Upgrade from etch to lenny

make apt sane:

echo 'Acquire::PDiffs "false";' > /etc/apt/apt.conf.d/local-pdiff
    echo 'APT::Install-Recommends 0;' > /etc/apt/apt.conf.d/local-recommends

add volatile to sources list and upgrade (at least the archive keyring)

grep volatile /etc/apt/sources.list || cat >> /etc/apt/sources.list << EOF
deb     http://volatile.debian.net/debian-volatile etch/volatile  main
EOF
apt-get update && apt-get dist-upgrade

turn off samhain

/etc/init.d/samhain stop

maybe turn off exim

/etc/init.d/exim4 stop
mv /etc/rc2.d/S20exim4 /etc/rc2.d/K20exim4 # so it stays down

install deborphan, clean up

apt-get install deborphan dialog
orphaner
orphaner -n
orphaner -a
orphaner -a -n

purge removed packages

dpkg --get-selections | awk '$2!="install" {print $1}'
echo "really purge these [y/N]?"; read ans; [ "$ans" = "y" ] && dpkg --purge `dpkg --get-selections | awk '$2!="install" {print $1}'`

remove cruft and prepare sources.list update

rm -f /etc/apt/sources.liste
mkdir -p /etc/apt/sources.list.d

change sources list entries to lenny:

mirror=`cat /etc/apt/sources.list | awk '/debian/ {print $2; exit}'`
echo "Mirror is $mirror"; echo "Fix stuff if this seems wrong"; echo "XXXXXXXXXXXXXXXXXXXXXXX"
echo "## VERIFY THE MIRROR IS CORRECT ##"; read

write new sources.list.d/ entries:

(! [ -e /etc/apt/sources.list ] || mv /etc/apt/sources.list /etc/apt/sources.list-oldetch) &&
cd /etc/apt/sources.list.d &&
cat > backports.org.list << EOF &&
deb     http://debian.sil.at/backports.org/        lenny-backports main
EOF
sed -e "s#@@MIRROR@@#$mirror#g" > debian.list << EOF &&
deb     @@MIRROR@@      lenny           main
EOF
cat > debian.org.list << EOF &&
deb     http://db.debian.org/debian-admin          lenny            main
EOF
cat > security.list << EOF &&
deb     http://security.us.debian.org/             lenny/updates    main
EOF
cat > volatile.list << EOF &&
deb     http://volatile.debian.org/debian-volatile lenny/volatile   main
EOF
(! [ -e /etc/apt/preferences ] || mv /etc/apt/preferences /etc/apt/preferences-oldetch) &&
cat > /etc/apt/preferences << EOF &&
Package: *
Pin: release o=Backports.org archive
Pin-Priority: 200
EOF
(! grep restricted /etc/apt/sources.list-oldetch || echo 'deb     http://db.debian.org/debian-admin          lenny-restricted non-free' >> debian.org.list )

add bpo key

apt-key add - << EOF
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
Nv8MTPjOaeEZArQ0flg8OXwF34hGBBARAgAGBQJEeI+KAAoJEHvDNTBle/A9pDwA
mwVpbaoH1hebV4MgXIpRvTQiL2keAJ9ryd2LvhbPd5EZM1C3Nsar2/2CgIhGBBAR
AgAGBQJHE7HYAAoJEGvFvIY3KyPVlwEAoJyGuJ/SsJTlyIVbulWYp3U/uZQTAJ4l
40SrE/wwDeSIrhWNkmmNPbnz54hGBBARAgAGBQJHKneLAAoJEBRrPPJWJbOATcsA
n3I8y3pJN6jkmnhUQepfa7jJoDY2AKClHVXYuNZpc2jZKyruwgwck+jCabkCDQRD
CIMREAgAzXu6DGSDAz4JH+mlthtiQwNZFU8bjWanGT3DL6zubxwc3ZQmRaMOiVuv
JUuaJv8fdGRSvp09dP2/x5mzq2rACiEnDwZssNSK5sigxgy2W9zeO9bOtg6bhqZL
wlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEm
gFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDNStQDvTNtR6IV11KbKcY1iQ0B2bkh4zSh
WwloIr83V6huAhfH8GA7UW6saRJAof5DJWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG
8fbecwlox5BRTMqcCB5ELbQXoVZT+wADBQf/ffI9R53f9USQkhsSak+k82JjRo9h
qKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1
h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HBTY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSX
Vi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZrO0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjp
VWbepkL88rbqJnPueTATw9shjbFYaND8cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm
7C6hwik6agtXWkNABVXSxM6MB4hcP9QC+FEhK6y/7wC3SyNRBuFujDG1aohJBBgR
AgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNsVVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLd
AJ4v9ojJnvJu2yUl4W586soBm+wsLg==
=n4L0
-----END PGP PUBLIC KEY BLOCK-----
EOF

update apt list

apt-get update

upgrade

apt-get install locales-all

rest follows

apt-get dist-upgrade

reject changes to /etc/pam.d/sudo (puppet will install a new file later anyway)

merge changes into /etc/munin/plugin-conf.d/munin-node (change new and accept (A)):

sed -i -e 's/adm$/adm, maillog/' /etc/munin/plugin-conf.d/munin-node.dpkg-new

update nagios on samosa (add host to lenny hostgroup)

maybe install puppet

check for obsolete packages

/usr/lib/nagios/plugins/dsa-check-packages

clean up old libs

orphaner
orphaner -n
orphaner -a
orphaner -a -n

purge removed packages

dpkg --get-selections | awk '$2!="install" {print $1}'
echo "really purge these [y/N]?"; read ans; [ "$ans" = "y" ] && dpkg --purge `dpkg --get-selections | awk '$2!="install" {print $1}'`

possibly reboot

re-enable exim

mv /etc/rc2.d/K20exim4 /etc/rc2.d/S20exim4
env -i /etc/init.d/exim4 start