Wheezy is debian 7, Jessie is debian 8 and the last time i did this i had no problems (my blog). However it still means a lot of preparation. Plus emergency disks so i can freshly install should the thing leave a sticky mess on the floor.
Pre upgrade – dkimproxy has been replaced with opendkim (my blog) so ‘hopefully’ that wont complicate things as dkimproxy seems to change on every dist-update.
Yes its upgrade time. And Backups too in triplicate. On disk, and other computers just in case.
I seemed to have a lot of stuff in /home/ that i cant remember placing there.
I am probably going to bitch about systemd (my blog) so get ready for that too!
The dist-upgrade was quite nice – no weird stuff with ipv6 connections as I have ipv4 only that i have had ipv6 fun before, i had to force apt-get dist-upgrade -f just once and it behaved itself despite bitching that the apache 2.2 to 2.4 despite apt had not a hope in hell in working due to configuration changes that apt could not handle. Not sure i want to handle that either.
Hardware my crappy network card (my blog) seems better behaved. The ancient crt monitor (my blog) on the server is still working so thats not getting replaced yet. On the second day of reading logfiles i see that i also have bluetooth emulation of some kind.
I had prompts for the following bits of software outside of /home on the dist-upgrade
| item | broken in process? notes |
| rkhunter | |
| sshconfig | |
| bley | |
| failtoban | yes more features |
| postfix-policyd | yes |
| apache2.4 | yes -zombie like no defensible in repo |
| postfix | |
| clamd | |
| cyrus-imap | needs help |
| spam assassin | |
| libreoffice | |
| /etc/services | |
| mailgraph | perl issues in apache handler |
| perl | affects spf and apache2.4 |
Its best to sit with the process until the end, although a desktop user might not have as many questions.
Postfix (with multiple instances) did not like mynetworks line repeated (you do need it and I move it to fix) and new version is 2.11.3 – an edit fixed that. expect Blocked MTA-BLOCKED {TempFailedInbound} from amavis a new message for us. add a -o mynetworks=127.0.0.0/8 to the 10025 and things seem to be clearing postfix after amavis and moving to cyrus imap. That’s several hours of head scratching there. No idea why the thing needed the new line.
Tls now supports session tickets in postfix However expect group or writeable warnings from apt which you might have fixed and find there wrong again.. Despite a wrong name in the certificate i went from a d to an a (87%) for tls support. DNSSEC is next.
Failtoban i did not think was working i said no to sasl upgrade, so my screw up, it does nginx out of the box (my blog) now but apparently is working. Nginx looks worth a second chance
postfix-policyd-spf returns a wrong version error. another few edits in postfix disable spf checks. One for later to figure out
Cyrus imapd goes from berkely db 4.7 to 5.3 – however only db5.1 seems avialable.- 5.3 is there in the 5.1 debian package but /usr/lib/cyrus/upgrade-db will move 4.7 to 5.3 and deliver mail your going to see DBERROR db5: BDB0126 mmap: Invalid argument errors and you can do fuck all about it before the update. Renaming deliver db of which i have four instances to do for fresh correction might help if lmtp cant store things when it should but cannot.
Cyrus also comes with a text extractor for searching – new
Apache 2.4 is probably a good idea to reconfigure it from scratch. I have no gnutls (my blog) and require all {granted|denied} replace order and allow lines. Your going to find a lot of syntax issues. Yet to deal with this.
Cups [printers] work and most things work -no samba as windows supports cups. I also did not have to remove gnome which i hate and usually end up doing every time – so not all bad although i have yet to hunt for mono which might have sneaked back on in the process. After all i dont want any microsoft crap on here for them to fud linux with.
Systemd on stable debian is not too bad and humanized compared to Debian testing. Its picking up my adjusted scripts from init.d. I know this as i load pOf with amavis. So systemd purists are probably seething somewhere.
The next morning i went through the logs – rkhunter does work and a lot of system accounts are now nologin and a sixty page logwatch report. Spam assasin does not like its daliy reload was a one tie failure not repeated after that but as that is called via amavis [see above] that might be a cron job needing help.
Mail cleared overnight. and so today i am going to fix apache 2.4 who can only serve up a page a perl cgi statistics from 2.2 to 2.4
I went from a 3.2.04 kernel to 3.16.0.04 kernel. Postgres seems to be still there although 9.1 and 9.4 things are probably doing something wrong.
Apache is a cluster fuck of my making – however after deleting and starting from scratch i got an a+ from quays with mod_ssl why as – gnutls is gone (my blog) in jessie however raymil and cipherlst deserve the credit here. I see that openssl still has a expliot unpatched however css and anything not in the wwwroot is screwed even stuff off it say /wwwroot/chickensexing is in need of dire help . Might be a mod_deflate issue out of the box – disabled for my sanity.
cgi needs help to. But apache is doing something – not all the things it used to so i am going quit while i am ahead today.
I am glad i don’t do this very often. Day three is on apache – mod_deflate does not play nice in latest firefox but chrome browser supports it cgi support and grant access to css and other stuff is the thing.
Mailgraph is toast – perl config issues still with apt
Use of uninitialized value $scriptname in concatenation (.) or string at /usr/lib/cgi-bin/mailgraph.cgi line 215.
which is print “
${n}-g\">
So that’s seems broken in apache2.4 in jessie
Roundcube (my install -local x4 – you cannot do that with a .deb) has cosmetic issues in apache 2.4.
So perl it seems is not happy in Jessie (imho) in Debian Jessie 8.0 as cgi in apache 2.4 is in a bit of a state and spf checker is also broken.
A fresh go with apache fixed all my issues with mail graph and roundcube so i know that works so it looks like i had a weird apache config to sort out why one set of stuff works but the other does not.
Postfix works minus the spf check and none of the configs (five instances to fix) did not get mangled
All done for now. How was your day?
Updates to this post – spf check fix (my blog), Debian 8.1 (my blog)
Bananas in the Falklands 
by golly but…