Ticket #535 (closed maintenance: fixed)
Upgrade Puffin, Penguin and Parrot from Debian Squeeze to Wheezy
Reported by: | chris | Owned by: | chris |
---|---|---|---|
Priority: | critical | Milestone: | Maintenance |
Component: | Live server | Keywords: | |
Cc: | ed, aland, jim | Estimated Number of Hours: | 2.0 |
Add Hours to Ticket: | 0 | Billable?: | yes |
Total Hours: | 17.92 |
Description (last modified by chris) (diff)
Debian 7 is due out on 5th May 2013 and wiki:PuffinServer, wiki:PenguinServer and wiki:ParrotServer will need upgrading.
Attachments
Change History
comment:1 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.5
- Total Hours changed from 0.0 to 0.5
comment:2 Changed 4 years ago by chris
- Description modified (diff)
- Summary changed from Upgrade Puffin and Penguin from debian squeeze to wheezy to Upgrade Puffin, Penguin and Parrot from Debian Squeeze to Wheezy
comment:3 Changed 4 years ago by jim
BOA team already on it, see this commit and a stream of updates afterwards: Add _SQUEEZE_TO_WHEEZY major upgrade support.
In other words, when the next BOA (2.0.9) comes out, it'll have this 'Update to Wheezy' feature as an option built in with a tweak of the .barracuda.cnf script.
I'd personally give it a few weeks so that others run the process and flush out any issues.
And per my comments regarding the 'right way' to update, it's absolutely essential you use the BOA scripts for updating Puffin.
comment:5 Changed 4 years ago by chris
The latest BOA include a Wheezy upgrade option, see ticket:547
comment:6 follow-up: ↓ 7 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 0.5 to 0.75
Wheezy has a local root vulnerability that hasn't been fixed yet:
So we should wait till this is fixed before upgrading to Wheezy, https://imc.li/ud1n5 :
Debian stable (wheezy) and testing (jessy) are currently vulnerable, sid and old-stable (squeeze) are not.
Also we need to reboot the server that is hosting the 3 Transition Network machines as one of the virtual machine has hit this bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701744
And the current fix is to downgrade the host kernel, this wil be done sometime this evening and it might result in around 10 mins of downtime.
comment:7 in reply to: ↑ 6 Changed 4 years ago by chris
Replying to chris:
Also we need to reboot the server that is hosting the 3 Transition Network machines as one of the virtual machine has hit this bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701744
And the current fix is to downgrade the host kernel, this wil be done sometime this evening and it might result in around 10 mins of downtime.
This has been done, according to pingdom the server went down at Wed, 15 May 2013 23:14:24 +0100 and was back by Wed, 15 May 2013 23:23:05 +0100.
comment:8 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 0.75 to 1.0
One of the virtual machines on the physical server that the Transition virtual machines are running on got hit by debian bug 701744 again so earlier this morning the server had the patched kernel referenced in the thread here http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701744 installed and it was rebooted. Pingdom reported that the site was offline for 23 mins:
PingdomAlert UP: www.transitionnetwork.org (www.transitionnetwork.org) is UP again at 25/08/2013 07:16:57, after 23m of downtime.
This time there wasn't the problem with the wrong version of php-fpm starting.
comment:9 Changed 3 years ago by ed
I think that this re-boot re-set the user settings (see ticket #575) - I had set them to 'Visitors can create accounts and no administrator approval is required.' before, then this happened, now the settings have changed to 'Visitors can create accounts but administrator approval is required.'.
comment:10 Changed 3 years ago by jim
The reboot is not related. We need to update BOA... continuing over on #575.
comment:11 Changed 3 years ago by jim
(On checking it's clear it's not a BOA update issue either.)
comment:12 Changed 3 years ago by chris
Note that the RAM disk location will change when we upgrade, see ticket:591#comment:2
comment:13 Changed 3 years ago by chris
When we have upgraded the servers to Wheezy we will have a version of openssl which does TLS 1.1. and TLS 1.2 so we should set Nginx and Apache to use ciphers with forward secrecy to hamper GCHQ, some links on this:
comment:14 follow-up: ↓ 15 Changed 3 years ago by ed
I'm ambivalent about making political decisions until we have seen from TN how political it wants the web project to be. When you say 'should' I suggest using the word 'could'.
As discussed - all works we're up to now until we get into the site redesign for 2014 are operational - and mostly utilitarian to keep TN.org as quick and useful as possible.
comment:15 in reply to: ↑ 14 Changed 3 years ago by chris
Replying to ed:
I'm ambivalent about making political decisions until we have seen from TN how political it wants the web project to be. When you say 'should' I suggest using the word 'could'.
I think you must misunderstand. We should follow best security practice unless there is a good reason not to and I can't think of any good reason not to set webservers to use the best available ciphers. When the servers are upgraded to Wheezy then we will have more cipher options so we should make use of these options, it's not a lot of work, it's just a matter of tweaking one or two lines in a config file.
comment:16 follow-up: ↓ 17 Changed 3 years ago by ed
OK I'll get my coat.
But it therefore is a language thing for me - until we have or haven't agreed that we do or don't do things to hamper GCHQ I'd prefer it if we focus on utility.
comment:17 in reply to: ↑ 16 Changed 3 years ago by chris
Replying to ed:
until we have or haven't agreed that we do or don't do things to hamper GCHQ I'd prefer it if we focus on utility.
What I'm suggesting is not radical, it's simply sensible security steps we should taken given the environment we are operating in.
Perhaps the following comment from Mike Hearn who works "for Google, where I spent the last three years working on account security and anti-spam systems" will help put my comment above into context?
The packet capture shown in these new NSA slides shows internal database replication traffic for the anti-hacking system I worked on for over two years. Specifically, it shows a database recording a user login as part of this system:
http://googleblog.blogspot.ch/2013/02/an-update-on-our-war-against-account.html
Recently +Brandon Downey , a colleague of mine on the Google security team, said (after the usual disclaimers about being personal opinions and not speaking for the firm which I repeat here) - "fuck these guys":
https://plus.google.com/108799184931623330498/posts/SfYy8xbDWGG
I now join him in issuing a giant Fuck You to the people who made these slides. I am not American, I am a Brit, but it's no different - GCHQ turns out to be even worse than the NSA.
We designed this system to keep criminals out . There's no ambiguity here. The warrant system with skeptical judges, paths for appeal, and rules of evidence was built from centuries of hard won experience. When it works, it represents as good a balance as we've got between the need to restrain the state and the need to keep crime in check. Bypassing that system is illegal for a good reason .
Unfortunately we live in a world where all too often, laws are for the little people. Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement, we therefore do what internet engineers have always done - build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined.
Thank you Edward Snowden. For me personally, this is the most interesting revelation all summer.
comment:18 Changed 3 years ago by chris
Another thing to note on the matter of ciphers, this is from the BOA Changelog for 2.1.0:
### Stable BOA-2.1.0 Release - Full Edition - Now NSA-proof ### Date: Sat Nov 2 18:15:19 EDT 2013 #-### PFS (Perfect Forward Secrecy) support in Nginx BOA now fully supports the most secure, yet still compatible with most used systems and browsers SSL configuration. All hosted BOA instances have been already upgraded automatically and you don't need to do anything to make it work -- it is already done for you -- both on any SSL enabled site with dedicated certificate and IP address and also on the standard, system-wide SSL proxy level, which is available for every hosted site -- just type HTTPS:// in the URL. On self-hosted instances it needs to be enabled by adding a line in your /root/.barracuda.cnf file: _NGINX_FORWARD_SECRECY=YES before the upgrade. Note that depending on the system used, it may auto-install some requirements like latest OpenSSL libraries and packages. Remotely managed BOA systems can have this feature enabled upon request submitted via https://omega8.cc/support
This appears to indicate that when we do this upgrade, we will also see openssl being updated, I'm not sure where that will come from.
We have till May to do this upgrade but perhaps we should consider doing it around the Xmas holiday when the site isn't very busy?
Or perhaps PuffinServer should be upgraded with the BOA-2.1.1 upgrade, ticket:612?
comment:19 Changed 3 years ago by chris
Given the discussion on ticket:612 I think we should set a date and time for a upgrade to Wheezy within the next week. I'm happy to do it one evening starting at 9 or 10pm. It will potentially involve an hour or so of downtime so I think users should be notified in advance perhaps?
comment:20 Changed 3 years ago by chris
- Cc aland, jim added
- Add Hours to Ticket changed from 0.0 to 1.0
- Status changed from new to accepted
- Total Hours changed from 1.0 to 2.0
We have agreed to upgrade wiki:PuffinServer from Squeeze to Wheezy at 10pm on Sunday 17th November.
Alan can you be around at this time to check that we have a snapshot of the filesystem prior to the upgrade in case it goes horribly wrong and we have to roll back?
In terms of upgrading wiki:PenguinServer and wiki:ParrotServer I suggest we should first migrate them to the ZFS server, I have opened a ticket for that, ticket:618, perhaps this could be done the same evening as the Puffin Wheezy upgrade?
The upgrade on Puffin will involve the following steps:
- Adding the following to /root/.barracuda.cnf see ticket:612#comment:5 (this has been done):
_SQUEEZE_TO_WHEEZY=YES _NGINX_FORWARD_SECRECY=YES _NGINX_SPDY=YES
The existing config already had this set:
_BUILD_FROM_SRC=NO
- Run the commands documented at wiki:PuffinServer#UpgradingBOA
sudo -i screen cd wget -q -U iCab http://files.aegir.cc/BOA.sh.txt bash BOA.sh.txt barracuda up-stable system octopus up-stable all
- Check the following:
- MySQL RAM disk location, see ticket:591#comment:2
- Munin, see wiki:PuffinServer#nginxconfigchanges and wiki:PuffinServer#php-fpmconfigchanges
- Logs and kill thresholds, see wiki:PuffinServer#xdragoshellscriptchanges
Anything else?
I have made a few updates on wiki:PuffinServer, closed some tickets and read through the wiki:LennyToSqueeze page
comment:21 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 2.0 to 2.25
One thing worth noting regarding the custom php-fpm changes documented at wiki:PuffinServer#php-fpmconfigchanges is that these changes have been clobbered despite the fact that we have this variable set in /root/.barracuda.cnf (but perhaps they were clobbered before this variable was set):
_CUSTOM_CONFIG_PHP_5_3=YES
It's also worth noting that we are running a lot more php-fpm processes than are needed and reducing this number would save a lot of RAM, see:
- https://penguin.transitionnetwork.org/munin/transitionnetwork.org/puffin.transitionnetwork.org/phpfpm_status.html
- https://penguin.transitionnetwork.org/munin/transitionnetwork.org/puffin.transitionnetwork.org/phpfpm_connections.html
- https://penguin.transitionnetwork.org/munin/transitionnetwork.org/puffin.transitionnetwork.org/phpfpm_memory.html
- https://penguin.transitionnetwork.org/munin/transitionnetwork.org/puffin.transitionnetwork.org/multips_memory.html
We should perhaps consider changing this variable in /root/.barracuda.cnf:
_PHP_FPM_WORKERS=AUTO
We could set it to a value such as the max active processes in the last week, 6.
comment:22 Changed 3 years ago by aland
- Add Hours to Ticket changed from 0.0 to 1.0
- Total Hours changed from 2.25 to 3.25
Created suitable disk images for the transition machines
snapshot the live system and copied to to the new disk images
shutdown live machines and did a final copy
booted new machines
Checked with chris that they were functioning as expected.
comment:23 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 1.25
- Total Hours changed from 3.25 to 4.5
Alan has migrated wiki:PenguinServer and wiki:ParrotServer to the ZFS network filesystem.
Following is what was done for the wiki:PuffinServer upgrade to Wheezy:
sudo -i screen cd wget -q -U iCab http://files.aegir.cc/BOA.sh.txt bash BOA.sh.txt BOA Meta Installer setup completed Please check INSTALL.txt and UPGRADE.txt at http://bit.ly/boa-docs for how-to Bye barracuda up-stable system waiting 8 sec
That is the last thing BOA displayed, in /var/log/dpkg.log there is a list of all the packages downloaded ending with:
... 2013-11-17 22:31:33 status installed libyajl2:amd64 2.0.4-2 2013-11-17 22:31:33 configure collectd-core:amd64 5.1.0-3 <none> 2013-11-17 22:31:33 status unpacked collectd-core:amd64 5.1.0-3 2013-11-17 22:31:33 status unpacked collectd-core:amd64 5.1.0-3 2013-11-17 22:31:33 status unpacked collectd-core:amd64 5.1.0-3 2013-11-17 22:31:33 status unpacked collectd-core:amd64 5.1.0-3 2013-11-17 22:31:33 status half-configured collectd-core:amd64 5.1.0-3 2013-11-17 22:31:34 status installed collectd-core:amd64 5.1.0-3 2013-11-17 22:31:34 configure collectd:amd64 5.1.0-3 <none> 2013-11-17 22:31:34 status unpacked collectd:amd64 5.1.0-3
And in /var/log/apt/term.log there is:
Starting statistics collection and monitoring daemon: collectd.^M Setting up collectd (5.1.0-3) ...^M ^M Configuration file `/etc/collectd/collectd.conf'^M ==> Modified (by you or by a script) since installation.^M ==> Package distributor has shipped an updated version.^M What would you like to do about it ? Your options are:^M Y or I : install the package maintainer's version^M N or O : keep your currently-installed version^M D : show the differences between the versions^M Z : start a shell to examine the situation^M The default action is to keep your current version.^M *** collectd.conf (Y/I/N/O/D/Z) [default=N] ?
But there is no way to sort issues like this out as we don't have a terminal to interact with.
comment:24 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 2.0
- Total Hours changed from 4.5 to 6.5
This is the log of the failed upgrade using BOA, /var/backups/reports/up/barracuda/131117/barracuda-up-131117-2213.log:
Barracuda [Sun Nov 17 22:13:50 GMT 2013] ==> BOA Skynet welcomes you aboard! Barracuda [Sun Nov 17 22:13:54 GMT 2013] ==> INFO: UPGRADE Barracuda [Sun Nov 17 22:13:54 GMT 2013] ==> INFO: Reading your /root/.barracuda.cnf config file Barracuda [Sun Nov 17 22:13:55 GMT 2013] ==> NOTE! Please review all config options displayed below Barracuda [Sun Nov 17 22:13:55 GMT 2013] ==> NOTE! It will *override* all settings in the Barracuda script ### ### Configuration created on 121215-1545 ### with Barracuda version BOA-2.0.4 ### ### NOTE: the group of settings displayed bellow will *not* be overriden ### on upgrade by the Barracuda script nor by this configuration file. ### They can be defined only on initial Barracuda install. ### _HTTP_WILDCARD=YES _MY_OWNIP="81.95.52.103" #_MY_OWNIP="" _MY_HOSTN="puffin.webarch.net" #_MY_HOSTN="" _MY_FRONT="master.puffin.webarch.net" _THIS_DB_HOST=localhost #_THIS_DB_HOST=FQDN _SMTP_RELAY_TEST=YES _SMTP_RELAY_HOST="" _LOCAL_NETWORK_IP="" _LOCAL_NETWORK_HN="" ### ### NOTE: the group of settings displayed bellow ### will *override* all listed settings in the Barracuda script, ### both on initial install and upgrade. ### _MY_EMAIL="chris@webarchitects.co.uk" _XTRAS_LIST="PDS CSF CHV" _AUTOPILOT=YES _DEBUG_MODE=NO _DB_SERVER=MariaDB _SSH_PORT=22 _LOCAL_DEBIAN_MIRROR="ftp.debian.org" _LOCAL_UBUNTU_MIRROR="archive.ubuntu.com" _FORCE_GIT_MIRROR="" _DNS_SETUP_TEST=YES _NGINX_EXTRA_CONF="" _NGINX_WORKERS=AUTO _PHP_FPM_WORKERS=AUTO _BUILD_FROM_SRC=NO _PHP_MODERN_ONLY=YES _PHP_FPM_VERSION=5.3 _PHP_CLI_VERSION=5.3 #_LOAD_LIMIT_ONE=1444 #_LOAD_LIMIT_TWO=888 _LOAD_LIMIT_ONE=8664 _LOAD_LIMIT_TWO=5328 _CUSTOM_CONFIG_CSF=YES #_CUSTOM_CONFIG_SQL=NO _CUSTOM_CONFIG_SQL=YES _CUSTOM_CONFIG_REDIS=NO _CUSTOM_CONFIG_PHP_5_2=NO #_CUSTOM_CONFIG_PHP_5_3=NO _CUSTOM_CONFIG_PHP_5_3=YES _SPEED_VALID_MAX=3600 _NGINX_DOS_LIMIT=300 _SYSTEM_UPGRADE_ONLY=YES _USE_MEMCACHED=NO #_NEWRELIC_KEY=aekooZaifoov5AhkahChoo5Ehoo6mohVopheemei8ovaiXok6ka _NEWRELIC_KEY= _USE_STOCK=NO ### ### Configuration created on 121215-1545 ### with Barracuda version BOA-2.0.4 ### ### JK reinstall PHP _EXTRA_PACKAGES= _PHP_EXTRA_CONF="" _STRONG_PASSWORDS=NO _DB_BINARY_LOG=NO _DB_ENGINE=InnoDB _NGINX_LDAP=NO _PHP_GEOS=NO _PHP_MONGODB=NO _AEGIR_UPGRADE_ONLY=NO ### Squeeze to Wheezy upgrade config ### See /trac/ticket/535 _SQUEEZE_TO_WHEEZY=YES _NGINX_FORWARD_SECRECY=YES _NGINX_SPDY=YES #_BUILD_FROM_SRC=NO _NGINX_NAXSI=NO _PHP_ZEND_OPCACHE=YES _PERMISSIONS_FIX=NO _MODULES_FIX=YES _MODULES_SKIP="" _SSL_FROM_SOURCES=NO _SSH_FROM_SOURCES=NO _RESERVED_RAM=0 Barracuda [Sun Nov 17 22:13:57 GMT 2013] ==> INFO: Checking your system version... Barracuda [Sun Nov 17 22:13:57 GMT 2013] ==> Aegir on Debian/squeeze - Skynet Agent v.BOA-2.1.2 Barracuda [Sun Nov 17 22:13:57 GMT 2013] ==> INFO: Running silent aptitude full-upgrade, please wait... Barracuda [Sun Nov 17 22:13:57 GMT 2013] ==> INFO: Updating packages sources list... Barracuda [Sun Nov 17 22:13:57 GMT 2013] ==> INFO: We will use Debian mirror ftp.debian.org Barracuda [Sun Nov 17 22:14:10 GMT 2013] ==> INFO: Downloading little helpers... Barracuda [Sun Nov 17 22:14:11 GMT 2013] ==> INFO: Checking BARRACUDA version... Barracuda [Sun Nov 17 22:14:11 GMT 2013] ==> INFO: BARRACUDA version test: OK Barracuda [Sun Nov 17 22:14:13 GMT 2013] ==> UPGRADE START -> checkpoint: * Your e-mail address appears to be chris@webarchitects.co.uk - is that correct? * Your server hostname is puffin.webarch.net. * Your Aegir control panel is/will be available at https://master.puffin.webarch.net. Barracuda [Sun Nov 17 22:14:13 GMT 2013] ==> INFO: Cleaning up temp files in /var/opt/ Barracuda [Sun Nov 17 22:14:15 GMT 2013] ==> WARN: Squeeze to Wheezy upgrade will start in 60 seconds... Barracuda [Sun Nov 17 22:14:15 GMT 2013] ==> WARN: Now pray it will work... or hit ctrl-c to stop now! Barracuda [Sun Nov 17 22:15:17 GMT 2013] ==> WARN: Too late! Squeeze to Wheezy upgrade in progress... Barracuda [Sun Nov 17 22:15:17 GMT 2013] ==> HINT: Run tail -f /var/backups/barracuda-upgrade-131117-2213.log Barracuda [Sun Nov 17 22:15:17 GMT 2013] ==> HINT: in another terminal window to watch details Barracuda [Sun Nov 17 22:30:09 GMT 2013] ==> INFO: Testing Nginx version... Barracuda [Sun Nov 17 22:30:11 GMT 2013] ==> INFO: Installed Nginx version nginx/1.5.2, upgrade required Barracuda [Sun Nov 17 22:30:15 GMT 2013] ==> INFO: Upgrading Nginx... apt-get install collectd -y --force-yes failed. Error (if any): 0 Displaying the last 15 lines of /var/backups/barracuda-upgrade-131117-2213.log to help troubleshoot this problem If you see any error with advice to run 'dpkg --configure -a', run this command first and choose default answer, then run this installer again locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory Starting statistics collection and monitoring daemon: collectd. Setting up collectd (5.1.0-3) ... Configuration file `/etc/collectd/collectd.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** collectd.conf (Y/I/N/O/D/Z) [default=N] ? ^TBarracuda [Sun Nov 17 23:11:36 GMT 2013] ==> INFO: No errors? Then Squeeze to Wheezy upgrade was successful - congrats! Barracuda [Sun Nov 17 23:11:36 GMT 2013] ==> HINT: Please remember to reboot when Barracuda will complete all upgrades Barracuda [Sun Nov 17 23:11:36 GMT 2013] ==> INFO: Running aptitude update...
So doing the upgrade manually:
aptitude full-upgrade
Quite a lot of packages needed manually configuring via editing their config files to keep the local modifications and to also incorporate updates.
Then the BOA script was run again:
barracuda up-stable system Another BOA installer is running probably - /var/run/boa_run.pid exists rm /var/run/boa_run.pid barracuda up-stable system Some important system task is running probably - /var/run/boa_wait.pid exists rm /var/run/boa_wait.pid barracuda up-stable system waiting 8 sec
The log for this upgrade was written to /var/backups/reports/up/barracuda/131117/barracuda-up-131117-2346.log and the contents follows:
Barracuda [Sun Nov 17 23:46:32 GMT 2013] ==> BOA Skynet welcomes you aboard! Barracuda [Sun Nov 17 23:46:36 GMT 2013] ==> INFO: UPGRADE Barracuda [Sun Nov 17 23:46:36 GMT 2013] ==> INFO: Reading your /root/.barracuda.cnf config file Barracuda [Sun Nov 17 23:46:37 GMT 2013] ==> NOTE! Please review all config options displayed below Barracuda [Sun Nov 17 23:46:37 GMT 2013] ==> NOTE! It will *override* all settings in the Barracuda script ### ### Configuration created on 121215-1545 ### with Barracuda version BOA-2.0.4 ### ### NOTE: the group of settings displayed bellow will *not* be overriden ### on upgrade by the Barracuda script nor by this configuration file. ### They can be defined only on initial Barracuda install. ### _HTTP_WILDCARD=YES _MY_OWNIP="81.95.52.103" #_MY_OWNIP="" _MY_HOSTN="puffin.webarch.net" #_MY_HOSTN="" _MY_FRONT="master.puffin.webarch.net" _THIS_DB_HOST=localhost #_THIS_DB_HOST=FQDN _SMTP_RELAY_TEST=YES _SMTP_RELAY_HOST="" _LOCAL_NETWORK_IP="" _LOCAL_NETWORK_HN="" ### ### NOTE: the group of settings displayed bellow ### will *override* all listed settings in the Barracuda script, ### both on initial install and upgrade. ### _MY_EMAIL="chris@webarchitects.co.uk" _XTRAS_LIST="PDS CSF CHV" _AUTOPILOT=YES _DEBUG_MODE=NO _DB_SERVER=MariaDB _SSH_PORT=22 _LOCAL_DEBIAN_MIRROR="ftp.debian.org" _LOCAL_UBUNTU_MIRROR="archive.ubuntu.com" _FORCE_GIT_MIRROR="" _DNS_SETUP_TEST=YES _NGINX_EXTRA_CONF="" _NGINX_WORKERS=AUTO _PHP_FPM_WORKERS=AUTO _BUILD_FROM_SRC=NO _PHP_MODERN_ONLY=YES _PHP_FPM_VERSION=5.3 _PHP_CLI_VERSION=5.3 #_LOAD_LIMIT_ONE=1444 #_LOAD_LIMIT_TWO=888 _LOAD_LIMIT_ONE=8664 _LOAD_LIMIT_TWO=5328 _CUSTOM_CONFIG_CSF=YES #_CUSTOM_CONFIG_SQL=NO _CUSTOM_CONFIG_SQL=YES _CUSTOM_CONFIG_REDIS=NO _CUSTOM_CONFIG_PHP_5_2=NO #_CUSTOM_CONFIG_PHP_5_3=NO _CUSTOM_CONFIG_PHP_5_3=YES _SPEED_VALID_MAX=3600 _NGINX_DOS_LIMIT=300 _SYSTEM_UPGRADE_ONLY=YES _USE_MEMCACHED=NO #_NEWRELIC_KEY=aekooZaifoov5AhkahChoo5Ehoo6mohVopheemei8ovaiXok6ka _NEWRELIC_KEY= _USE_STOCK=NO ### ### Configuration created on 121215-1545 ### with Barracuda version BOA-2.0.4 ### ### JK reinstall PHP _EXTRA_PACKAGES= _PHP_EXTRA_CONF="" _STRONG_PASSWORDS=NO _DB_BINARY_LOG=NO _DB_ENGINE=InnoDB _NGINX_LDAP=NO _PHP_GEOS=NO _PHP_MONGODB=NO _AEGIR_UPGRADE_ONLY=NO ### Squeeze to Wheezy upgrade config ### See /trac/ticket/535 _SQUEEZE_TO_WHEEZY=YES _NGINX_FORWARD_SECRECY=YES _NGINX_SPDY=YES #_BUILD_FROM_SRC=NO _NGINX_NAXSI=NO _PHP_ZEND_OPCACHE=YES _PERMISSIONS_FIX=NO _MODULES_FIX=YES _MODULES_SKIP="" _SSL_FROM_SOURCES=NO _SSH_FROM_SOURCES=NO _RESERVED_RAM=0 Barracuda [Sun Nov 17 23:46:49 GMT 2013] ==> INFO: Checking your system version... Barracuda [Sun Nov 17 23:46:49 GMT 2013] ==> Aegir on Debian/wheezy - Skynet Agent v.BOA-2.1.2 Barracuda [Sun Nov 17 23:46:49 GMT 2013] ==> INFO: Updating packages sources list... Barracuda [Sun Nov 17 23:46:49 GMT 2013] ==> INFO: We will use Debian mirror ftp.debian.org Barracuda [Sun Nov 17 23:47:02 GMT 2013] ==> INFO: Downloading little helpers... Barracuda [Sun Nov 17 23:47:03 GMT 2013] ==> INFO: Checking BARRACUDA version... Barracuda [Sun Nov 17 23:47:03 GMT 2013] ==> INFO: BARRACUDA version test: OK Barracuda [Sun Nov 17 23:47:05 GMT 2013] ==> UPGRADE START -> checkpoint: * Your e-mail address appears to be chris@webarchitects.co.uk - is that correct? * Your server hostname is puffin.webarch.net. * Your Aegir control panel is/will be available at https://master.puffin.webarch.net. Barracuda [Sun Nov 17 23:47:05 GMT 2013] ==> INFO: Cleaning up temp files in /var/opt/ Barracuda [Sun Nov 17 23:47:07 GMT 2013] ==> INFO: Running aptitude update... Barracuda [Sun Nov 17 23:48:22 GMT 2013] ==> INFO: Upgrading required libraries and tools Barracuda [Sun Nov 17 23:48:22 GMT 2013] ==> NOTE! This step may take a few minutes, please wait... Barracuda [Sun Nov 17 23:52:23 GMT 2013] ==> WARNING! Locales on this system are broken or not installed and/or not configured correctly yet. This is a known issue on some systems/hosts which either don't configure locales at all or don't use UTF-8 compatible locales during initial OS setup. We will fix this problem for you now, so you shouldn't use any tricks to change system/ssh settings before running this installer. You can experience problems if your SSH client forces locales other than en_US.UTF-8 we are using by default. You should log out when this installer will finish all its tasks and display last line with "BYE!" and then log in again to see the result. We will continue in 5 seconds... Barracuda [Sun Nov 17 23:52:32 GMT 2013] ==> INFO: Testing Nginx version... Barracuda [Sun Nov 17 23:52:34 GMT 2013] ==> INFO: Installed Nginx version nginx/1.5.6, OK Barracuda [Sun Nov 17 23:52:34 GMT 2013] ==> INFO: Installed Nginx version nginx/1.5.6, forced rebuild to include purge module Barracuda [Sun Nov 17 23:52:38 GMT 2013] ==> INFO: Upgrading Nginx... Barracuda [Sun Nov 17 23:53:54 GMT 2013] ==> INFO: Running aptitude full-upgrade, please wait... Barracuda [Sun Nov 17 23:54:38 GMT 2013] ==> INFO: Testing Nginx version... Barracuda [Sun Nov 17 23:54:40 GMT 2013] ==> INFO: Installed Nginx version nginx/1.5.6, OK Barracuda [Sun Nov 17 23:54:44 GMT 2013] ==> INFO: Installing MySecureShell 1.31... Barracuda [Sun Nov 17 23:55:13 GMT 2013] ==> INFO: Fix #1 for libs in Debian wheezy Barracuda [Sun Nov 17 23:55:13 GMT 2013] ==> INFO: Fix #2 for libs in Debian wheezy Barracuda [Sun Nov 17 23:55:14 GMT 2013] ==> INFO: Checking SMTP connections... Barracuda [Sun Nov 17 23:55:16 GMT 2013] ==> INFO: Installing VnStat monitor... Barracuda [Sun Nov 17 23:55:29 GMT 2013] ==> INFO: Upgrading a few more tools... Barracuda [Sun Nov 17 23:55:32 GMT 2013] ==> INFO: Checking if PHP upgrade is available Barracuda [Sun Nov 17 23:55:34 GMT 2013] ==> INFO: PHP 5.3.27 rebuild required to include MariaDB 5.5.33a libs Barracuda [Sun Nov 17 23:55:36 GMT 2013] ==> INFO: Installing PHP-FPM 5.3.27 Barracuda [Sun Nov 17 23:55:36 GMT 2013] ==> NOTE! This step may take longer than 8 minutes, please wait... Barracuda [Sun Nov 17 23:55:41 GMT 2013] ==> INFO: Installing PHP-FPM 5.3.27 part 1/3 Barracuda [Sun Nov 17 23:55:44 GMT 2013] ==> INFO: Installing PHP-FPM 5.3.27 part 2/3 Barracuda [Sun Nov 17 23:57:36 GMT 2013] ==> INFO: Installing PHP-FPM 5.3.27 part 3/3 Barracuda [Mon Nov 18 00:08:20 GMT 2013] ==> INFO: Installing Imagick for PHP-FPM 5.3.27... Barracuda [Mon Nov 18 00:08:42 GMT 2013] ==> INFO: Installing Zend OPcache for PHP-FPM 5.3.27... Barracuda [Mon Nov 18 00:09:03 GMT 2013] ==> INFO: Installing PhpRedis for PHP-FPM 5.3.27... Barracuda [Mon Nov 18 00:09:24 GMT 2013] ==> INFO: Installing UploadProgress for PHP-FPM 5.3.27... Barracuda [Mon Nov 18 00:09:35 GMT 2013] ==> INFO: Installing JSMin for PHP-FPM 5.3.27... Barracuda [Mon Nov 18 00:09:59 GMT 2013] ==> INFO: Upgrading Limited Shell to version 0.9.16.4-om8... Barracuda [Mon Nov 18 00:10:04 GMT 2013] ==> INFO: Installed Redis version 2.6.16, OK Barracuda [Mon Nov 18 00:10:06 GMT 2013] ==> INFO: Installing Redis update for Debian/wheezy... Barracuda [Mon Nov 18 00:11:24 GMT 2013] ==> INFO: Generating random password for Redis server Barracuda [Mon Nov 18 00:11:30 GMT 2013] ==> INFO: Updating MariaDB and PHP configuration Barracuda [Mon Nov 18 00:11:31 GMT 2013] ==> INFO: OS and services upgrade completed Barracuda [Mon Nov 18 00:11:33 GMT 2013] ==> INFO: Aegir Master Instance upgrade skipped Barracuda [Mon Nov 18 00:11:35 GMT 2013] ==> INFO: Installing extra Drush versions Barracuda [Mon Nov 18 00:11:37 GMT 2013] ==> INFO: Drush 4.6-dev installation complete Barracuda [Mon Nov 18 00:11:37 GMT 2013] ==> INFO: Drush 5.10.0 installation complete Barracuda [Mon Nov 18 00:11:38 GMT 2013] ==> INFO: Drush 6.1.0 installation complete Barracuda [Mon Nov 18 00:11:40 GMT 2013] ==> INFO: Upgrading Chive MariaDB Manager... Barracuda [Mon Nov 18 00:11:47 GMT 2013] ==> INFO: Restarting Redis and PHP-FPM, reloading Nginx Barracuda [Mon Nov 18 00:11:55 GMT 2013] ==> INFO: Restarting MariaDB server Barracuda [Mon Nov 18 00:12:06 GMT 2013] ==> INFO: New random password for MariaDB generated and updated Barracuda [Mon Nov 18 00:12:08 GMT 2013] ==> INFO: New entry added to /var/log/barracuda_log.txt Barracuda [Mon Nov 18 00:12:12 GMT 2013] ==> CARD: Now charging your credit card for this auto-upgrade magic... Barracuda [Mon Nov 18 00:12:18 GMT 2013] ==> JOKE: Just kidding! Enjoy your Aegir Hosting System :) Barracuda [Mon Nov 18 00:12:22 GMT 2013] ==> Final post-upgrade cleaning, please wait a moment... Barracuda [Mon Nov 18 00:18:27 GMT 2013] ==> BYE!
The the server was rebooted into the new kernel.
It took ages to reload all the iptables rules.
And now many of the site pages display:
Site off-line
The site is currently not available due to technical problems. Please try again later. Thank you for your understanding.
Jim if you are around I think we need to look at the BOA web interface...
comment:25 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.6
- Total Hours changed from 6.5 to 7.1
So mysql wasn't running:
/etc/init.d/mysql status [info] MariaDB is stopped.. /etc/init.d/mysql start [ ok ] Starting MariaDB database server: mysqld . . . . . .. [info] Checking for corrupt, not cleanly closed and upgrade needing tables..
Running the octopus update:
load is 130 while maxload is 1888 Octopus upgrade for User /data/disk/tn waiting 7 sec Octopus [Mon Nov 18 01:10:57 GMT 2013] ==> BOA Skynet welcomes you aboard! Octopus [Mon Nov 18 01:11:00 GMT 2013] ==> INFO: Reading your /root/.tn.octopus.cnf config file Octopus [Mon Nov 18 01:11:01 GMT 2013] ==> NOTE! Please review all config options displayed below ### ### Configuration created on 121215-1617 with ### Octopus version BOA-2.0.4 ### ### NOTE: the group of settings displayed bellow ### will *override* all listed settings in the Octopus script. ### _USER="tn" _MY_EMAIL="chris@webarchitects.co.uk" _PLATFORMS_LIST="D7P OA7" _ALLOW_UNSUPPORTED=NO _AUTOPILOT=YES _HM_ONLY=NO _O_CONTRIB_UP=YES _DEBUG_MODE=NO _MY_OWNIP= _FORCE_GIT_MIRROR="" _THIS_DB_HOST=localhost _DNS_SETUP_TEST=NO _HOT_SAUCE=NO _USE_CURRENT=YES _REMOTE_CACHE_IP=127.0.0.1 _LOCAL_NETWORK_IP= _PHP_FPM_VERSION=5.3 _PHP_CLI_VERSION=5.3 _USE_STOCK=NO ### ### NOTE: the group of settings displayed bellow will be *overriden* ### by config files stored in the /data/disk/tn/log/ directory, ### but only on upgrade. ### _DOMAIN="tn.puffin.webarch.net" _CLIENT_EMAIL="chris@webarchitects.co.uk" _CLIENT_OPTION="SSD" _CLIENT_SUBSCR="Y" _CLIENT_CORES="14" ### ### Configuration created on 121215-1617 with ### Octopus version BOA-2.0.4 ### _STRONG_PASSWORDS=NO _DEL_OLD_EMPTY_PLATFORMS=0 _SQL_CONVERT=NO Octopus [Mon Nov 18 01:11:08 GMT 2013] ==> UPGRADE in progress... Octopus [Mon Nov 18 01:11:12 GMT 2013] ==> START -> checkpoint: * Your Aegir control panel for this instance is available at https://tn.puffin.webarch.net * Your Aegir system user for this instance is tn * This Octopus will use PHP-CLI 5.3 for all sites * This Octopus will use PHP-FPM 5.3 both for D6 and D7 sites * This Octopus includes platforms: D7P OA7 / Unsupported: NO * This Octopus options are listed as SSD / Y / 14 C Octopus [Mon Nov 18 01:11:12 GMT 2013] ==> 8s before we will continue... Octopus [Mon Nov 18 01:11:27 GMT 2013] ==> UPGRADE A: Aegir automated install script part A Octopus [Mon Nov 18 01:11:27 GMT 2013] ==> UPGRADE A: Checking OCTOPUS version... Octopus [Mon Nov 18 01:11:27 GMT 2013] ==> UPGRADE A: OCTOPUS version test: OK Octopus [Mon Nov 18 01:11:27 GMT 2013] ==> UPGRADE A: Shared platforms code v.003 (hot new) will be created Octopus [Mon Nov 18 01:11:27 GMT 2013] ==> UPGRADE A: Creating directories with correct permissions... Octopus [Mon Nov 18 01:11:29 GMT 2013] ==> UPGRADE A: Syncing provision backend db_passwd... Octopus [Mon Nov 18 01:11:33 GMT 2013] ==> UPGRADE A: Running hosting-dispatch (1/3)... Octopus [Mon Nov 18 01:11:41 GMT 2013] ==> UPGRADE A: Running hosting-dispatch (2/3)... Octopus [Mon Nov 18 01:11:49 GMT 2013] ==> UPGRADE A: Running hosting-dispatch (3/3)... Octopus [Mon Nov 18 01:11:56 GMT 2013] ==> UPGRADE A: Syncing hostmaster frontend db_passwd... Octopus [Mon Nov 18 01:11:58 GMT 2013] ==> UPGRADE A: Switching user and running AegirSetupB... Octopus [Mon Nov 18 01:12:11 GMT 2013] ==> UPGRADE B: Aegir automated install script part B Octopus [Mon Nov 18 01:12:12 GMT 2013] ==> UPGRADE B: Creating directories with correct permissions Octopus [Mon Nov 18 01:12:14 GMT 2013] ==> UPGRADE B: Running standard installer Octopus [Mon Nov 18 01:12:16 GMT 2013] ==> UPGRADE B: Downloading drush... PHP Warning: PHP Startup: Unable to load dynamic library '/opt/local/lib/php/extensions/no-debug-non-zts-20090626/newrelic.so' - /opt/local/lib/php/extensions/no-debug-non-zts-20090626/newrelic.so: cannot open shared object file: No such file or directory in Unknown on line 0 Octopus [Mon Nov 18 01:12:17 GMT 2013] ==> UPGRADE B: Drush seems to be functioning properly Octopus [Mon Nov 18 01:12:17 GMT 2013] ==> UPGRADE B: Installing provision backend in /data/disk/tn/.drush Octopus [Mon Nov 18 01:12:17 GMT 2013] ==> UPGRADE B: Downloading Drush and Provision extensions... Octopus [Mon Nov 18 01:12:20 GMT 2013] ==> UPGRADE B: Testing previous install... Octopus [Mon Nov 18 01:12:20 GMT 2013] ==> UPGRADE B: Hostmaster STATUS: upgrade start Octopus [Mon Nov 18 01:12:22 GMT 2013] ==> UPGRADE B: Running hostmaster-migrate, please wait... Octopus [Mon Nov 18 01:14:15 GMT 2013] ==> UPGRADE B: Hostmaster STATUS: upgrade completed Octopus [Mon Nov 18 01:14:15 GMT 2013] ==> UPGRADE B: Simple check if Aegir upgrade is successful Octopus [Mon Nov 18 01:14:17 GMT 2013] ==> UPGRADE B: Aegir upgrade test result: OK Octopus [Mon Nov 18 01:14:17 GMT 2013] ==> UPGRADE B: Enhancing Aegir UI, please wait... Octopus [Mon Nov 18 01:14:52 GMT 2013] ==> UPGRADE A: Syncing hostmaster frontend db_passwd... Octopus [Mon Nov 18 01:14:54 GMT 2013] ==> UPGRADE A: Aegir Satellite Instance upgrade completed Octopus [Mon Nov 18 01:15:11 GMT 2013] ==> UPGRADE A: Creating shared directories... Octopus [Mon Nov 18 01:15:44 GMT 2013] ==> UPGRADE A: Running o_contrib modules check and upgrade... Octopus [Mon Nov 18 01:16:16 GMT 2013] ==> UPGRADE A: Switching user and running Platforms build Octopus [Mon Nov 18 01:16:18 GMT 2013] ==> UPGRADE C: Aegir automated install script part C Octopus [Mon Nov 18 01:16:18 GMT 2013] ==> UPGRADE C: Shared platforms code v.003 (hot new) will be created Octopus [Mon Nov 18 01:16:21 GMT 2013] ==> DISTRO: Drupal 7.23.3 P.003 installation in progress... Octopus [Mon Nov 18 01:16:23 GMT 2013] ==> DISTRO: Drupal 7.23.3 P.003 installation completed Octopus [Mon Nov 18 01:16:25 GMT 2013] ==> DISTRO: Open Atrium 2.0.4 7.23.3 P.003 installation in progress... Octopus [Mon Nov 18 01:16:35 GMT 2013] ==> DISTRO: Open Atrium 2.0.4 7.23.3 P.003 installation completed Octopus [Mon Nov 18 01:16:37 GMT 2013] ==> UPGRADE C: Removing some old core themes... Octopus [Mon Nov 18 01:16:37 GMT 2013] ==> UPGRADE C: Running Platforms Save & Verify tasks, please wait... Octopus [Mon Nov 18 01:16:47 GMT 2013] ==> UPGRADE A: Platforms installation completed Octopus [Mon Nov 18 01:16:47 GMT 2013] ==> UPGRADE A: Cleaning up various dot files... Octopus [Mon Nov 18 01:16:52 GMT 2013] ==> UPGRADE A: Creating ftp symlinks Octopus [Mon Nov 18 01:16:54 GMT 2013] ==> UPGRADE A: Preparing setupmail.txt Octopus [Mon Nov 18 01:16:56 GMT 2013] ==> UPGRADE A: Resending setup e-mail on upgrade... Octopus [Mon Nov 18 01:16:59 GMT 2013] ==> UPGRADE A: New entry added to /data/disk/tn/log/octopus_log.txt Octopus [Mon Nov 18 01:16:59 GMT 2013] ==> UPGRADE A: Final cleaning, please wait a moment... Octopus [Mon Nov 18 01:17:36 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib/purge with latest release Octopus [Mon Nov 18 01:17:36 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib/expire with latest release Octopus [Mon Nov 18 01:17:36 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib/httprl with latest release Octopus [Mon Nov 18 01:17:36 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib/boost with latest release Octopus [Mon Nov 18 01:17:36 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib/phpass with latest release Octopus [Mon Nov 18 01:17:36 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib/fpa with latest release Octopus [Mon Nov 18 01:17:36 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib/views_content_cache with latest release Octopus [Mon Nov 18 01:17:38 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib_seven/purge with latest release Octopus [Mon Nov 18 01:17:38 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib_seven/expire with latest release Octopus [Mon Nov 18 01:17:38 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib_seven/httprl with latest release Octopus [Mon Nov 18 01:17:38 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib_seven/filefield_nginx_progress with latest release Octopus [Mon Nov 18 01:17:38 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib_seven/boost with latest release Octopus [Mon Nov 18 01:17:39 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib_seven/speedy with latest release Octopus [Mon Nov 18 01:17:39 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib_seven/entitycache with latest release Octopus [Mon Nov 18 01:17:39 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib_seven/taxonomy_edge with latest release Octopus [Mon Nov 18 01:17:39 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib_seven/fpa with latest release Octopus [Mon Nov 18 01:17:39 GMT 2013] ==> UPGRADE A: Replaced /data/all/001/o_contrib_seven/views_content_cache with latest release Octopus [Mon Nov 18 01:17:45 GMT 2013] ==> UPGRADE A: Starting the cron now Octopus [Mon Nov 18 01:17:45 GMT 2013] ==> UPGRADE A: All done! Octopus [Mon Nov 18 01:17:45 GMT 2013] ==> BYE! waiting 2 sec Done for /data/disk/tn OCTOPUS upgrade completed Bye
comment:26 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 1.75
- Total Hours changed from 7.1 to 8.85
I did the fix for the mysql ram file system, see ticket:591#comment:2.
The admin menu at https://www.transitionnetwork.org/ doesn't appear to be working, I tried flushing all the caches, Jim -- this is something you need to look at, all /admin/ requests are redirected back to the home page.
The nginx changes wiki:PuffinServer#nginxconfigchanges were not needed but the wiki:PuffinServer#php-fpmconfigchanges php-fpm ones were, I just changed these lines to make munin work:
pm.status_path = /status ping.path = /ping
And I changed these to drop the number of processes, we don't need so many to start with:
;pm.start_servers = 18 pm.start_servers = 4 ;pm.max_spare_servers = 18 pm.max_spare_servers = 4
The new HTTPS ciphers look great, see https://www.ssllabs.com/ssltest/analyze.html?d=transitionnetwork.org
This server provides robust Forward Secrecy support.
The mysql munin plugins needed a reinstall:
cd /usr/local/src wget https://github.com/kjellm/munin-mysql/archive/master.zip unzip master.zip cd munin-mysql-master make install
Looking the the number of connections used in the recent past these values in /etc/mysql/my.cnf were edited:
#max_connections = 75 #max_user_connections = 75 max_connections = 40 max_user_connections = 40 #join_buffer_size = 128M join_buffer_size = 256M #query_cache_size = 512M query_cache_size = 1024M
Changes were made to the second.sh script, see wiki:PuffinServer#xdragoshellscriptchanges and the high-load.log was rotated.
I have spent some time looking at all the munin graphs, these should be checked again tomorrow.
comment:27 Changed 3 years ago by ed
good work Chris - JIM please attend: admin menu not working - not possible to do any admin functions
comment:28 Changed 3 years ago by jim
- Add Hours to Ticket changed from 0.0 to 0.35
- Total Hours changed from 8.85 to 9.2
Fixed.
The /var/xdrago/daily.sh script had not run for some reason, which would take the old control files and make the new ini from them.
I ran it manually. Now double-checking cron.
comment:29 Changed 3 years ago by jim
- Add Hours to Ticket changed from 0.0 to 0.15
- Total Hours changed from 9.2 to 9.35
Cron's fine. I guess that script didn't run because something was happening around 4am that prevented it doing its thing.
I've re-verified the main platforms to be doubly sure all is good.
comment:30 Changed 3 years ago by jim
So I think it's mission accomplished.
comment:31 Changed 3 years ago by chris
The upgrade of wiki:PenguinServer and wiki:ParrotServer to Wheezy are still outstanding, Parrot should be fairly simple, Penguin will potentially be more complicated due to dependencies from the Trac site, wiki:PenguinServer#tech.transitionnetwork.org and the Wagn site wiki:TransitionResearchWagn.
I suggest that we do these this month if there is time in the budget for this work. Can I suggest the evening of Sunday 8th as a good time to do it.
comment:32 Changed 3 years ago by ed
Sounds sensible.
comment:33 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 9.35 to 9.6
I just got this email from wiki:PuffinServer:
From: root@puffin.webarch.net (Cron Daemon) Date: Thu, 5 Dec 2013 13:00:16 +0000 (GMT) To: root@puffin.webarch.net Subject: Cron <root@puffin> if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif +[ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi E: The value 'testing' is invalid for APT::Default-Release as such a release is not available in the sources E: The value 'unstable' is invalid for APT::Default-Release as such a release is not available in the sources
So I have checked the repos and edited these files:
- /etc/apt/sources.list.d/dotdeb.list squeeze changed to wheezy
- /etc/apt/sources.list.d/mariadb.list squeeze changed to wheezy
- /etc/apt/sources.list.d/newrelic.list everything commented out
This caused this updates to be triggered:
libmariadbclient-dev/wheezy libmariadbclient18/wheezy libmariadbd-dev/wheezy libmysqlclient18/wheezy mariadb-client-5.5/wheezy mariadb-client-core-5.5/wheezy mariadb-common/wheezy mariadb-server-5.5/wheezy mariadb-server-core-5.5/wheezy mysql-common/wheezy
Testing the munin apt plugins, there are two:
cd /etc/munin/plugins munin-run apt pending.value 10 pending.extinfo libmariadbclient-dev libmariadbclient18 libmariadbd-dev libmysqlclient18 mariadb-client-5.5 mariadb-client-core-5.5 mariadb-common mariadb-server-5.5 mariadb-server-core-5.5 mysql-common hold.value 0 munin-run apt_all pending_stable.value 0 hold_stable.value 0 pending_testing.value 0 hold_testing.value 0 pending_unstable.value 0 hold_unstable.value 0
It seem clear that the apt_all one isn't working properly so I deleted the sym link for it.
comment:34 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 9.6 to 9.85
I was still getting apt errors, by email, every 5 mins, but different ones, following http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638024 I have reenabled the apt_all munin plugin and created a /etc/apt/apt.conf file containing:
APT::Default-Release "stable" ;
And this appears to have stopped the emails.
comment:35 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 9.85 to 9.95
I'm still getting these emails:
E: The value 'testing' is invalid for APT::Default-Release as such a release is not +available in the sources E: The value 'unstable' is invalid for APT::Default-Release as such a release is not +available in the sources
So I have edited apt_all and changed:
#my @releases = ("stable", "testing","unstable"); my @releases = ("stable");
Hopefully this will fix it.
comment:36 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 9.95 to 10.2
The upgrade documentation is here http://www.debian.org/releases/wheezy/amd64/release-notes/ch-upgrading.en.html
Things that we should check on before running the upgrades on wiki:PenguinServer and wiki:ParrotServer:
- Disabling APT pinning check these files: vim /etc/apt/preferences /etc/apt/preferences.d/*
- Checking packages status run dpkg --audit save a list of all installed packages, dpkg --get-selections "*" > ~/curr-pkgs.txt
- Unofficial sources and backports this is going to be an issue on wiki:PenguinServer, check vim /etc/apt/sources.list.d/*
- Adding APT Internet sources vim /etc/apt/sources.list /etc/apt/sources.list.d/* and :1,$s/squeeze/wheezy/gc
- Make sure you have sufficient space for the upgrade with apt-get update ; apt-get -o APT::Get::Trivial-Only=true dist-upgrade
Then the actual upgrade:
- Minimal system upgrade run apt-get update ; apt-get upgrade
- Upgrading the system run apt-get dist-upgrade
I might be able to get some of the above done today, prior to the upgrade tomorrow.
Changed 3 years ago by chris
- Attachment parrot-squeeze.packages.txt added
List of packages on Parrot when it was running Squeeze
comment:37 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 1.25
- Total Hours changed from 10.2 to 11.45
Parrot Wheezy Upgrade
Deleted /etc/apt/preferences.d/drush as it's not needed.
Package: drush Pin: release a=squeeze-backports Pin-Priority: 1001
Deleted /etc/apt/preferences.d/varnish as it's not needed.
Package: varnish libvarnishapi1 varnish-doc Pin: release a=squeeze-backports Pin-Priority: 1001
No results for:
dpkg --audit
To generate a list of packages:
dpkg --get-selections "*" > ~/curr-pkgs.txt
The output of the above has been posted here /trac/attachment/ticket/535/parrot-squeeze.packages.txt
The file, /etc/apt/sources.list.d/squeeze-backports.list which contained:
deb http://backports.debian.org/debian-backports squeeze-backports main
Was deleted.
The /etc/apt/sources.list files was edited to:
# # wheezy # deb http://ftp.uk.debian.org/debian/ wheezy main contrib non-free deb-src http://ftp.uk.debian.org/debian/ wheezy main contrib non-free # # Security updates # deb http://security.debian.org/ wheezy/updates main contrib non-free deb-src http://security.debian.org/ wheezy/updates main contrib non-free
File space needed was checked:
apt-get update ; apt-get -o APT::Get::Trivial-Only=true dist-upgrade The following packages will be REMOVED: defoma libept1 libpango1.0-common mysql-client-5.1 mysql-server-5.1 mysql-server-core-5.1 php5-suhosin x-ttcidfont-conf The following NEW packages will be installed: aptitude-common cpp-4.7 fonts-droid fonts-liberation gcc-4.7 gcc-4.7-base ghostscript git-man gnuplot gnuplot-nox groff gsfonts imagemagick imagemagick-common kmod krb5-locales libaio1 libapt-inst1.5 libapt-pkg4.12 libbind9-80 libblas3 libblas3gf libboost-iostreams1.49.0 libclass-isa-perl libcroco3 libcupsimage2 libdb5.1 libdjvulibre-text libdjvulibre21 libdns88 libencode-locale-perl libept1.4.12 libexiv2-12 libffi5 libfile-listing-perl libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgfortran3 libgmp10 libgs9 libgs9-common libhtml-form-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libice6 libicu48 libijs-0.35 libilmbase6 libio-socket-inet6-perl libio-socket-ssl-perl libisc84 libisccc80 libisccfg82 libitm1 libjbig0 libjbig2dec0 libjpeg8 libjs-jquery libjs-sphinxdoc libjs-underscore libkmod2 liblcms1 liblcms2-2 liblensfun-data liblensfun0 liblinear-tools liblinear1 liblist-moreutils-perl liblqr-1-0 liblwp-mediatypes-perl liblwp-protocol-https-perl liblwres80 liblzma5 libmagickcore5 libmagickcore5-extra libmagickwand5 libmount1 libmpc2 libmysqlclient18 libnet-http-perl libnet-ssleay-perl libnetpbm10 libnl-3-200 libnl-genl-3-200 libopenexr6 libp11-kit0 libpam-modules-bin libpaper-utils libpaper1 libpipeline1 libprocps0 libquadmath0 librsvg2-2 librsvg2-common librtmp0 libsemanage-common libsemanage1 libsensors4 libsigsegv2 libsm6 libsocket6-perl libssl-doc libssl1.0.0 libsvm-tools libswitch-perl libsystemd-login0 libtinfo5 libtokyocabinet9 libustr-1.0-1 libwmf0.2-7 libwww-robotrules-perl libxaw7 libxcb-shm0 libxmu6 libxt6 multiarch-support munin-plugins-core munin-plugins-extra mysql-client-5.5 mysql-server-5.5 mysql-server-core-5.5 ncurses-term netpbm php-console-table poppler-data psutils python2.7 python2.7-minimal ufraw-batch The following packages will be upgraded: adduser apache2-mpm-itk apache2-utils apache2.2-bin apache2.2-common apt apt-listchanges apt-show-versions apt-utils apticron aptitude autoconf automake autotools-dev backupninja base-files base-passwd bash bc bind9-host binutils bsdmainutils bsdutils busybox bzip2 ca-certificates chrony coreutils cpio cpp cpp-4.4 cron curl dash dbconfig-common dbus debconf debconf-i18n debian-archive-keyring debianutils denyhosts dialog diffutils dmidecode dnsutils dos2unix dpkg drush e2fslibs e2fsprogs exim4 exim4-base exim4-config exim4-daemon-light expect file findutils firmware-linux-free fontconfig fontconfig-config gawk gcc gcc-4.4 gcc-4.4-base geoip-database git gnupg gpgv grep groff-base gzip haveged heirloom-mailx hostname iftop ifupdown info initramfs-tools initscripts insserv install-info iproute iptables iptraf iputils-ping isc-dhcp-client isc-dhcp-common iso-codes klibc-utils less libacl1 libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libapt-pkg-perl libatk1.0-0 libatk1.0-data libattr1 libavahi-client3 libavahi-common-data libavahi-common3 libblkid1 libbsd0 libbz2-1.0 libc-bin libc-dev-bin libc6 libc6-dev libcairo2 libcap2 libcomerr2 libcups2 libcurl3 libcurl3-gnutls libcwidget3 libdate-manip-perl libdatrie1 libdbd-mysql-perl libdbi-perl libdbus-1-3 libedit2 libexpat1 libfont-freetype-perl libfontconfig1 libfontenc1 libfreetype6 libgcc1 libgcrypt11 libgd2-xpm libgdbm3 libgeoip1 libglib2.0-0 libglib2.0-data libgnutls26 libgomp1 libgpg-error0 libgpgme11 libgpm2 libgssapi-krb5-2 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libhtml-format-perl libhtml-parser-perl libhtml-template-perl libhtml-tree-perl libidn11 libio-multiplex-perl libjasper1 libjpeg62 libjs-mootools libk5crypto3 libkeyutils1 libklibc libkrb5-3 libkrb5support0 libldap-2.4-2 liblocale-gettext-perl libltdl-dev libltdl7 liblua5.1-0 libmagic1 libmailtools-perl libmpfr4 libncurses5 libncursesw5 libneon27-gnutls libnet-cidr-perl libnet-daemon-perl libnet-server-perl libnet-snmp-perl libnewt0.52 libnfnetlink0 libnl1 libpam-modules libpam-mysql libpam-runtime libpam0g libpango1.0-0 libpcap0.8 libpcre3 libpixman-1-0 libpng12-0 libpopt0 libqdbm14 libreadline5 libreadline6 librsync1 libsasl2-2 libsasl2-modules libselinux1 libsepol1 libsigc++-2.0-0c2a libslang2 libsqlite3-0 libss2 libssh2-1 libssl-dev libstdc++6 libsvn1 libt1-5 libtasn1-3 libtext-charwidth-perl libtext-iconv-perl libthai-data libthai0 libtiff4 libtool libudev0 liburi-perl libusb-0.1-4 libuuid-perl libuuid1 libwrap0 libwww-perl libx11-6 libx11-data libxapian22 libxau6 libxcb-render-util0 libxcb-render0 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxdmcp6 libxext6 libxfixes3 libxfont1 libxft2 libxi6 libxinerama1 libxml2 libxmuu1 libxpm4 libxrandr2 libxrender1 libyaml-syck-perl linux-base linux-libc-dev locales locate login logrotate logtail logwatch lsb-base lsb-release lynx lynx-cur m4 man-db manpages manpages-dev mawk metche mime-support module-init-tools mount mtr munin-common munin-node mutt mysql-common mysql-server nano ncurses-base ncurses-bin net-tools netbase netcat-traditional nmap openssh-blacklist openssh-blacklist-extra openssh-client openssh-server openssl passwd patch perl perl-base perl-modules php-pear php-xml-parser php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-intl php5-mcrypt php5-mysql php5-xmlrpc phpmyadmin popularity-contest procps psmisc pwgen python python-apt python-apt-common python-central python-minimal python-pylibacl python-pyxattr python-support python2.6 python2.6-minimal quota quotatool rdate rdiff-backup readline-common rsync rsyslog screen sed sensible-utils sgml-base shared-mime-info ssl-cert subversion sudo sysstat sysv-rc sysvinit sysvinit-utils tar tasksel tasksel-data tcl8.5 tcpd tcpdump timelimit traceroute ttf-dejavu-core tzdata ucf udev unzip update-inetd util-linux util-linux-locales vim vim-common vim-runtime vim-tiny wget whiptail wwwconfig-common x11-common xauth xfonts-encodings xfonts-utils xml-core xz-utils zip zlib1g zlib1g-dev 362 upgraded, 132 newly installed, 8 to remove and 0 not upgraded. Need to get 257 MB of archives. After this operation, 203 MB of additional disk space will be used. E: Trivial Only specified but this is not a trivial operation.
The MySQL databases were backed up using ninjahelper to run /etc/backup.d/20.mysql.
Initial, minimal upgrade:
apt-get update ; apt-get upgrade The following packages have been kept back: apache2-mpm-itk apache2-utils apache2.2-bin apache2.2-common apt apt-utils aptitude base-files bash bind9-host binutils bsdmainutils bzip2 ca-certificates chrony coreutils cpp cpp-4.4 curl dbus denyhosts dialog dnsutils dpkg drush e2fslibs e2fsprogs exim4 exim4-base exim4-daemon-light file fontconfig fontconfig-config gawk gcc gcc-4.4 gcc-4.4-base git heirloom-mailx iftop ifupdown info initscripts iproute iptables iptraf iputils-ping less libacl1 libapache2-mod-php5 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libapt-pkg-perl libatk1.0-0 libattr1 libavahi-client3 libavahi-common3 libblkid1 libbsd0 libbz2-1.0 libc-bin libc-dev-bin libc6 libc6-dev libcairo2 libcap2 libcomerr2 libcups2 libcurl3 libcurl3-gnutls libcwidget3 libdatrie1 libdbd-mysql-perl libdbi-perl libdbus-1-3 libedit2 libexpat1 libfont-freetype-perl libfontconfig1 libfontenc1 libfreetype6 libgcc1 libgcrypt11 libgd2-xpm libgdbm3 libglib2.0-0 libgnutls26 libgomp1 libgpg-error0 libgpgme11 libgpm2 libgssapi-krb5-2 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libhtml-parser-perl libidn11 libjasper1 libjpeg62 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.4-2 liblocale-gettext-perl libltdl-dev libltdl7 liblua5.1-0 libmagic1 libmpfr4 libncurses5 libncursesw5 libneon27-gnutls libnet-server-perl libnewt0.52 libnl1 libpam-modules libpam-mysql libpam0g libpango1.0-0 libpcap0.8 libpcre3 libpixman-1-0 libpng12-0 libpopt0 libreadline5 libreadline6 librsync1 libsasl2-2 libsasl2-modules libselinux1 libsepol1 libsigc++-2.0-0c2a libslang2 libsqlite3-0 libss2 libssh2-1 libssl-dev libstdc++6 libsvn1 libtasn1-3 libtext-charwidth-perl libtext-iconv-perl libthai0 libtiff4 libudev0 libusb-0.1-4 libuuid-perl libuuid1 libwrap0 libwww-perl libx11-6 libx11-data libxapian22 libxau6 libxcb-render-util0 libxcb-render0 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxdmcp6 libxext6 libxfixes3 libxft2 libxi6 libxinerama1 libxml2 libxmuu1 libxpm4 libxrandr2 libxrender1 libyaml-syck-perl locales lsb-release lynx lynx-cur man-db module-init-tools mount mtr munin-common munin-node mutt mysql-common mysql-server nano ncurses-bin netbase nmap openssh-client openssh-server openssl passwd perl perl-base perl-modules php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-intl php5-mcrypt php5-mysql php5-xmlrpc procps psmisc python python-apt python-minimal python-pylibacl python-pyxattr python2.6 python2.6-minimal quota rdiff-backup rsync rsyslog screen sgml-base subversion sysstat sysvinit tasksel tcpdump udev util-linux util-linux-locales vim vim-common vim-runtime vim-tiny wget whiptail xml-core xz-utils zlib1g zlib1g-dev The following packages will be upgraded: adduser apt-listchanges apt-show-versions apticron autoconf automake autotools-dev backupninja base-passwd bc bsdutils busybox cpio cron dash dbconfig-common debconf debconf-i18n debian-archive-keyring debianutils diffutils dmidecode dos2unix exim4-config expect findutils firmware-linux-free geoip-database gnupg gpgv grep groff-base gzip haveged hostname initramfs-tools insserv install-info isc-dhcp-client isc-dhcp-common iso-codes klibc-utils libapr1 libatk1.0-data libavahi-common-data libdate-manip-perl libgeoip1 libglib2.0-data libhtml-format-perl libhtml-template-perl libhtml-tree-perl libio-multiplex-perl libjs-mootools libklibc libmailtools-perl libnet-cidr-perl libnet-daemon-perl libnet-snmp-perl libnfnetlink0 libpam-runtime libqdbm14 libt1-5 libthai-data libtool liburi-perl libxfont1 linux-base linux-libc-dev locate login logrotate logtail logwatch lsb-base m4 manpages manpages-dev mawk metche mime-support ncurses-base net-tools netcat-traditional openssh-blacklist openssh-blacklist-extra patch php-xml-parser phpmyadmin popularity-contest pwgen python-apt-common python-central python-support quotatool rdate readline-common sed sensible-utils shared-mime-info ssl-cert sudo sysv-rc sysvinit-utils tar tasksel-data tcl8.5 tcpd timelimit traceroute ttf-dejavu-core tzdata ucf unzip update-inetd wwwconfig-common x11-common xauth xfonts-encodings xfonts-utils zip 120 upgraded, 0 newly installed, 0 to remove and 242 not upgraded. Need to get 46.8 MB of archives. After this operation, 13.7 MB disk space will be freed. Do you want to continue [Y/n]? Y apticron (1.1.51) unstable; urgency=low New config option CUSTOM_FROM allows setting a custom sender by replacing the default 'From:' field in the notification emails. -- Tiago Bortoletto Vaz <tiago@debian.org> Mon, 29 Aug 2011 00:00:23 -0300 backupninja (1.0~rc1-1) unstable; urgency=low duplicity 0.6.17 and later has moved to a new sftp/scp backend which no longer uses sftp/scp client programs, but instead relies on paramiko, a Python ssh+sftp implementation. Therefore, the sshoptions option of the backupninja duplicity handler cannot be used for anything but the one supported by this new backend: -oIdentityfile=some_key_file -- all other ssh options are ignored. -- intrigeri <intrigeri@debian.org> Fri, 27 Apr 2012 23:07:11 +0200 backupninja (0.9.10-1) unstable; urgency=low Being severely broken for ages (see #596935), LDAP support was removed upstream. It will come back once this code has found itself a maintainer. Interested? Get in touch! -- intrigeri <intrigeri+debian@boum.org> Fri, 23 Sep 2011 17:32:11 +0200 cron (3.0pl1-119) unstable; urgency=low The semantics of the -L option of the cron daemon have changed: from now on, the value will be interpreted as a bitmask of various log selectors, with "1" (log only the start of jobs) being the new default. Additionally, since -117 (NEWS entry was overlooked), the LSBNAMES variable in /etc/default/cron was merged with the EXTRA_OPTS variable as it was redundant. -- Christian Kastner <debian@kvr.at> Sun, 07 Aug 2011 21:13:19 +0200 expect (5.45-1) unstable; urgency=low As of Expect 5.45 expectk was removed from the upstream distribution and from the Debian package as well. If you're using expectk replace it either by 'expect' and 'package require Tk' or by 'wish' and 'package require Expect'. -- Sergei Golovan <sgolovan@debian.org> Wed, 17 Aug 2011 21:50:29 +0400 libdate-manip-perl (6.23-1) unstable; urgency=low Renamed one Date::Manip::Recur method The Date::Manip::Recur::base method has been renamed to basedate. The Date::Manip::Recur::base method should return the Date::Manip::Base object like all the other Date::Manip modules. -- gregor herrmann <gregoa@debian.org> Wed, 20 Apr 2011 22:42:38 +0200 libdate-manip-perl (6.20-1) unstable; urgency=low Reworked recurrences Recurrences were reworked in a (slightly) backward incompatible way to improve their usefulness (and to make them conform to the expected results). Most recurrences will work the same, but a few will differ. Cf. `man Date::Manip::Changes6' or `perldoc Date::Manip::Changes6'. -- gregor herrmann <gregoa@debian.org> Wed, 29 Dec 2010 16:28:09 +0100 libdate-manip-perl (6.14-1) unstable; urgency=low As of Date::Manip 6.14, the 5.xx release is fully integrated into the distribution. Both will be installed automatically and you can switch between them. Cf. `man Date::Manip' or `perldoc Date::Manip'. -- gregor herrmann <gregoa@debian.org> Tue, 26 Oct 2010 16:47:26 +0200 libhtml-tree-perl (5.00-1) unstable; urgency=low [THINGS THAT MAY BREAK YOUR CODE OR TESTS] * Use weak references to avoid memory leaks See "Weak References" in HTML::Element for details. * new_from_file now dies if the file cannot be opened. $! records the specific problem. (Previously, you got a tree with a few implicit elements.) * Some methods normally returning a scalar could return the empty list in certain circumstances. This has been corrected. The affected methods are: address, deobjectify_text, detach, is_inside, & pindex. * deprecate the Version sub/method. Use the VERSION method instead. -- gregor herrmann <gregoa@debian.org> Fri, 15 Jun 2012 14:50:32 +0200 linux-base (3) unstable; urgency=low * Some HP Smart Array controllers are now handled by the new 'hpsa' driver, rather than the 'cciss' driver. While the cciss driver presented disk device names beginning with 'cciss/', hpsa makes disk arrays appear as ordinary SCSI disks and presents device names beginning with 'sd'. In a system that already has other SCSI or SCSI-like devices, names may change unpredictably. During the upgrade from earlier versions, you will be prompted to update configuration files which refer to device names that may change. You can choose to do this yourself or to follow an automatic upgrade process. All changed configuration files are backed up with a suffix of '.old' (or '^old' in one case). -- Ben Hutchings <ben@decadent.org.uk> Wed, 16 Mar 2011 13:19:34 +0000 logrotate (3.8.0-1) experimental; urgency=low Please note that this update changes the behaviour of logrotate: Logrotate now skips directories which are world writable or writable by group which is not "root" unless the (new) "su" directive is used. -- Paul Martin <pm@debian.org> Sun, 28 Aug 2011 19:16:36 +0100 lsb (4.1+Debian1) unstable; urgency=low This version implements a new "Fancy output" in the form of "[....] " blocks prepended to the daemon status messages: Before: Starting/stopping long daemon name: daemond daemon2d After: [....] Starting/stopping long daemon name: daemond daemon2d This block will become either a green [ ok ], a yellow [warn] or a red [FAIL] depending on the daemon exit status. The "Fancy output" can be disabled by setting the FANCYTTY variable to 0 in the /etc/lsb-base-logging.sh configuration file. -- Didier Raboud <odyx@debian.org> Thu, 19 Apr 2012 11:25:01 +0200 pam (1.1.2-1) unstable; urgency=low * Name of option for minimum Unix password length has changed The Debian-specific 'min=n' option to pam_unix for specifying minimum lengths for new passwords has been replaced by a new upstream option called 'minlen=n'. If you are using 'min=n' in /etc/pam.d/common-password, this will be migrated to the new option name for you on upgrade. If you have configured pam_unix password changing elsewhere on your system, such as in a PAM profile under /usr/share/pam-configs or in other files in /etc/pam.d, you will need to update them by hand for this change. -- Steve Langasek <vorlon@debian.org> Tue, 31 Aug 2010 23:09:30 -0700 patch (2.6.1-1) unstable; urgency=low The options -U --unified-reject-files and --global-reject-file have now been removed. -- Christoph Berg <myon@debian.org> Sun, 06 Feb 2011 20:17:11 +0100 qdbm (1.8.78-1) unstable; urgency=low gdbm emulation (hovel) is dropped from this version (cf. #620550). The Debian-specific 'min=n' option to pam_unix for specifying minimum lengths for new passwords has been replaced by a new upstream option called 'minlen=n'. If you are using 'min=n' in /etc/pam.d/common-password, this will be migrated to the new option name for you on upgrade. If you have configured pam_unix password changing elsewhere on your system, such as in a PAM profile under /usr/share/pam-configs or in other files in /etc/pam.d, you will need to update them by hand for this change. -- Steve Langasek <vorlon@debian.org> Tue, 31 Aug 2010 23:09:30 -0700 patch (2.6.1-1) unstable; urgency=low The options -U --unified-reject-files and --global-reject-file have now been removed. -- Christoph Berg <myon@debian.org> Sun, 06 Feb 2011 20:17:11 +0100 qdbm (1.8.78-1) unstable; urgency=low gdbm emulation (hovel) is dropped from this version (cf. #620550). It breaks symbol versioning policy to keep its old version despite dropping gdbm_* symbols, assuming nobody use it. If you've used its functionarity, please switch to gdbm, or rebuild source package removing "--disable-gdbm" flag. -- KURASHIKI Satoru <lurdan@gmail.com> Fri, 19 Aug 2011 08:38:15 +0900 sudo (1.8.2-1) unstable; urgency=low The sudo package is no longer configured using --with-secure-path. Instead, the provided sudoers file now contains a line declaring 'Defaults secure_path=' with the same path content that was previously hard-coded in the binary. A consequence of this change is that if you do not have such a definition in sudoers, the PATH searched for commands by sudo may be empty. Using explicit paths for each command you want to run with sudo will work well enough to allow the sudoers file to be updated with a suitable entry if one is not already present and you choose to not accept the updated version provided by the package. -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600 sysvinit-utils (2.88dsf-17) unstable; urgency=low bootlogd has moved from sysvinit-utils to a separate bootlogd package. If you wish to continue using bootlogd, please install the bootlogd package. Note that the configuration file /etc/default/bootlogd and its option BOOTLOGD_ENABLE no longer exist; if you do not wish to run bootlogd, remove the bootlogd package. -- Josh Triplett <josh@joshtriplett.org> Mon, 19 Dec 2011 12:03:08 +0000 Participate in the package usage survey? No ┌──────────────────────────────────────────────────┤ Configuring phpmyadmin ├───────────────────────────────────────────────────┐ │ │ │ The phpmyadmin package must have a database installed and configured before it can be used. This can be optionally handled │ │ with dbconfig-common. │ │ │ │ If you are an advanced database administrator and know that you want to perform this configuration manually, or if your │ │ database has already been installed and configured, you should refuse this option. Details on what needs to be done should │ │ most likely be provided in /usr/share/doc/phpmyadmin. │ │ │ │ Otherwise, you should probably choose this option. │ │ │ │ Configure database for phpmyadmin with dbconfig-common? │ │ │ │ <Yes> <No> │ │ │ └───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ No ┌────────────────────────────────┤ Configuring phpmyadmin ├────────────────────────────────┐ │ Please choose the web server that should be automatically configured to run phpMyAdmin. │ │ │ │ Web server to reconfigure automatically: │ │ │ │ [*] apache2 │ │ [ ] lighttpd │ │ │ │ │ │ <Ok> <Cancel> │ │ │ └──────────────────────────────────────────────────────────────────────────────────────────┘ Ok Configuration file `/etc/securetty' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** securetty (Y/I/N/O/D/Z) [default=N] ? D --- /etc/securetty 2013-04-30 11:31:36.000000000 +0100 +++ /etc/securetty.dpkg-new 2012-05-25 22:24:43.000000000 +0100 @@ -230,6 +230,12 @@ ttyAM14 ttyAM15 +# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU) +ttyAMA0 +ttyAMA1 +ttyAMA2 +ttyAMA3 + # DataBooster serial ports ttyDB0 ttyDB1 @@ -355,6 +361,10 @@ hvc0 hvc1 #... +#IBM pSeries console ports +hvsi0 +hvsi1 +hvsi2 # Equinox SST multi-port serial boards ttyEQ0 @@ -363,7 +373,7 @@ # ========================================================== # -# Not in Documentation/Devicess.txt +# Not in Documentation/Devices.txt # # ========================================================== @@ -375,10 +385,9 @@ ttymxc4 ttymxc5 -# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU) -ttyama0 -ttyama1 -ttyama2 -ttyama3 +# Serial Console for MIPS Swarm +duart0 +duart1 -hvc0 +# s390 and s390x ports in LPAR mode +ttysclp0
The diference here is to add some thing and remove:
ttyama0 ttyama1 ttyama2 ttyama3
That is fine, these are not used AFAIK, also this is to be removed:
hvc0
But that's is in twice already:
# IBM iSeries/pSeries virtual console hvc0 hvc1
So accepting the new version.
*** securetty (Y/I/N/O/D/Z) [default=N] ? Y ┌───────────────────────────────────────────────────┤ Configuring linux-base ├────────────────────────────────────────────────────┐ │ │ │ The new Linux kernel version provides different drivers for some PATA (IDE) controllers. The names of some hard disk, CD-ROM, │ │ and tape devices may change. │ │ │ │ It is now recommended to identify disk devices in configuration files by label or UUID (unique identifier) rather than by │ │ device name, which will work with both old and new kernel versions. │ │ │ │ If you choose to not update the system configuration automatically, you must update device IDs yourself before the next system │ │ reboot or the system may become unbootable. │ │ │ │ Update disk device IDs in system configuration? │ │ │ │ <Yes> <No> │ │ │ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ No ┌───────────────────────────────────────────────────┤ Configuring linux-base ├───────────────────────────────────────────────────┐ │ │ │ Boot loader configuration check needed │ │ │ │ The boot loader configuration for this system was not recognized. These settings in the configuration may need to be updated: │ │ │ │ * The root device ID passed as a kernel parameter; │ │ * The boot device ID used to install and update the boot loader. │ │ │ │ │ │ You should generally identify these devices by UUID or label. However, on MIPS systems the root device must be identified by │ │ name. │ │ │ │ <Ok> │ │ │ └────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ Ok ┌──────────────────────────────────────────────────┤ Configuring metche ├───────────────────────────────────────────────────┐ │ A new version of configuration file /etc/metche.conf is available, but the version installed currently has been locally │ │ modified. │ │ │ │ What do you want to do about modified configuration file metche.conf? │ │ │ │ install the package maintainer's version │ │ keep the local version currently installed │ │ show the differences between the versions │ │ show a side-by-side difference between the versions │ │ show a 3-way difference between available versions │ │ do a 3-way merge between available versions (experimental) │ │ start a new shell to examine the situation │ │ │ │ │ │ <Ok> │ │ │ └───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ ┌──────────────────────────┤ Configuring metche ├───────────────────────────┐ │ │ │ Line by line differences between versions │ │ │ │ --- /etc/metche.conf 2013-05-01 22:12:29.000000000 +0100 │ │ +++ /tmp/filehxCqw3 2013-12-08 15:05:11.551475766 +0000 │ │ @@ -51,13 +51,13 @@ │ │ # - "printcap" when cups browsing feature are used. │ │ # │ │ # Example (default value): │ │ -EXCLUDES="*.swp #* *~ *.gpg *.key ifstate adjtime ld.so.cache shadow* \ │ │ - .cache .gnupg blkid.tab* aumixrc net.enable mtab backup.d \ │ │ - vdirbase run.rev vdir run.rev \ │ │ - prng_exch smtp_scache.pag smtpd_scache.pag \ │ │ - smtp_scache.dir smtpd_scache.dir local.sh \ │ │ - ssh_host_dsa_key* ssh_host_rsa_key* \ │ │ - hosts.deny" │ │ +#EXCLUDES=".git _darcs .svn .bzr CVS .hg _FOSSIL_ \ │ │ +# *.swp #* *~ *.gpg *.key ifstate adjtime ld.so.cache shadow* \ │ │ +# .cache .gnupg blkid.tab* aumixrc net.enable mtab backup.d \ │ │ +# vdirbase run.rev vdir run.rev \ │ │ +# prng_exch smtp_scache.pag smtpd_scache.pag \ │ │ +# smtp_scache.dir smtpd_scache.dir local.sh \ │ │ +# ssh_host_dsa_key* ssh_host_rsa_key*" │ │ │ │ # Locale (will be used to feed LC_ALL) │ │ # Warning: values different from "C" are untested. │ │ │ │ <Ok> │ │ │ └───────────────────────────────────────────────────────────────────────────┘ install the package maintainer's version Ok Configuration file `/etc/sudoers' ==> File on system created by you or by a script. ==> File also in package provided by package maintainer. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** sudoers (Y/I/N/O/D/Z) [default=N] ? D --- /etc/sudoers 2013-04-30 11:35:55.000000000 +0100 +++ /etc/sudoers.dpkg-new 2013-03-01 05:20:20.000000000 +0000 @@ -1,11 +1,14 @@ -# /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# # See the man page for details on how to write a sudoers file. # - Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Host alias specification @@ -14,12 +17,11 @@ # Cmnd alias specification # User privilege specification -root ALL=(ALL) ALL +root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command -# (Note that later entries override this, so you might need to move -# it further down) -# %sudo ALL=(ALL) ALL -%sudo ALL=NOPASSWD: ALL -# +%sudo ALL=(ALL:ALL) ALL + +# See sudoers(5) for more information on "#include" directives: + #includedir /etc/sudoers.d Y
Then /etc/sudoers was manually edited to add back:
%sudo ALL=NOPASSWD: ALL
Configuration file `/etc/phpmyadmin/config.inc.php' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** config.inc.php (Y/I/N/O/D/Z) [default=N] ? D --- /etc/phpmyadmin/config.inc.php 2013-04-30 11:40:26.000000000 +0100 +++ /etc/phpmyadmin/config.inc.php.dpkg-new 2012-03-28 19:50:54.000000000 +0100 @@ -5,7 +5,10 @@ * This file overrides the settings made by phpMyAdmin interactive setup * utility. * - * For example configuration see /usr/share/doc/phpmyadmin/examples/config.default.php.gz + * For example configuration see + * /usr/share/doc/phpmyadmin/examples/config.sample.inc.php + * or + * /usr/share/doc/phpmyadmin/examples/config.manyhosts.inc.php * * NOTE: do not add security sensitive data to this file (like passwords) * unless you really know what you're doing. If you do, any user that can @@ -14,6 +17,12 @@ * (also on the filesystem level). */ +// Load secret generated on postinst +include('/var/lib/phpmyadmin/blowfish_secret.inc.php'); + +// Load autoconf local config +include('/var/lib/phpmyadmin/config.inc.php'); + /** * Server(s) configuration */ @@ -28,6 +37,9 @@ */ if (is_readable('/etc/phpmyadmin/config-db.php')) { require('/etc/phpmyadmin/config-db.php'); +} else { + error_log('phpmyadmin: Failed to load /etc/phpmyadmin/config-db.php.' + . ' Check group www-data has read access.'); } /* Configure according to dbconfig-common if enabled */ @@ -38,7 +50,7 @@ if (empty($dbserver)) $dbserver = 'localhost'; $cfg['Servers'][$i]['host'] = $dbserver; - if (!empty($dbport)) { + if (!empty($dbport) || $dbserver != 'localhost') { $cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['port'] = $dbport; } @@ -59,7 +71,8 @@ $cfg['Servers'][$i]['history'] = 'pma_history'; $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords'; $cfg['Servers'][$i]['tracking'] = 'pma_tracking'; - $cfg['Servers'][$i]['hide_db'] = 'information_schema'; + $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig'; + /* Uncomment the following to enable logging in to passwordless accounts, * after taking note of the associated security risks. */ // $cfg['Servers'][$i]['AllowNoPassword'] = TRUE; @@ -72,7 +85,6 @@ //$cfg['Servers'][$i]['auth_type'] = 'cookie'; /* Server parameters */ //$cfg['Servers'][$i]['host'] = 'localhost'; -//$cfg['DefaultLang'] = 'en-iso-8859-1'; //$cfg['Servers'][$i]['connect_type'] = 'tcp'; //$cfg['Servers'][$i]['compress'] = false; /* Select mysqli if your server has it */ @@ -103,6 +115,5 @@ */ $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; -$cfg['SuhosinDisableWarning'] = TRUE; -$cfg['blowfish_secret'] = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; + Configuration file `/etc/phpmyadmin/config.inc.php' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** config.inc.php (Y/I/N/O/D/Z) [default=N] ? Y ┌───────────────────────────────────────────────────┤ Configuring phpmyadmin ├───────────────────────────────────────────────────┐ │ A new version of configuration file /etc/phpmyadmin/config-db.php is available, but the version installed currently has been │ │ locally modified. │ │ │ │ What do you want to do about modified configuration file config-db.php? │ │ │ │ install the package maintainer's version │ │ keep the local version currently installed │ │ show the differences between the versions │ │ show a side-by-side difference between the versions │ │ show a 3-way difference between available versions │ │ do a 3-way merge between available versions (experimental) │ │ start a new shell to examine the situation │ │ │ │ │ │ <Ok> │ │ │ └────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ ┌───────────────────────────┤ Configuring phpmyadmin ├───────────────────────────┐ │ │ │ Line by line differences between versions │ │ │ │ --- /etc/phpmyadmin/config-db.php 2013-04-30 11:40:26.000000000 +0100 │ │ +++ /tmp/dbconfig-generate-include.DeeBde 2013-12-08 15:10:50.892333427 +0000 │ │ @@ -1,8 +1,19 @@ │ │ <?php │ │ +## │ │ +## database access settings in php format │ │ +## automatically generated from /etc/dbconfig-common/phpmyadmin.conf │ │ +## by /usr/sbin/dbconfig-generate-include │ │ +## Sun, 08 Dec 2013 15:10:50 +0000 │ │ +## │ │ +## by default this file is managed via ucf, so you shouldn't have to │ │ +## worry about manual changes being silently discarded. *however*, │ │ +## you'll probably also want to edit the configuration file mentioned │ │ +## above too. │ │ +## │ │ $dbuser='phpmyadmin'; │ │ +$dbpass='YYYYYYYYYYY'; │ │ $basepath=''; │ │ -$dbname=''; │ │ +$dbname='phpmyadmin'; │ │ $dbserver=''; │ │ $dbport=''; │ │ $dbtype='mysql'; │ │ -$dbpass='XXXXXXXXXXXX'; │ │ │ │ <Ok> │ │ │ └────────────────────────────────────────────────────────────────────────────────┘ install the package maintainer's version ┌───────────────────────────────────────────────────┤ Configuring phpmyadmin ├────────────────────────────────────────────────────┐ │ │ │ According to the maintainer for this package, database upgrade operations need to be performed on phpmyadmin. Typically, this │ │ is due to changes in how a new upstream version of the package needs to store its data. │ │ │ │ If you want to handle this process manually, you should refuse this option. Otherwise, you should choose this option. During │ │ the upgrade, a backup of the database will be made in /var/cache/dbconfig-common/backups, from which the database can be │ │ restored in the case of problems. │ │ │ │ Perform upgrade on database for phpmyadmin with dbconfig-common? │ │ │ │ <Yes> <No> │ │ │ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ Yes ┌───────────────────────────────────────────────────┤ Configuring phpmyadmin ├───────────────────────────────────────────────────┐ │ Please provide the password for the administrative account with which this package should create its MySQL database and user. │ │ │ │ Password of the database's administrative user: │ │ │ │ **********____________________________________________________________________________________________________________________ │ │ │ │ <Ok> │ │ │ └────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Check all the aites are running:
- http://www.reconomy.org/
- http://www.intransitionmovie.com/
- http://www.earthinheritors.net/
- http://www.transitiontowntotnes.org/
- http://www.transitionstreets.org.uk/
And the final stage of the upgrade:
apt-get dist-upgrade The following packages will be REMOVED: defoma libept1 libpango1.0-common mysql-client-5.1 mysql-server-5.1 mysql-server-core-5.1 php5-suhosin x-ttcidfont-conf The following NEW packages will be installed: aptitude-common cpp-4.7 fonts-droid fonts-liberation gcc-4.7 gcc-4.7-base ghostscript git-man gnuplot gnuplot-nox groff gsfonts imagemagick imagemagick-common kmod krb5-locales libaio1 libapt-inst1.5 libapt-pkg4.12 libbind9-80 libblas3 libblas3gf libboost-iostreams1.49.0 libclass-isa-perl libcroco3 libcupsimage2 libdb5.1 libdjvulibre-text libdjvulibre21 libdns88 libencode-locale-perl libept1.4.12 libexiv2-12 libffi5 libfile-listing-perl libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgfortran3 libgmp10 libgs9 libgs9-common libhtml-form-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libice6 libicu48 libijs-0.35 libilmbase6 libio-socket-inet6-perl libio-socket-ssl-perl libisc84 libisccc80 libisccfg82 libitm1 libjbig0 libjbig2dec0 libjpeg8 libjs-jquery libjs-sphinxdoc libjs-underscore libkmod2 liblcms1 liblcms2-2 liblensfun-data liblensfun0 liblinear-tools liblinear1 liblist-moreutils-perl liblqr-1-0 liblwp-mediatypes-perl liblwp-protocol-https-perl liblwres80 liblzma5 libmagickcore5 libmagickcore5-extra libmagickwand5 libmount1 libmpc2 libmysqlclient18 libnet-http-perl libnet-ssleay-perl libnetpbm10 libnl-3-200 libnl-genl-3-200 libopenexr6 libp11-kit0 libpam-modules-bin libpaper-utils libpaper1 libpipeline1 libprocps0 libquadmath0 librsvg2-2 librsvg2-common librtmp0 libsemanage-common libsemanage1 libsensors4 libsigsegv2 libsm6 libsocket6-perl libssl-doc libssl1.0.0 libsvm-tools libswitch-perl libsystemd-login0 libtinfo5 libtokyocabinet9 libustr-1.0-1 libwmf0.2-7 libwww-robotrules-perl libxaw7 libxcb-shm0 libxmu6 libxt6 multiarch-support munin-plugins-core munin-plugins-extra mysql-client-5.5 mysql-server-5.5 mysql-server-core-5.5 ncurses-term netpbm php-console-table poppler-data psutils python2.7 python2.7-minimal ufraw-batch The following packages will be upgraded: apache2-mpm-itk apache2-utils apache2.2-bin apache2.2-common apt apt-utils aptitude base-files bash bind9-host binutils bsdmainutils bzip2 ca-certificates chrony coreutils cpp cpp-4.4 curl dbus denyhosts dialog dnsutils dpkg drush e2fslibs e2fsprogs exim4 exim4-base exim4-daemon-light file fontconfig fontconfig-config gawk gcc gcc-4.4 gcc-4.4-base git heirloom-mailx iftop ifupdown info initscripts iproute iptables iptraf iputils-ping less libacl1 libapache2-mod-php5 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libapt-pkg-perl libatk1.0-0 libattr1 libavahi-client3 libavahi-common3 libblkid1 libbsd0 libbz2-1.0 libc-bin libc-dev-bin libc6 libc6-dev libcairo2 libcap2 libcomerr2 libcups2 libcurl3 libcurl3-gnutls libcwidget3 libdatrie1 libdbd-mysql-perl libdbi-perl libdbus-1-3 libedit2 libexpat1 libfont-freetype-perl libfontconfig1 libfontenc1 libfreetype6 libgcc1 libgcrypt11 libgd2-xpm libgdbm3 libglib2.0-0 libgnutls26 libgomp1 libgpg-error0 libgpgme11 libgpm2 libgssapi-krb5-2 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libhtml-parser-perl libidn11 libjasper1 libjpeg62 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.4-2 liblocale-gettext-perl libltdl-dev libltdl7 liblua5.1-0 libmagic1 libmpfr4 libncurses5 libncursesw5 libneon27-gnutls libnet-server-perl libnewt0.52 libnl1 libpam-modules libpam-mysql libpam0g libpango1.0-0 libpcap0.8 libpcre3 libpixman-1-0 libpng12-0 libpopt0 libreadline5 libreadline6 librsync1 libsasl2-2 libsasl2-modules libselinux1 libsepol1 libsigc++-2.0-0c2a libslang2 libsqlite3-0 libss2 libssh2-1 libssl-dev libstdc++6 libsvn1 libtasn1-3 libtext-charwidth-perl libtext-iconv-perl libthai0 libtiff4 libudev0 libusb-0.1-4 libuuid-perl libuuid1 libwrap0 libwww-perl libx11-6 libx11-data libxapian22 libxau6 libxcb-render-util0 libxcb-render0 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxdmcp6 libxext6 libxfixes3 libxft2 libxi6 libxinerama1 libxml2 libxmuu1 libxpm4 libxrandr2 libxrender1 libyaml-syck-perl locales lsb-release lynx lynx-cur man-db module-init-tools mount mtr munin-common munin-node mutt mysql-common mysql-server nano ncurses-bin netbase nmap openssh-client openssh-server openssl passwd perl perl-base perl-modules php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-intl php5-mcrypt php5-mysql php5-xmlrpc procps psmisc python python-apt python-minimal python-pylibacl python-pyxattr python2.6 python2.6-minimal quota rdiff-backup rsync rsyslog screen sgml-base subversion sysstat sysvinit tasksel tcpdump udev util-linux util-linux-locales vim vim-common vim-runtime vim-tiny wget whiptail xml-core xz-utils zlib1g zlib1g-dev 242 upgraded, 132 newly installed, 8 to remove and 0 not upgraded. Need to get 210 MB of archives. After this operation, 217 MB of additional disk space will be used. Do you want to continue [Y/n]? Y eglibc (2.13-25) unstable; urgency=medium Starting with the eglibc package version 2.13-5, the libraries are shipped in the multiarch directory /lib/<triplet> instead of the more traditional /lib, where <triplet> is the multiarch triplet and can be retrieved with 'dpkg-architecture -qDEB_HOST_MULTIARCH'. Similarly the includes are now shipped in /usr/include/<triplet> instead of the more traditional /usr/include. The toolchain in Debian has been updated to cope with that, and most build systems should be unaffected. If you are using a non-Debian toolchain to build your software and it is not able to cope with multiarch, you might try to pass the following options to your compiler: -B/usr/lib/<triplet> -I/usr/include/<triplet> Alternatively if the build system makes hard to pass the above options, you might try to set the LIBRARY_PATH and CPATH environment variables: LIBRARY_PATH=/usr/lib/<triplet> CPATH=/usr/include/<triplet> export LIBRARY_PATH CPATH -- Aurelien Jarno <aurel32@debian.org> Mon, 09 Jan 2012 12:47:16 +0100 eglibc (2.13-7) unstable; urgency=low Starting with version 2.13, eglibc provides an SSSE3 optimized version of memcpy() on the amd64 architecture. This version might copy memory backward in some conditions, which causes issues if the source and destination overlap. memmove() should be used in such cases, but some programs still wrongly use memcpy(). For this reason, on the amd64 architecture the Debian package provides two wrappers which can be use to workaround and/or debug the issue: - /usr/lib/x86_64-linux-gnu/libc/memcpy-preload.so simply replace all calls to memcpy() by a call to memmove() - /usr/lib/x86_64-linux-gnu/libc/memcpy-syslog-preload.so does the same, but in addition logs (with rate limit) the issue to syslog, so that it can be detected and fixed. To use these wrapper on a single binary, the easiest way is to use the LD_PRELOAD environment variable: - LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libc/memcpy-preload.so /path/to/binary - LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libc/memcpy-syslog-preload.so /path/to/binary For system-wide usage, it is possible to add the path of one of the wrapper to /etc/ld.so.preload. For more details about the issue, please see: http://bugs.debian.org/625521 http://sourceware.org/bugzilla/show_bug.cgi?id=12518 -- Aurelien Jarno <aurel32@debian.org> Sat, 11 Jun 2011 18:02:52 +0200 apt (0.8.11) unstable; urgency=low * apt-get install pkg/experimental will now not only switch the candidate of package pkg to the version from the release experimental but also of all dependencies of pkg if the current candidate can't satisfy a versioned dependency. -- David Kalnischkies <kalnischkies@gmail.com> Fri, 03 Dec 2010 14:09:12 +0100 ca-certificates (20130119) unstable; urgency=low Update mozilla/certdata.txt to version 1.87 Certificates removed (-) (none added): - "T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?" -- Michael Shuler <michael@pbandjelly.org> Sat, 19 Jan 2013 14:08:50 -0600 ca-certificates (20121105) unstable; urgency=low Update mozilla/certdata.txt to version 1.86 Certificates added (+) (none removed): + "Actalis Authentication Root CA" + "Trustis FPS Root CA" + "StartCom Certification Authority" (renewal/rehash) + "StartCom Certification Authority G2" + "Buypass Class 2 Root CA" + "Buypass Class 3 Root CA" + "T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?" + "T-TeleSec GlobalRoot Class 3" + "EE Certification Centre Root CA" -- Michael Shuler <michael@pbandjelly.org> Mon, 05 Nov 2012 10:56:28 -0600 ca-certificates (20120212) unstable; urgency=low Update mozilla/certdata.txt to version 1.81 Certificates added (+) and removed (-): + "Security Communication RootCA2" + "EC-ACC" + "Hellenic Academic and Research Institutions RootCA 2011" - "Verisign Class 2 Public Primary Certification Authority" - "Verisign Class 4 Public Primary Certification Authority - G2" - "TC TrustCenter, Germany, Class 2 CA" - "TC TrustCenter, Germany, Class 3 CA" -- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 15:12:59 -0600 ca-certificates (20111211) unstable; urgency=low Remove French Government IGC/A CA certificates. The RSA certificate is included in the Mozilla bundle and the DSA certificate is not in use. Remove expired signet.pl CAs. Remove expired brasil.gov.br CA. -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600 ca-certificates (20111025) unstable; urgency=low Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13) Certificates added (+) and removed (-): + "AffirmTrust Commercial" + "AffirmTrust Networking" + "AffirmTrust Premium" + "AffirmTrust Premium ECC" + "A-Trust-nQual-03" + "Certinomis - Autorit? Racine" + "Certum Trusted Network CA" + "Go Daddy Root Certificate Authority - G2" + "Root CA Generalitat Valenciana" + "Starfield Root Certificate Authority - G2" + "Starfield Services Root Certificate Authority - G2" + "TWCA Root Certification Authority" - "AOL Time Warner Root Certification Authority 1" - "AOL Time Warner Root Certification Authority 2" - "DigiNotar Root CA" - "Entrust.net Global Secure Personal CA" - "Entrust.net Global Secure Server CA" - "Entrust.net Secure Personal CA" - "IPS Chained CAs root" - "IPS CLASE1 root" - "IPS CLASE3 root" - "IPS CLASEA1 root" - "IPS CLASEA3 root" - "IPS Timestamping root" - "Thawte Personal Freemail CA" - "Thawte Time Stamping CA" Update CAcert-Class 3-Subroot-certificate Closes: #630232 -- Michael Shuler <michael@pbandjelly.org> Sun, 23 Oct 2011 23:16:57 -0500 cyrus-sasl2 (2.1.25.dfsg1-5) unstable; urgency=low * Configuration of SQL engine backends have changed from database specific configuration (e.g. 'mysql') to generic 'sql' auxprop plugin. You will need to change your configuration f.e. from: auxprop_plugin: mysql to auxprop_plugin: sql sql_engine: mysql Also the SQL query (if used) needs to have '%u' replaced with '%u@%r' because now user and realm is provided separately. -- Ond?ej Sur? <ondrej@debian.org> Mon, 06 Aug 2012 13:12:22 +0200 iftop (0.17-17) unstable; urgency=low The iftop package is now shipped with the "-DNO_SYSTEM" flag enabled. This disables the possibility to run commands in a subshell. This is a kind of unexpected feature and could allow users, running iftop via sudo to get a complete root shell (if sudo is not configure properly). I appologise for any inconvenience caused to users of this feature and recommend the usage of screen or several terminal windows. -- Alexander Reichle-Schmehl <tolimar@debian.org> Tue, 19 Jan 2010 14:31:29 +0100 ifupdown (0.7~rc1+experimental) experimental; urgency=low The --all option to ifup and ifquery can now be combined with the --allow option to act on all interfaces of a specific class (still defaulting to the class 'auto'). If you have custom hook scripts, you may need to update them. See interfaces(5) for details. -- Andrew O. Shadura <bugzilla@tut.by> Tue, 17 Apr 2012 01:05:42 +0200 mutt (1.5.21-2) experimental; urgency=low mailto-mutt has been replaced by a wrapper as per #576313, because mutt is now able to handle the mailto: urls; additionally it will also do some checks on attachments and it will allow us to be as close to upstream as possible -- Antonio Radici <antonio@dyne.org> Sat, 01 Jan 2011 12:56:29 +0000 php5 (5.4.4-7) unstable; urgency=low * As a side effect of the MIME-Type changes in the mime-support package, the default Apache 2 configuration will no longer perform HTTP content negotiation on the PHP file extensions, which was very questionable anyway. If you really want to re-enable this support then please read /usr/share/doc/php5-common/README.Debian file for further instructions. -- Ond?ej Sur? <ondrej@debian.org> Wed, 29 Aug 2012 09:18:41 +0200 php5 (5.4.4-5) unstable; urgency=low * As a security measure the default configuration for Apache 2 has been changed to a stricter model. Only files which have the correct rightmost extension, and at least one character in the filename before that extension, are now interpreted by PHP. For a full list of handled extensions please see the Apache 2 configuration. At the time of writing this paragraph, the list includes the following regular expressions: 1. .+\.ph(p[345]?|t|tml)$ for PHP files (application/x-httpd-php) 2. .+\.phps$ for PHP source files (application/x-httpd-php-source) Previously, as a side effect of system MIME type definitions, the default configuration would allow the interpreting of files with a double extension, where the second extension was either unrecognised or a language or content encoding to be interpreted; e.g. an uploaded file named blackhat.php.foobar or index.php.cs would be interpreted by PHP. These non-standard definitions have been removed from the mime-support packages and all configuration of PHP handlers is now defined in the Apache 2 configuration files. The standard configuration now also denies access to files with names which consist of an extension and nothing more; e.g. accessing '/.php' will now return Access Denied instead of the output of the PHP script. You can use the following command to find whether there are any files on your system which would be affected by this change (change <base> to the directory name where you store PHP files on your system): # find <base> -name '*.ph[pt].*' -o -name '*.php[345s].*' -o \ -name '*.phtml.*' -o -name '.ph[pt]' -o \ -name '.php[345s]' -o -name '.phtml' -- Ond?ej Sur? <ondrej@debian.org> Tue, 21 Aug 2012 09:14:47 +0200 php5 (5.4.0~rc8-1) unstable; urgency=low php5-fpm default www spool now listens on unix socket located in /var/run/php5-fpm.sock instead of localhost:9000. If you have configured your webserver to use localhost:9000, you will have to change your settings. -- Ond?ej Sur? <ondrej@debian.org> Wed, 08 Feb 2012 08:25:30 +0100 php5 (5.4.0~rc6-2) unstable; urgency=low t1lib support was removed from PHP 5.4. t1lib has many security issues and is unmaintained by upstream for a very long time (3 years). For more information see: + http://bugs.debian.org/637488 + http://bugs.debian.org/638755 This unfortunately also means that following functions are not available in PHP5 from now: - imagepsloadfont - imagepsfreefont - imagepsencodefont - imagepsextendfont - imagepsslantfont - imagepstext - imagepsbbox If you really need those functions you will need to install t1lib from sources. You will need to install php5-dev and recompile GD extension (roughly) using following commands: cd <path_to_php5_sources>/ext/gd/ phpize configure --with-gd=shared,/usr --enable-gd-native-ttf \ --with-t1lib=<location_of_your_t1lib> make make install -- Ond?ej Sur? <ondrej@debian.org> Wed, 01 Feb 2012 18:19:45 +0100 php5 (5.3.9-4) unstable; urgency=low * The Suhosin patch is now disabled in the default build. If you want to re-enable it again for your installation, you can set the option PHP5_SUHOSIN=yes in debian/rules and recompile PHP. -- Ond?ej Sur? <ondrej@debian.org> Sat, 28 Jan 2012 08:39:36 +0100 php5 (5.3.6-13) unstable; urgency=low * Updated blowfish crypt() algorithm fixes the 8-bit character handling vulnerability (CVE-2011-2483) and adds more self-tests. Unfortunately this change is incompatible with some old (wrong) generated hashes for passwords containing 8-bit characters. It is recommended that any passwords containing characters with the 8th bit set be changed after this upgrade. In order to allow users to log in after the upgrade even if they have a potentially affected password, the newly introduced backwards compatibility hash encoding prefix of "$2x$" may be used (in place of the usual "$2a$"). Such password hashes should only be used during a transition period; when passwords are changed, the usual "$2a$" prefix is used, denoting the correct algorithm. -- Ond?ej Sur? <ondrej@debian.org> Mon, 04 Jul 2011 10:31:16 +0200 procps (1:3.3.1-1) unstable; urgency=low * top has a new rcfile format from 3.3.1 which is not backwards compatible from a rcfile save from a pre-3.3.1 top. -- Craig Small <csmall@debian.org> Mon, 23 Jan 2012 22:26:16 +1100 rsyslog (5.8.1-1) unstable; urgency=low The way rsyslog processes SIGHUP has changed. It no longer does a reload of its configuration, but simply closes all open files, which is a much more lightweight operation. To apply a changed configuration, rsyslogd needs to be restarted now. As a consequence, the reload action has been dropped from the init script. A new action called "rotate" was added to the init script, which signals rsyslogd to close all open files. This new action is used in the rsyslog logrotate configuration file. For more information, see: For more information, see: http://www.rsyslog.com/doc/v4compatibility.html http://www.rsyslog.com/doc/v5compatibility.html -- Michael Biebl <biebl@debian.org> Mon, 30 May 2011 18:26:51 +0200 screen (4.1.0~20120320gitdb59704-7) unstable; urgency=low In case you upgrade screen from 4.0.3 to 4.1.0 while running inside screen and you have to reconnect to that screen session (or any other screen session which has been started before the upgrade), there may be a few screen features not working until you exit the 4.0.3-started session and replace it with a 4.1.0-started session. Known issues of 4.0.3 to 4.1.0 interoperability as of now: * Terminal window resizing (WINCH signal) does not propagate to the screen session. Detach and reattach again instead to get the size of the terminals inside the screen session adjusted propely. -- Axel Beckert <abe@debian.org> Sun, 16 Sep 2012 12:48:44 +0200 sgml-base (1.26+nmu2) unstable; urgency=low Starting with this release the SGML super catalog /etc/sgml/catalog will be replaced with a symbolic link to /var/lib/sgml-base/supercatalog. The latter file can be regenerated from the contents of the /etc/sgml directory including all files ending in .cat using the new update-catalog --update-super option. This call will be (dpkg) triggered by packages placing files in /etc/sgml. The transition to this way of handling the super catalog will loose user changes to /etc/sgml/catalog. Further overwriting of user changes will happen until all packages using dh_installcatalogs are built with a fixed version of debhelper. Sorry for the inconvenience. -- Helmut Grohne <helmut@subdivi.de> Mon, 30 Apr 2012 16:37:01 +0200 sysstat (10.0.5-1) unstable; urgency=low The default options passed to sadc(8) program through sa1(8) script are no longer set in Debian-specific /etc/default/sysstat file. The SADC_OPTIONS variable in /etc/sysstat/sysstat (upstream-provided configuration file) is used instead for this purpose. -- Robert Luberda <robert@debian.org> Sun, 20 May 2012 11:10:04 +0200 vim (2:7.3.154+hg~74503f6ee649-1) unstable; urgency=low The vim-lesstif package has been removed in favor of the new vim-athena package. The intent behind both packages is to provide a lighter-weight GUI package as well as one that allows using XFLD fonts. The Athena toolkit, however, has broader usage and reduces divergences with downstream distributions. -- James Vega <jamessan@debian.org> Sun, 27 Feb 2011 12:45:40 -0500 ┌─────────────────────────────────────────┤ Configuring mysql-server-5.5 ├─────────────────────────────────────────┐ │ While not mandatory, it is highly recommended that you set a password for the MySQL administrative "root" user. │ │ │ │ If this field is left blank, the password will not be changed. │ │ │ │ New password for the MySQL "root" user: │ │ │ │ ***************_________________________________________________________________________________________________ │ │ │ │ <Ok> │ │ │ └──────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ ┌─────────────────────────────────────────────────────┤ Configuring sysstat ├─────────────────────────────────────────────────────┐ │ │ │ The format of daily data statistics files has changed in version 9.1.6 of sysstat and is not compatible with the previous one. │ │ │ │ If you choose this option, all existing data files in the /var/log/sysstat/ directory will be deleted. │ │ │ │ If you don't choose this option, the sar(1) command will not work properly until you remove the files manually. │ │ │ │ Remove old format statistics data files? │ │ │ │ <Yes> <No> │ │ │ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ Yes ┌──────────────────────────────────────────────────────┤ Configuring libc6 ├──────────────────────────────────────────────────────┐ │ │ │ There are services installed on your system which need to be restarted when certain libraries, such as libpam, libc, and │ │ libssl, are upgraded. Since these restarts may cause interruptions of service for the system, you will normally be prompted on │ │ each upgrade for the list of services you wish to restart. You can choose this option to avoid being prompted; instead, all │ │ necessary restarts will be done for you automatically so you can avoid being asked questions on each library upgrade. │ │ │ │ Restart services during package upgrades without asking? │ │ │ │ <Yes> <No> │ │ │ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ Yes Restarting services possibly affected by the upgrade: mysql: restarting...done. exim4: restarting...done. cron: restarting...done. apache2: restarting...done. Services restarted successfully. Configuration file `/etc/denyhosts.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** denyhosts.conf (Y/I/N/O/D/Z) [default=N] ? D --- /etc/denyhosts.conf 2013-04-30 11:39:25.000000000 +0100 +++ /etc/denyhosts.conf.dpkg-new 2011-08-17 09:23:04.000000000 +0100 @@ -1,4 +1,4 @@ - ############ THESE SETTINGS ARE REQUIRED ############ + ############ THESE SETTINGS ARE REQUIRED ############ ######################################################################## # @@ -57,7 +57,7 @@ # 'y' = years # # never purge: -PURGE_DENY = +PURGE_DENY = # # purge entries older than 1 week #PURGE_DENY = 1w @@ -197,7 +197,7 @@ #LOCK_FILE = /var/lock/subsys/denyhosts # # Debian -LOCK_FILE = /var/run/denyhosts.pid +LOCK_FILE = /run/denyhosts.pid # # Misc #LOCK_FILE = /tmp/denyhosts.lock @@ -218,9 +218,7 @@ # Multiple email addresses can be delimited by a comma, eg: # ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com # -#ADMIN_EMAIL = root@localhost -# chris -ADMIN_EMAIL = +ADMIN_EMAIL = root@localhost # ####################################################################### @@ -481,7 +479,7 @@ # ###################################################################### - + ####################################################################### # # DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag) @@ -621,3 +619,4 @@ #SYNC_DOWNLOAD_RESILIENCY = 5h # ####################################################################### + Configuration file `/etc/denyhosts.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** denyhosts.conf (Y/I/N/O/D/Z) [default=N] ? Y
Then /etc/denyhosts.conf was manually edited:
#ADMIN_EMAIL = root@localhost ADMIN_EMAIL =
Configuration file `/etc/logrotate.d/apache2' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** apache2 (Y/I/N/O/D/Z) [default=N] ? D --- /etc/logrotate.d/apache2 2013-04-30 11:39:25.000000000 +0100 +++ /etc/logrotate.d/apache2.dpkg-new 2013-03-04 22:06:48.000000000 +0000 @@ -1,32 +1,18 @@ /var/log/apache2/*.log { - daily - missingok - rotate 28 - compress - delaycompress - notifempty - create 640 root adm - sharedscripts - prerotate - /usr/local/webarch/bin/maxclients root@localhost - endscript - postrotate - /etc/init.d/apache2 reload > /dev/null - endscript + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript } - -/home/*/logs/*log { - daily - missingok - rotate 28 - compress - delaycompress - notifempty - create 644 root root - dateext - sharedscripts - postrotate - /etc/init.d/apache2 reload > /dev/null - endscript -} - Configuration file `/etc/logrotate.d/apache2' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** apache2 (Y/I/N/O/D/Z) [default=N] ? N ┌──────────────────────────────────────────────┤ Modified configuration file ├───────────────────────────────────────────────┐ │ A new version of configuration file /etc/php5/apache2/php.ini is available, but the version installed currently has been │ │ locally modified. │ │ │ │ What do you want to do about modified configuration file php.ini? │ │ │ │ install the package maintainer's version │ │ keep the local version currently installed │ │ show the differences between the versions │ │ show a side-by-side difference between the versions │ │ start a new shell to examine the situation │ │ │ │ │ │ <Ok> │ │ │ └────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ ┌─────────────────────────────────────────────────┤ Modified configuration file ├─────────────────────────────────────────────────┐ │ │ │ Line by line differences between versions │ │ --- /etc/php5/apache2/php.ini 2013-04-30 11:39:25.000000000 +0100 │ +++ /usr/share/php5/php.ini-production 2013-10-03 10:36:21.000000000 +0100 │ @@ -19,7 +19,7 @@ │ ; See the PHP docs for more specific information. │ ; http://php.net/configuration.file │ │ -; The syntax of the file is extremely simple. Whitespace and Lines │ +; The syntax of the file is extremely simple. Whitespace and lines │ ; beginning with a semicolon are silently ignored (as you probably guessed). │ ; Section headers (e.g. [Foo]) are also silently ignored, even though │ ; they might mean something in the future. │ @@ -83,6 +83,8 @@ │ ; development version only in development environments as errors shown to │ ; application users can inadvertently leak otherwise secure information. │ │ +; This is php.ini-production INI file. │ + │ ;;;;;;;;;;;;;;;;;;; │ ; Quick Reference ; │ ;;;;;;;;;;;;;;;;;;; │ @@ -91,11 +93,6 @@ │ ; Please see the actual settings later in the document for more details as to why │ ; we recommend these changes in PHP's behavior. │ │ -; allow_call_time_pass_reference │ -; Default Value: On │ -; Development Value: Off │ -; Production Value: Off │ - │ ; display_errors │ ; Default Value: On │ ; Development Value: On │ @@ -107,25 +104,20 @@ │ ; Production Value: Off │ │ ; error_reporting │ -; Default Value: E_ALL & ~E_NOTICE │ -; Development Value: E_ALL | E_STRICT │ -; Production Value: E_ALL & ~E_DEPRECATED │ +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED │ +; Development Value: E_ALL │ +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT │ │ ; html_errors │ │ <Ok> │ │ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ install the package maintainer's version Configuration file `/etc/munin/plugin-conf.d/munin-node' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** munin-node (Y/I/N/O/D/Z) [default=N] ? D --- /etc/munin/plugin-conf.d/munin-node 2013-04-30 11:40:51.000000000 +0100 +++ /etc/munin/plugin-conf.d/munin-node.dpkg-new 2013-06-09 16:41:57.000000000 +0100 @@ -118,13 +118,5 @@ env.PGUSER postgres env.PGPORT 5432 -[apache_*] -env.url http://127.0.0.1:%d/server-status?auto -env.ports 80 - -[multips] -env.names apache2 mysqld - -[multips_memory] -env.names apache2 mysqld - +[fail2ban] +user root
New version installed and then the followin was added to /etc/munin/plugin-conf.d/munin-node manually:
[fail2ban] user root
Configuration file `/etc/munin/munin-node.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** munin-node.conf (Y/I/N/O/D/Z) [default=N] ? D --- /etc/munin/munin-node.conf 2013-04-30 12:27:27.000000000 +0100 +++ /etc/munin/munin-node.conf.dpkg-new 2013-06-09 16:41:45.000000000 +0100 @@ -12,10 +12,9 @@ user root group root -# Regexps for files to ignore -ignore_file ~$ -#ignore_file [#~]$ # FIX doesn't work. '#' starts a comment +# Regexps for files to ignore +ignore_file [\#~]$ ignore_file DEADJOE$ ignore_file \.bak$ ignore_file %$ @@ -34,18 +33,18 @@ # may repeat the allow line as many times as you'd like allow ^127\.0\.0\.1$ -# penguin.webarch.net -allow ^81\.95\.52\.111$ - -# If you have installed the Net::CIDR perl module, you can use -# multiple cidr_allow and cidr_deny address/mask patterns. A -# connecting client must match any cidr_allow, and not match any -# cidr_deny. Example: +allow ^::1$ +# If you have installed the Net::CIDR perl module, you can use one or more +# cidr_allow and cidr_deny address/mask patterns. A connecting client must +# match any cidr_allow, and not match any cidr_deny. Note that a netmask +# *must* be provided, even if it's /32 +# +# Example: +# # cidr_allow 127.0.0.1/32 # cidr_allow 192.0.2.0/24 # cidr_deny 192.0.2.42/32 -#cidr_allow 93.95.226.170/32 # Which address to bind to; host * @@ -53,4 +52,3 @@ # And which port port 4949 - Configuration file `/etc/munin/munin-node.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** munin-node.conf (Y/I/N/O/D/Z) [default=N] ? Y
And /etc/munin/munin-node.conf was manually edidet to add back:
# penguin.webarch.net allow ^81\.95\.52\.111$
All the web sites were then checked. Next phpmyadmin needs checking.
comment:38 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 11.45 to 11.55
metche was sending emails like:
From: root@parrot.webarch.net (Cron Daemon) Date: Sun, 08 Dec 2013 16:50:11 +0000 To: root@parrot.webarch.net Subject: Cron <root@parrot> test -x /usr/sbin/metche && /usr/sbin/metche cron find: `standard output': Broken pipe find: write error
So this was tried:
dpkg -r metche aptitude install metche The following NEW packages will be installed: metche The following packages will be REMOVED: libbind9-60{u} libdb4.7{u} libdns69{u} libfont-freetype-perl{u} libfontenc1{u} libgmp3c2{u} libicu44{u} libisc62{u} libisccc60{u} libisccfg62{u} libjpeg62{u} libjs-mootools{u} liblwres60{u} libmysqlclient16{u} libnl1{u} libserf-0-0{u} libt1-5{u} libtokyocabinet8{u} libxcb-render-util0{u} libxfont1{u} python-central{u} xfonts-encodings{u} xfonts-utils{u}
comment:39 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 11.55 to 11.65
Parrot root has send:
From: root@parrot.webarch.net (Cron Daemon) Date: Sun, 08 Dec 2013 16:09:01 +0000 To: root@parrot.webarch.net Subject: Cron <root@parrot> [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 +-maxdepth 1 -type f -ignore_readdir_race -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/suhosin.so' - +/usr/lib/php5/20100525/suhosin.so: cannot open shared object file: No such file or directory in Unknown on line 0
So this was tried:
mv /etc/php5/conf.d/suhosin.ini /root/ /etc/init.d/apache2 restart
comment:40 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 11.65 to 11.75
To get the new kernel a reboot was done.
And the sites were tested again.
comment:41 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 11.75 to 11.85
The same issue from Puffin was hit, see ticket:535#comment:33
From: root@parrot.webarch.net (Cron Daemon) Date: Thu, 12 Dec 2013 07:15:48 +0000 To: root@parrot.webarch.net Subject: Cron <root@parrot> if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi E: The value 'testing' is invalid for APT::Default-Release as such a release is not available in the sources E: The value 'unstable' is invalid for APT::Default-Release as such a release is not available in the sources
/etc/apt/apt.conf was created containing:
APT::Default-Release "stable" ;
And /usr/share/munin/plugins/apt_all was edited:
#my @releases = ("stable", "testing","unstable"); my @releases = ("stable");
And munin-node restarted.
comment:42 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 11.85 to 11.95
This email:
From: root@parrot.webarch.net (Cron Daemon) Date: Thu, 12 Dec 2013 07:20:01 +0000 To: root@parrot.webarch.net Subject: Cron <root@parrot> /usr/local/webarch/munin/bw.cron File /var/run/munin/bw//earthin_access.log.tail cannot be created. Check your permissions. /usr/local/webarch/munin/bw.cron: line 13: /var/run/munin/bw//earthin_access.log: No such file or directory /usr/local/webarch/munin/bw.cron: line 17: /var/run/munin/bw//earthin_access.log.monthly: No such file or directory cat: /var/run/munin/bw//earthin_access.log.monthly: No such file or directory /usr/local/webarch/munin/bw.cron: line 21: /var/run/munin/bw//earthin_access.log.monthly: No such file or directory File /var/run/munin/bw//movie_access.log.tail cannot be created. Check your permissions. /usr/local/webarch/munin/bw.cron: line 13: /var/run/munin/bw//movie_access.log: No such file or directory /usr/local/webarch/munin/bw.cron: line 17: /var/run/munin/bw//movie_access.log.monthly: No such file or directory cat: /var/run/munin/bw//movie_access.log.monthly: No such file or directory /usr/local/webarch/munin/bw.cron: line 21: /var/run/munin/bw//movie_access.log.monthly: No such file or directory File /var/run/munin/bw//moviedev_access.log.tail cannot be created. Check your permissions. /usr/local/webarch/munin/bw.cron: line 13: /var/run/munin/bw//moviedev_access.log: No such file or directory /usr/local/webarch/munin/bw.cron: line 17: /var/run/munin/bw//moviedev_access.log.monthly: No such file or directory cat: /var/run/munin/bw//moviedev_access.log.monthly: No such file or directory /usr/local/webarch/munin/bw.cron: line 21: /var/run/munin/bw//moviedev_access.log.monthly: No such file or directory File /var/run/munin/bw//recon_access.log.tail cannot be created. Check your permissions. /usr/local/webarch/munin/bw.cron: line 13: /var/run/munin/bw//recon_access.log: No such file or directory /usr/local/webarch/munin/bw.cron: line 17: /var/run/munin/bw//recon_access.log.monthly: No such file or directory cat: /var/run/munin/bw//recon_access.log.monthly: No such file or directory /usr/local/webarch/munin/bw.cron: line 21: /var/run/munin/bw//recon_access.log.monthly: No such file or directory File /var/run/munin/bw//recondev_access.log.tail cannot be created. Check your permissions. /usr/local/webarch/munin/bw.cron: line 13: /var/run/munin/bw//recondev_access.log: No such file or directory /usr/local/webarch/munin/bw.cron: line 17: /var/run/munin/bw//recondev_access.log.monthly: No such file or directory cat: /var/run/munin/bw//recondev_access.log.monthly: No such file or directory /usr/local/webarch/munin/bw.cron: line 21: /var/run/munin/bw//recondev_access.log.monthly: No such file or directory File /var/run/munin/bw//ts_access.log.tail cannot be created. Check your permissions. /usr/local/webarch/munin/bw.cron: line 13: /var/run/munin/bw//ts_access.log: No such file or directory /usr/local/webarch/munin/bw.cron: line 17: /var/run/munin/bw//ts_access.log.monthly: No such file or directory cat: /var/run/munin/bw//ts_access.log.monthly: No such file or directory /usr/local/webarch/munin/bw.cron: line 21: /var/run/munin/bw//ts_access.log.monthly: No such file or directory File /var/run/munin/bw//ttt_access.log.tail cannot be created. Check your permissions. /usr/local/webarch/munin/bw.cron: line 13: /var/run/munin/bw//ttt_access.log: No such file or directory /usr/local/webarch/munin/bw.cron: line 17: /var/run/munin/bw//ttt_access.log.monthly: No such file or directory cat: /var/run/munin/bw//ttt_access.log.monthly: No such file or directory /usr/local/webarch/munin/bw.cron: line 21: /var/run/munin/bw//ttt_access.log.monthly: No such file or directory
Was addressed:
mkdir /var/run/munin/bw chown munin:www-data /var/run/munin/bw chmod 775 /var/run/munin/bw
And munin-node restarted.
comment:43 Changed 3 years ago by chris
There is still a metche issue, this email:
From: root <root@parrot.webarch.net> Date: Thu, 12 Dec 2013 07:20:02 0000 To: root@localhost Subject: parrot.webarch.net - changes report : stable-201312120720 metche saved a new stable state: stable-201312120720.
Was followed by:
From: root@parrot.webarch.net (Cron Daemon) Date: Thu, 12 Dec 2013 07:20:02 +0000 To: root@parrot.webarch.net Subject: Cron <root@parrot> test -x /usr/sbin/metche && /usr/sbin/metche cron find: `standard output': Broken pipe find: write error
comment:44 follow-up: ↓ 45 Changed 3 years ago by chris
There is a issue with these graphs which needs fixing:
comment:45 in reply to: ↑ 44 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.15
- Total Hours changed from 11.95 to 12.1
Replying to chris:
There is a issue with these graphs which needs fixing:
Nothing needed to fix these, they have started working again.
The clock on Parrot was wrong, I have just reset it.
The wiki:ParrotServer pages has been updated.
I have tested phpmyadmin and that is working fine.
I think Parrot is now basically done, so I'm going to make a start on wiki:PenguinServer.
Changed 3 years ago by chris
- Attachment penguin-squeeze.packages.txt added
Packages on Penguin when it was running Squeeze
comment:46 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.31
- Total Hours changed from 12.1 to 12.41
Penguin Wheezy Upgrade
Apt pinning, currently we have, /etc/apt/preferences.d/backports.pref which contains:
Package: gawk geoip-database libcairo2 libfreetype6 libgeoip1 liblog-dispatch-perl libnet-server-perl libpixman-1-0 liburi-perl libxfont1 munin munin-common munin-doc munin-node munin-plugins-core munin-plugins-extra nginx nginx-common nginx-full python-babel trac x11-common Pin: release o=backports Pin-Priority: 990
And /etc/apt/preferences.d/dotdeb.pref which contains:
Package: php-pear php5-cli php5-common php5-fpm php5-mysql php5 Pin: release o=packages.dotdeb.org Pin-Priority: 989
And /etc/apt/preferences.d/squeeze.pref which contains:
Package: * Pin: release a=squeeze Pin-Priority: 990 Package: mysql-common Pin: release a=squeeze Pin-Priority: 995
These were all moved out of the way:
mkdir /root/squeeze mv /etc/apt/preferences.d/* /root/squeeze/
Nothing when the following was run:
dpkg --audit
A list of installed packages was generated and attached to this ticket, /trac/attachment/ticket/535/penguin-squeeze.packages.txt
The MySQL databases were backed up using ninjahelper.
The following files were moved to /root/squeeze:
/etc/apt/sources.list.d/backports.list which contained:
deb http://backports.debian.org/debian-backports squeeze-backports main
/etc/apt/sources.list.d/dotdeb.list which contained:
deb http://packages.dotdeb.org squeeze all deb-src http://packages.dotdeb.org squeeze all
The /etc/apt/sources.list was edited to:
# wheezy # deb http://ftp.debian.org/debian/ wheezy main contrib non-free deb-src http://ftp.debian.org/debian/ wheezy main contrib non-free # # Security updates # deb http://security.debian.org/ wheezy/updates main contrib non-free deb-src http://security.debian.org/ wheezy/updates main contrib non-free
Disk space was checked:
apt-get update ; apt-get -o APT::Get::Trivial-Only=true dist-upgrade The following packages will be REMOVED: defoma libdigest-sha1-perl libdjvulibre-dev libept1 libjpeg62-dev libmagickcore-dev libmagickwand-dev libpango1.0-common libtiff4-dev mysql-client-5.1 mysql-server-5.1 mysql-server-core-5.1 php5-apc php5-gd x-ttcidfont-conf The following NEW packages will be installed: aptitude-common cpp-4.6 cpp-4.7 docutils-common docutils-doc fonts-droid g++-4.7 gcc-4.6 gcc-4.6-base gcc-4.7 gcc-4.7-base gir1.2-atk-1.0 gir1.2-freedesktop gir1.2-gdkpixbuf-2.0 gir1.2-glib-2.0 gir1.2-pango-1.0 gir1.2-rsvg-2.0 git-man imagemagick-common javascript-common kmod krb5-locales libapt-inst1.5 libapt-pkg4.12 libasprintf0c2 libboost-iostreams1.49.0 libclass-isa-perl libclass-load-perl libdata-optlist-perl libdb5.1 libdbi1 libelf1 libencode-locale-perl libept1.4.12 libexiv2-12 libfile-fcntllock-perl libfile-listing-perl libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgettextpo0 libgirepository-1.0-1 libglib2.0-bin libgmp10 libgs9 libgs9-common libhtml-form-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libijs-0.35 libio-socket-ssl-perl libitm1 libjbig-dev libjbig0 libjpeg8 libjs-jquery libjs-sphinxdoc libjs-underscore libkmod2 liblcms2-2 liblensfun-data liblensfun0 liblockfile-bin liblwp-mediatypes-perl liblwp-protocol-https-perl liblzma5 libmagickcore5 libmagickcore5-extra libmagickwand5 libmodule-implementation-perl libmodule-runtime-perl libmount1 libmpc2 libmysqlclient18 libnet-http-perl libnet-ssleay-perl libp11-kit0 libpackage-deprecationmanager-perl libpackage-stash-perl libpackage-stash-xs-perl libpam-modules-bin libparams-classify-perl libparams-util-perl libpcre3-dev libpcrecpp0 libpipeline1 libprocps0 libquadmath0 librsvg2-common librtmp0 libsemanage-common libsemanage1 libsigsegv2 libssh2-1 libssl1.0.0 libstdc++6-4.7-dev libsub-install-perl libswitch-perl libsystemd-login0 libtinfo5 libtokyocabinet9 libtry-tiny-perl libustr-1.0-1 libwww-robotrules-perl libx11-doc ncurses-term poppler-data python2.7 python2.7-minimal ruby-mysql wwwconfig-common The following packages will be upgraded: adduser apt apt-listchanges apt-show-versions apt-utils apticron aptitude autopoint autotools-dev awstats backupninja base-files base-passwd bash bash-completion binutils bsdmainutils bsdutils busybox bzip2 ca-certificates chrony coreutils cpio cpp cpp-4.4 cron dash dbus debconf debconf-i18n debconf-utils debhelper debian-archive-keyring debianutils denyhosts dialog diffutils dmidecode dpkg dpkg-dev e2fslibs e2fsprogs exiv2 fakeroot fcgiwrap fetchmail file findutils firmware-linux-free fontconfig fontconfig-config g++ g++-4.4 gawk gcc gcc-4.4 gcc-4.4-base geoip-database gettext gettext-base ghostscript git git-core gnupg gnupg-curl gpgv grep groff-base gzip heirloom-mailx hostname httrack hwinfo ifupdown imagemagick info initramfs-tools initscripts insserv install-info iozone3 iproute iptables iputils-ping isc-dhcp-client isc-dhcp-common iso-codes klibc-utils less libacl1 libalgorithm-diff-xs-perl libapr1 libaprutil1 libapt-pkg-perl libatk1.0-0 libatk1.0-data libatk1.0-dev libattr1 libavahi-client3 libavahi-common-data libavahi-common3 libblkid1 libbsd0 libbz2-1.0 libbz2-dev libc-bin libc-dev-bin libc6 libc6-dev libcache-cache-perl libcairo-gobject2 libcairo-script-interpreter2 libcairo2 libcairo2-dev libcap2 libcdt4 libcgi-fast-perl libcgraph5 libcomerr2 libcroco3 libcups2 libcupsimage2 libcurl3-gnutls libcwidget3 libdate-manip-perl libdatrie1 libdbd-mysql-perl libdbi-perl libdbus-1-3 libdjvulibre-text libdjvulibre21 libdpkg-perl libedit2 libexif-dev libexif12 libexpat1 libexpat1-dev libfcgi-perl libfcgi0ldbl libffi5 libfont-freetype-perl libfontconfig1 libfontconfig1-dev libfontenc1 libfreetype6 libfreetype6-dev libgcc1 libgcrypt11 libgd2-noxpm libgdbm3 libgeoip1 libglib2.0-0 libglib2.0-data libglib2.0-dev libgnutls26 libgomp1 libgpg-error0 libgpgme11 libgpm2 libgraph4 libgraphviz-dev libgsf-1-114 libgsf-1-common libgssapi-krb5-2 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libgtk2.0-dev libgvc5 libgvpr1 libhal1 libhd16 libhtml-format-perl libhtml-parser-perl libhtml-template-perl libhtml-tree-perl libhttrack2 libice-dev libice6 libidn11 libilmbase-dev libilmbase6 libio-multiplex-perl libio-socket-inet6-perl libipc-sharelite-perl libjasper-dev libjasper1 libjbig2dec0 libjpeg62 libk5crypto3 libkeyutils1 libklibc libkrb5-3 libkrb5support0 liblcms1 liblcms1-dev libldap-2.4-2 liblist-moreutils-perl liblocale-gettext-perl liblockfile1 liblog-dispatch-perl liblqr-1-0 liblqr-1-0-dev libltdl-dev libltdl7 libmagic1 libmailtools-perl libmpfr4 libmysql-ruby libmysql-ruby1.8 libmysqlclient-dev libncurses5 libncursesw5 libneon27-gnutls libnet-cidr-perl libnet-daemon-perl libnet-server-perl libnet-snmp-perl libnetpbm10 libnewt0.52 libnfnetlink0 libopenexr-dev libopenexr6 libossp-uuid16 libpam-modules libpam-runtime libpam0g libpango1.0-0 libpango1.0-dev libpaper-utils libpaper1 libparams-validate-perl libpathplan4 libpcre3 libpixman-1-0 libpixman-1-dev libpng12-0 libpng12-dev libpopt0 libpthread-stubs0 libpthread-stubs0-dev libqdbm14 libreadline5 libreadline6 librrd4 librrds-perl librsvg2-2 librsvg2-dev librsync1 libruby1.8 libruby1.9.1 libsasl2-2 libsasl2-modules libselinux1 libsepol1 libsigc++-2.0-0c2a libslang2 libsm-dev libsm6 libsocket6-perl libsqlite3-0 libss2 libstdc++6 libstdc++6-4.4-dev libsvn1 libt1-5 libtasn1-3 libtext-charwidth-perl libtext-iconv-perl libthai-data libthai0 libtiff4 libtiffxx0c2 libtool libudev0 libunistring0 liburi-perl libusb-0.1-4 libuuid-perl libuuid1 libwmf-dev libwmf0.2-7 libwrap0 libwww-perl libx11-6 libx11-data libx11-dev libxapian22 libxau-dev libxau6 libxcb-render0 libxcb-render0-dev libxcb-shm0 libxcb-shm0-dev libxcb1 libxcb1-dev libxcomposite-dev libxcomposite1 libxcursor-dev libxcursor1 libxdamage-dev libxdamage1 libxdmcp-dev libxdmcp6 libxdot4 libxext-dev libxext6 libxfixes-dev libxfixes3 libxfont1 libxft-dev libxft2 libxi-dev libxi6 libxinerama-dev libxinerama1 libxml2 libxml2-dev libxml2-utils libxmuu1 libxpm4 libxrandr-dev libxrandr2 libxrender-dev libxrender1 libxslt1.1 libxt-dev libxt6 libyaml-0-2 libyaml-syck-perl linux-base linux-libc-dev locales locate lockfile-progs login logrotate logwatch lsb-base lsb-release lynx lynx-cur make man-db manpages manpages-dev mawk metche mime-support module-init-tools mount multiarch-support munin munin-common munin-doc munin-node munin-plugins-core munin-plugins-extra mutt mysql-common nano ncurses-base ncurses-bin net-tools netbase netcat-traditional netpbm ntpdate ocaml-base-nox openssh-blacklist openssh-blacklist-extra openssh-client openssh-server openssl passwd patch perl perl-base perl-modules php-pear php5 php5-cli php5-common php5-fpm php5-mysql pkg-config po-debconf postfix procps psmisc pwgen python python-apt python-apt-common python-babel python-central python-chardet python-docutils python-genshi python-imaging python-lxml python-minimal python-pkg-resources python-pygments python-pylibacl python-pyxattr python-roman python-setuptools python-subversion python-support python-tz python2.6 python2.6-minimal rdate rdiff-backup readline-common rrdtool rsync rsyslog ruby1.8 ruby1.8-dev ruby1.9.1 ruby1.9.1-dev rubygems rubygems1.8 screen sed sensible-utils sgml-base shared-mime-info sqlite3 ssl-cert subversion sudo sysv-rc sysvinit sysvinit-utils tar tasksel tasksel-data tcpd timelimit trac trac-email2trac traceroute ttf-dejavu ttf-dejavu-core ttf-dejavu-extra tzdata ucf udev ufraw-batch unzip util-linux util-linux-locales vim vim-common vim-runtime vim-tiny webalizer wget whiptail x11-common x11proto-composite-dev x11proto-core-dev x11proto-damage-dev x11proto-fixes-dev x11proto-input-dev x11proto-kb-dev x11proto-randr-dev x11proto-render-dev x11proto-xext-dev x11proto-xinerama-dev xauth xfonts-encodings xfonts-utils xml-core xorg-sgml-doctools xtrans-dev xz-utils zlib1g zlib1g-dev 483 upgraded, 114 newly installed, 15 to remove and 0 not upgraded. Need to get 303 MB of archives. After this operation, 102 MB of additional disk space will be used. E: Trivial Only specified but this is not a trivial operation.
Now we are ready to start the upgrade.
comment:47 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.7
- Total Hours changed from 12.41 to 13.11
apt-get update ; apt-get upgrade The following packages have been kept back: apt apt-utils aptitude base-files bash binutils bsdmainutils ca-certificates chrony cpp cpp-4.4 dbus debhelper denyhosts dialog dpkg exiv2 fetchmail g++ g++-4.4 gawk gcc gcc-4.4 gcc-4.4-base gettext gettext-base ghostscript git heirloom-mailx ifupdown imagemagick info initscripts iproute iptables iputils-ping less libalgorithm-diff-xs-perl libaprutil1 libapt-pkg-perl libatk1.0-0 libatk1.0-dev libc-bin libc-dev-bin libc6 libc6-dev libcdt4 libcgi-fast-perl libcgraph5 libcups2 libcupsimage2 libcurl3-gnutls libcwidget3 libdbd-mysql-perl libdbi-perl libdjvulibre-dev libdjvulibre21 libedit2 libexif-dev libexif12 libfcgi-perl libfont-freetype-perl libgcc1 libgcrypt11 libgd2-noxpm libglib2.0-0 libglib2.0-dev libgnutls26 libgomp1 libgraph4 libgraphviz-dev libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libgtk2.0-dev libgvc5 libgvpr1 libhtml-parser-perl libilmbase-dev libilmbase6 libipc-sharelite-perl libjasper-dev libjasper1 libjpeg62 libjpeg62-dev libldap-2.4-2 liblist-moreutils-perl liblocale-gettext-perl liblockfile1 liblog-dispatch-perl libmagickcore-dev libmagickwand-dev libmpfr4 libmysql-ruby libmysql-ruby1.8 libmysqlclient-dev libncurses5 libncursesw5 libneon27-gnutls libnetpbm10 libpam-modules libpango1.0-0 libpango1.0-dev libparams-validate-perl libpathplan4 libreadline5 libreadline6 librrd4 librrds-perl librsvg2-2 librsvg2-dev libruby1.8 libruby1.9.1 libsasl2-2 libsasl2-modules libsigc++-2.0-0c2a libsocket6-perl libstdc++6 libstdc++6-4.4-dev libsvn1 libtext-charwidth-perl libtext-iconv-perl libtiff4 libtiff4-dev libtiffxx0c2 libuuid-perl libwmf-dev libwmf0.2-7 libwww-perl libxapian22 libxdot4 libxml2 libxml2-dev libyaml-syck-perl locales lsb-release lynx lynx-cur man-db module-init-tools mount mutt mysql-common nano ncurses-bin netbase netpbm ntpdate ocaml-base-nox openssh-client openssh-server openssl passwd perl perl-base perl-modules php-pear php5 php5-cli php5-common php5-fpm php5-gd php5-mysql postfix procps psmisc python python-apt python-babel python-chardet python-docutils python-genshi python-imaging python-lxml python-minimal python-pygments python-pylibacl python-pyxattr python-tz python2.6 python2.6-minimal rdiff-backup rrdtool rsyslog ruby1.8 ruby1.8-dev ruby1.9.1 ruby1.9.1-dev screen sgml-base subversion sysvinit tasksel trac ufraw-batch util-linux util-linux-locales vim vim-common vim-runtime vim-tiny webalizer wget xml-core xz-utils The following packages will be upgraded: adduser apt-listchanges apt-show-versions apticron autopoint autotools-dev awstats backupninja base-passwd bash-completion bsdutils busybox bzip2 coreutils cpio cron dash debconf debconf-i18n debconf-utils debian-archive-keyring debianutils diffutils dmidecode dpkg-dev e2fslibs e2fsprogs fakeroot fcgiwrap file findutils firmware-linux-free fontconfig fontconfig-config geoip-database git-core gnupg gnupg-curl gpgv grep groff-base gzip hostname httrack hwinfo initramfs-tools insserv install-info iozone3 isc-dhcp-client isc-dhcp-common iso-codes klibc-utils libacl1 libapr1 libatk1.0-data libattr1 libavahi-client3 libavahi-common-data libavahi-common3 libblkid1 libbsd0 libbz2-1.0 libbz2-dev libcache-cache-perl libcairo-gobject2 libcairo-script-interpreter2 libcairo2 libcairo2-dev libcap2 libcomerr2 libcroco3 libdate-manip-perl libdatrie1 libdbus-1-3 libdjvulibre-text libdpkg-perl libexpat1 libexpat1-dev libfcgi0ldbl libffi5 libfontconfig1 libfontconfig1-dev libfontenc1 libfreetype6 libfreetype6-dev libgdbm3 libgeoip1 libglib2.0-data libgpg-error0 libgpgme11 libgpm2 libgsf-1-114 libgsf-1-common libgssapi-krb5-2 libhal1 libhd16 libhtml-format-perl libhtml-template-perl libhtml-tree-perl libhttrack2 libice-dev libice6 libidn11 libio-multiplex-perl libio-socket-inet6-perl libjbig2dec0 libk5crypto3 libkeyutils1 libklibc libkrb5-3 libkrb5support0 liblcms1 liblcms1-dev liblqr-1-0 liblqr-1-0-dev libltdl-dev libltdl7 libmagic1 libmailtools-perl libnet-cidr-perl libnet-daemon-perl libnet-server-perl libnet-snmp-perl libnewt0.52 libnfnetlink0 libopenexr-dev libopenexr6 libossp-uuid16 libpam-runtime libpam0g libpaper-utils libpaper1 libpcre3 libpixman-1-0 libpixman-1-dev libpng12-0 libpng12-dev libpopt0 libpthread-stubs0 libpthread-stubs0-dev libqdbm14 librsync1 libselinux1 libsepol1 libslang2 libsm-dev libsm6 libsqlite3-0 libss2 libt1-5 libtasn1-3 libthai-data libthai0 libtool libudev0 libunistring0 liburi-perl libusb-0.1-4 libuuid1 libwrap0 libx11-6 libx11-data libx11-dev libxau-dev libxau6 libxcb-render0 libxcb-render0-dev libxcb-shm0 libxcb-shm0-dev libxcb1 libxcb1-dev libxcomposite-dev libxcomposite1 libxcursor-dev libxcursor1 libxdamage-dev libxdamage1 libxdmcp-dev libxdmcp6 libxext-dev libxext6 libxfixes-dev libxfixes3 libxfont1 libxft-dev libxft2 libxi-dev libxi6 libxinerama-dev libxinerama1 libxml2-utils libxmuu1 libxpm4 libxrandr-dev libxrandr2 libxrender-dev libxrender1 libxslt1.1 libxt-dev libxt6 libyaml-0-2 linux-base linux-libc-dev locate lockfile-progs login logrotate logwatch lsb-base make manpages manpages-dev mawk metche mime-support multiarch-support munin munin-common munin-doc munin-node munin-plugins-core munin-plugins-extra ncurses-base net-tools netcat-traditional openssh-blacklist openssh-blacklist-extra patch pkg-config po-debconf pwgen python-apt-common python-central python-pkg-resources python-roman python-setuptools python-subversion python-support rdate readline-common rsync rubygems rubygems1.8 sed sensible-utils shared-mime-info sqlite3 ssl-cert sudo sysv-rc sysvinit-utils tar tasksel-data tcpd timelimit trac-email2trac traceroute ttf-dejavu ttf-dejavu-core ttf-dejavu-extra tzdata ucf udev unzip whiptail x11-common x11proto-composite-dev x11proto-core-dev x11proto-damage-dev x11proto-fixes-dev x11proto-input-dev x11proto-kb-dev x11proto-randr-dev x11proto-render-dev x11proto-xext-dev x11proto-xinerama-dev xauth xfonts-encodings xfonts-utils xorg-sgml-doctools xtrans-dev zlib1g zlib1g-dev 284 upgraded, 0 newly installed, 0 to remove and 205 not upgraded. Need to get 78.8 MB of archives. After this operation, 13.2 MB disk space will be freed. Do you want to continue [Y/n]? Y apticron (1.1.51) unstable; urgency=low New config option CUSTOM_FROM allows setting a custom sender by replacing the default 'From:' field in the notification emails. -- Tiago Bortoletto Vaz <tiago@debian.org> Mon, 29 Aug 2011 00:00:23 -0300 backupninja (1.0~rc1-1) unstable; urgency=low duplicity 0.6.17 and later has moved to a new sftp/scp backend which no longer uses sftp/scp client programs, but instead relies on paramiko, a Python ssh+sftp implementation. Therefore, the sshoptions option of the backupninja duplicity handler cannot be used for anything but the one supported by this new backend: -oIdentityfile=some_key_file -- all other ssh options are ignored. -- intrigeri <intrigeri@debian.org> Fri, 27 Apr 2012 23:07:11 +0200 backupninja (0.9.10-1) unstable; urgency=low Being severely broken for ages (see #596935), LDAP support was removed upstream. It will come back once this code has found itself a maintainer. Interested? Get in touch! -- intrigeri <intrigeri+debian@boum.org> Fri, 23 Sep 2011 17:32:11 +0200 cron (3.0pl1-119) unstable; urgency=low The semantics of the -L option of the cron daemon have changed: from now on, the value will be interpreted as a bitmask of various log selectors, with "1" (log only the start of jobs) being the new default. Additionally, since -117 (NEWS entry was overlooked), the LSBNAMES variable in /etc/default/cron was merged with the EXTRA_OPTS variable as it was redundant. -- Christian Kastner <debian@kvr.at> Sun, 07 Aug 2011 21:13:19 +0200 libdate-manip-perl (6.23-1) unstable; urgency=low Renamed one Date::Manip::Recur method The Date::Manip::Recur::base method has been renamed to basedate. The Date::Manip::Recur::base method should return the Date::Manip::Base object like all the other Date::Manip modules. -- gregor herrmann <gregoa@debian.org> Wed, 20 Apr 2011 22:42:38 +0200 libdate-manip-perl (6.20-1) unstable; urgency=low Reworked recurrences Recurrences were reworked in a (slightly) backward incompatible way to improve their usefulness (and to make them conform to the expected results). Most recurrences will work the same, but a few will differ. Cf. `man Date::Manip::Changes6' or `perldoc Date::Manip::Changes6'. -- gregor herrmann <gregoa@debian.org> Wed, 29 Dec 2010 16:28:09 +0100 libdate-manip-perl (6.14-1) unstable; urgency=low As of Date::Manip 6.14, the 5.xx release is fully integrated into the distribution. Both will be installed automatically and you can switch between them. Cf. `man Date::Manip' or `perldoc Date::Manip'. -- gregor herrmann <gregoa@debian.org> Tue, 26 Oct 2010 16:47:26 +0200 libhtml-tree-perl (5.00-1) unstable; urgency=low [THINGS THAT MAY BREAK YOUR CODE OR TESTS] * Use weak references to avoid memory leaks See "Weak References" in HTML::Element for details. * new_from_file now dies if the file cannot be opened. $! records the specific problem. (Previously, you got a tree with a few implicit elements.) * Some methods normally returning a scalar could return the empty list in certain circumstances. This has been corrected. The affected methods are: address, deobjectify_text, detach, is_inside, & pindex. * deprecate the Version sub/method. Use the VERSION method instead. -- gregor herrmann <gregoa@debian.org> Fri, 15 Jun 2012 14:50:32 +0200 linux-base (3) unstable; urgency=low * Some HP Smart Array controllers are now handled by the new 'hpsa' driver, rather than the 'cciss' driver. While the cciss driver presented disk device names beginning with 'cciss/', hpsa makes disk arrays appear as ordinary SCSI disks and presents device names beginning with 'sd'. In a system that already has other SCSI or SCSI-like devices, names may change unpredictably. During the upgrade from earlier versions, you will be prompted to update configuration files which refer to device names that may change. You can choose to do this yourself or to follow an automatic upgrade process. All changed configuration files are backed up with a suffix of '.old' (or '^old' in one case). -- Ben Hutchings <ben@decadent.org.uk> Wed, 16 Mar 2011 13:19:34 +0000 logrotate (3.8.0-1) experimental; urgency=low Please note that this update changes the behaviour of logrotate: Logrotate now skips directories which are world writable or writable by group which is not "root" unless the (new) "su" directive is used. -- Paul Martin <pm@debian.org> Sun, 28 Aug 2011 19:16:36 +0100 lsb (4.1+Debian1) unstable; urgency=low This version implements a new "Fancy output" in the form of "[....] " blocks prepended to the daemon status messages: Before: Starting/stopping long daemon name: daemond daemon2d After: [....] Starting/stopping long daemon name: daemond daemon2d This block will become either a green [ ok ], a yellow [warn] or a red [FAIL] depending on the daemon exit status. The "Fancy output" can be disabled by setting the FANCYTTY variable to 0 in the /etc/lsb-base-logging.sh configuration file. -- Didier Raboud <odyx@debian.org> Thu, 19 Apr 2012 11:25:01 +0200 pam (1.1.2-1) unstable; urgency=low * Name of option for minimum Unix password length has changed The Debian-specific 'min=n' option to pam_unix for specifying minimum lengths for new passwords has been replaced by a new upstream option called 'minlen=n'. If you are using 'min=n' in /etc/pam.d/common-password, this will be migrated to the new option name for you on upgrade. If you have configured pam_unix password changing elsewhere on your system, such as in a PAM profile under /usr/share/pam-configs or in other files in /etc/pam.d, you will need to update them by hand for this change. -- Steve Langasek <vorlon@debian.org> Tue, 31 Aug 2010 23:09:30 -0700 patch (2.6.1-1) unstable; urgency=low The options -U --unified-reject-files and --global-reject-file have now been removed. -- Christoph Berg <myon@debian.org> Sun, 06 Feb 2011 20:17:11 +0100 qdbm (1.8.78-1) unstable; urgency=low gdbm emulation (hovel) is dropped from this version (cf. #620550). It breaks symbol versioning policy to keep its old version despite dropping gdbm_* symbols, assuming nobody use it. If you've used its functionarity, please switch to gdbm, or rebuild source package removing "--disable-gdbm" flag. -- KURASHIKI Satoru <lurdan@gmail.com> Fri, 19 Aug 2011 08:38:15 +0900 rubygems (1.7.2-1) unstable; urgency=low * executables are now installed to /usr/local/bin, instread of /var/lib/gems/1.8/bin * but the other files created by rubygems stay in /var/lib/gems/1.8. Several commenters in #448639 and #403407 argued in favor of the switch to /usr/local/bin. Those two bugs can therefore be closed. However, the issue is not completely solved, as rubygems still installs files in /var/lib/gems. Nobody in the bug logs explained why that was an issue. If you care about it, please open a new bug. Closes: #448639, #403407 -- Daigo Moriwaki <daigo@debian.org> Fri, 29 Apr 2011 19:07:08 +0900 This version implements a new "Fancy output" in the form of "[....] " blocks prepended to the daemon status messages: Before: Starting/stopping long daemon name: daemond daemon2d After: [....] Starting/stopping long daemon name: daemond daemon2d This block will become either a green [ ok ], a yellow [warn] or a red [FAIL] depending on the daemon exit status. The "Fancy output" can be disabled by setting the FANCYTTY variable to 0 in the /etc/lsb-base-logging.sh configuration file. -- Didier Raboud <odyx@debian.org> Thu, 19 Apr 2012 11:25:01 +0200 pam (1.1.2-1) unstable; urgency=low * Name of option for minimum Unix password length has changed The Debian-specific 'min=n' option to pam_unix for specifying minimum lengths for new passwords has been replaced by a new upstream option called 'minlen=n'. If you are using 'min=n' in /etc/pam.d/common-password, this will be migrated to the new option name for you on upgrade. If you have configured pam_unix password changing elsewhere on your system, such as in a PAM profile under /usr/share/pam-configs or in other files in /etc/pam.d, you will need to update them by hand for this change. -- Steve Langasek <vorlon@debian.org> Tue, 31 Aug 2010 23:09:30 -0700 patch (2.6.1-1) unstable; urgency=low The options -U --unified-reject-files and --global-reject-file have now been removed. -- Christoph Berg <myon@debian.org> Sun, 06 Feb 2011 20:17:11 +0100 qdbm (1.8.78-1) unstable; urgency=low gdbm emulation (hovel) is dropped from this version (cf. #620550). It breaks symbol versioning policy to keep its old version despite dropping gdbm_* symbols, assuming nobody use it. If you've used its functionarity, please switch to gdbm, or rebuild source package removing "--disable-gdbm" flag. -- KURASHIKI Satoru <lurdan@gmail.com> Fri, 19 Aug 2011 08:38:15 +0900 rubygems (1.7.2-1) unstable; urgency=low * executables are now installed to /usr/local/bin, instread of /var/lib/gems/1.8/bin * but the other files created by rubygems stay in /var/lib/gems/1.8. Several commenters in #448639 and #403407 argued in favor of the switch to /usr/local/bin. Those two bugs can therefore be closed. However, the issue is not completely solved, as rubygems still installs files in /var/lib/gems. Nobody in the bug logs explained why that was an issue. If you care about it, please open a new bug. Closes: #448639, #403407 -- Daigo Moriwaki <daigo@debian.org> Fri, 29 Apr 2011 19:07:08 +0900 sudo (1.8.2-1) unstable; urgency=low The sudo package is no longer configured using --with-secure-path. Instead, the provided sudoers file now contains a line declaring 'Defaults secure_path=' with the same path content that was previously hard-coded in the binary. A consequence of this change is that if you do not have such a definition in sudoers, the PATH searched for commands by sudo may be empty. Using explicit paths for each command you want to run with sudo will work well enough to allow the sudoers file to be updated with a suitable entry if one is not already present and you choose to not accept the updated version provided by the package. -- Bdale Garbee <bdale@gag.com> Wed, 24 Aug 2011 13:33:11 -0600 sysvinit-utils (2.88dsf-17) unstable; urgency=low bootlogd has moved from sysvinit-utils to a separate bootlogd package. If you wish to continue using bootlogd, please install the bootlogd package. Note that the configuration file /etc/default/bootlogd and its option BOOTLOGD_ENABLE no longer exist; if you do not wish to run bootlogd, remove the bootlogd package. -- Josh Triplett <josh@joshtriplett.org> Mon, 19 Dec 2011 12:03:08 +0000 Configuration file `/etc/securetty' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** securetty (Y/I/N/O/D/Z) [default=N] ? D --- /etc/securetty 2012-12-15 15:27:25.000000000 +0000 +++ /etc/securetty.dpkg-new 2012-05-25 22:24:43.000000000 +0100 @@ -230,6 +230,12 @@ ttyAM14 ttyAM15 +# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU) +ttyAMA0 +ttyAMA1 +ttyAMA2 +ttyAMA3 + # DataBooster serial ports ttyDB0 ttyDB1 @@ -355,6 +361,10 @@ hvc0 hvc1 #... +#IBM pSeries console ports +hvsi0 +hvsi1 +hvsi2 # Equinox SST multi-port serial boards ttyEQ0 @@ -363,7 +373,7 @@ # ========================================================== # -# Not in Documentation/Devicess.txt +# Not in Documentation/Devices.txt # # ========================================================== @@ -375,10 +385,9 @@ ttymxc4 ttymxc5 -# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU) -ttyama0 -ttyama1 -ttyama2 -ttyama3 +# Serial Console for MIPS Swarm +duart0 +duart1 -hvc0 +# s390 and s390x ports in LPAR mode +ttysclp0 (END) Configuration file `/etc/securetty' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** securetty (Y/I/N/O/D/Z) [default=N] ? Y ┌─────────────────────────────────────────────────────────────────┤ Configuring libpam0g ├──────────────────────────────────────────────────────────────────┐ │ │ │ There are services installed on your system which need to be restarted when certain libraries, such as libpam, libc, and libssl, are upgraded. Since │ │ these restarts may cause interruptions of service for the system, you will normally be prompted on each upgrade for the list of services you wish to │ │ restart. You can choose this option to avoid being prompted; instead, all necessary restarts will be done for you automatically so you can avoid being │ │ asked questions on each library upgrade. │ │ │ │ Restart services during package upgrades without asking? │ │ │ │ <Yes> <No> │ │ │ └───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ Yes dpkg: warning: unable to delete old directory '/var/lib/gems/1.8': Directory not empty dpkg: warning: unable to delete old directory '/var/lib/gems': Directory not empty ┌────────────────────────────────────────────────────────────────┤ Configuring linux-base ├─────────────────────────────────────────────────────────────────┐ │ │ │ The new Linux kernel version provides different drivers for some PATA (IDE) controllers. The names of some hard disk, CD-ROM, and tape devices may │ │ change. │ │ │ │ It is now recommended to identify disk devices in configuration files by label or UUID (unique identifier) rather than by device name, which will work │ │ with both old and new kernel versions. │ │ │ │ If you choose to not update the system configuration automatically, you must update device IDs yourself before the next system reboot or the system may │ │ become unbootable. │ │ │ │ Update disk device IDs in system configuration? │ │ │ │ <Yes> <No> │ │ │ └───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ No ┌─────────────────────────────────────────────────────┤ Configuring linux-base ├──────────────────────────────────────────────────────┐ │ │ │ Boot loader configuration check needed │ │ │ │ The boot loader configuration for this system was not recognized. These settings in the configuration may need to be updated: │ │ │ │ * The root device ID passed as a kernel parameter; │ │ * The boot device ID used to install and update the boot loader. │ │ │ │ │ │ You should generally identify these devices by UUID or label. However, on MIPS systems the root device must be identified by name. │ │ │ │ <Ok> │ │ │ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ ┌───────────────────────────────────────────────────────┤ Configuring metche ├───────────────────────────────────────────────────────┐ │ A new version of configuration file /etc/metche.conf is available, but the version installed currently has been locally modified. │ │ │ │ What do you want to do about modified configuration file metche.conf? │ │ │ │ install the package maintainer's version │ │ keep the local version currently installed │ │ show the differences between the versions │ │ show a side-by-side difference between the versions │ │ show a 3-way difference between available versions │ │ do a 3-way merge between available versions (experimental) │ │ start a new shell to examine the situation │ │ │ │ │ │ <Ok> │ │ │ └────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ ┌──────────────────────────┤ Configuring metche ├───────────────────────────┐ │ │ │ Line by line differences between versions │ │ │ │ --- /etc/metche.conf 2013-03-22 14:33:39.000000000 +0000 │ │ +++ /tmp/filesoFFGy 2013-12-08 20:25:56.380119098 +0000 │ │ @@ -51,13 +51,13 @@ │ │ # - "printcap" when cups browsing feature are used. │ │ # │ │ # Example (default value): │ │ -EXCLUDES="*.swp #* *~ *.gpg *.key ifstate adjtime ld.so.cache shadow* \ │ │ - .cache .gnupg blkid.tab* aumixrc net.enable mtab backup.d \ │ │ - vdirbase run.rev vdir run.rev \ │ │ - prng_exch smtp_scache.pag smtpd_scache.pag \ │ │ - smtp_scache.dir smtpd_scache.dir local.sh \ │ │ - ssh_host_dsa_key* ssh_host_rsa_key* \ │ │ - hosts.deny" │ │ +#EXCLUDES=".git _darcs .svn .bzr CVS .hg _FOSSIL_ \ │ │ +# *.swp #* *~ *.gpg *.key ifstate adjtime ld.so.cache shadow* \ │ │ +# .cache .gnupg blkid.tab* aumixrc net.enable mtab backup.d \ │ │ +# vdirbase run.rev vdir run.rev \ │ │ +# prng_exch smtp_scache.pag smtpd_scache.pag \ │ │ +# smtp_scache.dir smtpd_scache.dir local.sh \ │ │ +# ssh_host_dsa_key* ssh_host_rsa_key*" │ │ │ │ # Locale (will be used to feed LC_ALL) │ │ # Warning: values different from "C" are untested. │ │ │ │ <Ok> │ │ │ └───────────────────────────────────────────────────────────────────────────┘ install the package maintainer's version Configuration file `/etc/sudoers' ==> File on system created by you or by a script. ==> File also in package provided by package maintainer. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** sudoers (Y/I/N/O/D/Z) [default=N] ? D --- /etc/sudoers 2012-12-15 21:16:04.000000000 +0000 +++ /etc/sudoers.dpkg-new 2013-03-01 05:20:20.000000000 +0000 @@ -1,11 +1,14 @@ -# /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# # See the man page for details on how to write a sudoers file. # - Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Host alias specification @@ -14,13 +17,11 @@ # Cmnd alias specification # User privilege specification -root ALL=(ALL) ALL +root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command -# (Note that later entries override this, so you might need to move -# it further down) -# chris -#%sudo ALL=(ALL) ALL -%sudo ALL=(ALL) NOPASSWD: ALL -# +%sudo ALL=(ALL:ALL) ALL + +# See sudoers(5) for more information on "#include" directives: + #includedir /etc/sudoers.d Configuration file `/etc/sudoers' ==> File on system created by you or by a script. ==> File also in package provided by package maintainer. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** sudoers (Y/I/N/O/D/Z) [default=N] ? Y
The sudoers files was then manually edited to add back:
# Allow members of group sudo to execute any command #%sudo ALL=(ALL:ALL) ALL %sudo ALL=(ALL) NOPASSWD: ALL
Configuration file `/etc/email2trac.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** email2trac.conf (Y/I/N/O/D/Z) [default=N] ? D --- /etc/email2trac.conf 2013-02-21 19:53:26.000000000 +0000 +++ /etc/email2trac.conf.dpkg-new 2012-01-08 11:28:28.000000000 +0000 @@ -1,25 +1,22 @@ [DEFAULT] -project: /web/tech.transitionnetwork.org/trac +project: /data/trac/hpcv/project/test debug: 0 -umask: 022 -spam_level: 5 -reply_all : 0 -mailto_link: 0 -umask: 022 -email_header: 0 -trac_version: 0.11 -enable_syslog : 1 -alternate_notify_template : -alternate_notify_template_update : -drop_spam : 0 -verbatim_format: 1 -strip_signature: 0 -email_quote: > -strip_quotes: 0 -ignore_trac_user_settings: 0 black_list: MAILER-DAEMON@ +drop_spam : 1 drop_alternative_html_version: 1 +email_quote: > +html2text_cmd: +ignore_trac_user_settings: 0 +inline_properties: 1 +reply_all : 0 +spam_level: 5 +strip_quotes: 0 +strip_signature: 0 ticket_update: 1 +ticket_update_by_subject: 1 +umask: 022 +verbatim_format: 1 + [bas] project: /data/trac/bas Configuration file `/etc/email2trac.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** email2trac.conf (Y/I/N/O/D/Z) [default=N] ? N
So far so good... these sites were tested:
- https://penguin.transitionnetwork.org/ OK
- https://trac.transitionnetwork.org/trac OK
- https://stats.transitionnetwork.org/ OK
- https://wiki.transitionnetwork.org/ OK
- https://patterns.transitionresearchnetwork.org/ 502 bad Gateway
- http://static.transitionnetwork.org/ OK
- http://2010.archive.transitionnetwork.org/ OK
- http://2011.archive.transitionnetwork.org/ OK
- http://totnes.transitionnetwork.org/ OK
The Wagn server we restarted:
su-wagn wagn-start => Booting WEBrick => Rails 3.2.14 application starting in production on http://127.0.0.1:3000
And now it's OK.
comment:48 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 1.0
- Total Hours changed from 13.11 to 14.11
apt-get dist-upgrade The following packages will be REMOVED: defoma libdigest-sha1-perl libdjvulibre-dev libept1 libjpeg62-dev libmagickcore-dev libmagickwand-dev libpango1.0-common libtiff4-dev mysql-client-5.1 mysql-server-5.1 mysql-server-core-5.1 php5-apc php5-gd x-ttcidfont-conf The following NEW packages will be installed: aptitude-common cpp-4.6 cpp-4.7 docutils-common docutils-doc fonts-droid g++-4.7 gcc-4.6 gcc-4.6-base gcc-4.7 gcc-4.7-base gir1.2-atk-1.0 gir1.2-freedesktop gir1.2-gdkpixbuf-2.0 gir1.2-glib-2.0 gir1.2-pango-1.0 gir1.2-rsvg-2.0 git-man imagemagick-common javascript-common kmod libapt-inst1.5 libapt-pkg4.12 libasprintf0c2 libboost-iostreams1.49.0 libclass-isa-perl libclass-load-perl libdata-optlist-perl libdb5.1 libdbi1 libelf1 libencode-locale-perl libept1.4.12 libexiv2-12 libfile-listing-perl libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgettextpo0 libgirepository-1.0-1 libglib2.0-bin libgmp10 libgs9 libgs9-common libhtml-form-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libijs-0.35 libio-socket-ssl-perl libitm1 libjbig-dev libjbig0 libjpeg8 libjs-jquery libjs-sphinxdoc libjs-underscore libkmod2 liblcms2-2 liblensfun-data liblensfun0 liblockfile-bin liblwp-mediatypes-perl liblwp-protocol-https-perl liblzma5 libmagickcore5 libmagickcore5-extra libmagickwand5 libmodule-implementation-perl libmodule-runtime-perl libmount1 libmpc2 libmysqlclient18 libnet-http-perl libnet-ssleay-perl libp11-kit0 libpackage-deprecationmanager-perl libpackage-stash-perl libpackage-stash-xs-perl libpam-modules-bin libparams-classify-perl libparams-util-perl libpcre3-dev libpcrecpp0 libpipeline1 libprocps0 libquadmath0 librsvg2-common librtmp0 libsemanage-common libsemanage1 libsigsegv2 libssh2-1 libssl1.0.0 libstdc++6-4.7-dev libsub-install-perl libswitch-perl libsystemd-login0 libtinfo5 libtokyocabinet9 libtry-tiny-perl libustr-1.0-1 libwww-robotrules-perl ncurses-term poppler-data python2.7 python2.7-minimal ruby-mysql wwwconfig-common The following packages will be upgraded: apt apt-utils aptitude base-files bash binutils bsdmainutils ca-certificates chrony cpp cpp-4.4 dbus debhelper denyhosts dialog dpkg exiv2 fetchmail g++ g++-4.4 gawk gcc gcc-4.4 gcc-4.4-base gettext gettext-base ghostscript git heirloom-mailx ifupdown imagemagick info initscripts iproute iptables iputils-ping less libalgorithm-diff-xs-perl libaprutil1 libapt-pkg-perl libatk1.0-0 libatk1.0-dev libc-bin libc-dev-bin libc6 libc6-dev libcdt4 libcgi-fast-perl libcgraph5 libcups2 libcupsimage2 libcurl3-gnutls libcwidget3 libdbd-mysql-perl libdbi-perl libdjvulibre21 libedit2 libexif-dev libexif12 libfcgi-perl libfont-freetype-perl libgcc1 libgcrypt11 libgd2-noxpm libglib2.0-0 libglib2.0-dev libgnutls26 libgomp1 libgraph4 libgraphviz-dev libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libgtk2.0-dev libgvc5 libgvpr1 libhtml-parser-perl libilmbase-dev libilmbase6 libipc-sharelite-perl libjasper-dev libjasper1 libjpeg62 libldap-2.4-2 liblist-moreutils-perl liblocale-gettext-perl liblockfile1 liblog-dispatch-perl libmpfr4 libmysql-ruby libmysql-ruby1.8 libmysqlclient-dev libncurses5 libncursesw5 libneon27-gnutls libnetpbm10 libpam-modules libpango1.0-0 libpango1.0-dev libparams-validate-perl libpathplan4 libreadline5 libreadline6 librrd4 librrds-perl librsvg2-2 librsvg2-dev libruby1.8 libruby1.9.1 libsasl2-2 libsasl2-modules libsigc++-2.0-0c2a libsocket6-perl libstdc++6 libstdc++6-4.4-dev libsvn1 libtext-charwidth-perl libtext-iconv-perl libtiff4 libtiffxx0c2 libuuid-perl libwmf-dev libwmf0.2-7 libwww-perl libxapian22 libxdot4 libxml2 libxml2-dev libyaml-syck-perl locales lsb-release lynx lynx-cur man-db module-init-tools mount mutt mysql-common nano ncurses-bin netbase netpbm ntpdate ocaml-base-nox openssh-client openssh-server openssl passwd perl perl-base perl-modules php-pear php5 php5-cli php5-common php5-fpm php5-mysql postfix procps psmisc python python-apt python-babel python-chardet python-docutils python-genshi python-imaging python-lxml python-minimal python-pygments python-pylibacl python-pyxattr python-tz python2.6 python2.6-minimal rdiff-backup rrdtool rsyslog ruby1.8 ruby1.8-dev ruby1.9.1 ruby1.9.1-dev screen sgml-base subversion sysvinit tasksel trac ufraw-batch util-linux util-linux-locales vim vim-common vim-runtime vim-tiny webalizer wget xml-core xz-utils 199 upgraded, 111 newly installed, 15 to remove and 0 not upgraded. Need to get 220 MB of archives. After this operation, 104 MB of additional disk space will be used. Do you want to continue [Y/n]? Y eglibc (2.13-25) unstable; urgency=medium Starting with the eglibc package version 2.13-5, the libraries are shipped in the multiarch directory /lib/<triplet> instead of the more traditional /lib, where <triplet> is the multiarch triplet and can be retrieved with 'dpkg-architecture -qDEB_HOST_MULTIARCH'. Similarly the includes are now shipped in /usr/include/<triplet> instead of the more traditional /usr/include. The toolchain in Debian has been updated to cope with that, and most build systems should be unaffected. If you are using a non-Debian toolchain to build your software and it is not able to cope with multiarch, you might try to pass the following options to your compiler: -B/usr/lib/<triplet> -I/usr/include/<triplet> Alternatively if the build system makes hard to pass the above options, you might try to set the LIBRARY_PATH and CPATH environment variables: LIBRARY_PATH=/usr/lib/<triplet> CPATH=/usr/include/<triplet> export LIBRARY_PATH CPATH -- Aurelien Jarno <aurel32@debian.org> Mon, 09 Jan 2012 12:47:16 +0100 eglibc (2.13-7) unstable; urgency=low Starting with version 2.13, eglibc provides an SSSE3 optimized version of memcpy() on the amd64 architecture. This version might copy memory backward in some conditions, which causes issues if the source and destination overlap. memmove() should be used in such cases, but some programs still wrongly use memcpy(). For this reason, on the amd64 architecture the Debian package provides two wrappers which can be use to workaround and/or debug the issue: - /usr/lib/x86_64-linux-gnu/libc/memcpy-preload.so simply replace all calls to memcpy() by a call to memmove() - /usr/lib/x86_64-linux-gnu/libc/memcpy-syslog-preload.so does the same, but in addition logs (with rate limit) the issue to syslog, so that it can be detected and fixed. To use these wrapper on a single binary, the easiest way is to use the LD_PRELOAD environment variable: - LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libc/memcpy-preload.so /path/to/binary - LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libc/memcpy-syslog-preload.so /path/to/binary For system-wide usage, it is possible to add the path of one of the wrapper to /etc/ld.so.preload. For more details about the issue, please see: http://bugs.debian.org/625521 http://sourceware.org/bugzilla/show_bug.cgi?id=12518 -- Aurelien Jarno <aurel32@debian.org> Sat, 11 Jun 2011 18:02:52 +0200 apt (0.8.11) unstable; urgency=low * apt-get install pkg/experimental will now not only switch the candidate of package pkg to the version from the release experimental but also of all dependencies of pkg if the current candidate can't satisfy a versioned dependency. -- David Kalnischkies <kalnischkies@gmail.com> Fri, 03 Dec 2010 14:09:12 +0100 ca-certificates (20130119) unstable; urgency=low Update mozilla/certdata.txt to version 1.87 Certificates removed (-) (none added): - "T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?" -- Michael Shuler <michael@pbandjelly.org> Sat, 19 Jan 2013 14:08:50 -0600 ca-certificates (20121105) unstable; urgency=low Update mozilla/certdata.txt to version 1.86 Certificates added (+) (none removed): + "Actalis Authentication Root CA" + "Trustis FPS Root CA" + "StartCom Certification Authority" (renewal/rehash) + "StartCom Certification Authority G2" + "Buypass Class 2 Root CA" + "Buypass Class 3 Root CA" + "T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?" + "T-TeleSec GlobalRoot Class 3" + "EE Certification Centre Root CA" -- Michael Shuler <michael@pbandjelly.org> Mon, 05 Nov 2012 10:56:28 -0600 ca-certificates (20120212) unstable; urgency=low Update mozilla/certdata.txt to version 1.81 Certificates added (+) and removed (-): + "Security Communication RootCA2" + "EC-ACC" + "Hellenic Academic and Research Institutions RootCA 2011" - "Verisign Class 2 Public Primary Certification Authority" - "Verisign Class 4 Public Primary Certification Authority - G2" - "TC TrustCenter, Germany, Class 2 CA" - "TC TrustCenter, Germany, Class 3 CA" -- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 15:12:59 -0600 ca-certificates (20111211) unstable; urgency=low Remove French Government IGC/A CA certificates. The RSA certificate is included in the Mozilla bundle and the DSA certificate is not in use. Remove expired signet.pl CAs. Remove expired brasil.gov.br CA. -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600 ca-certificates (20111025) unstable; urgency=low Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13) Certificates added (+) and removed (-): + "AffirmTrust Commercial" + "AffirmTrust Networking" + "AffirmTrust Premium" + "AffirmTrust Premium ECC" + "A-Trust-nQual-03" + "Certinomis - Autorit? Racine" + "Certum Trusted Network CA" + "Go Daddy Root Certificate Authority - G2" + "Root CA Generalitat Valenciana" + "Starfield Root Certificate Authority - G2" + "Starfield Services Root Certificate Authority - G2" + "TWCA Root Certification Authority" - "AOL Time Warner Root Certification Authority 1" - "AOL Time Warner Root Certification Authority 2" - "DigiNotar Root CA" - "Entrust.net Global Secure Personal CA" - "Entrust.net Global Secure Server CA" - "Entrust.net Secure Personal CA" - "IPS Chained CAs root" - "IPS CLASE1 root" - "IPS CLASE3 root" - "IPS CLASEA1 root" - "IPS CLASEA3 root" - "IPS Timestamping root" - "Thawte Personal Freemail CA" - "Thawte Time Stamping CA" Update CAcert-Class 3-Subroot-certificate Closes: #630232 -- Michael Shuler <michael@pbandjelly.org> Sun, 23 Oct 2011 23:16:57 -0500 cyrus-sasl2 (2.1.25.dfsg1-5) unstable; urgency=low * Configuration of SQL engine backends have changed from database specific configuration (e.g. 'mysql') to generic 'sql' auxprop plugin. You will need to change your configuration f.e. from: auxprop_plugin: mysql to auxprop_plugin: sql sql_engine: mysql Also the SQL query (if used) needs to have '%u' replaced with '%u@%r' because now user and realm is provided separately. -- Ond?ej Sur? <ondrej@debian.org> Mon, 06 Aug 2012 13:12:22 +0200 ifupdown (0.7~rc1+experimental) experimental; urgency=low The --all option to ifup and ifquery can now be combined with the --allow option to act on all interfaces of a specific class (still defaulting to the class 'auto'). If you have custom hook scripts, you may need to update them. See interfaces(5) for details. -- Andrew O. Shadura <bugzilla@tut.by> Tue, 17 Apr 2012 01:05:42 +0200 imagemagick (8:6.6.9.7-3) unstable; urgency=low Please note that imagemagick version 6.6.9.7 has moved its global configuration files from /usr/share/imagemagick to /etc/ImageMagick, following the FHS. See the package imagemagick-doc or http://www.imagemagick.org/script/resources.php for more information on configuring ImageMagick. . This will lose any changes you may have made to these files, in the extremely unlikely case that you have customized them (doing so was not officially supported by either upstream or Debian versions before 6.6.9). -- Bastien Roucari?s <roucaries.bastien+debian@gmail.com> Sun, 01 May 2011 13:43:12 +0200 mutt (1.5.21-2) experimental; urgency=low mailto-mutt has been replaced by a wrapper as per #576313, because mutt is now able to handle the mailto: urls; additionally it will also do some checks on attachments and it will allow us to be as close to upstream as possible -- Antonio Radici <antonio@dyne.org> Sat, 01 Jan 2011 12:56:29 +0000 php5 (5.4.4-7) unstable; urgency=low * As a side effect of the MIME-Type changes in the mime-support package, the default Apache 2 configuration will no longer perform HTTP content negotiation on the PHP file extensions, which was very questionable anyway. If you really want to re-enable this support then please read /usr/share/doc/php5-common/README.Debian file for further instructions. -- Ond?ej Sur? <ondrej@debian.org> Wed, 29 Aug 2012 09:18:41 +0200 php5 (5.4.4-5) unstable; urgency=low * As a security measure the default configuration for Apache 2 has been changed to a stricter model. Only files which have the correct rightmost extension, and at least one character in the filename before that extension, are now interpreted by PHP. For a full list of handled extensions please see the Apache 2 configuration. At the time of writing this paragraph, the list includes the following regular expressions: 1. .+\.ph(p[345]?|t|tml)$ for PHP files (application/x-httpd-php) 2. .+\.phps$ for PHP source files (application/x-httpd-php-source) Previously, as a side effect of system MIME type definitions, the default configuration would allow the interpreting of files with a double extension, where the second extension was either unrecognised or a language or content encoding to be interpreted; e.g. an uploaded file named blackhat.php.foobar or index.php.cs would be interpreted by PHP. These non-standard definitions have been removed from the mime-support packages and all configuration of PHP handlers is now defined in the Apache 2 configuration files. The standard configuration now also denies access to files with names which consist of an extension and nothing more; e.g. accessing '/.php' will now return Access Denied instead of the output of the PHP script. You can use the following command to find whether there are any files on your system which would be affected by this change (change <base> to the directory name where you store PHP files on your system): # find <base> -name '*.ph[pt].*' -o -name '*.php[345s].*' -o \ -name '*.phtml.*' -o -name '.ph[pt]' -o \ -name '.php[345s]' -o -name '.phtml' -- Ond?ej Sur? <ondrej@debian.org> Tue, 21 Aug 2012 09:14:47 +0200 php5 (5.4.0~rc8-1) unstable; urgency=low php5-fpm default www spool now listens on unix socket located in /var/run/php5-fpm.sock instead of localhost:9000. If you have configured your webserver to use localhost:9000, you will have to change your settings. -- Ond?ej Sur? <ondrej@debian.org> Wed, 08 Feb 2012 08:25:30 +0100 php5 (5.4.0~rc6-2) unstable; urgency=low t1lib support was removed from PHP 5.4. t1lib has many security issues and is unmaintained by upstream for a very long time (3 years). For more information see: + http://bugs.debian.org/637488 + http://bugs.debian.org/638755 This unfortunately also means that following functions are not available in PHP5 from now: - imagepsloadfont - imagepsfreefont - imagepsencodefont - imagepsextendfont - imagepsslantfont - imagepstext - imagepsbbox If you really need those functions you will need to install t1lib from sources. You will need to install php5-dev and recompile GD extension (roughly) using following commands: cd <path_to_php5_sources>/ext/gd/ phpize configure --with-gd=shared,/usr --enable-gd-native-ttf \ --with-t1lib=<location_of_your_t1lib> make make install -- Ond?ej Sur? <ondrej@debian.org> Wed, 01 Feb 2012 18:19:45 +0100 procps (1:3.3.1-1) unstable; urgency=low * top has a new rcfile format from 3.3.1 which is not backwards compatible from a rcfile save from a pre-3.3.1 top. -- Craig Small <csmall@debian.org> Mon, 23 Jan 2012 22:26:16 +1100 rsyslog (5.8.1-1) unstable; urgency=low The way rsyslog processes SIGHUP has changed. It no longer does a reload of its configuration, but simply closes all open files, which is a much more lightweight operation. To apply a changed configuration, rsyslogd needs to be restarted now. As a consequence, the reload action has been dropped from the init script. A new action called "rotate" was added to the init script, which signals rsyslogd to close all open files. This new action is used in the rsyslog logrotate configuration file. For more information, see: http://www.rsyslog.com/doc/v4compatibility.html http://www.rsyslog.com/doc/v5compatibility.html -- Michael Biebl <biebl@debian.org> Mon, 30 May 2011 18:26:51 +0200 ruby1.9.1 (1.9.2.180-4) unstable; urgency=low * Rubygems executables are now installed to /usr/local/bin, instead of /var/lib/gems/1.9.2/bin * But the other files created by rubygems stay in /var/lib/gems/1.9.2. Several commenters in #448639 and #403407 argued in favor of the switch to /usr/local/bin. Those two bugs can therefore be closed. However, the issue is not completely solved, as rubygems still installs files in /var/lib/gems. Nobody in the bug logs explained why that was an issue. If you care about it, please open a new bug. Fixes rubygems bugs: #448639, #403407 -- Lucas Nussbaum <lucas@lucas-nussbaum.net> Tue, 03 May 2011 16:11:25 +0200 screen (4.1.0~20120320gitdb59704-7) unstable; urgency=low In case you upgrade screen from 4.0.3 to 4.1.0 while running inside screen and you have to reconnect to that screen session (or any other screen session which has been started before the upgrade), there may be a few screen features not working until you exit the 4.0.3-started session and replace it with a 4.1.0-started session. Known issues of 4.0.3 to 4.1.0 interoperability as of now: * Terminal window resizing (WINCH signal) does not propagate to the screen session. Detach and reattach again instead to get the size of the terminals inside the screen session adjusted propely. -- Axel Beckert <abe@debian.org> Sun, 16 Sep 2012 12:48:44 +0200 sgml-base (1.26+nmu2) unstable; urgency=low Starting with this release the SGML super catalog /etc/sgml/catalog will be replaced with a symbolic link to /var/lib/sgml-base/supercatalog. The latter file can be regenerated from the contents of the /etc/sgml directory including all files ending in .cat using the new update-catalog --update-super option. This call will be (dpkg) triggered by packages placing files in /etc/sgml. The transition to this way of handling the super catalog will loose user changes to /etc/sgml/catalog. Further overwriting of user changes will happen until all packages using dh_installcatalogs are built with a fixed version of debhelper. Sorry for the inconvenience. cd <path_to_php5_sources>/ext/gd/ phpize configure --with-gd=shared,/usr --enable-gd-native-ttf \ --with-t1lib=<location_of_your_t1lib> make make install -- Ond?ej Sur? <ondrej@debian.org> Wed, 01 Feb 2012 18:19:45 +0100 procps (1:3.3.1-1) unstable; urgency=low * top has a new rcfile format from 3.3.1 which is not backwards compatible from a rcfile save from a pre-3.3.1 top. -- Craig Small <csmall@debian.org> Mon, 23 Jan 2012 22:26:16 +1100 rsyslog (5.8.1-1) unstable; urgency=low The way rsyslog processes SIGHUP has changed. It no longer does a reload of its configuration, but simply closes all open files, which is a much more lightweight operation. To apply a changed configuration, rsyslogd needs to be restarted now. As a consequence, the reload action has been dropped from the init script. A new action called "rotate" was added to the init script, which signals rsyslogd to close all open files. This new action is used in the rsyslog logrotate configuration file. For more information, see: http://www.rsyslog.com/doc/v4compatibility.html http://www.rsyslog.com/doc/v5compatibility.html -- Michael Biebl <biebl@debian.org> Mon, 30 May 2011 18:26:51 +0200 ruby1.9.1 (1.9.2.180-4) unstable; urgency=low * Rubygems executables are now installed to /usr/local/bin, instead of /var/lib/gems/1.9.2/bin * But the other files created by rubygems stay in /var/lib/gems/1.9.2. Several commenters in #448639 and #403407 argued in favor of the switch to /usr/local/bin. Those two bugs can therefore be closed. However, the issue is not completely solved, as rubygems still installs files in /var/lib/gems. Nobody in the bug logs explained why that was an issue. If you care about it, please open a new bug. Fixes rubygems bugs: #448639, #403407 -- Lucas Nussbaum <lucas@lucas-nussbaum.net> Tue, 03 May 2011 16:11:25 +0200 screen (4.1.0~20120320gitdb59704-7) unstable; urgency=low In case you upgrade screen from 4.0.3 to 4.1.0 while running inside screen and you have to reconnect to that screen session (or any other screen session which has been started before the upgrade), there may be a few screen features not working until you exit the 4.0.3-started session and replace it with a 4.1.0-started session. Known issues of 4.0.3 to 4.1.0 interoperability as of now: * Terminal window resizing (WINCH signal) does not propagate to the screen session. Detach and reattach again instead to get the size of the terminals inside the screen session adjusted propely. -- Axel Beckert <abe@debian.org> Sun, 16 Sep 2012 12:48:44 +0200 sgml-base (1.26+nmu2) unstable; urgency=low Starting with this release the SGML super catalog /etc/sgml/catalog will be replaced with a symbolic link to /var/lib/sgml-base/supercatalog. The latter file can be regenerated from the contents of the /etc/sgml directory including all files ending in .cat using the new update-catalog --update-super option. This call will be (dpkg) triggered by packages placing files in /etc/sgml. The transition to this way of handling the super catalog will loose user changes to /etc/sgml/catalog. Further overwriting of user changes will happen until all packages using dh_installcatalogs are built with a fixed version of debhelper. Sorry for the inconvenience. -- Helmut Grohne <helmut@subdivi.de> Mon, 30 Apr 2012 16:37:01 +0200 vim (2:7.3.154+hg~74503f6ee649-1) unstable; urgency=low The vim-lesstif package has been removed in favor of the new vim-athena package. The intent behind both packages is to provide a lighter-weight GUI package as well as one that allows using XFLD fonts. The Athena toolkit, however, has broader usage and reduces divergences with downstream distributions. -- James Vega <jamessan@debian.org> Sun, 27 Feb 2011 12:45:40 -0500 Configuration file `/etc/mysql/my.cnf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** my.cnf (Y/I/N/O/D/Z) [default=N] ? D --- /etc/mysql/my.cnf 2013-12-07 11:27:13.510824954 +0000 +++ /etc/mysql/my.cnf.dpkg-new 2012-06-08 21:25:42.000000000 +0100 @@ -39,7 +39,7 @@ basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp -language = /usr/share/mysql/english +lc-messages-dir = /usr/share/mysql skip-external-locking # # Instead of skip-networking the default is now to listen only on @@ -48,37 +48,21 @@ # # * Fine Tuning # -key_buffer = 32M -# chris -key_buffer_size = 512M -max_allowed_packet = 32M +key_buffer = 16M +max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched myisam-recover = BACKUP #max_connections = 100 -# chris -max_connections = 30 - -# chris #table_cache = 64 -table_cache = 4096 - #thread_concurrency = 10 # # * Query Cache Configuration # -# chris -#query_cache_limit = 1024M -#query_cache_limit = 256M -query_cache_limit = 128M - -# chris -#query_cache_size = 16M -#query_cache_size = 1024M -#query_cache_size = 256M -query_cache_size = 128M +query_cache_limit = 1M +query_cache_size = 16M # # * Logging and Replication # @@ -121,8 +105,6 @@ # ssl-cert=/etc/mysql/server-cert.pem # ssl-key=/etc/mysql/server-key.pem -# chris -innodb_buffer_pool_size = 128M [mysqldump] Configuration file `/etc/mysql/my.cnf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** my.cnf (Y/I/N/O/D/Z) [default=N] ? N Creating config file /etc/php5/mods-available/pdo.ini with new version Setting up php5-fpm (5.4.4-14+deb7u5) ... Configuration file `/etc/php5/fpm/php-fpm.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** php-fpm.conf (Y/I/N/O/D/Z) [default=N] ? D --- /etc/php5/fpm/php-fpm.conf 2013-07-16 10:34:43.000000000 +0100 +++ /etc/php5/fpm/php-fpm.conf.dpkg-new 2013-10-03 10:36:30.000000000 +0100 @@ -76,14 +76,6 @@ ; Default Value: 0 ; process.max = 128 -; Specify the nice(2) priority to apply to the master process (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool process will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; process.priority = -19 - ; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. ; Default Value: yes ;daemonize = yes @@ -119,3 +111,4 @@ ; To configure the pools it is recommended to have one .conf file per ; pool in the following directory: include=/etc/php5/fpm/pool.d/*.conf + Configuration file `/etc/php5/fpm/php-fpm.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** php-fpm.conf (Y/I/N/O/D/Z) [default=N] ? Y Configuration file `/etc/php5/fpm/pool.d/www.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** www.conf (Y/I/N/O/D/Z) [default=N] ? D --- /etc/php5/fpm/pool.d/www.conf 2013-06-07 09:29:47.000000000 +0100 +++ /etc/php5/fpm/pool.d/www.conf.dpkg-new 2013-10-03 10:36:30.000000000 +0100 @@ -30,23 +30,20 @@ ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -; chris -;listen = 127.0.0.1:9000 -listen = /var/run/php5-fpm/phpfpm.sock +listen = /var/run/php5-fpm.sock -; Set listen(2) backlog. A value of '-1' means unlimited. +; Set listen(2) backlog. ; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = -1 +;listen.backlog = 128 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0666 -; chris -listen.owner = www-data -listen.group = www-data -listen.mode = 0666 +;listen.owner = www-data +;listen.group = www-data +;listen.mode = 0666 ; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original @@ -55,16 +52,6 @@ ; accepted from any ip address. ; Default Value: any ;listen.allowed_clients = 127.0.0.1 -; chris -listen.allowed_clients = 127.0.0.1,81.95.52.111,penguin.transitionnetwork.org,penguin.webarch.net - -; Specify the nice(2) priority to apply to the pool processes (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool processes will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; priority = -19 ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -101,8 +88,7 @@ ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -; chris increased from 6 to 24 -pm.max_children = 24 +pm.max_children = 5 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' @@ -112,7 +98,7 @@ ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 2 +pm.min_spare_servers = 1 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' @@ -227,8 +213,7 @@ ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -; chris -pm.status_path = /status +;pm.status_path = /status ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside
The above changes to /etc/php5/fpm/pool.d/www.conf look fine, but the change of the socket:
-listen = /var/run/php5-fpm/phpfpm.sock +listen = /var/run/php5-fpm.sock
Will need these files editing in /etc/nginx
grep -rl phpfpm.sock . ./stats-shared ./sites-available/penguin ./sites-available/wiki.bak ./sites-available/wiki ./archive-shared
vim ./stats-shared ./sites-available/penguin ./sites-available/wiki.bak ./sites-available/wiki ./archive-shared :1,$s;php5-fpm/phpfpm.sock;php5-fpm.sock;gc
Configuration file `/etc/php5/fpm/pool.d/www.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** www.conf (Y/I/N/O/D/Z) [default=N] ? Y Installing new version of config file /etc/php5/fpm/pool.d/www.conf ... ┌──────────────────────────────────────────────────────────────┤ Modified configuration file ├──────────────────────────────────────────────────────────────┐ │ │ │ Line by line differences between versions │ │ --- /etc/php5/fpm/php.ini 2013-07-16 10:36:18.000000000 +0100 │ +++ /usr/share/php5/php.ini-production 2013-10-03 10:36:21.000000000 +0100 │ @@ -83,6 +83,8 @@ │ ; development version only in development environments as errors shown to │ ; application users can inadvertently leak otherwise secure information. │ │ +; This is php.ini-production INI file. │ + │ ;;;;;;;;;;;;;;;;;;; │ ; Quick Reference ; │ ;;;;;;;;;;;;;;;;;;; │ @@ -91,11 +93,6 @@ │ ; Please see the actual settings later in the document for more details as to why │ ; we recommend these changes in PHP's behavior. │ │ -; allow_call_time_pass_reference │ -; Default Value: On │ -; Development Value: Off │ -; Production Value: Off │ - │ ; display_errors │ ; Default Value: On │ ; Development Value: On │ @@ -107,25 +104,20 @@ │ ; Production Value: Off │ │ ; error_reporting │ -; Default Value: E_ALL & ~E_NOTICE │ -; Development Value: E_ALL | E_STRICT │ -; Production Value: E_ALL & ~E_DEPRECATED │ +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED │ +; Development Value: E_ALL │ +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT │ │ ; html_errors │ ; Default Value: On │ ; Development Value: On │ -; Production value: Off │ +; Production value: On │ │ ; log_errors │ ; Default Value: Off │ ; Development Value: On │ ; Production Value: On │ │ -; magic_quotes_gpc │ -; Default Value: On │ -; Development Value: Off │ -; Production Value: Off │ - │ ; max_input_time │ ; Default Value: -1 (Unlimited) │ ; Development Value: 60 (60 seconds) │ @@ -141,11 +133,6 @@ │ ; Development Value: Off │ ; Production Value: Off │ │ -; register_long_arrays │ -; Default Value: On │ -; Development Value: Off │ -; Production Value: Off │ - │ ; request_order │ ; Default Value: None │ ; Development Value: "GP" │ @@ -223,7 +210,7 @@ │ ; Development Value: Off │ ; Production Value: Off │ ; http://php.net/short-open-tag │ -short_open_tag = Off │ +short_open_tag = On │ │ ; Allow ASP-style <% %> tags. │ ; http://php.net/asp-tags │ @@ -233,10 +220,6 @@ │ ; http://php.net/precision │ precision = 14 │ │ <Ok> │ │ └───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ install the package maintainer's version ┌─────────────────────────────────────────────────────┤ Modified configuration file ├─────────────────────────────────────────────────────┐ │ A new version of configuration file /etc/php5/cli/php.ini is available, but the version installed currently has been locally modified. │ │ │ │ What do you want to do about modified configuration file php.ini? │ │ │ │ install the package maintainer's version │ │ keep the local version currently installed │ │ show the differences between the versions │ │ show a side-by-side difference between the versions │ │ start a new shell to examine the situation │ │ │ │ │ │ <Ok> │ │ │ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ ┌─────────────────────────────────────┤ Modified configuration file ├─────────────────────────────────────┐ │ │ │ Line by line differences between versions │ │ --- /etc/php5/cli/php.ini 2013-01-30 22:21:00.000000000 +0000 │ +++ /usr/share/php5/php.ini-production.cli 2013-10-03 10:36:21.000000000 +0100 │ @@ -83,6 +83,8 @@ │ ; development version only in development environments as errors shown to │ ; application users can inadvertently leak otherwise secure information. │ │ +; This is php.ini-production INI file. │ + │ ;;;;;;;;;;;;;;;;;;; │ ; Quick Reference ; │ ;;;;;;;;;;;;;;;;;;; │ @@ -91,11 +93,6 @@ │ ; Please see the actual settings later in the document for more details as to why │ ; we recommend these changes in PHP's behavior. │ │ -; allow_call_time_pass_reference │ -; Default Value: On │ -; Development Value: Off │ -; Production Value: Off │ - │ ; display_errors │ ; Default Value: On │ ; Development Value: On │ @@ -107,25 +104,20 @@ │ ; Production Value: Off │ │ ; error_reporting │ -; Default Value: E_ALL & ~E_NOTICE │ -; Development Value: E_ALL | E_STRICT │ -; Production Value: E_ALL & ~E_DEPRECATED │ +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED │ +; Development Value: E_ALL │ +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT │ │ ; html_errors │ ; Default Value: On │ ; Development Value: On │ -; Production value: Off │ +; Production value: On │ │ ; log_errors │ ; Default Value: Off │ ; Development Value: On │ ; Production Value: On │ │ -; magic_quotes_gpc │ -; Default Value: On │ -; Development Value: Off │ -; Production Value: Off │ - │ ; max_input_time │ ; Default Value: -1 (Unlimited) │ ; Development Value: 60 (60 seconds) │ @@ -141,11 +133,6 @@ │ ; Development Value: Off │ ; Production Value: Off │ │ -; register_long_arrays │ -; Default Value: On │ -; Development Value: Off │ -; Production Value: Off │ - │ ; request_order │ ; Default Value: None │ ; Development Value: "GP" │ @@ -223,7 +210,7 @@ │ ; Development Value: Off │ ; Production Value: Off │ ; http://php.net/short-open-tag │ -short_open_tag = Off │ +short_open_tag = On │ │ ; Allow ASP-style <% %> tags. │ ; http://php.net/asp-tags │ @@ -233,10 +220,6 @@ │ ; http://php.net/precision │ precision = 14 │ │ <Ok> │ │ └─────────────────────────────────────────────────────────────────────────────────────────────────────────┘ install the package maintainer's version Configuration file `/etc/denyhosts.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** denyhosts.conf (Y/I/N/O/D/Z) [default=N] ? N Installing new version of config file /etc/init.d/fetchmail ... Installing new version of config file /etc/resolvconf/update-libc.d/fetchmail ... [warn] Not starting fetchmail daemon, disabled via /etc/default/fetchmail ... (warning).
Then Nginx was restarted due to the socket location change.
Things that are not working:
- https://patterns.transitionresearchnetwork.org/ 500 Error
- https://wiki.transitionnetwork.org/ Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) (localhost))
- https://stats.transitionnetwork.org/ SQLSTATE[HY000] [2003] Can't connect to MySQL server on '127.0.0.1' (111)
So, MySQL is the issue.
It's not running and won't start:
ps -lA | grep mysql /etc/init.d/mysql start ps -lA | grep mysql
It looks like it isn't installed:
search mysql | grep ^i i A libdbd-mysql-perl - Perl5 database interface to the MySQL data i libmysql-ruby - Transitional package for ruby-mysql id libmysql-ruby1.8 - Transitional package for ruby-mysql i libmysqlclient-dev - MySQL database development files id libmysqlclient16 - MySQL database client library i A libmysqlclient18 - MySQL database client library i A mysql-common - MySQL database common files, e.g. /etc/mys i php5-mysql - MySQL module for php5 i ruby-mysql - MySQL module for Ruby aptitude search mysql-server p mysql-server - MySQL database server (metapackage depending on the latest version) v mysql-server-5.0 - c mysql-server-5.1 - MySQL database server binaries and system database setup p mysql-server-5.5 - MySQL database server binaries and system database setup v mysql-server-core - p mysql-server-core-5.5 - MySQL database server binaries v virtual-mysql-server -
So:
aptitude install mysql-server-5.5 The following NEW packages will be installed: libaio1{a} mysql-client-5.5{a} mysql-server-5.5 mysql-server-core-5.5{a} The following packages will be REMOVED: gir1.2-rsvg-2.0{u} libbz2-dev{u} libcgraph5{u} libexif-dev{u} libexif12{u} libgraphviz-dev{u} libgvpr1{u} libilmbase-dev{u} libjasper-dev{u} libjbig-dev{u} liblcms1-dev{u} liblqr-1-0-dev{u} libopenexr-dev{u} librsvg2-dev{u} libtiffxx0c2{u} libwmf-dev{u} libxml2-dev{u} libxt-dev{u} 0 packages upgraded, 4 newly installed, 18 to remove and 0 not upgraded. Need to get 7616 kB of archives. After unpacking 74.8 MB will be used. Do you want to continue? [Y/n/?] Y [ ok ] Stopping MySQL database server: mysqld. 131208 21:34:15 [ERROR] An old style --language value with language specific part detected: /usr/share/mysql/english/ 131208 21:34:15 [ERROR] Use --lc-messages-dir without language specific part instead. 131208 21:34:16 [Note] Plugin 'FEDERATED' is disabled. 131208 21:34:16 InnoDB: The InnoDB memory heap is disabled 131208 21:34:16 InnoDB: Mutexes and rw_locks use GCC atomic builtins 131208 21:34:16 InnoDB: Compressed tables use zlib 1.2.7 131208 21:34:16 InnoDB: Using Linux native AIO 131208 21:34:16 InnoDB: Initializing buffer pool, size = 128.0M 131208 21:34:16 InnoDB: Completed initialization of buffer pool 131208 21:34:16 InnoDB: highest supported file format is Barracuda. 131208 21:34:16 InnoDB: Waiting for the background threads to start 131208 21:34:17 InnoDB: 5.5.31 started; log sequence number 226134601 131208 21:34:17 InnoDB: Starting shutdown... 131208 21:34:19 InnoDB: Shutdown completed; log sequence number 226134601 [ ok ] Starting MySQL database server: mysqld .. [info] Checking for tables which need an upgrade, are corrupt or were not closed cleanly.. ps -lA | grep mysql 4 S 0 601 1 0 80 0 - 1032 - ? 00:00:00 mysqld_safe 4 S 104 979 601 5 80 0 - 246660 - ? 00:00:00 mysqld
Now these three sites are working again:
- https://stats.transitionnetwork.org/
- https://wiki.transitionnetwork.org/
- https://patterns.transitionresearchnetwork.org/
Now to test if this comment will get submitted...
comment:49 Changed 3 years ago by chris
Now to reboot it to test with the new kernel.
comment:50 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0 to 0.15
Noted on the console:
[FAIL] Starting FastCGI wrapper: fcgiwrap failed!
But it seems OK:
/etc/init.d/fcgiwrap status [ ok ] Checking status of FastCGI wrapper: fcgiwrap running.
However:
- https://penguin.transitionnetwork.org/munin/ 502 Bad Gateway
Also there was a 500 error for Trac:
tracd-start Error writing to pid file: IOError: [Errno 2] No such file or directory: '/var/run/tracd/tracd.pid'
This was fixed thus:
mkdir /var/run/tracd ; chown tracd:tracd /var/run/tracd
Fixing Munin is going to need checking everything against ticket:641
comment:51 Changed 3 years ago by chris
These emails have been sent by penguin and need investigation:
From: root@penguin.webarch.net (Cron Daemon) Date: Sun, 8 Dec 2013 21:41:08 +0000 (GMT) To: root@penguin.webarch.net Subject: Cron <munin@penguin> if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi Work timed out before all workers finished at /usr/share/perl5/Munin/Master/Update.pm line 162
From: root@penguin.webarch.net (Cron Daemon) Date: Sun, 8 Dec 2013 21:39:01 +0000 (GMT) To: root@penguin.webarch.net Subject: Cron <root@penguin> [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -ignore_readdir_race -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/apc.so' - /usr/lib/php5/20100525/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0 PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/gd.so' - /usr/lib/php5/20100525/gd.so: cannot open shared object file: No such file or directory in Unknown on line 0
From: root@penguin.webarch.net (Cron Daemon) Date: Sun, 8 Dec 2013 21:00:03 +0000 (GMT) To: root@penguin.webarch.net Subject: Cron <www-data@penguin> [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh Error while processing /etc/awstats/awstats.www.transitionnetwork.org.conf Create/Update database for config "/etc/awstats/awstats.www.transitionnetwork.org.conf" by AWStats version 7.0 (build 1.971) From data in log file "/usr/share/awstats/tools/logresolvemerge.pl /home/puffin/nginx/puffin-nginx-20131207.log /home/puffin/nginx/puffin-nginx-20131208.log |"... Error: Couldn't open log file "/home/puffin/nginx/puffin-nginx-20131207.log" : Permission denied. Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Error: Command for pipe '/usr/share/awstats/tools/logresolvemerge.pl /home/puffin/nginx/puffin-nginx-20131207.log /home/puffin/nginx/puffin-nginx-20131208.log |' failed Setup ('/etc/awstats/awstats.www.transitionnetwork.org.conf' file, web server or permissions) may be wrong. Check config file, permissions and AWStats documentation (in 'docs' directory). Error while processing /etc/awstats/awstats.conf Error: SiteDomain parameter not defined in your config/domain file. You must edit it for using this version of AWStats. Setup ('/etc/awstats/awstats.conf' file, web server or permissions) may be wrong. Check config file, permissions and AWStats documentation (in 'docs' directory).
From: root@penguin.webarch.net (Cron Daemon) Date: Sun, 8 Dec 2013 21:05:09 +0000 (GMT) To: root@penguin.webarch.net Subject: Cron <root@penguin> if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi E: The value 'testing' is invalid for APT::Default-Release as such a release is not available in the sources E: The value 'unstable' is invalid for APT::Default-Release as such a release is not available in the sources E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
Also the Javascript for adding times to trac tickets has gone.
comment:52 Changed 3 years ago by chris
Fixing the timing plugin, the install notes are here wiki:TimingAndEstimationPlugin
We are now running Powered by Trac 0.12.5, so:
sudo -i cd /usr/local/src svn co http://trac-hacks.org/svn/timingandestimationplugin/branches/trac0.12 cd trac0.12 python setup.py bdist_egg python: can't open file 'setup.py': [Errno 2] No such file or directory
So, RTFM and, following https://pypi.python.org/pypi/setuptools#unix-based-systems-including-mac-os-x
wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O - | python python setup.py bdist_egg cp dist/timingandestimationplugin-1.3.7-py2.7.egg /web/tech.transitionnetwork.org/trac/plugins/ trac-admin /web/tech.transitionnetwork.org/trac upgrade Timing and Estimation needs an upgrade Upgrading Database Upgrading reports Done Upgrading Upgrade done. You may want to upgrade the Trac documentation now by running: trac-admin /web/tech.transitionnetwork.org/trac wiki upgrade trac-admin /web/tech.transitionnetwork.org/trac wiki upgrade
comment:53 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 14.11 to 14.36
Then Trac was restarted:
su-trac tracd-stop tracd-start
And we have the timer back!
comment:54 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.5
- Total Hours changed from 14.36 to 14.86
A link back here was added to wiki:TimingAndEstimationPlugin#Wheezyupgrade
Fixing Munin, referencing ticket:641
In the Nginx logs we have:
2013/12/08 22:32:26 [crit] 2487#0: *937 connect() to unix:/var/run/munin/fastcgi-munin-html.sock failed (2: No such file or directory) while connecting to upstream, client: 81.95.52.29, server: penguin.transitionnetwork.org, request: "GET /munin/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/munin/fastcgi-munin-html.sock:", host: "penguin.transitionnetwork.org"
The socket doesn't exist:
ls -lah /var/run/munin/fastcgi-munin-html.sock ls: cannot access /var/run/munin/fastcgi-munin-html.sock: No such file or directory
Fast-cgi is installed:
aptitude search fcgi | grep ^i i fcgiwrap - simple server to run CGI applications over i libfcgi-perl - helper module for FastCGI i A libfcgi0ldbl - Shared library of FastCGI i A spawn-fcgi - A fastcgi process spawner
It turned out that the munin-fastcgi daemon needed restarting:
/etc/init.d/munin-fastcgi restart Restarting Munin FCGI for Graph an HTML: cat: /var/run/munin/fastcgi-munin-graph.pid: No such file or directory /etc/init.d/munin-fastcgi: 49: kill: Usage: kill [-s sigspec | -signum | -sigspec] [pid | job]... or kill -l [exitstatus] Graph not running cat: /var/run/munin/fastcgi-munin-html.pid: No such file or directory /etc/init.d/munin-fastcgi: 50: kill: Usage: kill [-s sigspec | -signum | -sigspec] [pid | job]... or kill -l [exitstatus] HTML Not running spawn-fcgi: child spawned successfully: PID: 10165 spawn-fcgi: child spawned successfully: PID: 10176
And now we have munin graphs again:
But two graphs are not working:
- https://penguin.transitionnetwork.org/munin/transitionnetwork.org/penguin.transitionnetwork.org/phpfpm_connections.html
- https://penguin.transitionnetwork.org/munin/transitionnetwork.org/penguin.transitionnetwork.org/phpfpm_status.html
munin-run phpfpm_status idle.value U active.value U total.value U munin-run phpfpm_connections accepted.value U
This is working:
But these are 404's:
These things were edited in /etc/php5/fpm/pool.d/www.conf:
;pm.status_path = /status pm.status_path = /status ;ping.path = /ping ping.path = /ping
And php-fpm was restarted:
/etc/init.d/php5-fpm restart
And now the plugins work:
munin-run phpfpm_status idle.value 1 active.value 1 total.value 2 munin-run phpfpm_connections accepted.value 8
comment:55 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.8
- Total Hours changed from 14.86 to 15.66
Regarding this error:
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/apc.so' - /usr/lib/php5/20100525/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0
APC isn't installed:
aptitude search apc | grep ^i
Installing it again:
aptitude install php-apc logchange "php-apc : installed" aptitude search apc | grep ^i i php-apc - APC (Alternative PHP Cache) module for PHP
But we still have a 404 here:
http://penguin.transitionnetwork.org/apc_info.php
This is because the file is actually here:
* https://penguin.transitionnetwork.org/info/apc_info.php
However it generates this in the logs:
==> /var/log/nginx/penguin.ssl_access.log <== XX.XX.XX.XX - - [08/Dec/2013:23:12:17 +0000] "GET /info/apc_info.php HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
And the php is served as HTML:
<?php /** * TODO: File header. * TODO: Code comments. */ if(function_exists("apc_cache_info") && function_exists("apc_sma_info")) { $time = time(); $mem = apc_sma_info(); $mem_size = $mem['num_seg']*$mem['seg_size']; $mem_avail= $mem['avail_mem']; $mem_used = $mem_size-$mem_avail; // Some code taken from the file apc.php by The PHP Group. $nseg = $freeseg = $fragsize = $freetotal = 0; for($i=0; $i<$mem['num_seg']; $i++) { $ptr = 0; foreach($mem['block_lists'][$i] as $block) { if ($block['offset'] != $ptr) { ++$nseg; } $ptr = $block['offset'] + $block['size']; // Only consider blocks <5M for the fragmentation % if($block['size']<(5*1024*1024)) $fragsize+=$block['size']; $freetotal+=$block['size']; } $freeseg += count($mem['block_lists'][$i]); } if ($freeseg < 2) { $fragsize = 0; $freeseg = 0; } $cache_mode = 'opmode'; $cache=@apc_cache_info($cache_mode); // Item hits, misses and inserts $hits = $cache['num_hits']; $misses = $cache['num_misses']; $inserts = $cache['num_inserts']; // $req_rate = ($cache['num_hits']+$cache['num_misses'])/($time-$cache['start_time']); $hit_rate = ($cache['num_hits'])/($time-$cache['start_time']); // Number of entries in cache $number_entries = $cache['num_entries']; $miss_rate = ($cache['num_misses'])/($time-$cache['start_time']); // Total number of cache purges $purges = $cache['expunges']; $insert_rate = ($cache['num_inserts'])/($time-$cache['start_time']); // Number of entries in cache $number_entries = $cache['num_entries']; // Total number of cache purges $purges = $cache['expunges']; //apc_clear_cache($cache_mode); $out = array( 'size: ' . sprintf("%.2f", $mem_size), 'used: ' . sprintf("%.2f", $mem_used), 'free: ' . sprintf("%.2f", $mem_avail - $fragsize), 'hits: ' . sprintf("%.2f", $hits * 100 / ($hits + $misses)), 'misses: ' . sprintf("%.2f", $misses * 100 / ($hits + $misses)), 'request_rate: ' . sprintf("%.2f", $req_rate), 'hit_rate: ' . sprintf("%.2f", $hit_rate), 'miss_rate: ' . sprintf("%.2f", $miss_rate), 'insert_rate: ' . sprintf("%.2f", $insert_rate), 'entries: ' . $number_entries, 'inserts: ' . $inserts, 'purges: ' . $purges, // TODO: Delete 'purge_rate: ' . sprintf("%.2f", (100 - ($number_entries / $inserts) * 100)), // TODO: Delete 'fragment_percentage: ' . sprintf("%.2f", ($fragsize/$mem_avail)*100), 'fragmented: ' . sprintf("%.2f", $fragsize), 'fragment_segments: ' . $freeseg, ); } else { $out = array('APC-not-installed'); } echo implode(' ', $out);
Following http://kevin.deldycke.com/2011/07/php-apc-debian-squeeze-munin-monitoring/ first get a new version and compare it with the existing one:
cd /usr/local/src svn co http://munin-php-apc.googlecode.com/svn/trunk/php_apc/ diff php_apc/apc_info.php /web/penguin.transitionnetwork.org/www/info/apc_info.php
They are the same, this was edited in /etc/nginx/sites-available/penguin
#location = /apc_info.php { location = /info/apc_info.php { #auth_basic_user_file /etc/phpmyadmin/htpasswd; auth_basic_user_file /web/tech.transitionnetwork.org/.htpasswd;
And now we have these working:
- https://penguin.transitionnetwork.org/info/apc.php
- https://penguin.transitionnetwork.org/info/apc_info.php
- https://penguin.transitionnetwork.org/info/php-info.php
Following http://kevin.deldycke.com/2011/07/php-apc-debian-squeeze-munin-monitoring/ to get the munin plugin working:
cd /usr/local/src/php_apc cp php_apc_ /usr/share/munin/plugins/ cd /etc/munin/plugins/ ln -s /usr/share/munin/plugins/php_apc_ /etc/munin/plugins/php_apc_hit_miss ln -s /usr/share/munin/plugins/php_apc_ /etc/munin/plugins/php_apc_purge ln -s /usr/share/munin/plugins/php_apc_ /etc/munin/plugins/php_apc_fragmentation ln -s /usr/share/munin/plugins/php_apc_ /etc/munin/plugins/php_apc_files ln -s /usr/share/munin/plugins/php_apc_ /etc/munin/plugins/php_apc_rates
Then the following was added to /etc/munin/plugin-conf.d/munin-node:
[php_apc_*] user root env.url http://localhost/info/apc_info.php?auto
And the plugins were tested on the command line:
munin-run php_apc_files used.value 32484368.00 free.value 1069928.00 hits.value 89.55 misses.value 10.45 request_rate.value 3.65 hit_rate.value 3.27 miss_rate.value 0.38 insert_rate.value 0.38 entries.value 333 inserts.value 336 purges.value 0 purge_rate.value 0.89 fragmented.value 0.00 fragment_segments.value 0 fragment_percentage.value 0.00 munin-run php_apc_files munin-run php_apc_purge munin-run php_apc_usage munin-run php_apc_fragmentation munin-run php_apc_rates
They all produce the same output...
And we now have graphs here:
The other issues will have to wait till tomorrow, starting with:
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/gd.so' - /usr/lib/php5/20100525/gd.so: cannot open shared object file: No such file or directory in Unknown on line 0
comment:56 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.15
- Total Hours changed from 15.66 to 15.81
I was getting Munin alert emails from the php-apc plugins:
So I have doubled the memory allocated by adding the following to /etc/php5/conf.d/apc.ini:
apc.shm_size="64"
comment:57 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 1.0
- Total Hours changed from 15.81 to 16.81
I have added a new documentation section on APC, wiki:PenguinServer#APCStatsandPHPinfo
Regarding these emails:
From: root@penguin.webarch.net (Cron Daemon) Date: Mon, 9 Dec 2013 09:40:02 +0000 (GMT) To: root@penguin.webarch.net Subject: Cron <www-data@penguin> [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh Error while processing /etc/awstats/awstats.www.transitionnetwork.org.conf Create/Update database for config "/etc/awstats/awstats.www.transitionnetwork.org.conf" by AWStats version 7.0 (build 1.971) From data in log file "/usr/share/awstats/tools/logresolvemerge.pl /home/puffin/nginx/puffin-nginx-20131208.log /home/puffin/nginx/puffin-nginx-20131209.log |"... Error: Couldn't open log file "/home/puffin/nginx/puffin-nginx-20131208.log" : Permission denied. Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Error: Command for pipe '/usr/share/awstats/tools/logresolvemerge.pl /home/puffin/nginx/puffin-nginx-20131208.log /home/puffin/nginx/puffin-nginx-20131209.log |' failed Setup ('/etc/awstats/awstats.www.transitionnetwork.org.conf' file, web server or permissions) may be wrong. Check config file, permissions and AWStats documentation (in 'docs' directory). Error while processing /etc/awstats/awstats.conf Error: SiteDomain parameter not defined in your config/domain file. You must edit it for using this version of AWStats. Setup ('/etc/awstats/awstats.conf' file, web server or permissions) may be wrong. Check config file, permissions and AWStats documentation (in 'docs' directory).
The install notes for the webstats are here wiki:WebServerLogs and we are not using AWStats, but it is still installed:
aptitude search awstats | grep ^i i awstats - powerful and featureful web server log ana
So it was removed:
aptitude remove awstats logchange "awstats libnet-xwhois-perl{u} : removed"
Regarding these emails:
From: root@penguin.webarch.net (Cron Daemon) Date: Mon, 9 Dec 2013 09:09:01 +0000 (GMT) To: root@penguin.webarch.net Subject: Cron <root@penguin> [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -ignore_readdir_race -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete PHP Warning: Module 'apc' already loaded in Unknown on line 0 PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/gd.so' - /usr/lib/php5/20100525/gd.so: cannot open shared object file: No such file or directory in Unknown on line 0
These errors, and more, can be duplicated on the command line:
php -i | grep php.ini PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cli/conf.d/apc.ini on line 4 in Unknown on line 0 PHP Warning: Module 'apc' already loaded in Unknown on line 0 PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/gd.so' - /usr/lib/php5/20100525/gd.so: cannot open shared object file: No such file or directory in Unknown on line 0 PHP Warning: PHP Startup: apc.shm_size now uses M/G suffixes, please update your ini files in Unknown on line 0 Configuration File (php.ini) Path => /etc/php5/cli Loaded Configuration File => /etc/php5/cli/php.ini
The /etc/php5/cli/conf.d/apc.ini files was edited:
apc.shm_size="64M"
gd isn't installed:
aptitude search gd | grep php c php5-gd - GD module for php5 p php5-gdcm - Grassroots DICOM PHP5 bindings p php5-vtkgdcm - Grassroots DICOM VTK PHP bindings
So:
aptitude install php5-gd The following NEW packages will be installed: libgd2-xpm{ab} php5-gd 0 packages upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 267 kB of archives. After unpacking 774 kB will be used. The following packages have unmet dependencies: libgd2-xpm : Conflicts: libgd2 which is a virtual package. Conflicts: libgd2-noxpm but 2.0.36~rc1~dfsg-6.1 is installed. libgd2-noxpm : Conflicts: libgd2 which is a virtual package. Conflicts: libgd2-xpm but 2.0.36~rc1~dfsg-6.1 is to be installed. The following actions will resolve these dependencies: Remove the following packages: 1) libgd2-noxpm Accept this solution? [Y/n/q/?] y The following NEW packages will be installed: libgd2-xpm{a} php5-gd The following packages will be REMOVED: libgd2-noxpm{a} 0 packages upgraded, 2 newly installed, 1 to remove and 0 not upgraded. Need to get 267 kB of archives. After unpacking 157 kB will be used. Do you want to continue? [Y/n/?] y
This was documented and PHP processes restarted:
logchange "libgd2-noxpm : removed" logchange "libgd2-xpm{ab} php5-gd : installed" /etc/init.d/php5-fpm restart
We still have these issues:
php -i | grep php.ini PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cli/conf.d/apc.ini on line 4 in Unknown on line 0 PHP Warning: Module 'apc' already loaded in Unknown on line 0 Configuration File (php.ini) Path => /etc/php5/cli Loaded Configuration File => /etc/php5/cli/php.ini
For the comment issue: s/#/;/.
These doesn't seem to be a duplication of apc:
cd /etc/php5 grep -r apc . ./conf.d/apc.ini:; configuration for php apc module ./conf.d/apc.ini:extension=apc.so ./conf.d/apc.ini:apc.shm_size="64M" ./mods-available/apc.ini:extension=apc.so
All the files in /etc/php5/conf.d/ are symlinks:
lrwxrwxrwx 1 root root 25 Dec 8 21:01 10-pdo.ini -> ../mods-available/pdo.ini lrwxrwxrwx 1 root root 25 Dec 8 22:59 20-apc.ini -> ../mods-available/apc.ini lrwxrwxrwx 1 root root 24 Dec 9 10:03 20-gd.ini -> ../mods-available/gd.ini lrwxrwxrwx 1 root root 27 Dec 8 21:23 20-mysql.ini -> ../mods-available/mysql.ini lrwxrwxrwx 1 root root 28 Dec 8 21:23 20-mysqli.ini -> ../mods-available/mysqli.ini lrwxrwxrwx 1 root root 31 Dec 8 21:23 20-pdo_mysql.ini -> ../mods-available/pdo_mysql.ini -rw-r--r-- 1 root root 80 Dec 9 10:05 apc.ini
So the content of /etc/php5conf.d/apc.ini was copied into /etc/php5/mods-available/apc.ini.
The APT issues we had on Parrot and Puffin was addressed as before, see ticket:535#comment:41
The /etc/munin/plugin-conf.d/munin-node file was edited to track python memory usage (Wagn):
[multips_memory] env.names php5-fpm munin-node nginx mysqld tracd python
The Nginx SSL config from /var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf on wiki:PuffinServer was copied to the files in /etc/nginx:
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:+RC4:RC4; ssl_prefer_server_ciphers on;
The old config:
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;
This was checked at https://www.ssllabs.com/ssltest/analyze.html?d=penguin.transitionnetwork.org&s=81.95.52.111
Which reports:
Certificate: 100% Protocol Support: 85% Key Exchange: 90% Cipher Strength: 80% This site supports only older protocol versions, but not the most recent and more secure TLS 1.2. TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 Yes SSL 2 No
Something isn't right here -- we should be using SSL 1.2, some more digging is needed.
comment:58 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.45
- Total Hours changed from 16.81 to 17.26
We have the old and new ssl installed:
search ssl | grep ^i i A libio-socket-ssl-perl - Perl module implementing object oriented i i A libnet-ssleay-perl - Perl module for Secure Sockets Layer (SSL) i libssl0.9.8 - SSL shared libraries i A libssl1.0.0 - SSL shared libraries i A openssl - Secure Socket Layer (SSL) binary and relat i A ssl-cert - simple debconf wrapper for OpenSSL
So:
aptitude remove libssl0.9.8 The following packages will be REMOVED: libssl0.9.8 0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded. Need to get 0 B of archives. After unpacking 2482 kB will be freed. The following packages have unmet dependencies: libserf-0-0 : Depends: libssl0.9.8 (>= 0.9.8k-1) but it is not going to be installed. nginx-full : Depends: libssl0.9.8 (>= 0.9.8m-1) but it is not going to be installed. The following actions will resolve these dependencies: Remove the following packages: 1) libserf-0-0 2) nginx 3) nginx-full
That's no good, so manually:
aptitude remove libserf-0-0 logchange "libserf-0-0 : removed"
In terms of Nginx we have:
aptitude search nginx | grep ^i i nginx - small, powerful, scalable web/proxy server i nginx-common - small, powerful, scalable web/proxy server i nginx-full - nginx web/proxy server (standard version) nginx -v nginx version: nginx/1.4.4
This isn't the Wheezy version, it must be the old backports one:
- http://packages.debian.org/source/wheezy/nginx Source Package: nginx (1.2.1-2.2+wheezy2)
We probably want the new Wheezy backports version:
- http://packages.debian.org/source/wheezy-backports/nginx nginx (1.4.4-1~bpo70+1)
So based on what we had before, ticket:535#comment:46 /etc/apt/preferences.d/backports.pref was created containing:
Package: nginx nginx-common nginx-full Pin: release o=backports Pin-Priority: 990
And /etc/apt/sources.list.d/backports.list was created containing:
deb http://ftp.debian.org/debian/ wheezy-backports main
And:
aptitude install nginx="1.4.4-1~bpo70+1" nginx-common="1.4.4-1~bpo70+1" nginx-full="1.4.4-1~bpo70+1" The following packages will be DOWNGRADED: nginx nginx-common nginx-full The following NEW packages will be installed: init-system-helpers{a} The following packages will be REMOVED: libossp-uuid16{u} 0 packages upgraded, 1 newly installed, 3 downgraded, 1 to remove and 0 not upgraded. Need to get 622 kB of archives. After unpacking 42.0 kB will be freed. Do you want to continue? [Y/n/?] Y Configuration file `/etc/nginx/nginx.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** nginx.conf (Y/I/N/O/D/Z) [default=N] ? N logchange "libossp-uuid16{u} : removed" logchange "nginx nginx-common nginx-full : downgraded to wheezy backports versions"
And now we are using the latest Wheezy openssl, these results are from https://www.ssllabs.com/ssltest/analyze.html?d=penguin.transitionnetwork.org&s=81.95.52.111
Certificate: 100% Protocol Support: 90% Key Exchange: 80% Cipher Strength: 90% This server provides robust Forward Secrecy support. Protocols TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 Yes SSL 2 No Cipher Suites (SSL 3+ suites in server-preferred order, then SSL 2 suites where used) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_RSA_WITH_RC4_128_SHA (0x5) 128 Handshake Simulation Bing Oct 2013 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256 Chrome 31 / Win 7 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Firefox 17.0.7 ESR / Win 7 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Firefox 24 / Win 7 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Googlebot Oct 2013 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 IE 6 / XP No FS 1 No SNI 2 SSL 3 TLS_RSA_WITH_RC4_128_SHA (0x5) No FS 128 IE 7 / Vista TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 IE 8 / XP No FS 1 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5) No FS 128 IE 8-10 / Win 7 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 IE 11 / Win 7 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 IE 11 / Win 8.1 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 Java 6u45 No SNI 2 TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) FS 128 Java 7u25 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256 OpenSSL 1.0.1e TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Safari 6 / iOS 6.0.1 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 6.0.4 / OS X 10.8.4 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Safari 7 / OS X 10.9 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Tor 17.0.9 / Win 7 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Yahoo Slurp Oct 2013 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256
Basically everybody apart from XP users should now get PFS via HTTPS, this is for GCHQ and the NSA :-p.
comment:59 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.16
- Total Hours changed from 17.26 to 17.42
Oops forgot to uninstall the old openssl:
aptitude search ssl | grep ^i i A libio-socket-ssl-perl - Perl module implementing object oriented i i A libnet-ssleay-perl - Perl module for Secure Sockets Layer (SSL) i libssl0.9.8 - SSL shared libraries i A libssl1.0.0 - SSL shared libraries i A openssl - Secure Socket Layer (SSL) binary and relat i A ssl-cert - simple debconf wrapper for OpenSSL aptitude remove libssl0.9.8 The following packages will be REMOVED: libssl0.9.8 0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded. logchange "libssl0.9.8 : removed"
Checking the state of packages:
dpkg --audit The following packages are missing the md5sums control file in the database, they need to be reinstalled: git-core fast, scalable, distributed revision control system (obso binutils GNU assembler, linker and binary utilities
So:
aptitude reinstall git-core binutils logchange "git-core binutils : reinstalled"
There was also this issue on wiki:ParrotServer:
dpkg --audit The following packages are missing the md5sums control file in the database, they need to be reinstalled: binutils GNU assembler, linker and binary utilities
So:
aptitude reinstall binutils logchange "binutils : reinstalled"
comment:60 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.3
- Status changed from accepted to closed
- Resolution set to fixed
- Total Hours changed from 17.42 to 17.72
Sorting out APC on wiki:ParrotServer
aptitude install php-apc
The following was added to /etc/php5/mods-available/apc.ini:
apc.shm_size="64M"
Munin plugin:
cd /usr/local/src svn co http://munin-php-apc.googlecode.com/svn/trunk/php_apc/ cd /usr/local/src/php_apc cp php_apc_ /usr/share/munin/plugins/ cd /etc/munin/plugins/ ln -s /usr/share/munin/plugins/php_apc_ /etc/munin/plugins/php_apc_hit_miss ln -s /usr/share/munin/plugins/php_apc_ /etc/munin/plugins/php_apc_purge ln -s /usr/share/munin/plugins/php_apc_ /etc/munin/plugins/php_apc_fragmentation ln -s /usr/share/munin/plugins/php_apc_ /etc/munin/plugins/php_apc_files ln -s /usr/share/munin/plugins/php_apc_ /etc/munin/plugins/php_apc_rates cd /usr/local/src/php_apc cp apc_info.php /var/www/apc_info.php
This was added to the localhost apache config, /etc/apache2/conf.d/webarch.conf:
<Location /apc_info.php> Order allow,deny Allow from 127.0.0.1 ::1 </Location>
And the Munin plugins were tested:
munin-run php_apc_files
The following was added to /etc/munin/plugin-conf.d/munin-node:
[php_apc_*] user root env.url http://localhost/info/apc_info.php?auto
Apache and munin-node were restarted and we now have some APC stats here:
I think this ticket can now be closed!
comment:61 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 17.72 to 17.82
I have just rediscovered this page, created 8 months ago, wiki:SqueezeToWheezy yikes :-/
I'm slightly concerned that the MySQL upgrades for wiki:PenguinServer and wiki:ParrotServer were not followed up with a manual reimporting of the databases, but hopefully this won't cause any issues...
Checking the other things documented on that page, on wiki:PenguinServer:
dpkg -l | grep dotdeb rc php5-apc 5.3.27-1~dotdeb.0 amd64 apc module for php5
This isn't an issue, the new version is installed and the above means that the package has been removed but config files remain.
aptitude search apc | grep ^i i php-apc - APC (Alternative PHP Cache) module for PHP
The only backports we are running is Nginx:
dpkg -l | grep bpo ii init-system-helpers 1.11~bpo70.1 all helper tools for all init systems ii libpopt0:amd64 1.16-7 amd64 lib for parsing cmdline parameters ii nginx 1.4.4-1~bpo70+1 all small, powerful, scalable web/proxy server ii nginx-common 1.4.4-1~bpo70+1 all small, powerful, scalable web/proxy server - common files ii nginx-full 1.4.4-1~bpo70+1 amd64 nginx web/proxy server (standard version)
comment:62 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 17.82 to 17.92
I have just installed the apc.php app for checking apc status on parrot:
And doubled the RAM to 128MB based on the Munin stats at https://penguin.transitionnetwork.org/munin/transitionnetwork.org/parrot.transitionnetwork.org/index.html#php-apc
cp /usr/share/doc/php-apc/apc.php /var/www/
These files were then edited:
- /etc/apache2/conf.d/webarch.conf
- /var/www/apc.php
Access is limited by IP address but HTAuth could be added if anyone else needs access.
The last upgrade, from Lenny to Squeeze, was done on ticket:301 and documented on the wiki wiki:LennyToSqueeze and it took almost 17 hours, hopefully this one won't be so bad!
I have started to document the packages which are installed and are not from squeeze on wiki:SqueezeToWheezy and I have read through the upgrade documentation.