Wheezy to Jessie (debian upgrades)


Jessie is in

Wheezy is debian 7, Jessie is debian 8 and the last time i did this i had no problems (my blog).  However it still means a lot of preparation.  Plus emergency disks so i can freshly install should the thing leave a sticky mess on the floor.

Pre upgrade – dkimproxy has been replaced with opendkim (my blog) so ‘hopefully’ that wont complicate things as dkimproxy seems to change on every dist-update.


Wheezy is out

Yes its upgrade time.  And Backups too in triplicate.  On disk, and other computers just in case.

I seemed to have a lot of stuff in /home/ that i cant remember placing there.

I am probably going to bitch about systemd (my blog) so get ready for that too!

The dist-upgrade was quite nice – no weird stuff with ipv6 connections as I have ipv4 only that i have had ipv6 fun before, i had to force apt-get dist-upgrade -f just once and it behaved itself despite bitching that the apache 2.2 to 2.4 despite apt had not a hope in hell in working due to configuration changes that apt could not handle.  Not sure i want to handle that either.

Hardware my crappy network card (my blog) seems better behaved. The ancient crt monitor (my blog) on the server is still working so thats not getting replaced yet. On the second day of reading logfiles i see that i also have bluetooth emulation of some kind.

I had prompts for the following bits of software outside of /home on the dist-upgrade

item  broken in process? notes
 failtoban  yes more features
 postfix-policyd  yes
 apache2.4  yes -zombie like no defensible in repo
 cyrus-imap  needs help
 spam assassin
mailgraph perl issues in apache handler
perl affects spf and apache2.4

Its best to sit with the process until the end, although a desktop user might not have as many questions.

Postfix (with multiple instances) did not like mynetworks line repeated (you do need it and I move it to fix) and new version is 2.11.3 – an edit fixed that. expect Blocked MTA-BLOCKED {TempFailedInbound} from amavis a new message for us. add a -o mynetworks= to the 10025 and things seem to be clearing postfix after amavis and moving to cyrus imap. That’s several hours of head scratching there.  No idea why the thing needed the new line.

Tls now supports session tickets in postfix However expect group or writeable warnings from apt which you might have fixed and find there wrong again..  Despite a wrong name in the certificate i went from a d to an a (87%) for tls support.  DNSSEC is next.

Failtoban i did not think was working i said no to sasl upgrade, so my screw up, it does nginx out of the box (my blog) now but apparently is working.  Nginx looks worth a second chance

postfix-policyd-spf  returns a wrong version error.  another few edits in postfix disable spf checks.  One for later to figure out

Cyrus imapd goes from berkely db 4.7 to 5.3 – however only db5.1 seems avialable.- 5.3 is there in the 5.1 debian package but /usr/lib/cyrus/upgrade-db will move 4.7 to 5.3 and deliver mail your going to see DBERROR db5: BDB0126 mmap: Invalid argument errors and you can do fuck all about it before the update. Renaming deliver db of which i have four instances to do for fresh correction might help if lmtp cant store things when it should but cannot.

Cyrus also comes with a text extractor for searching – new

Apache 2.4 is probably a good idea to reconfigure it from scratch.  I have no gnutls (my blog) and require all {granted|denied} replace order and allow lines.  Your going to find a lot of syntax issues.  Yet to deal with this.

frustratingCups [printers] work and most things work -no samba as windows supports cups.  I also did not have to remove gnome which i hate and usually end up doing every time – so not all bad although i have yet to hunt for mono which might have sneaked back on in the process.  After all i dont want any microsoft crap on here for them to fud linux with.

Systemd on stable debian is not too bad and humanized compared to Debian testing. Its picking up my adjusted scripts from init.d. I know this as i load pOf with amavis.  So systemd purists are probably seething somewhere.

The next morning i went through the logs – rkhunter does work and a lot of system accounts are now nologin and a sixty page logwatch report.  Spam assasin does not like its daliy reload was a one tie failure not repeated after that  but as that is called via amavis [see above] that might be a cron job needing help.

Mail cleared overnight. and so today i am going to fix apache 2.4 who can only serve up a page a perl cgi statistics from 2.2 to 2.4

I went from a 3.2.04 kernel to kernel.  Postgres seems to be still there although 9.1 and 9.4 things are probably doing something wrong.

Apache is a cluster fuck of my making – however after deleting and starting from scratch i got an a+ from quays with mod_ssl why as – gnutls is gone (my blog) in jessie however raymil and cipherlst deserve the credit here.  I see that openssl still has a expliot unpatched however css and anything not in the wwwroot is screwed even stuff off it say /wwwroot/chickensexing is in need of dire help . Might be  a mod_deflate issue out of the box – disabled for my sanity.

cgi needs help to.  But apache is doing something – not all the things it used to so i am going quit while i am ahead today.

I am glad i don’t do this very often.  Day three is on apache –  mod_deflate does not play nice in latest firefox but chrome browser supports it  cgi support and grant access to css and other stuff is the thing.

Mailgraph is toast – perl config issues still with apt

Use of uninitialized value $scriptname in concatenation (.) or string at /usr/lib/cgi-bin/mailgraph.cgi line 215.

which is print “\

So that’s seems broken in apache2.4 in jessie

Roundcube (my install -local x4 – you cannot do that with a .deb) has cosmetic issues in apache 2.4.

So perl it seems is not happy in Jessie (imho) in Debian Jessie 8.0 as cgi in apache 2.4 is in a bit of a state and spf checker is also broken.

A fresh go with apache fixed all my issues with mail graph and roundcube so i know that works so it looks like i had a weird apache config to sort out why one set of stuff works but the other does not.

Postfix works minus the spf check and none of the configs (five instances to fix) did not get mangled

All done for now. How was your day?

Updates to this post – spf check fix (my blog), Debian 8.1 (my blog)

15 responses

  1. Pingback: policyd-spf in debian 8 and remaining upgrade issues | Bananas in the Falklands

  2. Pingback: A sunday with no internet access | Bananas in the Falklands

  3. Pingback: Debian 8.0 niggles and Debian 8.1 release in the wild | Bananas in the Falklands

  4. Pingback: Apache 2.4 in the wild | Bananas in the Falklands

  5. Pingback: Fixing mobile html sites [or how jquery mobile ages] | Bananas in the Falklands

  6. Pingback: kicking the tyres on sddm (or non root x display managers) | Bananas in the Falklands

  7. Pingback: Final fixes to debian 8 | Bananas in the Falklands

  8. Pingback: Review of the year. | Bananas in the Falklands

  9. Pingback: pgp messaging sorted out | Bananas in the Falklands

  10. Pingback: Letsencrypt in debian – not yet production ready | Bananas in the Falklands

  11. Pingback: Better postfix tls | Bananas in the Falklands

  12. Pingback: Exploring opendmarc in debian jessie | Bananas in the Falklands

  13. Pingback: Kate (a text editor) | Bananas in the Falklands

  14. hey! i’m trying to fix our mailgraph that seems to be broken since debian 8 update. i think it might be connected with perl and apache2? so googling brings me here, nice blog tho! do you remember something ’bout this fix?

    • Try

      addHandler cgi-script .pl
      ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

      Require all granted

      Thats apache 2.4 config

      mailgraph works with cgi although i am a bit rusty – the apt files list for mailgraph can point you in the right place too

by golly but...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.