debian 8.7

tux_and_beasty_costumesIs released, hplip (my blog) will not show ink levels any longer not that i care but t shows somebody at hp possibly trying to kill the zoo’s network printers with bullshit.

My issue (my blog) with

/etc/cron.weekly/apt-xapian-index:
Traceback (most recent call last):
  File "/usr/sbin/update-apt-xapian-index", line 97, in <module>

Continues. That is about all.

 

 

Debian 8.0 niggles and Debian 8.1 release in the wild

jesseIn the original release  not much and should be easily resolved by now releasesd 8.1 release. I upgraded (my blog) so many of these issues are of my own making

  1. anacron has a broken python script – one time event – see /etc/cron.weekly/apt-xapian-index in the later section.
  2. /dev/shm is populated when running x as startx  – rkhunter monitors it
  3. mailgraph (still useful imho) tries to exec css for you one for logfile watchers and easily fixed
  4. apt/Apache2 dpkg: error processing package libapache2-reload-perl (–configure):777 happens all the time
  5. cyrus imap has no pop3d command not that i used it and it might be ancient in my context since i am lazy and have been running imap for a decade.
  6. the cyrus imap bdb errors (my blog) are related to /var/imap which i dont use as a mail store. – ignorable
  7. p0f-analyzer can not handle a pid like it did in wheezy say –pidfile /var/run/p0f i had to remove it – might be my handling but it worked in wheezy like that

systemctl enable foo.service will help with scripts that work but do not init on boot up – yes you postgressql server of which more further down

In 8.1

  1. apt/Apache2 dpkg: error processing package libapache2-reload-perl (–configure):777 happens all the time
  2. amavis seems to not reload every 24 hours – an observation from the change although a week plus online it seems to reload daily.
  3. cups [printers] got an update and we have an ancient ‘word processing*’ computer running debian 5 which can print to debian 8 but then stopped working.
  4. /lib/systemd/systemd –user does not seem to run once and quit when i ran command from a non root account – days later i killed the process.
  5. Postgres works and apparently i am running a 9.4 server with 9.1 config files. I won’t have that oracle crap on the box, you all know it.  Had to do a systemctl enable postgresql once again which failed on a reboot. So although it says 9.4 server the command systemctl enable postgresql@9.1-main.service actually loads.  Another test to do on the next distant reboot.
  6. /etc/cron.weekly/apt-xapian-index is the python issue from 8 above see 1
  7. cron.daily/spamassassin does not like reload so that is a botched init.d to systemd connvert  – I usually call sa via amavis, not daemon although i testing the /etc/default/spamassasin.dpkg jessie file as i came from wheezy.    The jessie file seems to be more compatible with systemd.
  8. failtoban i reconfigured with the debiin 8 defaults since i thought the thing was not working for email.
  9. cups with hplip sucks monkey balls on x, i have a foomatic (cheap hp laser that needs drm) and x will ask to download the firmware all over again.  remote printing works just fine.
  10. My sdcard reader (a cheap usb thing) works in 8 like it did in 7 on the rare occasion i use it.

Nothing serous.

policyd-spf in debian 8 and remaining upgrade issues

mehI had issues with this (my blog) so having five instances of postfix i reintroduced it,  I have no idea why nobody works and the other policyd-spf user does not.  However policyd-spf  does induce

postfix/smtpd[x]: warning: problem talking to server
private/spf-policy: Connection reset by peer

So change policyd-spf in master.cf, and add the spf checks in main.cf otherwise it will not get called.

policyd-spf  unix  -       n       n       -       0       spawn
            user=policyd-spf argv=/usr/bin/policyd-spf

And its  working again with the appended  0.and slighty different argv  – another two instances to change in the zoo.  Needs some tinkering and reading of the document in /usr/share/doc/postfix-policyd-spf-python/README.debain

200px-Gremlins_think_it's_fun_to_hurt_you._Use_care_always._Back_up_our_battleskies^_-_NARA_-_535381Cyrus imap also had a problem with /usr/sbin missing binaries which the cyrus.conf picks up they do exist and have since moved to /usr/lib/cyrus/bin.  It did not affect mail delivery but your see what i mean if you run it.

Mod_defensible in apache 2.4 does work but not from the repo’s, download it from the debian site and the files show up – dont ask me why. but it works remember the config goes in apache2.conf

One thing i dont have much clue on in is postgressql upgrading (9.1  to 9.4) i have both so i will ignore that one for the time being

Wheezy to Jessie (debian upgrades)

jesse

Jessie is in

Wheezy is debian 7, Jessie is debian 8 and the last time i did this i had no problems (my blog).  However it still means a lot of preparation.  Plus emergency disks so i can freshly install should the thing leave a sticky mess on the floor.

Pre upgrade – dkimproxy has been replaced with opendkim (my blog) so ‘hopefully’ that wont complicate things as dkimproxy seems to change on every dist-update.

wheezy

Wheezy is out

Yes its upgrade time.  And Backups too in triplicate.  On disk, and other computers just in case.

I seemed to have a lot of stuff in /home/ that i cant remember placing there.

I am probably going to bitch about systemd (my blog) so get ready for that too!

The dist-upgrade was quite nice – no weird stuff with ipv6 connections as I have ipv4 only that i have had ipv6 fun before, i had to force apt-get dist-upgrade -f just once and it behaved itself despite bitching that the apache 2.2 to 2.4 despite apt had not a hope in hell in working due to configuration changes that apt could not handle.  Not sure i want to handle that either.

Hardware my crappy network card (my blog) seems better behaved. The ancient crt monitor (my blog) on the server is still working so thats not getting replaced yet. On the second day of reading logfiles i see that i also have bluetooth emulation of some kind.

I had prompts for the following bits of software outside of /home on the dist-upgrade

item  broken in process? notes
 rkhunter
 sshconfig
 bley
 failtoban  yes more features
 postfix-policyd  yes
 apache2.4  yes -zombie like no defensible in repo
 postfix
 clamd
 cyrus-imap  needs help
 spam assassin
 libreoffice
 /etc/services
mailgraph perl issues in apache handler
perl affects spf and apache2.4

Its best to sit with the process until the end, although a desktop user might not have as many questions.

Postfix (with multiple instances) did not like mynetworks line repeated (you do need it and I move it to fix) and new version is 2.11.3 – an edit fixed that. expect Blocked MTA-BLOCKED {TempFailedInbound} from amavis a new message for us. add a -o mynetworks=127.0.0.0/8 to the 10025 and things seem to be clearing postfix after amavis and moving to cyrus imap. That’s several hours of head scratching there.  No idea why the thing needed the new line.

Tls now supports session tickets in postfix However expect group or writeable warnings from apt which you might have fixed and find there wrong again..  Despite a wrong name in the certificate i went from a d to an a (87%) for tls support.  DNSSEC is next.

Failtoban i did not think was working i said no to sasl upgrade, so my screw up, it does nginx out of the box (my blog) now but apparently is working.  Nginx looks worth a second chance

postfix-policyd-spf  returns a wrong version error.  another few edits in postfix disable spf checks.  One for later to figure out

Cyrus imapd goes from berkely db 4.7 to 5.3 – however only db5.1 seems avialable.- 5.3 is there in the 5.1 debian package but /usr/lib/cyrus/upgrade-db will move 4.7 to 5.3 and deliver mail your going to see DBERROR db5: BDB0126 mmap: Invalid argument errors and you can do fuck all about it before the update. Renaming deliver db of which i have four instances to do for fresh correction might help if lmtp cant store things when it should but cannot.

Cyrus also comes with a text extractor for searching – new

Apache 2.4 is probably a good idea to reconfigure it from scratch.  I have no gnutls (my blog) and require all {granted|denied} replace order and allow lines.  Your going to find a lot of syntax issues.  Yet to deal with this.

frustratingCups [printers] work and most things work -no samba as windows supports cups.  I also did not have to remove gnome which i hate and usually end up doing every time – so not all bad although i have yet to hunt for mono which might have sneaked back on in the process.  After all i dont want any microsoft crap on here for them to fud linux with.

Systemd on stable debian is not too bad and humanized compared to Debian testing. Its picking up my adjusted scripts from init.d. I know this as i load pOf with amavis.  So systemd purists are probably seething somewhere.

The next morning i went through the logs – rkhunter does work and a lot of system accounts are now nologin and a sixty page logwatch report.  Spam assasin does not like its daliy reload was a one tie failure not repeated after that  but as that is called via amavis [see above] that might be a cron job needing help.

Mail cleared overnight. and so today i am going to fix apache 2.4 who can only serve up a page a perl cgi statistics from 2.2 to 2.4

I went from a 3.2.04 kernel to 3.16.0.04 kernel.  Postgres seems to be still there although 9.1 and 9.4 things are probably doing something wrong.

Apache is a cluster fuck of my making – however after deleting and starting from scratch i got an a+ from quays with mod_ssl why as – gnutls is gone (my blog) in jessie however raymil and cipherlst deserve the credit here.  I see that openssl still has a expliot unpatched however css and anything not in the wwwroot is screwed even stuff off it say /wwwroot/chickensexing is in need of dire help . Might be  a mod_deflate issue out of the box – disabled for my sanity.

cgi needs help to.  But apache is doing something – not all the things it used to so i am going quit while i am ahead today.

I am glad i don’t do this very often.  Day three is on apache –  mod_deflate does not play nice in latest firefox but chrome browser supports it  cgi support and grant access to css and other stuff is the thing.

Mailgraph is toast – perl config issues still with apt

Use of uninitialized value $scriptname in concatenation (.) or string at /usr/lib/cgi-bin/mailgraph.cgi line 215.

which is print “\

${n}-g\&quot>
So that’s seems broken in apache2.4 in jessie

Roundcube (my install -local x4 – you cannot do that with a .deb) has cosmetic issues in apache 2.4.

So perl it seems is not happy in Jessie (imho) in Debian Jessie 8.0 as cgi in apache 2.4 is in a bit of a state and spf checker is also broken.

A fresh go with apache fixed all my issues with mail graph and roundcube so i know that works so it looks like i had a weird apache config to sort out why one set of stuff works but the other does not.

Postfix works minus the spf check and none of the configs (five instances to fix) did not get mangled

All done for now. How was your day?

Updates to this post – spf check fix (my blog), Debian 8.1 (my blog)