...because while debian's Sarge-to-Etch wasn't too ugly a transition, it nevertheless isn't something I want to do too often for all the boxes I'm responsible for. (As a matter of fact there's a few I'll leave running Sarge.) Here's all the notes I've made during the upgrade; maybe useful to others, maybe not.

Gimme the News

I started with the usual, updated the sources.list. No more Non-US, yai! Then a quick apt-get update. Most of my systems ran Sarge plus some backports plus some local hacks, and next I did unhold (via dpkg) all packages that I locked, except xpdf whose current version is still completely fucked.

The first apt-get dist-upgrade I didn't let loose. On two boxes I had to nuke apt's lists in /var/lib/apt/lists because dist-upgrade didn't want to see any of the new stuff, then did an apt-get update again and things went on.

The first dist-upgrade wanted to remove way too much stuff, and pull in heaps of crap. So I went for the step-by-step approach: first upgrade apt, dpkg, debconf; apt-get install apt dpkg debconf aptitude- which loses me: apt-listchanges libterm-readline-gnu-perl. No problem, just something to pull in later.

En passant I had to update my squid conf at home, going from cache policy LRU to heap LFUDA so that Debian packages stay cached between doing machines...

The new apt does signed packages, which is fine. Using the Debian-Multimedia (C. Marrilat) needs this key to be known to apt also.

Do a gpg --export -a -o x 07DC563D1F41B907 and apt-key add x and one more apt-get update to pull in the new signature data.

But dist-upgrade still wants to make a hash, also pulling in lots of "modular" xorg-garbage. So we continue manually:

apt-get install xserver-xorg-input-{kbd,mouse} xserver-xorg-core x11-common xbase-clients xserver-xorg-video-nv dvdrip groff transcode xcb xcolors xcolorsel mplayer-nogui mencoder dia

Now it looks better for dist-upgrade, which removes a few old packages (netkit-inetd becomes obenbsd-inetd, ntp-server/simple becomes ntp, firefox becomes ...whatever...). This completed fine, with the usual amount of update questions.

The following packages needed to be pulled in manually (on some machines): tidy gnupg-agent id3v2 libtunepimp-perl cdcd apt-listchanges mencoder perl-doc.

Surviving the Inevitable (Changes, that is)

For cleaning up things I usually first run dpkg -P deborphan repeatedly, then go through the output of deborphan -a by hand. dpkg -l|grep -v ^ii tells me who's removed-but-not-purged, and hence can be purged quickly.

Then I go over all the .dpkg files in /etc; emacs and ediff-merge help a lot with that chore: for i in find /etc -name "*.dpkg*"; do X=${i%.dpkg*}; emacs --eval "(ediff-merge-files \"$i\" \"$X\" nil nil )"; done

MH-E has dropped glimpse support, which is stupid as glimpse has become more (but not really) free recently, and this means that my custom /etc/emacs/site-start.el stuffs up emacs package installations as it tries to load mh-e components that are no longer there. That was fixed first, together with the mh-e insistence on this the even start (idiots!): (setq mh-adaptive-cmd-note-flag nil) Also removed /usr/share/site-lisp, which had ancient mh-e fragments.

Mpd needs some previously optional settings to start.

The xserver migration doesn't work straight out of the box: the fontpaths are not updated and must be changed to /usr/share/fonts/X11/... manually. The unpackaged locally hacked binary modules (nvidia, mach64dri) did continue to work, which is quite amazing (although no new kernels were involved); make sure that modules get compiled with the same gcc versions as the kernels!

Firefox...stinks about as bad as a rotten burnt fox or weasel carcass. I hate the default searchplugins (they identify you to the site), and have my own sans id fragments under my home: rm /usr/lib/iceweasel/searchplugins/*

Migrating unpackaged plugins in place works mostly, you just mv them from /usr/lib/firefox/plugins to /usr/lib/iceweasel/plugins and run firefox as root to do the version updates a few times.

The Iceweasel default look is way too sugary and fat, the Le Breeze theme cleans that up. Installation of themes is implemented stupidly: you must have an Addons dialog open and drag the theme jarfile onto that dialog.

(BTW, must-have extensions for me: greasemonkey (debianised), Noscript, Permit Cookies (very much a misnomer), Download Statusbar, Tabbrowser Preferences)

Some packages pull in Gnome elements, most specifically gconf2: this thing sucks beyond words. If it's there, iceweasel will attempt to use it and your logs get flooded. chmod a-x /usr/lib/libgconf2-4/gconfd-2 helps, even better if you get rid of the gnomes.

hotplug, n.: chili-oil enema in software.
the application hurts a lot and the result is still shite.

Pcmcia support sucks: hotplug is being deprecated in favour of udev, which sucks almost more, and pcmcia-utils have some bugs that affect you badly if you reject udev (like me).

The lm-sensors infrastructure doesn't work properly with an existing 2.4 kernel and modules; I only see half the sensors. To compile 2.4, you must keep gcc-3.3 around: the newer 4.1 doesn't grok some of the code and barfs badly during preprocessing/compilation. If you have no such kernels around, all the gcc packages earlier than 4.1 can be safely removed.

The xauth program is still in xbase-clients, which is stupid and subject of a number of unfixed bug reports. Nobody wants having defoma and siblings, fonts and other completely unnecessary X11 stuff on headless servers just to be able to run ssh with X11 forwarding of say, an emacs window. The cheap but dirty trick is to mv /usr/bin/xauth /usr/local/bin/xauth and adding XAuthLocation /usr/local/bin/xauth to /etc/ssh/sshd_config, followed by a purge of the xbase-clients and all the x11 packages that you can get rid of (which is quite a large number, trust me).

What is quite nice, is the nicely integrated cryptsetup for block devices, complete with luks support. Gpg-agent is cool, too, but its ssh-agent emulation is rotten beyond help: it stores the ssh keys on disk, hello?!! Final related goodie I'll post something about later is the integration of David Howell's kernel key storage stuff (keyutils). This is very useful, especially when combined with the pinentry programs (siblings of the gpg-agent), but more on that later.

Good luck upgrading!

[ published on Thu 19.04.2007 14:18 | filed in interests/debian | ]
Debian Silver Server
© Alexander Zangerl