[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Woody -> Sarge upgrade report

Last night (when I should have been working a project for my advanced
algorithms class) I decided it was time to upgrade my personal server
from Woody to Sarge.  I am writing this email im the hopes that the
release team and devs find it helpful and that other users who upgrade
can make use of the information.

In summary, here are the things that I saw:
1. Dependency resolution was spectacular (who would expect less from
2. New config files went OK.
3. Cyrus IMAP (going from cyrus v1.5 to cyrus21) broke very hard
4. sslwrap upgrade completely choked over openssl

In detail:

1.  Nothing more need be said.

2.  The standard yes, no, diff, shell approach could probably use
some tweaking.  What I mean is that with so many config files being
updated, there should be an option to "manually merge now."  This
can be done in one of a couple of ways.  A text editor could be
opened with both the current and proposed config loaded (e.g., vim
and emacs), or a single file could be presented with the diff'd
portions inserted and marked in the complete file (e.g., editors that
only support one open file).  I think that this can be done by
shelling out (with the Z option), but I am never really sure if my
changes will stick.  The option says "shell to examine the situation",
or something to that effect.  There is no indication that if I change
the config, the change will stick.

Also, some packages should adopt the policy of including a "local"
snippet.  What I mean is, for example, with the dhcpd package, or any
package that "requires" a change to the config immediately after
installation.  Simply put, a dhcpd config will always need to be
modified to tell which net, subnet mask, hostnames, MACs, and so on,
it needs to handle.  It is annoying when the messages throughout the
file change and cause the admin to have to intervene in the process
by choosing what to do.  Some packages (e.g., horde2) have a config
in /etc/<pkg-name> with a standard <pkg-name>.conf and then somewhere
in the .conf file they source or include a snippet with the local
changes.  I encourage the maintainers of such packages (dhcpd and
ntp, come to mind immediately) to consider this approach.

3.  I really have no idea what happened here.  I carefully followed
the upgrade instructions, but my mailboxes.db ended up corrupted, which
caused the cyrus server to go crazy.  Also, once I got saslauthd to
where it would work correctly, cyrus refused all imap and imaps
connections.  I ended up having to go into /etc/hosts.allow and add
ALL:LOCAL for cyrus to finally accept only local imap connections.
I never figured out how to get it to accept imaps connections without
adding ALL:ALL, which is not an acceptable solution).  About 4 hours
of Google searching yielded no useful information.  I ended up setting
impas to go through sslwrap (as I had for cyrus v1.5), since it would
accept remote connections.  I can't tell if this is a bug or a mis-
configuration on my part.

4.  The upgrade to sslwrap tried to generate an ssl certificate.  For
some reason (I suspect becuase I have created my own CA), openssl
errored out, causing the sslwrap postinst to fail.  This caused me
repreated problems as it would hang up the postinst of other packages.
I finally copied /etc/ssl and /etc/sslwrap off to another location,
purge both openssl and sslwrap, reinstall both, remove /etc/ssl and
 /etc/sslwrap, and replace them with my backup copies.  I am not sure
why this happened, but I am pretty sure it is a bug.  I have not yet
filed a bug since I am not sure if it should go against openssl or
sslwrap.  Sugestions would be appreciated.

Roberto C. Sanchez

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: