes to polkit configuration
    popularity-contest, Make sure you have sufficient space for the
        upgrade
    puppet, Puppet configuration management system upgraded to 7
    puppet-agent, Puppet configuration management system upgraded to
        7
    puppet-master, Puppet configuration management system upgraded to
        7
    puppetdb, Puppet configuration management system upgraded to 7
    puppetserver, Puppet configuration management system upgraded to
        7
    pypy3, Python Interpreters marked externally-managed
    python-is-python3, Known severe bugs
    python3-extinction, News from Debian Astro Blend
    python3-pip, Python Interpreters marked externally-managed
    python3-sncosmo, News from Debian Astro Blend
    python3-specreduce, News from Debian Astro Blend
    python3-sunpy, News from Debian Astro Blend
    python3-synphot, News from Debian Astro Blend
    python3-venv, Python Interpreters marked externally-managed
    python3-yade, Known severe bugs
    python3-yt, News from Debian Astro Blend
    python3.11, Python Interpreters marked externally-managed
    release-notes, Reporting bugs on this document
    request-tracker4, Deprecated components for bookworm
    request-tracker5, Deprecated components for bookworm
    rsyslog, Changes to system logging, rsyslog changes affecting log
        analyzers such as logcheck, rsyslog creates fewer log files
    shiny-server, News from Debian Med Blend
    software-properties-qt, Known severe bugs
    src:fuse3, Known severe bugs
    src:gluegen2, Known severe bugs
    src:golang-github-pin-tftp, Known severe bugs
    src:grub2, Known severe bugs
    src:guestfs-tools, Known severe bugs
    src:linux, Known severe bugs
    src:llvm-defaults, Known severe bugs
    src:syslinux, Known severe bugs
    sylpheed, Known severe bugs
    synaptic, Prepare the package database
    system-config-printer, Known severe bugs
    systemd, More translated man pages, Predictable naming for Xen
        network interfaces
    systemd-boot, systemd-boot has been split into a separate package
    systemd-networkd, Deprecated components for bookworm
    systemd-resolved, systemd-resolved has been split into a separate
        package
    systemd-timesyncd, Changes to packages that set the system clock
    tinc, Prepare a safe environment for the upgrade
    topcat, News from Debian Astro Blend
    u-boot-sunxi, Known severe bugs
    udev, Upgrading your kernel and related packages
    udhcpc, Deprecated components for bookworm
    upgrade-reports, Contributing upgrade reports
    util-linux, Noteworthy obsolete packages
    virtualenv, Python Interpreters marked externally-managed
    whitedune, Known severe bugs
    xenstore-utils, Known severe bugs
    xmlroff, Sources for this document
    xsltproc, Sources for this document
    youtube-dl, youtube-dl replaced with yt-dlp
    yt-dlp, youtube-dl replaced with yt-dlp

Perl, Desktops and well known packages
PHP, Desktops and well known packages
Postfix, Desktops and well known packages
PostgreSQL, Desktops and well known packages

S

Systemd, Desktops and well known packages

X

Xfce, Desktops and well known packages

Glossary

ACPI

    Advanced Configuration and Power Interface

ALSA

    Advanced Linux Sound Architecture

BD

    Blu-ray Disc

CD

    Compact Disc

CD-ROM

    Compact Disc Read Only Memory

DHCP

    Dynamic Host Configuration Protocol

DLBD

    Dual Layer Blu-ray Disc

DNS

    Domain Name System

DVD

    Digital Versatile Disc

GIMP

    GNU Image Manipulation Program

GNU

    GNU's Not Unix

GPG

    GNU Privacy Guard

LDAP

    Lightweight Directory Access Protocol

LSB

    Linux Standard Base

LVM

    Logical Volume Manager

MTA

    Mail Transport Agent

NBD

    Network Block Device

NFS

    Network File System

NIC

    Network Interface Card

NIS

    Network Information Service

PHP

    PHP: Hypertext Preprocessor

RAID

    Redundant Array of Independent Disks

SATA

    Serial Advanced Technology Attachment

SSL

    Secure Sockets Layer

TLS

    Transport Layer Security

UEFI

    Unified Extensible Firmware Interface

USB

    Universal Serial Bus

UUID

    Universally Unique Identifier

WPA

    Wi-Fi Protected Access