XK72 | Java and Adobe Flash Software

This morning I have upgraded a non-production but important server from Debian Sarge to Debian Lenny. Figuring it was about time that I did the upgrade I took some advice that Lenny is very stable and could buy me a longer support period by skipping Etch altogether. Time will tell.

This post itemises the steps I went through for posterity and prosperity if I ever need to refer to them again. I’m writing this up from my notes so it is possible that I’ve missed something; if you do attempt a similar upgrade yourself and something turns up, please feel free to suggest it in the comments.

I started by reading (skimming) the release notes for Lenny on upgrading, which are currently in draft as it is in testing. In the future Lenny will obviously become the release version so that URL will become invalid. If you’re upgrading I suggest you to the same; furthermore if you’re upgrading from Sarge read over the Etch release notes for upgrading too. My process is based on and pretty much identical to the process described therein.

Make sure you’ve backed up the important stuff before trying anything like this. In particular postgres is very rude in upgrades (I upgraded from a backported 8.1 I think) and you lose all your data. Make sure you’ve done a dump.

First update your /etc/apt/sources.list. Unless you have special sources for some packages you’ll probably just change sarge to lenny and end up with:

deb http://ftp.YOURMIRRORHERE.debian.org/debian/ lenny main contrib
deb http://security.debian.org/ lenny/updates main contrib

Note that you need to find the URL for your local mirror, it’s probably already in your sources.list.

Refresh the sources list:

aptitude update

Upgrade aptitude (I use aptitude rather than apt-get). The Lenny aptitude apparently is better at conflict resolution. This will upgrade a number of other packages at the same time, but not as many as later!

aptitude install aptitude

My next step was to install the Debian keyring so that future packages are trusted. Followed by another update to apply the change:

aptitude install debian-keyring
aptitude update

Now we’re ready to upgrade some packages. During the upgrade process you get asked about changed configuration files a lot. My strategy was to always accept the new maintainer’s version, but to note down each time it occured and to later go back and compare the config I had (it saves a backup in each case).

The release notes recommend a safe upgrade first, so that’s what I did:

aptitude safe-upgrade

This went smoothly with no problems that I recall; certainly no problems that I had to address at this point. The release notes go on to recommend a kernel upgrade so that the system remains a working one. I’m not sure this was necessary as I was already using the 2.6 kernel. In fact, if you were on 2.4 I wouldn’t start following what I did – you’ll likely have to do more and be much more careful.

aptitude install linux-image-2.6-686

That installed smoothly and updated my grub. Next we do the full upgrade with all of the changed dependencies. Look out for packages that it says it must remove, as you may want to add those later. For me it removed dokuwiki; I let it do it and reinstalled it once the upgrade was complete.

aptitude full-upgrade

I had to repeat the full-upgrade numerous times, each time seeing problems, correcting them and then repeating and getting a little further. Each problem was usually solved by forceably removing a conflicting package or changing some configuration files; Googling for error messages helped. These are the ones I encountered:

Error:

trying to overwrite `/usr/sbin/add-shell', which is also in package passwd

Resolution:

dpkg -r --force all passwd

Error:

Something about phpmyadmin not being able to find a directory

Resolution:

mkdir /var/lib/phpmyadmin

Error:

configuration error - unknown item 'FAIL_DELAY' (notify administrator)

Resolution:
I commented out all unknown items from /etc/login.defs. It later installs a new version of this file; I guess the error wouldn’t occur if the file was updated earlier. Ah well, easy fix.

Error:

/usr/sbin/make-ssl-cert: line 1: mktemp: command not found

Resolution:
I couldn’t get aptitude to install mktemp because too many other things were broken and it wanted to do them first. Instead I found the downloaded mktemp package and installed it directly with dpkg. Thinking about it now, mktemp might not be downloaded unless you try to install with aptitude so perhaps resolve it like this:

aptitude download mktemp
aptitude install mktemp_1.5-9_i386.deb (of course this package name may have changed)

Error:

dpkg: error processing /var/cache/apt/archives/libcups2_1.3.8-1lenny4.1_i386.deb (--unpack):
trying to overwrite `/usr/lib/libcups.so.2', which is also in package libcupsys2-gnutls10

Resolution:

dpkg -r libcupsys2-gnutls10

Error:

dpkg: error processing /var/cache/apt/archives/ntp_1%3a4.2.4p4+dfsg-8_i386.deb (--unpack):
trying to overwrite `/etc/ntp.conf', which is also in package ntp-server

Resolution:

dpkg -r ntp-simple ntp-server

That was the end of the problems I encountered. I probably ended up running the full-upgrade 20 times as I worked out the solutions to each of these. Simply keep running it until it does nothing.

Before rebooting be sure to check the release notes for any last instructions. I had to review my mdadm setup; I read the readme, checked my setup, made some tweaks and all went smoothly.

Reboot! You definitely want to have physical access to the machine at this stage. I’ve upgraded a few machines across continents and it was really scary and in fact required physical intervention. This time the box just came back up like a charm so I was very pleased.

To finish it off I reinstalled packages that had to be removed (that included dokuwiki and vim) and started to check all of the essential services; most of them required some tweaking.

There may be some dependencies that are still not satisfied. We ask aptitude to do a general check and it will try to resolve them; you’ll have to confront this sooner or later so why not sooner. I ended up with a few python packages which couldn’t be installed so I removed them all – fixed.

aptitude install

Also there may be some obsolete packages left. If you start aptitude in interactive mode (just type aptitude) then you can view the obsolete packages and decide what to do with them. I removed all of them apart from the libraries; I wasn’t sure as there are some 3rd party pieces of software (oracle) that I didn’t want to try my luck with.

Postgresql 8.3 also ended up in a state where the locale wasn’t good – it had en_NZ and wouldn’t accept UTF-8 encodings. Removing and reinstalling postgres fixed that so I guess it was installed at a point in the process where the locale wasn’t right.

That’s all that was required for me. It took less than 3 hours and was pretty satisfying. Good luck with your upgrade.

This entry was posted on Friday, February 6th, 2009 at 11:33 am and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.