From knowledge-patch
Debian 13.0 upgrade knowledge patch covering risk triage, SSH preparation, boot space, encrypted storage, and package changes.
How this skill is triggered — by the user, by Claude, or both
Slash command
/knowledge-patch:debian-knowledge-patchThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Choose references by the task at hand. Read every relevant file before changing an
Choose references by the task at hand. Read every relevant file before changing an upgrade plan, package set, boot configuration, network configuration, or stateful service.
| Reference | Topics |
|---|---|
| packages-toolchains-desktops.md | Core package versions, desktop stacks, compatibility packages, package splits, removals, and replacements |
| release-platform.md | Architecture support, ABI changes, filesystem and accounting defaults, boot media, hardware hardening, virtual machines, and support dates |
| security-networking.md | Remote upgrade access, OpenSSH, encrypted storage, sysctl, ping, interface naming, TLS, IPsec, sudo, and udev properties |
| services-data.md | RabbitMQ, MariaDB, Dovecot, Bacula, WirePlumber, and legacy timezone data |
| upgrade-foundations.md | Boot-space checks, usrmerge warnings, upgrade sequencing, and migrations to complete before the next release |
Before approving an in-place upgrade, identify whether the host is:
/boot;/etc/sysctl.conf;armel/armhf binaries;Treat any matching condition as a required migration, verification, or rollback-planning step. Do not reduce it to a post-upgrade cleanup item.
openssh-server version 1:9.2p1-2+deb12u7 or later from
stable-updates before starting an SSH-supervised upgrade.~/.pam_environment; relocate required
variables to shell startup files or another suitable mechanism.ssh1 command from openssh-client-ssh1 for devices that offer no
other key type./boot/boot to be at least 768 MB with about 300 MB free./boot with lvextend when necessary.Read security-networking.md and upgrade-foundations.md before finalizing the remote-upgrade procedure.
systemd-cryptsetup is installed before rebooting an upgraded encrypted
system; automatic discovery and mounting moved into that package.cipher=aes-cbc-essiv:sha256,size=256,hash=ripemd160 in /etc/crypttab.cipher=aes-xts-plain64 and hash=sha256.Plain mode stores no parameters. A mismatch can make valid old data appear random, so verify the configuration before attempting repair or reinitialization.
/var/lib/rabbitmq/mnesia after the OS upgrade and restarts the service.Shutdown complete in the
logs.replicator feature is gone./var/cache/dbconfig-common/backups.Read services-data.md for the complete service-specific requirements.
/etc/sysctl.conf to /etc/sysctl.d/*.conf;
systemd-sysctl no longer reads the former file./usr/lib/sysctl.d/50-default.conf from linux-sysctl-defaults.iputils-ping using ICMP datagram sockets instead of CAP_NET_RAW.
Unprivileged ping now depends on net.ipv4.ping_group_range.apt full-upgrade and before reboot, test interface naming with:udevadm test-builtin net_setup_link /sys/class/net/<interface>
systemd.link file if i40e behavior or newly
honored ACPI _SUN data would rename it.charon-systemd, swanctl, and
/etc/swanctl/conf.d.libldap2 and slapd now use OpenSSL and may
load the system trust store when no CA certificates are configured.samba-ad-dc for Active Directory domain-controller support.samba-vfs-ceph or samba-vfs-glusterfs for those backends; most other VFS
modules are included in samba.tzdata-legacy where a database or service still uses names such as US/*.Consult packages-toolchains-desktops.md before substituting a removed package or command. Some removals have targeted replacements, while others do not.
i386 installation. Use i386 only for
legacy roles such as chroots and multiarch on amd64.mipsel and mips64el as removed.armel as installer-less and limited to Raspberry Pi 1, Zero, and Zero W with
Debian kernels, while allowing supported existing systems to upgrade.armel and armhf: the 64-bit time_t
transition changes many library ABIs without changing sonames and can cause silent
data loss.i386.Read release-platform.md for exact platform and virtual-machine constraints.
/tmp as tmpfs by default./tmp and /var/tmp, from
upgraded systems, which must opt in..bdic dictionaries for
supporting Qt WebEngine browsers.sudo-ldap rules to libsss-sudo so privilege policy survives its removal.GSSAPI* options.fcitx5 and move Debian LXD deployments to Incus with tools from
incus-extra.sbuild-debian-developer-setup with sbuild --chroot-mode=unshare.libnss-docker, whose required Docker API disappears after
Engine 26.ifupdown can use dhcpcd-base, and servers should move to Kea.Use upgrade-foundations.md as the final migration checklist rather than assuming a successful reboot completes the work.
npx claudepluginhub nevaberry/nevaberry-plugins --plugin knowledge-patchProvides Ubuntu 26.04 compatibility guidance including breaking changes, upgrade paths, and reference docs for cloud, desktop, networking, services, and virtualization.
Provides migration strategies for framework and language upgrades, including dependency audits, breaking change detection, codemod references, and rollback plans. Covers React, Vue, Next.js, Laravel, Angular, and multiple languages.
Performs dependency upgrade impact assessment, code fixes, and migration across npm, Maven, Gradle, pip, Go modules, Cargo, Bundler, Composer, NuGet, C++, iOS/macOS, and Scala ecosystems. Use for CVE/GHSA remediation, breaking change migration, and compile/test failure resolution.