If you were using an older HOWTO, the Debian amavisd-new 20030616p10 package
may have been put on hold. Let's check and see.
apt-cache policy amavisd-new
If this says we have amavisd-new 20030616p10 installed, then we need to remove it (but we still need amavisd-new to work of course). Do not do this if you have 2.4.2 installed! First test that the only thing that will be removed is amavisd-new:
apt-get -s remove amavisd-new
If it says amavisd-new will be the only thing that will be removed, remove it and then fix it so it still functions:
mkdir /etc/ambackup
|
We created a startup script called /etc/init.d/startflop that is used
with AIDE. If you have this script, it may need to be updated to work
with udev:
vi /etc/init.d/startflop
If you have this file, edit it to look like this (it may already look this way):
#! /bin/sh
#
# very simple startup script
case "$1" in
start)
/usr/bin/test -e /dev/fd0u1722 || /bin/mknod /dev/fd0u1722 b 2 60
/bin/chmod 660 /dev/fd0u1722
/bin/chown root:floppy /dev/fd0u1722
/bin/mount /dev/fd0u1722 /floppy
;;
stop) /bin/umount /floppy
;;
esac
exit 0
|
If you have entries in /etc/apt/preferences, at this point make sure stable has the highest priority.
vi /etc/apt/preferences
For example: Package: * Pin: release a=stable Pin-Priority: 500 Package: * Pin: release a=testing Pin-Priority: 450 Package: * Pin: release a=unstable Pin-Priority: 400 |
For the time being, we are going to comment out everything in /etc/apt/sources.list
except for stable and sarge. Both regular and security.
Then change 'stable' to 'etch' for the regular sources and
change 'sarge' to 'etch' for the security updates and volatile. I also
added 'contrib non-free' to the etch security updates source. I have also added
etch volatile (which I will use in the future for clamav). However
I have temporarily commented out everything except the etch sources (your mirror
may vary):vi /etc/apt/sources.list
#deb http://volatile.debian.net/debian-volatile etch/volatile main deb http://mirrors.kernel.org/debian/ etch main non-free contrib deb-src http://mirrors.kernel.org/debian/ etch main deb http://security.debian.org/ etch/updates main contrib non-free #deb http://mirrors.kernel.org/debian/ testing main non-free contrib #deb-src http://mirrors.kernel.org/debian/ testing main #deb http://mirrors.kernel.org/debian/ unstable main non-free contrib #deb-src http://mirrors.kernel.org/debian/ unstable main #deb http://www.backports.org/debian/ sarge-backports main contrib non-freeSave and exit the file, then:
apt-get update
|
Now we will upgrade the kernel and libc6. I cannot recommend this
if you are using RAID.First see if initrd-tools is installed:
dpkg -l initrd-tools
If this program is installed, it should report something like "ii initrd-tools 0.1.81.1 tools to create initrd image for prepackaged". If it is not installed, you may already be running a newer kernel that does not use initrd-tools (test with 'uname -r'). If that is the case, there is no need to continue. If you are running a kernel older than 2.4.1, I have no advice for you. Otherwise, upgrade initrd-tools:
cd /usr/local/src
If you are currently running a 2.4 kernel (2.4.1 or greater - use 'uname -r' to find out) then you should run these next commands regardless whether you upgraded initrd-tools or not. This may possibly solve a problem where an initrd-img cannot be created for the 2.4 kernel when libc6 is upgraded:
cd
Now get a list of potential kernels to install. The 486 image will work with Intel or AMD. Here are the most common 32bit kernels: linux-image-486 - Linux kernel image on 486-class machines linux-image-686 - Linux kernel image on PPro/Celeron/PII/PIII/P4 machines linux-image-k7 - Linux kernel image on AMD K7 machines There are other x86 kernels available (including smp kernels), get a list of them and choose the correct one:
apt-cache search linux-image | grep linux-image
Make a note of how your disks are mounted (make a copy of this):
df
We install yaird (Yet Another Mkinitrd) to hopefully prevent this problem: http://verchick.com/mecham/public_html/spam/waiting_for_root_file_system.html Always first simulate installations to make sure there are no surprises (edit to suit your CPU if you like):
apt-get -s -t stable install linux-image-686 yaird udev libc6-dev gcc-3.3
If everything looks OK, perform the install:
apt-get -t stable install linux-image-686 yaird udev libc6-dev gcc-3.3
You may be asked to (re)Configure Locales. Once the new kernel is installed, cross your fingers and reboot: reboot
What kernel are we using? uname -r
This should show you are running kernel 2.6.18 or higher. Download a file as a (not very good) test to see whether you may have an issue with tcp window scaling or not. This test is not very good because it only tests routers between you and debian.org:
wget http://ftp.debian.org/debian/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
If the download hangs, there could be problem with tcp window scaling and buggy routers. Please read http://marc.info/?l=postfix-users&apm;m=117457942431349. You might also try these numbers in /etc/sysctl.conf (run sysctl -p after making changes to this file). In fact, it may be a good idea to add these whether the test failed or not:
net.ipv4.tcp_wmem = 4096 65536 65536
You can:
rm mysql-dfsg-5.0_5.0.32.orig.tar.gz
When finished testing. |
Now let's upgrade apt:
apt-get install apt
and import some gpg keys:
gpg --keyserver subkeys.pgp.net --recv-key EC61E0B0BBE55AB3
and:
apt-get update
|
I want to review packages I have on hold and possibly release them from
hold. I will have to think back as to whether I placed them on hold or
not and if I did, why I did it:
dpkg --get-selections | grep hold
One system I have shows: initrd-tools hold libimage-exiftool-perl hold libmime-perl holdI placed initrd-tools on hold because I did not want it to upgrade (because the newer version would have upgraded libc6 too) but now that I have upgraded libc6, I can let it install again:
echo "initrd-tools install" | dpkg --set-selections
I placed libimage-exiftool-perl on hold because I manually patched it when I installed FuzzyOcr 2.3b. I have since upgraded to FuzzyOcr 3.5.1 which no longer uses libimage-exiftool-perl, so I can let it install:
echo "libimage-exiftool-perl install" | dpkg --set-selections
I remember installing libmime-perl from 'testing' because I wanted a newer version. I put it on hold just in case a newer version upgraded libc6 along with it. I didn't want to chance it. Now that libc6 is upgraded, we can let it install newer versions:
echo "libmime-perl install" | dpkg --set-selections
|
I want to see if I have packages installed from backports (this assumes I
have not cleaned out my cache of downloaded packages). If you have
cleaned out your cache, maybe you can remember what packages you installed
from sarge-backports:
ls -l /var/cache/apt/archives/*bpo*
my system shows: /var/cache/apt/archives/gifsicle_1.44-0bpo1_i386.deb /var/cache/apt/archives/libcompress-zlib-perl_1.42-1~bpo.1_i386.deb /var/cache/apt/archives/ocrad_0.16-1~bpo.1_i386.deb /var/cache/apt/archives/postgrey_1.27-3~bpo.1_all.deb These were install from backports because I wanted to keep my system stable. Installing newer versions would have upgraded libc6 but since libc6 is now upgraded, I can reinstall these packages from etch stable:
apt-get install gifsicle libcompress-zlib-perl ocrad postgrey
Gifsicle and ocrad were installed to support FuzzyOcr 3.5.1 which reminds me: sarge used xfree86-common and etch uses x11-common and the two conflict with each other so I will install x11-common. Note: I don't run a GUI; if you do, I have no idea if this will mess things up for you, but it very well might:
apt-get -s install x11-common
This may be an issue if you are running a GUI: +---------------------------------------¦ Configuring x11-common +------------+ ¦ ¦ ¦ Major possible upgrade issues ¦ ¦ ¦ ¦ Some users have reported that upon upgrade to the current package set, | | their xserver package was no longer installed. Because there is no easy | | way around this problem, you should be sure to check that the xserver-xorg | | package is installed after upgrade. If it is not installed and you require | | it, it is recommended that you install the xorg package to make sure you | | have a fully functional X setup. ¦ ¦ ¦ ¦ <Ok> ¦ ¦ ¦ +-----------------------------------------------------------------------------+Not a problem for me since I don't use a GUI. I only need this stuff to run FuzzyOcr. If it looks like nothing bad will happen:
apt-get install x11-common
I am also going to see if I have stuff installed from sarge volatile:
ls -l /var/cache/apt/archives/*volatile*
Looks like I have been using clamav from volatile: /var/cache/apt/archives/clamav-base_0.90.1-0volatile1_all.deb /var/cache/apt/archives/clamav-daemon_0.90.1-0volatile1_i386.deb /var/cache/apt/archives/clamav-freshclam_0.90.1-0volatile1_i386.deb /var/cache/apt/archives/libclamav1_0.88.7-0volatile2_i386.deb /var/cache/apt/archives/libclamav2_0.90.1-0volatile1_i386.deb So, I will also (re)install clamav from etch stable (we will upgrade it to volatile later). If you are upgrading from 0.88.x or earlier, make sure you let it replace files as needed:
apt-get install clamav clamav-daemon clamav-freshclam
The new version of Postfix will want you to explicitly configure 'mydomain' in main.cf. Please:
vi /etc/postfix/main.cf
and configure mydomain (if you have not already done so):
mydomain = example.com
postfix reload
If it complains that files differ, run our LINUX2 script (it comes with the postfix source code if you need it):
LINUX2
It never hurts to make sure we are still processing mail:
tail -f /var/log/mail.log
|
|
During the upgrade you will be asked some questions. If you don't know
the answer you may have to accept the default. If it wants to replace
configuration files, I often have made changes that I don't want to loose
so I typically do not replace configuration files unless I'm
sure the file is so different that I really must. Sometimes keeping
old config files works to my advantage but I admit this may not always be
the best option.
You might want to take notes on how you reply to questions.
We may have made changes to the logcheck database during our travels but the postfix logcheck (and possibly other) files will want to update during the upgrade (and we should let the logcheck files get replaced when prompted). So, lets just make a backup copy in case we need it:
cp -r /etc/logcheck /etc/logcheck-old
If you installed bind9 using my doc, we made changes to /etc/init.d/sysklogd. With the new version of bind9 we do not need to keep those changes, so when prompted, replace the file. You might consider opening a second PuTTY window during the upgrade so if you want to replace a configuration file, but keep the old one, you can make a backup copy if needed. Let's see what will happen:
apt-get update
As you read this file, see what files have been kept back (if any) and try to determine why. Maybe you can install them individually. See http://www.debian.org/doc/manuals/apt-howto/ch-apt-get.en.html#s-dist-upgrade for hints. I would try to install them before you do a dist-upgrade. Then run the last two commands above again, repeating the process. When everything looks reasonably Ok, you may choose to do the upgrade. As debconf asks you questions during the upgrade, if you are not sure what the answer should be, you should probably choose the default answer. If you want more control over the upgrade process you may choose to install programs manually, but even so, at some point you should run:
apt-get dist-upgrade
After all is done, I would reboot (but that's just me - it should not be required):
reboot
See if the Postfix chroot is happy:
postfix check
If it complains that files differ, run our LINUX2 script:
LINUX2
The next thing I would check is whether we are sending and receiving mail:
tail -f /var/log/mail.log
You will have to work through it if there is a problem. If you used my doc on installing policyd-weight, then you will want to edit:
vi /etc/logcheck/ignore.d.server/postfix
and near the bottom, change policyd-weight to policydweight. You will also want to go through the process of running /floppy/report and copying /root/aide/aide.db.new over to /floppy/aide.db as usual. If you are using an unpatched pflogsumm.pl version 1.1.0, you will need to patch it. (note that my really old docs placed pflogsumm.pl in /usr/bin):
cd /usr/sbin
|
Now you should set up /etc/apt/sources.list again:
vi /etc/apt/sources.list
Assuming you have configured /etc/apt/preferences as shown above (make sure stable has highest priority), here is what your file may look like (we probably won't need backports for a while so I removed it): deb http://volatile.debian.net/debian-volatile etch/volatile main deb http://mirrors.kernel.org/debian/ etch main non-free contrib deb-src http://mirrors.kernel.org/debian/ etch main deb http://security.debian.org/ etch/updates main contrib deb http://mirrors.kernel.org/debian/ testing main non-free contrib deb-src http://mirrors.kernel.org/debian/ testing main deb http://mirrors.kernel.org/debian/ unstable main non-free contrib deb-src http://mirrors.kernel.org/debian/ unstable mainNow of course:
apt-get update
Now you can upgrade clamav from volatile:
apt-get -t etch install clamav clamav-daemon clamav-freshclam
If you upgraded SpamAssassin from sarge 3.0.3 to etch 3.1.7 and you are using the DCC client, at the very least you need to enable the DCC plugin and then restart amavisd-new (the next line may wrap - so be sure to copy the entire line):
sed -i 's/#loadplugin Mail::SpamAssassin::Plugin::DCC/loadplugin Mail::SpamAssassin::Plugin::DCC/g' /etc/spamassassin/v310.pre
|
The default system editor will now be nano. If you want to keep vim
as the default:
vi /root/.profile
and just below the line "fi" insert this entry:
export EDITOR=/usr/bin/vim.basic
Save and exit the file, then logout of PuTTY ([Ctrl]+d), then connect back in. |
- if( $text =~ /^\([0-9-]+\) (Passed|Blocked) SPAM\b/) {
+ if( $text =~ /^\([0-9-]+\) (Passed|Blocked) (SPAM|SPAMMY)\b/) {
Other sources of information: