I’m reading the release notes, and following the instructions. I started reading at 14:20, and I logged into the server at 14:34.
# looking for outdate stuff apt-forktracer | sort # found 35 packages but I’m afraid to touch them # (not removing them) # looking for old old conflicts find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error' # nothing suspicious, trash them all trash $(find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error') # double check find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error' # find borked stuff dpkg --audit # saving the state of all my packages dpkg --get-selections "*" > packages.list # making sure none are held back grep hold packages.list # updating /etc/apt/sources.list # (replacing buster with bullseye and taking security layout changes into account) # Therefore: # deb http://deb.debian.org/debian bullseye main non-free contrib # deb https://deb.debian.org/debian-security bullseye-security main non-free contrib # recording it all script -t 2>~/upgrade-bullseye-1.time -a ~/upgrade-bullseye-1.script # update apt update # check space requirements apt -o APT::Get::Trivial-Only=true full-upgrade # compare with space available df -h # first upgrade step apt upgrade --without-new-pkgs # paying the price for not moving stuff into the *.d subdirectories # and editing the config files directly… # resolve conflict in /etc/fail2ban/fail2ban.conf # resolve conflict in /etc/logrotate.conf # resolve conflict in /etc/munin/munin.conf # cgit problem: keep a copy of these two files: # /etc/cgitrc # /usr/lib/cgit/filters/syntax-highlighting-or-markdown.py # then purge cgit apt purge cgit # and reinstall, and restore the two files apt install cgit # the release note tell me to install a kernel # how strange, what did I use before? uname -r # 4.9.0-3-amd64 # oh well, following orders: apt install linux-image-amd64 # not sure whether I should reboot now or do the full upgrade now? apt full-upgrade # manually trashing some directories that could not be removed: trash /etc/calendar trash /usr/lib/python3.7/tkinter # continuing to pay the price for not moving stuff into the *.d subdirectories # resolve conflict in /etc/monit/monitrc # resolve conflict in /etc/ssh/sshd_config # resolve conflict in /etc/logrotate.d/apache2 # resolve conflict in /etc/radicale/config # and now… reboot
Waiting…
Waiting…
And we’re back up! It’s now 16:40. Let’s start checking services.
The Traveller subsector generator needed a manual start.
# as user alex cd farm hypnotoad traveller2.pl
In fact, all the Monit configurations of my services needed a change from Perl 5.26.1 to 5.32.0.
The Oddmuse wikis seem to be up, Phoebe seems to be down. Sadly, Phoebe is no longer monitored via Monit but only watched over by systemd.
systemctl restart phoebe && journalctl --unit phoebe --follow
Everything else seems to be working.
# remove packages that are no longer required
apt auto-remove
# purge configs of packages that have been removed
apt purge $(dpkg -l | awk '/^rc/ { print $2 }')
Strangely enough, “apt install” by itself lists four packages not upgraded.
# let’s make sure we’re up to date apt update # this shows me 1 upgraded, 100 newly installed, 0 to remove and 3 not upgraded apt upgrade # the ones that have been kept back: guile-2.2-libs w3m w3m-img apt purge guile-2.2-libs w3m w3m-img # and again… apt auto-remove
I think we’re good, now.
Find obsolete stuff:
# I do not use aptitude so will install something else (!?) apt install apt-show-versions # find obsolete, abandoned, local stuff apt-show-versions | grep 'No available version' # think carefully, then remove them all apt remove $(apt-show-versions | grep 'No available version' | cut -d : -f 1)
Let’s hope I’m not going to regret this… 😅
It is now 17:35. This took a bit over three hours.
#Debian #Administration
(Please contact me if you want to remove your comment.)
⁂
Today I looked at my mail on the server…
It turns out that all the packages I had installed using pip have somehow disappeared. I’m guessing that’s due to the change of making Python 3 the default? I have no idea.
pip install Mastodon.py pip install html2text
And I had apparently installed two Perl libraries for my system Perl. Yikes! They had gotten converted to Debian packages, and those were still lying around, so I could simply reinstall them. No upgrades.
dpkg -i libmojo-useragent-role-queued-perl_1.15-1_all.deb dpkg -i libtext-spanningtable-perl_1.000000-1_all.deb
In one of the bash scripts I had to replace tempfile with mktemp.
– Alex 2021-08-31 05:30 UTC
---
Firewall rules need to be reinstalled after a reboot:
# Set up iptables rules. Match with banlist and drop traffic ipset create banlist hash:ip hashsize 4096 iptables -I INPUT -m set --match-set banlist src -j DROP iptables -I FORWARD -m set --match-set banlist src -j DROP # For IPv6 ipset create banlist6 hash:net hashsize 4096 family inet6 ip6tables -I INPUT -m set --match-set banlist6 src -j DROP ip6tables -I FORWARD -m set --match-set banlist6 src -j DROP
The reason being some bot programmer who ignores the “slow down” error messages they are getting.
ipset add banlist 193.70.85.11 ipset add banlist6 2001:41d0:302:2200::180
Both belong to OVH France.
Hopefully getting all their packets dropped makes them think for a moment.
– Alex 2021-08-31 14:37 UTC
---
More packages missing.
pip install cairosvg
– Alex 2021-09-05 09:02 UTC
---
Something about Exim is also broken. I get mails from root saying “Tainted ’/var/mail/alex’ (file or directory name for mail_spool transport) not permitted” and chapter 5 of the release notes tells me that something has changed regarding taint checking. Gah!
Old Debian Exim configuration files also will not work unmodified; the new configuration needs to be installed with local modifications merged in. – 5.1.17. Exim 4.94, in chapter 5. Issues to be aware of for bullseye
5.1.17. Exim 4.94, in chapter 5. Issues to be aware of for bullseye
OK. I don’t think I did much configuring of Exim, to be honest. I just need local delivery so that I can read the error messages by all the jobs that I run.
As root:
dpkg-reconfigure exim4-config
Choose “local delivery only”, and then just use the defaults, I think.
– Alex 2021-09-05 09:22 UTC
---
Yikes. That didn’t solve it. I still don’t understand what I’m supposed to do after reading the Exim section in chapter 5, so now I’m doing it hardcore:
apt purge exim4-config apt install bsd-mailx exim4
Beware, this nukes your config!
Anyway, with this I was able to send myself some local mail without receiving any warnings. Also, this purged exim4-daemon-heavy and installed exim4-daemon-light, with no config questions asked. I like it.
– Alex 2021-09-07 06:17 UTC
---
Looks like radicale did not get restarted after the update (self hosted calendars and contacts). On our phones, I saw that the calendars were not syncing.
service radicale start
That did not immediately help. It took a while. The log said “Malformed token” a few times… but without me changing anything, these messages disappeared after a few minutes and the phones say the calendars are OK, now.
journalctl --unit radicale --follow
– Alex 2021-09-10 09:10 UTC