input/howto/upgrade-to-lenny.mdwn

   1
   2 # Upgrade from etch to lenny
   3
   4 make apt sane:
   5
   6         echo 'Acquire::PDiffs "false";' > /etc/apt/apt.conf.d/local-pdiff
   7         echo 'APT::Install-Recommends 0;' > /etc/apt/apt.conf.d/local-recommends
   8
   9
  10 add volatile to sources list and upgrade (at least the archive keyring)
  11
  12         grep volatile /etc/apt/sources.list || cat >> /etc/apt/sources.list << EOF
  13         deb     http://volatile.debian.net/debian-volatile etch/volatile  main
  14         EOF
  15         apt-get update && apt-get dist-upgrade
  16
  17
  18 turn off samhain
  19
  20         /etc/init.d/samhain stop
  21
  22
  23 maybe turn off exim
  24
  25         /etc/init.d/exim4 stop
  26
  27
  28 install deborphan, clean up
  29
  30         apt-get install deborphan dialog
  31         orphaner
  32         orphaner -n
  33         orphaner -a
  34         orphaner -a -n
  35
  36
  37 purge removed packages
  38
  39         dpkg --get-selections | awk '$2!="install" {print $1}'
  40         echo "really purge these [y/N]?"; read ans; [ "$ans" = "y" ] && dpkg --purge `dpkg --get-selections | awk '$2!="install" {print $1}'`
  41
  42
  43 remove cruft and prepare sources.list update
  44
  45         rm -f /etc/apt/sources.liste
  46         mkdir -p /etc/apt/sources.list.d
  47
  48
  49 change sources list entries to lenny:
  50
  51         mirror=`cat /etc/apt/sources.list | awk '/debian/ {print $2; exit}'`
  52         echo "Mirror is $mirror"; echo "Fix stuff if this seems wrong"; echo "XXXXXXXXXXXXXXXXXXXXXXX"
  53         echo "## VERIFY THE MIRROR IS CORRECT ##"; read
  54
  55
  56 write new sources.list.d/ entries:
  57
  58         (! [ -e /etc/apt/sources.list ] || mv /etc/apt/sources.list /etc/apt/sources.list-oldetch) &&
  59         cd /etc/apt/sources.list.d &&
  60         cat > backports.org.list << EOF &&
  61         deb     http://debian.sil.at/backports.org/        lenny-backports main
  62         EOF
  63         sed -e "s#@@MIRROR@@#$mirror#g" > debian.list << EOF &&
  64         deb     @@MIRROR@@      lenny           main
  65         EOF
  66         cat > debian.org.list << EOF &&
  67         deb     http://db.debian.org/debian-admin          lenny            main
  68         EOF
  69         cat > security.list << EOF &&
  70         deb     http://security.us.debian.org/             lenny/updates    main
  71         EOF
  72         cat > volatile.list << EOF &&
  73         deb     http://volatile.debian.org/debian-volatile lenny/volatile   main
  74         EOF
  75         (! [ -e /etc/apt/preferences ] || mv /etc/apt/preferences /etc/apt/preferences-oldetch) &&
  76         cat > /etc/apt/preferences << EOF &&
  77         Package: *
  78         Pin: release o=Backports.org archive
  79         Pin-Priority: 200
  80         EOF
  81         (! grep restricted /etc/apt/sources.list-oldetch || echo 'deb     http://db.debian.org/debian-admin          lenny-restricted non-free' >> debian.org.list )
  82
  83
  84 add bpo key
  85
  86         apt-key add - << EOF
  87         -----BEGIN PGP PUBLIC KEY BLOCK-----
  88         Version: GnuPG v1.4.9 (GNU/Linux)
  89
  90         mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
  91         Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
  92         /lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
  93         onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
  94         kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
  95         Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
  96         m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
  97         bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
  98         bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
  99         Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
 100         AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
 101         cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
 102         FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
 103         OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
 104         FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
 105         Nv8MTPjOaeEZArQ0flg8OXwF34hGBBARAgAGBQJEeI+KAAoJEHvDNTBle/A9pDwA
 106         mwVpbaoH1hebV4MgXIpRvTQiL2keAJ9ryd2LvhbPd5EZM1C3Nsar2/2CgIhGBBAR
 107         AgAGBQJHE7HYAAoJEGvFvIY3KyPVlwEAoJyGuJ/SsJTlyIVbulWYp3U/uZQTAJ4l
 108         40SrE/wwDeSIrhWNkmmNPbnz54hGBBARAgAGBQJHKneLAAoJEBRrPPJWJbOATcsA
 109         n3I8y3pJN6jkmnhUQepfa7jJoDY2AKClHVXYuNZpc2jZKyruwgwck+jCabkCDQRD
 110         CIMREAgAzXu6DGSDAz4JH+mlthtiQwNZFU8bjWanGT3DL6zubxwc3ZQmRaMOiVuv
 111         JUuaJv8fdGRSvp09dP2/x5mzq2rACiEnDwZssNSK5sigxgy2W9zeO9bOtg6bhqZL
 112         wlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEm
 113         gFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDNStQDvTNtR6IV11KbKcY1iQ0B2bkh4zSh
 114         WwloIr83V6huAhfH8GA7UW6saRJAof5DJWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG
 115         8fbecwlox5BRTMqcCB5ELbQXoVZT+wADBQf/ffI9R53f9USQkhsSak+k82JjRo9h
 116         qKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1
 117         h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HBTY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSX
 118         Vi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZrO0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjp
 119         VWbepkL88rbqJnPueTATw9shjbFYaND8cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm
 120         7C6hwik6agtXWkNABVXSxM6MB4hcP9QC+FEhK6y/7wC3SyNRBuFujDG1aohJBBgR
 121         AgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNsVVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLd
 122         AJ4v9ojJnvJu2yUl4W586soBm+wsLg==
 123         =n4L0
 124         -----END PGP PUBLIC KEY BLOCK-----
 125         EOF
 126
 127
 128 update apt list
 129
 130         apt-get update
 131
 132
 133 upgrade
 134
 135         apt-get install locales-all
 136
 137
 138 rest follows
 139
 140         apt-get dist-upgrade
 141
 142
 143 * merge changes into /etc/pam.d/sudo
 144
 145         (change old and reject (N))
 146         cat >> /etc/pam.d/sudo << EOF
 147
 148         session required pam_permit.so
 149         session required pam_limits.so
 150         EOF
 151
 152  * merge changes into /etc/munin/plugin-conf.d/munin-node
 153
 154    (change new and accept (A)):
 155
 156         sed -i -e 's/adm$/adm, maillog/' /etc/munin/plugin-conf.d/munin-node.dpkg-new
 157
 158  * keep local (i.e. reject (N)):
 159   * all changes relating to exim  (in /etc/exim4 and in logrotate)
 160   * /etc/ldap/ldap.conf
 161   * /etc/nagios/nrpe.cfg
 162   * /etc/samhain/samhainrc
 163   * /etc/munin/munin-node.conf
 164  * merge: /etc/logrotate.d/apache2
 165  * take new: /etc/apache2/apache2.conf
 166  * maybe take new: /etc/apache2/ports.conf
 167  * change ServerTokens from "Full" to "ProductOnly" in /etc/apache2/conf.d/security
 168
 169
 170 update nagios on samosa  (add host to lenny hostgroup)
 171
 172 maybe install [[puppet|puppet-install]]
 173
 174 check for obsolete packages
 175
 176         /usr/lib/nagios/plugins/dsa-check-packages
 177
 178 clean up old libs
 179
 180         orphaner
 181         orphaner -n
 182         orphaner -a
 183         orphaner -a -n
 184
 185
 186 purge removed packages
 187
 188         dpkg --get-selections | awk '$2!="install" {print $1}'
 189         echo "really purge these [y/N]?"; read ans; [ "$ans" = "y" ] && dpkg --purge `dpkg --get-selections | awk '$2!="install" {print $1}'`