If your a cave dwelling citizenand who only reads my blog* then your probably not know that a new release of Debian (my blog) is out.
it has not been out long but is mysterious as to what has been updated is a mystery – sure the gui’s have been updated but mysterious questions like tls1.3 support mean searching and getting misguided results for instance ubuntu is not debian. google mind you with alphabet worrying about hate speech who cares if there search engine goes to shit.
Apparently tls 1.3 is now supported (my blog) but i still have other questions so documentation wise Debian ten is a complete mystery if your wondering what is new.
Cyrus imap is another mystery here – the suggested route (not here) compared with the actual is not the same. I was expecting to configure and reconstruct but just disabling imap seems to have worked – although imap apparently does not use Berkeley db’s any more i did need a roundube option create_default_folders’] = true; (not here) opposed to false
Not sure why debian cyrus 220.127.116.11 did not need the linked work – i think it should have. Not complaining though.
The dist upgrade failed several times and i had to restart it. konq-plugins was a package that failed on i386
apt remove konq-plugins
Messages are very inconsistent on upgrade nss and glibc was one prompt that started and stopped processes, so your experience will vary between x64 and i386. Servers with sql backends used dbcommon and i kept most of my config files choosing N rather than the package file.
If you upgrading via ssh then the lines.
Will cause ssh to not reload. – be careful if your non local.
Openafs kernel module is a time consuming item to upgrade especially its kernel module.
If your into windows** nameservers dhcp needs an uograde but we dont have microshit windows here in the zoo.
Opendnssec — gets updated but i have no idea still how this awful software works.
postgresql seems to start first time in buster unlike stretch
pgctl_cluster main start
- modsecurity RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf security2.conf
- issue and issue.net
- cron.daily logrotate
- ssh_confing & sshd_config [see above]
- clamd conf
- fail2ban – action.d/mail.conf filter.d/postfix.conf
- postfix scripts are only updated not main and master files
So my fuckup’s
I [apparently] had an extra listen address in apache2 in ports conf, ipv6 is sluggish for apache and email on startup. Some ipv6 addresses refused to startup and cause failures. Keeping the original conf files seems to saved me a lot of headaches.
Since i was not ssh’ed into the box not an issue for me
email worked our zoo bots are working, apache does once interfaces started manually – xserver works when required [not often]
Server boot speed is not that impressive on older hardware, but since i dont reboot often who cares.
openssl does support tls 1.3 Most things work although this is perplexing
ssl-cert-check -s zoo.com -p 443 -a
Host Status Expires Days
———————————————– ———— ———— —-
unable to load certificate
3080701696:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
unable to load certificate
The second instance does not work, calling it once before does work. It worked on stetch not us, but something else is confused as apache likes the stated files fine.
Most things appear to work but your experience might vary – it took 25 minutes to download and three hours to nursemaid as described and restart.
I can probably fix the boot problems myself.
So far buster on a server seems a safe choice.
I will deal with newer features elsewhere. Not an upgrade from hell althougth i did make media backups before hand.
*somebody might – joke **you poor sod