--- /dev/null
+
+# Upgrade from etch to lenny
+
+* make apt sane:
+
+ echo 'Acquire::PDiffs "false";' > /etc/apt/apt.conf.d/local-pdiff
+ echo 'APT::Install-Recommends 0;' > /etc/apt/apt.conf.d/local-recommends
+
+
+* add volatile to sources list and upgrade (at least the archive keyring)
+
+ grep volatile /etc/apt/sources.list || cat >> /etc/apt/sources.list << EOF
+ deb http://volatile.debian.net/debian-volatile etch/volatile main
+ EOF
+ apt-get update && apt-get dist-upgrade
+
+
+* turn off samhain
+
+ /etc/init.d/samhain stop
+
+
+* maybe turn off exim
+
+ /etc/init.d/exim4 stop
+
+
+* install deborphan, clean up
+
+ apt-get install deborphan dialog
+ orphaner
+ orphaner -n
+ orphaner -a
+ orphaner -a -n
+
+
+* purge removed packages
+
+ dpkg --get-selections | awk '$2!="install" {print $1}'
+ echo "really purge these [y/N]?"; read ans; [ "$ans" = "y" ] && dpkg --purge `dpkg --get-selections | awk '$2!="install" {print $1}'`
+
+
+* remove cruft and prepare sources.list update
+
+ rm -f /etc/apt/sources.liste
+ mkdir -p /etc/apt/sources.list.d
+
+
+* change sources list entries to lenny:
+
+ mirror=`cat /etc/apt/sources.list | awk '/debian/ {print $2; exit}'`
+ echo "Mirror is $mirror"; echo "Fix stuff if this seems wrong"; echo "XXXXXXXXXXXXXXXXXXXXXXX"
+ echo "## VERIFY THE MIRROR IS CORRECT ##"; read
+
+
+* write new sources.list.d/ entries:
+
+ (! [ -e /etc/apt/sources.list ] || mv /etc/apt/sources.list /etc/apt/sources.list-oldetch) &&
+ cd /etc/apt/sources.list.d &&
+ cat > backports.org.list << EOF &&
+ deb http://debian.sil.at/backports.org/ lenny-backports main
+ EOF
+ sed -e "s#@@MIRROR@@#$mirror#g" > debian.list << EOF &&
+ deb @@MIRROR@@ lenny main
+ EOF
+ cat > debian.org.list << EOF &&
+ deb http://db.debian.org/debian-admin lenny main
+ EOF
+ cat > security.list << EOF &&
+ deb http://security.us.debian.org/ lenny/updates main
+ EOF
+ cat > volatile.list << EOF &&
+ deb http://volatile.debian.org/debian-volatile lenny/volatile main
+ EOF
+ (! [ -e /etc/apt/preferences ] || mv /etc/apt/preferences /etc/apt/preferences-oldetch) &&
+ cat > /etc/apt/preferences << EOF &&
+ Package: *
+ Pin: release o=Backports.org archive
+ Pin-Priority: 200
+ EOF
+ (! grep restricted /etc/apt/sources.list-oldetch || echo 'deb http://db.debian.org/debian-admin lenny-restricted non-free' >> debian.org.list )
+
+
+* add bpo key
+
+ apt-key add - << EOF
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1.4.9 (GNU/Linux)
+
+ mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
+ Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
+ /lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
+ onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
+ kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
+ Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
+ m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
+ bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
+ bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
+ Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
+ AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
+ cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
+ FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
+ OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
+ FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
+ Nv8MTPjOaeEZArQ0flg8OXwF34hGBBARAgAGBQJEeI+KAAoJEHvDNTBle/A9pDwA
+ mwVpbaoH1hebV4MgXIpRvTQiL2keAJ9ryd2LvhbPd5EZM1C3Nsar2/2CgIhGBBAR
+ AgAGBQJHE7HYAAoJEGvFvIY3KyPVlwEAoJyGuJ/SsJTlyIVbulWYp3U/uZQTAJ4l
+ 40SrE/wwDeSIrhWNkmmNPbnz54hGBBARAgAGBQJHKneLAAoJEBRrPPJWJbOATcsA
+ n3I8y3pJN6jkmnhUQepfa7jJoDY2AKClHVXYuNZpc2jZKyruwgwck+jCabkCDQRD
+ CIMREAgAzXu6DGSDAz4JH+mlthtiQwNZFU8bjWanGT3DL6zubxwc3ZQmRaMOiVuv
+ JUuaJv8fdGRSvp09dP2/x5mzq2rACiEnDwZssNSK5sigxgy2W9zeO9bOtg6bhqZL
+ wlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEm
+ gFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDNStQDvTNtR6IV11KbKcY1iQ0B2bkh4zSh
+ WwloIr83V6huAhfH8GA7UW6saRJAof5DJWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG
+ 8fbecwlox5BRTMqcCB5ELbQXoVZT+wADBQf/ffI9R53f9USQkhsSak+k82JjRo9h
+ qKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1
+ h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HBTY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSX
+ Vi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZrO0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjp
+ VWbepkL88rbqJnPueTATw9shjbFYaND8cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm
+ 7C6hwik6agtXWkNABVXSxM6MB4hcP9QC+FEhK6y/7wC3SyNRBuFujDG1aohJBBgR
+ AgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNsVVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLd
+ AJ4v9ojJnvJu2yUl4W586soBm+wsLg==
+ =n4L0
+ -----END PGP PUBLIC KEY BLOCK-----
+ EOF
+
+
+* update apt list
+
+ apt-get update
+
+
+* upgrade
+
+ apt-get install locales-all
+
+
+* rest follows
+
+ apt-get dist-upgrade
+
+
+ * merge changes into /etc/pam.d/sudo
+
+ (change old and reject (N))
+ cat >> /etc/pam.d/sudo << EOF
+
+ session required pam_permit.so
+ session required pam_limits.so
+ EOF
+
+ * merge changes into /etc/munin/plugin-conf.d/munin-node
+
+ (change new and accept (A))
+
+ sed -i -e 's/adm$/adm, maillog/' /etc/munin/plugin-conf.d/munin-node.dpkg-new
+
+
+ * keep local (i.e. reject (N))
+ * all changes relating to exim (in /etc/exim4 and in logrotate)
+ * /etc/ldap/ldap.conf
+ * /etc/nagios/nrpe.cfg
+ * /etc/samhain/samhainrc
+ * /etc/munin/munin-node.conf
+ * merge: /etc/logrotate.d/apache2
+ * take new: /etc/apache2/apache2.conf
+ * maybe take new: /etc/apache2/ports.conf
+ * change ServerTokens from "Full" to "ProductOnly" in /etc/apache2/conf.d/security
+
+
+* update nagios on samosa (add host to lenny hostgroup)
+
+* maybe install [[puppet|puppet-install]]
+
+* check for obsolete packages
+
+ /usr/lib/nagios/plugins/dsa-check-packages
+
+* clean up old libs
+
+ orphaner
+ orphaner -n
+ orphaner -a
+ orphaner -a -n
+
+
+* purge removed packages
+
+ dpkg --get-selections | awk '$2!="install" {print $1}'
+ echo "really purge these [y/N]?"; read ans; [ "$ans" = "y" ] && dpkg --purge `dpkg --get-selections | awk '$2!="install" {print $1}'`