Upgrade from buster to bullseye:

Make sure to coordinate with whoever uses the host, be it the buildd operator, the QA team, the ftp team or just announce it on IRC if it's a general developer box.

NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET

upgrade stuff:

commands:

avoid "lookup not DNSSEC" errors and failures from exim4 during the upgrade:

service exim4 stop &&
update-rc.d exim4 disable

(note that puppet will in fact start exim4 during the upgrade process, but this step prevents package upgrades from doing so and is thus usually sufficient to avoid the precise combination of package versions that leads to the issues.)

upgrade (run in a screen as root in case the connection is interrupted):

sed -i "s#buster#bullseye#g" /etc/apt/sources.list.d/debian.list &&
sed -i "s#buster/updates#bullseye-security#g" /etc/apt/sources.list.d/security.list &&
dpkg --clear-avail &&
apt-get update &&
service samhain stop &&
rm -f /var/state/samhain/samhain_file /var/lib/samhain/samhain_file &&
UCF_FORCE_CONFFOLD=1 apt-get -o Dpkg::Options::="--force-confdef" install dpkg apt samhain python-is-python2 &&
service samhain stop &&
UCF_FORCE_CONFFOLD=1 apt-get -o Dpkg::Options::="--force-confdef" dist-upgrade &&
service samhain stop &&
rm -f /var/state/samhain/samhain_file /var/lib/samhain/samhain_file &&
samhain --foreground -t init -p none -s none -l none -m none &&
(puppet agent -t || true) &&
: sometimes puppet resets our sources back to buster.  insist &&
sed -i "s#buster#bullseye#g" /etc/apt/sources.list.d/debian.list &&
sed -i "s#buster/updates#bullseye-security#g" /etc/apt/sources.list.d/security.list &&
apt-get update &&
UCF_FORCE_CONFFOLD=1 apt-get -o Dpkg::Options::="--force-confdef" dist-upgrade &&
apt-get install debian.org-recommended-bullseye &&
apt-get --purge autoremove &&
while [ "$(deborphan -n | wc -l)" -gt 0 ] ; do apt-get purge $(deborphan -n); done &&
dpkg --clear-avail &&
apt-get clean

purge removed packages

dpkg --get-selections | awk '$2=="deinstall" {print $1}' &&
echo "really purge these [y/N]?" && read ans && [ "$ans" = "y" ] && dpkg --purge `dpkg --get-selections | awk '$2=="deinstall" {print $1}'` &&
echo "These are not at install:" && dpkg --get-selections | awk '$2!="install" {print $1}'

more clean ups:

apt-get update &&
/usr/lib/nagios/plugins/dsa-check-packages | tr -d ,

(apt-get purge them)

apt-get --purge autoremove &&
while [ "$(deborphan -n | wc -l)" -gt 0 ] ; do apt-get purge $(deborphan -n); done

(puppet agent -t || true) && (puppet agent -t || true)

(update-rc.d exim4 enable || true)

update dsa-nagios.git (add host to bullseye hostgroup)

update samhain and finish with a reboot

(puppet agent -t || true) &&
(puppet agent -t || true) &&
(puppet agent -t || true) &&
ud-replicate &&
samhain --foreground -t update -p none -s none -l none -m none &&
dsa-update-apt-status -f &&
reboot < /dev/null

consider more cleanup

apt-get autoremove &&
(puppet agent -t || true) &&
samhain --foreground -t update -p none -s none -l none -m none &&
dsa-update-apt-status -f