less debian-from-wheezy-7-0-to-jessie-8-0.md
Debian: from Wheezy (7.0) to Jessie (8.0)
# historical archive — written years ago, kept as it was. Some info is dated.
Let’s upgrade our Debian Wheezy to the new stable version: Jessie. In general I never upgrade a working system before a bit of time has passed for testing. This wait also allows me to find possible solutions to problems that may be encountered during the upgrade process. You can read the following directly from the Debian.org website:
Debian 8.1 was released on June 6th, 2015. Debian 8.0 was initially released on April 26th, 2015. This release includes the changes described in the press release and the Release Notes.
Disclaimer: every system is different from another. The upgrade process that follows is fairly generic and will surely work for very many of you. It is, as one would logically expect, primarily calibrated on my own system, so make as complete a backup as possible of all the most important information before proceeding!
Make a backup of all the configuration files. In this type of upgrade, that is, in moving from one version to another, I have the configuration file versions from the various package maintainers installed. This certainly allows the system to keep standing and lets me, at my own pace, change what I need. Remember that we are working remotely and that keeping our system up is essential to avoid spending money needlessly.
BACKUP
cd /tmp/
tar -pczf etc.tar.gz /etc
tar -pczf www.tar.gz /var/www
tar -pczf home.tar.gz /home
mysqldump --defaults-file=/etc/mysql/debian.cnf -cCeQ --hex-blob --quote-names --routines --events --triggers --all-databases -r all_databases.sql
Move all the *.tar.gz files and the .sql one to an external FTP or to your computer if they are not excessively large. If you have ISPConfig I recommend also making a backup of your emails:
tar -pczf vmail.tar.gz /var/vmail
WHEEZY UPDATE
Let’s check that in our /etc/apt/sources.list file the “stable” source does not appear, but rather “wheezy”. Let’s avoid accidental and partial upgrades to “Jessie”!
The file should look like this:
deb http://debian.mirror.iweb.ca/debian/ wheezy main contrib non-free
deb-src http://debian.mirror.iweb.ca/debian/ wheezy main contrib non-free
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb http://security.debian.org/debian-security wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free
deb http://ftp.de.debian.org/debian/ wheezy-updates main contrib non-free
deb-src http://ftp.de.debian.org/debian/ wheezy-updates main contrib non-free
Also do a check with the files in the /etc/apt/sources.list.d/ directory. Once the check is done, let’s proceed with:
apt-get update
apt-get upgrade
apt-get dist-upgrade
Let’s check the status of the packages to find out whether there are “hold” (blocked) or not fully installed packages.
This test is important because the system and the apt database must be in good shape before proceeding with the upgrade. If there were broken or “hold” packages, you would have to resolve these problems first, before the upgrade.
Check this way:
dpkg --audit
dpkg --get-selections | grep hold
JESSIE SOURCE
The time has come to edit the /etc/apt/sources.list file, replacing “wheezy” with “jessie”. You can use a text editor or the sed command
sed -i 's/wheezy/jessie/g' /etc/apt/sources.list
this command can also be used inside the /etc/apt/sources.list.d/ directory
sed -i 's/wheezy/jessie/g' /etc/apt/sources.list.d/*.list
JESSIE UPGRADE
the upgrade process to the new release will happen in two successive steps. First a partial update, followed by the full one.
apt-get upgrade
apt-get dist-upgrade
The two processes should finish without a hitch. I ran into some small problems and you will find some solutions here. I recommend reading what follows before rebooting your server.
PROBLEMS
Here is what happened to me:
1. SSH
As you can see from the image above, the new security policies recommend setting “PermitRootLogin without-password”. Be careful: if you have not already generated the keys to access the server, you risk losing remote access through ssh. Answer “NO”, generate the keys, try to log in, and if everything works disable root user access through password.
2. ARNO IPTABLES FIREWALL
Do not restart the firewall during the configuration phase. Answer “NO”, finish the upgrade, verify your configuration, and then restart the firewall when the server reboots.
3. PHP5-JSON
This package may cause the upgrade to fail because it will try to overwrite a file contained in the php5-dev package.
dpkg error: “trying to overwrite file, which is also in…”
To get past the obstacle you will have to allow the overwrite with the following command.
dpkg -i --force-overwrite /var/cache/apt/archives/php5-json_1.3.6-1_i386.deb
at this point restart the upgrade apt-get dist-upgrade or apt-get -f dist-upgrade
4. PSAD
The old configuration file does not contain several parameters needed to allow the daemon to start. During installation/configuration, have the package maintainer’s configuration file installed and the upgrade procedure will not be interrupted
5. SQUIDGUARD
this package will try to update its own database by running the procedure as a user with reduced privileges compared to the root user. The “su” command is invoked incorrectly. You just need to edit the /usr/sbin/update-squidguard script by inserting the correct command. Below is a patch you can use
--- /usr/sbin/update-squidguard 2014-09-22 16:37:17.000000000 +0200
+++ /usr/sbin/update-squidguard.new 2015-07-14 15:41:05.000000000 +0200
@@ -91,7 +91,7 @@
# rebuild database if needed
if [ $REBUILD = "y" ]; then
echo "Rebuild SquidGuard database - this can take a while." >&2
- su - proxy -c "squidGuard ${VBPAR} -C all"
+ su -l proxy -s /bin/bash -c "squidGuard ${VBPAR} -C all"
# update info file with Berkeley DB version
echo ${DB_ACT} >${DBVFILE}
[ ! -z $VERBOSE ] && echo "Rebuild done." >&2
6. GRUB
An error was generated relating to the /boot/grub/device.map file
To regenerate the correct file you just need to delete/rename the old one and then run the grub-mkdevicemap command
7. RKHUNTER
During the configuration phase the following error was generated
Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/sbin/prelink
Edit the /etc/rkhunter.conf file, removing/commenting out the line SCRIPTWHITELIST=/usr/sbin/prelink
This is one of the reasons to accept the maintainers’ configuration files.
REBOOT
If everything went as expected, all you have to do is reboot your machine and verify that Jessie is your new version of Debian.
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support/"
BUG_REPORT_URL="https://bugs.debian.org/"