Last Saturday - 2025-08-09 - Debian 13 “Trixie” has been released after 2 years of work. 🥳

I just updated my laptop and servers and stumbled upon some issues:

cyrus-imapd

I’m running my own mail server infrastructure: I have grown up with Unix-to-Unix-Copy-Protocol (UUCP) and was an admin for UUCP Freunde Lahn e.V. for a long time. I’m still using Postfix with Cryus IMAPd and never switched to Dovecot.

After the upgrade I noticed that no mails were delivered: mailq shown a growing list of mails stuck in queue. Postfix was complaining that its lmtp service was no longer able to establish an encrypted connection to lmtpd from Cyrus.

For historic reason my setup is using STARTTLS, which is now deprecated and has been disabled by default in Cyrus IMAPd. You have to explicitly re-enable it in your /etc/imapd.conf by adding some lines:

imap_allowstarttls: yes
lmtp_allowstarttls: yes

saslauthd

saslauthd.service failed to start as I had to move its UNIX socket to /var/spool/postfix/var/run/saslauthd/. This also moves the location of the PID file to that directory, which then no longer matches the information in /usr/lib/systemd/system/saslauthd.servie, which expects the file in /var/run/saslauthd.pid.

A fixed this by creating an override with systemctl edit saslauthd.service:

[Service]
PIDFile=/var/spool/postfix/var/run/saslauthd/saslauthd.pid

Previously I had a shell-hack in /etc/default/saslauthd to replace the old location with a symbolic link to the chroot-location. This no longer works as that file is no sourced by systemd, which does not execute that shell code. Therefore I had to tell Cyrus IMAPd to also use that changed location by putting this into /etc/imapd.conf:

sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux

PS: On a side node: /var/run/ is deprecated and should be replaced by just /run/; systemd already complains about this every time it sees /var/run/.

docker.io and libvirt

For some unknown reason docker.io and libvirt got removed during the upgrade. Running apt autopurge afterwards was a very bad idea as that purged all images, volumes and containers. 🤦

I have to investigate why that happened. 🔍

PHP-8.4

Debian-13-Trixie has PHP-8.4, while Debian-12-Bookworm had PHP-8.2. My local NextCloud (and Wordpress) setup was unhappy about that as it needs several php8.4-… packages. Luckily just installing the equivalent of the matching packages did fix this.

KDE

In the past I did not install kde-full as it depends on many optional packages like KMail, KOrganizer, DragonPlayer, and such. I don’t use may of those and thus and thus don’t want them to be installed. During the upgrade plasmashell got removed so on the next login I did not get back a working KDE session. Installing kde-standard fixed this. As it only Recommends most other packages, I was able to get rid of those packages I did not want.

And I got Wayland, which has this annoying bug: Konsole no longer stores the open sessions and starts with only one shell in $HOME. 🤔

Out-of-space /usr

My desktop system has many packages. Upgrading all those (KDE-)libraries required too much space on /usr. dpkg failed to unpack a package during upgrade.

After some manual dpkg --configure --pending, apt install --fix-broken, apt autopurge and dpkg -P I was finally able to continue. I would have expected for APT to check for enough disk space, but apparently it does not. So double-check manually before doing an upgrade.

PS: Afterwards systemd complains about usr-not-merged, but that is normal and expected.

KeePassXC

I used a self-compiled version of KeePassXC. Debian now has two packages keepassxc and keepassxc – the later has support for browser-integration and more. As some file have been move, the upgrade failed and I had to manually remove by self-compiled version.

Network

Running the upgrade while being logged into KDE is not a good idea: During the upgrade NetworkManager got restarted and killed by local network connection. Afterward even ping did no longer work, as I already had the new version but still the old Linux kernel.

Sadly I still need my r8168-dkms and v4l2loopback-dkms packages.

Prometheus MySQL/MariaDB exporter

v0.15.0 has a breaking change, which is neither mentioned in any NEWS file nor the debian/changelog.

• DATA_SOURCE_NAME is no longer suported and you must pass the credentials via --mysqld.username= and via MYSQLD_EXPORTER_PASSWORD=.
• You also cannot specify the UNIX domain socket /run/mysqld/mysqld.sock

I’m now using --config.my-cnf /var/lib/prometheus/mysql.cnf to configure the credentials via another file.

Mailman3

cron

mailman3-web still runs a CRON job every minute, which imports robot_detection, which spams you with a ton of SyntaxWarnings. See mailman3-web#1082541 and python3-robot-detection#1078661

Edit /etc/cron.d/mailman3-web and add 2>/dev/null to each command.

authentication

Authenticaion was now broken for me: /var/log/mailman3/web/mailman-web.log complains about Missing column 'socialaccount_socialapp.provider_id'. Run /usr/bin/mailman-web migrate as user root to fix this.

template

/var/log/mailman3/web/mailman-web.log showed another error:

django.template.exceptions.TemplateSyntaxError: ‘humanize’ is not a registered tag library.

Adding django.contrib.humanize TO INSTALLED_APPS in /etc/mailman3/mailman-web.py fixes this.