Upgrade from buster to bullseye:
Make sure to coordinate with whoever uses the host, be it the buildd operator, the QA team, the ftp team or just announce it on IRC if it's a general developer box.
NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET
upgrade stuff:
- answer question to libc6 "Restart services automaticaly" with "yes"
- let the system change the homedir of the irc user
- keep our pam configuration
- say no (or "keep the local version currently installed") to other questions.
commands:
avoid "lookup not DNSSEC" errors and failures from exim4 during the upgrade:
service exim4 stop &&
update-rc.d exim4 disable
(note that puppet will in fact start exim4 during the upgrade process, but this step prevents package upgrades from doing so and is thus usually sufficient to avoid the precise combination of package versions that leads to the issues.)
upgrade (run in a screen as root in case the connection is interrupted):
sed -i "s#buster#bullseye#g" /etc/apt/sources.list.d/debian.list &&
sed -i "s#buster/updates#bullseye-security#g" /etc/apt/sources.list.d/security.list &&
dpkg --clear-avail &&
apt-get update &&
service samhain stop &&
rm -f /var/state/samhain/samhain_file /var/lib/samhain/samhain_file &&
UCF_FORCE_CONFFOLD=1 apt-get -o Dpkg::Options::="--force-confdef" install dpkg apt samhain python-is-python2 &&
service samhain stop &&
UCF_FORCE_CONFFOLD=1 apt-get -o Dpkg::Options::="--force-confdef" dist-upgrade &&
service samhain stop &&
rm -f /var/state/samhain/samhain_file /var/lib/samhain/samhain_file &&
samhain --foreground -t init -p none -s none -l none -m none &&
(puppet agent -t || true) &&
: sometimes puppet resets our sources back to buster. insist &&
sed -i "s#buster#bullseye#g" /etc/apt/sources.list.d/debian.list &&
sed -i "s#buster/updates#bullseye-security#g" /etc/apt/sources.list.d/security.list &&
apt-get update &&
UCF_FORCE_CONFFOLD=1 apt-get -o Dpkg::Options::="--force-confdef" dist-upgrade &&
apt-get install debian.org-recommended-bullseye &&
apt-get --purge autoremove &&
while [ "$(deborphan -n | wc -l)" -gt 0 ] ; do apt-get purge $(deborphan -n); done &&
dpkg --clear-avail &&
apt-get clean
purge removed packages
dpkg --get-selections | awk '$2=="deinstall" {print $1}' &&
echo "really purge these [y/N]?" && read ans && [ "$ans" = "y" ] && dpkg --purge `dpkg --get-selections | awk '$2=="deinstall" {print $1}'` &&
echo "These are not at install:" && dpkg --get-selections | awk '$2!="install" {print $1}'
more clean ups:
apt-get update &&
/usr/lib/nagios/plugins/dsa-check-packages | tr -d ,
(apt-get purge them)
apt-get --purge autoremove &&
while [ "$(deborphan -n | wc -l)" -gt 0 ] ; do apt-get purge $(deborphan -n); done
(puppet agent -t || true) && (puppet agent -t || true)
(update-rc.d exim4 enable || true)
update dsa-nagios.git (add host to bullseye hostgroup)
update samhain and finish with a reboot
(puppet agent -t || true) &&
(puppet agent -t || true) &&
(puppet agent -t || true) &&
ud-replicate &&
samhain --foreground -t update -p none -s none -l none -m none &&
dsa-update-apt-status -f &&
reboot < /dev/null
consider more cleanup
apt-get autoremove &&
(puppet agent -t || true) &&
samhain --foreground -t update -p none -s none -l none -m none &&
dsa-update-apt-status -f