Last night (when I should have been working a project for my advanced algorithms class) I decided it was time to upgrade my personal server from Woody to Sarge. I am writing this email im the hopes that the release team and devs find it helpful and that other users who upgrade can make use of the information.
In summary, here are the things that I saw: 1. Dependency resolution was spectacular (who would expect less from Debian?) 2. New config files went OK. 3. Cyrus IMAP (going from cyrus v1.5 to cyrus21) broke very hard 4. sslwrap upgrade completely choked over openssl In detail: 1. Nothing more need be said. 2. The standard yes, no, diff, shell approach could probably use some tweaking. What I mean is that with so many config files being updated, there should be an option to "manually merge now." This can be done in one of a couple of ways. A text editor could be opened with both the current and proposed config loaded (e.g., vim and emacs), or a single file could be presented with the diff'd portions inserted and marked in the complete file (e.g., editors that only support one open file). I think that this can be done by shelling out (with the Z option), but I am never really sure if my changes will stick. The option says "shell to examine the situation", or something to that effect. There is no indication that if I change the config, the change will stick. Also, some packages should adopt the policy of including a "local" snippet. What I mean is, for example, with the dhcpd package, or any package that "requires" a change to the config immediately after installation. Simply put, a dhcpd config will always need to be modified to tell which net, subnet mask, hostnames, MACs, and so on, it needs to handle. It is annoying when the messages throughout the file change and cause the admin to have to intervene in the process by choosing what to do. Some packages (e.g., horde2) have a config in /etc/<pkg-name> with a standard <pkg-name>.conf and then somewhere in the .conf file they source or include a snippet with the local changes. I encourage the maintainers of such packages (dhcpd and ntp, come to mind immediately) to consider this approach. 3. I really have no idea what happened here. I carefully followed the upgrade instructions, but my mailboxes.db ended up corrupted, which caused the cyrus server to go crazy. Also, once I got saslauthd to where it would work correctly, cyrus refused all imap and imaps connections. I ended up having to go into /etc/hosts.allow and add ALL:LOCAL for cyrus to finally accept only local imap connections. I never figured out how to get it to accept imaps connections without adding ALL:ALL, which is not an acceptable solution). About 4 hours of Google searching yielded no useful information. I ended up setting impas to go through sslwrap (as I had for cyrus v1.5), since it would accept remote connections. I can't tell if this is a bug or a mis- configuration on my part. 4. The upgrade to sslwrap tried to generate an ssl certificate. For some reason (I suspect becuase I have created my own CA), openssl errored out, causing the sslwrap postinst to fail. This caused me repreated problems as it would hang up the postinst of other packages. I finally copied /etc/ssl and /etc/sslwrap off to another location, purge both openssl and sslwrap, reinstall both, remove /etc/ssl and /etc/sslwrap, and replace them with my backup copies. I am not sure why this happened, but I am pretty sure it is a bug. I have not yet filed a bug since I am not sure if it should go against openssl or sslwrap. Sugestions would be appreciated. -- Roberto C. Sanchez http://familiasanchez.net/~sanchezr
signature.asc
Description: OpenPGP digital signature
