Re: Testing upgrade and consequences
On Tue, 13 Mar 2001, Andrew M.A. Cater wrote:
> I've had to suffer this one - providing telephone support and advice over
> a week plus to an old and valued friend :) [Hi Martin :) ]
[Hi, Andy! Just about to put this one to the list but you beat me to
it.]
<WHINGEING RANT>
> He upgraded
> from a Potato 2.2r2 system to current "testing" and most things broke in serious
> ways, such that he swears he will never again move from stable releases.
And *how*.
NEVER again. (Certainly not for client-critical systems.)
System (was) Debian 2.2r2 + proposed-updates + kde.tdyc -- with A LOT of
other stuff added. System was used to demo debian to clients -- if
client wanted exim, then exim had to be installed and work; if client
wanted sendmail, then sendmail had to be installed and had to work --
etc. The system was also set up as a full SGML/XML editing environment
(heavy stuff -- EAD and TEI, with a full set of 150+ DTDs). In short, a
fully-fleshed-out system for all the different types of work done by
any of my clients (document engineering + website development).
[On a Celeron 466 with 64M, 4G of hard-disk space, and a Rage128/16M
video card + pnp modem card. Typical client kit.]
Essentials on system were: apache; perl; php; mysql; postgresql; mailman
-- anything you might find on a commercial e-site (Java, Chilisoft ASP,
etc) -- also StarOffice, WordPerfect 8 and
Netscape/Opera/Amaya/Arena/Mozilla/Chimera/lynx/links/w3m -- plus the
inevitable emacs/xemacs, and various HTML/XML-compatible editors.
Lots of perl and php scripts for training/demo purposes.
On attempting upgrade to testing, first thing I was presented with was a
decision to >>remove<< 402 Mb of system files (452 packages).
Oh.
This I declined; and proceeded to (re-)install packages individually
from an apt-get --just-print dist-upgrade list.
Things started to break/dependency-loop almost immediately.
(The persistent offenders I remember most at this stage are exmh and
kdeadmin.) The dependency circus engendered was horrendous.
Eventually (after 3/4 days) I got down to just 160 packages left to
upgrade -- but so much was already broken that I just left the box
upgrading by itself all night.
Bad move.
Everything that was not "Debian-approved" got blown away. (E.g.
StarOffice; Netscape [4.76 from CD-rom, not download]; asWedit; etc.)
In all, I lost 20% of my installed system software. Total bummer.
(I run lots of non-free stuff on my Debian systems. I have no
ideological problems with this.)
I was no longer able to go online. (diald had been installed -- without
asking -- on top of pppd.)
> Mailman configuration broke
-- due to fact that ALL apache confiiguration files/directories were
simply annihilated. Again -- no warning; no explanation.
> Pine broke
-- discovered that something had reconfigured my smtp server (wasn't
asked; wasn't warned -- just another example of the "Debian-disapproved
-- therefore OK to blow away" syndrome experienced throughout this
whole attempt to upgrade.)
> Mutt works, but is not his preferred option.
Yeah -- but it's "Debian-approved", innit?
> Exim configuration didn't, such that he reverted to smail.
-- conflicted with mailman -- not flagged.
> He won't believe me
> when I say that Exim works fine.
[Not for me it bloody well doesn't. Not after *this* upgrade.]
> Most seriously of all - "Apache in Debian is seriously broken"
>
> There may be a dependency loop on apache-perl which is inappropriate.
This is the real crux of the matter.
I CANNOT recommend this type of upgrade to any of my clients.
My existing apache configuration was totally wiped out.
Conflicting and inconsistent dependencies between apache and apache-perl
prevented re-installation.
(I eventually managed it by forcing something -- can't remember what,
now. I ended up with apache-ssl; and a version of apache-perl that
still can't be purged.)
This would be instant death to any of the clients I deal with -- I am
not surprised that some of them ban debian entirely.
> The default configuration of apache has changed drastically between Potato
> and testing.
There was obsolutely NO warning given that existing apache configuration
files AND directories (including error log directories) would be
obliterated. (I lost everything -- *including* my safe backups of all
configuration files) when apache was upgraded.
>> The infuriating thing is that I didn't even get an upgrade to Apache
1.3.12 -- which every other distribution has been supplying since
mid-2000 -- I got the same old 1.3.9, but this time with a single
httpd.conf in place of the previous 3 separate files. <<
None of my scripting examples worked -- I had to spend three days
reconfiguring the whole website. Not funny.
> The version in testing is locked down solidly - everything is
> denied unless explicitly allowed with apache directives. This is at odds with
> the behaviour up to and including potato, which was open. Apache stomped over
> his httpd.conf files on upgrade and left him wondering what _exactly_ had
> happened. As he says "All other distributions work out of the box. When I'm
> training, I can get a class working on apache immediately." We both recognise
> the need for security but he suggests that Debian is "too techie" in this
> respect at the moment. Can we, at least, recognise the upgrade problem and
> provide a choice "secure, preferred but hard to configure" and "you have an opensystem which may have holes but you want it that way" and preserve the existing
> setup if the upgrader wishes?
Only *some* of my clients would have been able to tackle the horrendous
breakages caused by the new httpd.conf file's attitude to strict
security (compared to the old lax attitude) on existing local website
material -- I suspect that most would have immediately banned debian
from their sites for evermore, and gone straight back to SuSE.
No joking.
My current situation is:
-- after 10 days *hard* work I've got everything (almost) back to where
it was, but upgraded. Sort of.
HOWEVER --
- I can no longer use dselect (because of the apache-perl conflict --
it just runs amok and re-deletes apache for me by trying to purge
apache-perl);
- Nor can I use apt-get upgrade -- at one point my kernel image was
upgraded (thus forcing me to re-compile to get sound and a few other
essential modiles back) -- and every time I now try to upgrade I get an
insistent attempt to upgrade my kernel image yet again -- what the hell
do I have to name it to stop this behaviour?
- kdm and xdm don't work. I get a pretty login screen; log in; and get
re-presented with the pretty login screen.
- xf86cfg puts me into twm. (Huh ???)
- XF86Setup now warps my screen to an unreadable state -- always.
(I have to demonstrate all of above to clients, to show the versatility
of debian. Great with stable. Currently *infeasible* with testing.)
OK -- I tried.
Nice one. Thanks a bundle.
</WHINGEING RANT>
> Posted to -devel because we can't be the only ones running apache and it is
> specifically a testing/woody issue.
msw
--
Martin Wheeler - StarTEXT - Glastonbury - BA6 9PH - England
[1] mwheeler@startext.co.uk http://www.startext.co.uk/
- Share your knowledge. It's one way to achieve immortality. -
Reply to: