:: [DNG] ascii > beowulf upgrade repor…
Top Page
Delete this message
Reply to this message
Author: Alexander Bochmann
Date:  
To: dng
Subject: [DNG] ascii > beowulf upgrade report (home server)
Upgraded my shell server at home yesterday, and ran into a couple of
problems. None of them were specific to Devuan though, as far as I
can see - all the affected packages were inherited from Debian, and
most of the trouble was due to certain configuration details on my
system.

Anyway, maybe someone hits one of those too and can make use of the
info:


1) mariadb-server didn't upgrade to 10.3

This was my own fault, since I removed the old mysql-server package
left over from a previous dist-upgrade during my pre-upgrade cleanup,
and I didn't check if the mariadb-server metapackage was installed
instead (it wasn't).

This brought up a couple of followup errors since no database server was
running, but all of them were recoverable.


2) missed a subtle change in /etc/init.d/cryptdisks

The cryptdisks init script sources /lib/cryptsetup/cryptdisks-functions
In previous releases this was /lib/cryptsetup/cryptdisks.functions -
and I totally did not notice that change when the diff was shown during
the upgrade, so I kept the old init script, and subsequently wondered
my some encrypted volumes weren't mounted anymore. (This should only happen
when you modified the init script, like I did.)


3) dovecot starts with a warning

When you previously used the ssl_dh_parameters_length option in the
dovecot configuration, the server will show a warning after the upgrade:

> doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:37: ssl_dh_parameters_length is no longer needed
> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
> doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem


Just do what it sais.


4) sendmail behaviour change

Apparently sendmail now refuses to connect to remote servers that run
TLS with weak DH parameters.
Since the remote in question was under my control I fixed that one,
and didn't try to find out where that configuration change is hidden.


5) SOGo upgrade needs manual intervention

SOGo was upgraded from 3.x to 4.x, which needs some changes in the SQL
database. There are upgrade scripts in /usr/share/doc/sogo, but they
are not run automatically.
My SOGo still can't connect successfully to the dovecot server after
the upgrade, and I haven't yet found out what the problem is (other
clients work).


6) php FCGIWrapper in apache2

I had a custom FCGI configuration left over from PHP5 times, which
used a php binary installed to /usr/lib/cgi-bin. This is gone now with
PHP7.3. I switched to the default setup provided by libapache2-mod-fcgid
instead.


As far as I can see, there were no problems with any of the infrastructure
and packages provided by Devuan. Quite happy with that, thanks!

Alex.


P.S.
By the way, just today I came across a mention of the debsums utility
that I can't believe I didn't know about after all this time of running
Debian/Ubuntu/Devuan systems:

> debsums --config | grep FAILED


Running that will show all configuration files that have been changed from
the original provided by the deb package. Knowing those would have been so
useful when preparing for upgrades...