Aggiornamento da Woody a Sarge: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 205: | Line 205: | ||
<pre> | <pre> | ||
Debian Configuration | |||
??????????????????????????????? [?] Adduser ???????????????????????????????? | |||
? ? | |||
? Normally, home directories can be viewed by all users on the system. If ? | |||
? you want to increase the security/privacy on your system, you might ? | |||
? want your home directories only readable by the user. If you are ? | |||
? unsure, enable system wide readable home directories. ? | |||
? ? | |||
? This will only affect home directories of users added with the adduser ? | |||
? program later. ? | |||
? ? | |||
? Do you want system wide readable home directories? ? | |||
? ? | |||
? <No> ? | |||
? ? | |||
???????????????????????????????????????????????????????????????????????????? | |||
Debian Configuration | |||
?????????????????????????? [?] Configuring Man-db ?????????????????????????? | |||
? ? | |||
? This version of man-db is incompatible with your existing database of ? | |||
? manual page descriptions, so that database needs to be rebuilt. This ? | |||
? may take some time, depending on how many pages you have installed; it ? | |||
? will happen in the background, possibly slowing down the installation ? | |||
? of other packages. ? | |||
? ? | |||
? If you do not build the database now, it will be built the next time ? | |||
? /etc/cron.weekly/mandb runs, or you can do it yourself using 'mandb -c' ? | |||
? as user 'man'. In the meantime, the 'whatis' and 'apropos' commands ? | |||
? will not be able to display any output. ? | |||
? ? | |||
? Incompatible changes like this should happen rarely. ? | |||
? ? | |||
? Should mandb build its database now? ? | |||
? ? | |||
? <Yes> ? | |||
? ? | |||
???????????????????????????????????????????????????????????????????????????? | |||
Debian Configuration | |||
??????????????????????????? [!!] Configuring Ssh ??????????????????????????? | |||
? ? | |||
? Password authentication appears to be disabled in your current OpenSSH ? | |||
? server configuration. In order to prevent users from logging in using ? | |||
? passwords (perhaps using only public key authentication instead) with ? | |||
? recent versions of OpenSSH, you must disable challenge-response ? | |||
? authentication, or else ensure that your PAM configuration does not ? | |||
? allow Unix password file authentication. ? | |||
? ? | |||
? If you disable challenge-response authentication, then users will not ? | |||
? be able to log in using passwords. If you leave it enabled (the default ? | |||
? answer), then the 'PasswordAuthentication no' option will have no ? | |||
? useful effect unless you also adjust your PAM configuration in ? | |||
? /etc/pam.d/ssh. ? | |||
? ? | |||
? Disable challenge-response authentication? ? | |||
? ? | |||
? <Yes> ? | |||
? ? | |||
???????????????????????????????????????????????????????????????????????????? | |||
Debian Configuration | |||
???????????????????????? [?] Configuring Apache-ssl ???????????????????????? | |||
? ? | |||
? suExec is a feature of apache where CGI scripts are run by the user who ? | |||
? owns the script. It is useful if your users have CGI access and don't ? | |||
? trust each other. ? | |||
? ? | |||
? Enable suExec? ? | |||
? ? | |||
? <Yes> ? | |||
? ? | |||
???????????????????????????????????????????????????????????????????????????? | |||
Debian Configuration | |||
?????????????????????????? [?] Configuring Apache ?????????????????????????? | |||
? ? | |||
? suExec is a feature of apache where CGI scripts are run by the user who ? | |||
? owns the script. It is useful if your users have CGI access and don't ? | |||
? trust each other. ? | |||
? ? | |||
? Enable suExec? ? | |||
? ? | |||
? <Yes> ? | |||
? ? | |||
???????????????????????????????????????????????????????????????????????????? | |||
Debian Configuration | |||
?????????????????????? [?] Configuring Squidguard ??????????????????????? | |||
? ? | |||
? Rebuilding the blacklist databases is time consuming and under some ? | |||
? circumstances could cause problems. With the breakout of individual ? | |||
? blacklist section packages the time it takes for each package to ? | |||
? rebuild will be extensive. Also it may not be desireable to rebuild ? | |||
? these databases on production servers. You can manually perform a ? | |||
? rebuild by running /usr/sbin/update-squidguard. ? | |||
? ? | |||
? Rebuild Squidguard blacklist database during postinst? ? | |||
? ? | |||
? <Yes> ? | |||
? ? | |||
????????????????????????????????????????????????????????????????????????? | |||
Debian Configuration | |||
????????????????????? [?] Configuring Chastity-list ????????????????????? | |||
? ? | |||
? Rebuilding the blacklist databases is time consuming and under some ? | |||
? circumstances could cause problems. With the breakout of individual ? | |||
? blacklist section packages the time it takes for each package to ? | |||
? rebuild will be extensive. Also it may not be desireable to rebuild ? | |||
? these databases on production servers. You can manually perform a ? | |||
? rebuild by running /usr/sbin/update-chastity-list. ? | |||
? ? | |||
? Rebuild Chastity blacklist database during postinst? ? | |||
? ? | |||
? <Yes> ? | |||
? ? | |||
????????????????????????????????????????????????????????????????????????? | |||
Debian Configuration | |||
?????????????????????????? [!] Configuring Lilo ?????????????????????????? | |||
? ? | |||
? It was detected that it's necessary to run /sbin/lilo in order to ? | |||
? update the new LILO configuration. ? | |||
? ? | |||
? WARNING: This procedure will write data in your MBR and may overwrite ? | |||
? some things in that place. If you skip this step, you must run ? | |||
? /sbin/lilo before reboot your computer or your system may not boot ? | |||
? again. ? | |||
? ? | |||
? Do you want to run /sbin/lilo now? ? | |||
? ? | |||
? <No> ? | |||
? ? | |||
?????????????????????????????????????????????????????????????????????????? | |||
RICORDARSi DI UPGRADARe KERNEL DOPO | |||
Configuring Debconf | Configuring Debconf | ||
Revision as of 14:03, 28 July 2005
Estratto del sito http://www.debian.org/releases/sarge/i386/release-notes/index.it.html#contents
Preparazione all'aggiornamento
Backup Completo remoto
Effettuare un backup in ssh su un altro sistema secondo quanto specificato in Backup_remoto_con_tar_via_ssh
Backup locale delle configurazioni
Copiare tutta la /etc per poter vedere velocemente le modifiche alle configurazioni:
tar cvjf /files/etc.tar.bz2 /etc
Verifica boot da rescue disk
Verificare anche che si sia in grado di effettuare il boot ed il montaggio del filesystem da knoppix come specificato in Problemi_con_kernel_al_primo_riavvio per ovviare ad un eventuale kernel panic.
Avvio session screen
L'aggiornamento è possibile in ssh, ma in questo caso si raccomanda l'esecuzione della procedura in una sessione screen, recuperabile in caso di caduta della connessione.
screen
Avvio typescript
Registrare tutto quello che viene eseguito con script:
cd script -f -t sarge-upgrade.typescript 2> sarge-upgrade.typescript.timings
In qualsiasi momento, si può rivedere ciò che è successo con
less -r sarge-upgrade.typescript
Disinstallazione pacchetti non necessari
deborphan e apt-get remove --purge
Controllo applicazioni attive
Controllare i demoni attivi, che andranno verificati dopo il riavvio:
pstree -p
Controllare ciò che viene avviato da inetd, che andrà anch'esso verificato dopo il riavvio:
cat /etc/inetd.conf | grep -v ^# | grep -v ^$
Controllo delle fonti apt
Prima di effttuare un update delle fonti, assicurarsi che tutte le righe in /etc/apt/sources.list facciano riferimento a 'woody' e non a 'stable', ad esempio:
cat /etc/apt/sources.list deb http://ftp.it.debian.org/debian/ woody main non-free contrib deb http://security.debian.org/ woody/updates main contrib non-free
Se così non fosse, sostiture 'stable' con 'woody'.
Aggiornamento woody
Il sistema deve essere aggiornato con gli ultimi update di woody e dei relativi backport:
apt-get update && apt-get upgrade && apt-get clean
Installazione della versione di woody di aptitude
Dato che l'aggiornamento viene effettuato usando aptitude, e non apt-get, è necessario installarlo prima di proseguire:
apt-get install aptitude
Per prima cosa è necessario assicurarsi che si installerà la versione di aptitude di woody e non quella di sarge.
Modifica dell fonti apt
Si passa ora alla preparazione del nuovo sources.list
Creazione delle copie del sources.list
Creare le copie delle fonti:
cd /etc/apt cp sources.list sources.list.woody cp sources.list sources.list.sarge
Eliminazione dei backports
Il nuovo sources.lists non dovrà contenere riferimenti a backports:
cd /etc/apt cat sources.list.woody | grep -v backports | grep -v ^$ | sort > sources.list.sarge
Sostituzione del nome della versione
Sostituire 'woody' con 'sarge':
cat | ed - sources.list.sarge <<'EOFile' %s/woody/sarge/g wq EOFile
FIXME: Per terminare lo script precedente bisogna premere due volte invio
Copia del sources.list
Copiare il sources.list definitivo:
/bin/cp -f sources.list.sarge sources.list
Esso sarà simile a:
cat sources.list deb http://ftp.it.debian.org/debian/ sarge main non-free contrib deb http://security.debian.org/ sarge/updates main contrib non-free deb-src http://ftp.it.debian.org/debian sarge main contrib non-free
Abbiamo ora i sources.list di entrambi le distribuzioni, che possiamo ripristinare in caso di problemi.
Disattivare il pinning di APT
cd /etc/apt/ cp preferences preferences.woody touch preferences.sarge /bin/cp -f preferences.sarge preferences
Controllo dello stato dei pacchetti
Verificare che non ci siano paccheti in hold:
dpkg --get-selections | grep hold
Salvare un elenco dei pacchetti installati:
dpkg --get-selections > ~/curr-pkgs.txt
Aggiornamento fonti
E' ora possibile aggiornare la lista dei pacchetti a sarge:
apt-get update
Installazione aptitude di sarge
Dato che la versione di sarge di aptitude è migliore, aggiornare prima questa:
apt-get install aptitude
naturalmente verranno scaricate anche le dipendenze necessarie.
Verrà inoltre aggiornata la libc6, che comporterà l'obbligo di restart di molti servizi, tra cui anche sshd. Consetire il riavvio, perchè comunque non si verrà disconnessi.
Aggiornamento eventuale di doc-base
Se si ha doc-base installato, lo si deve aggiornare prima di fare lo stesso con il resto del sistema.
Si può scoprire se doc-base è installato utilizzando
dpkg -l doc-base
Se la riga di output comincia con i, allora è installato e lo si deve aggiornare prima di proseguire.
aptitude install doc-base
Aggiornamento del resto del sistema
Si è ora pronti per continuare con la parte principale dell'aggiornamento.
Scarichiamo pirma tutti i pachetti necessari:
aptitude -f --with-recommends dist-upgrade -d
Controllare anche quali pacchetti verranno RIMOSSI, ed annotarli.
Si esegua:
aptitude -f --with-recommends dist-upgrade
Questo comando farà eseguire un completo aggiornamento del sistema, che comprenderà p.e. l'installazione delle ultime versioni disponibili di tutti i pacchetti, e la risoluzione di tutti i possibili cambiamenti di dipendenze fra pacchetti di release differenti.
Se necessario, saranno installati alcuni nuovi pacchetti (solitamente nuove versioni di librerie, o pacchetti rinominati), e sarà rimosso qualunque pacchetto obsoleto che crei conflitti (come console-tools-libs).
Gestione delle richieste relative ai files di configurazione
Se viene richiesto cosa fare circa la sotituzione di un file di configurazione modificato con la mantainer version, accettare la sostituzione e annotare il file sostituito.
Alla fine della procedura confrontare i file sostituito con l'originale che viene rinominato in .dpkg-old
Risposte tipiche alle richieste di aggiornamento
Debian Configuration
??????????????????????????????? [?] Adduser ????????????????????????????????
? ?
? Normally, home directories can be viewed by all users on the system. If ?
? you want to increase the security/privacy on your system, you might ?
? want your home directories only readable by the user. If you are ?
? unsure, enable system wide readable home directories. ?
? ?
? This will only affect home directories of users added with the adduser ?
? program later. ?
? ?
? Do you want system wide readable home directories? ?
? ?
? <No> ?
? ?
????????????????????????????????????????????????????????????????????????????
Debian Configuration
?????????????????????????? [?] Configuring Man-db ??????????????????????????
? ?
? This version of man-db is incompatible with your existing database of ?
? manual page descriptions, so that database needs to be rebuilt. This ?
? may take some time, depending on how many pages you have installed; it ?
? will happen in the background, possibly slowing down the installation ?
? of other packages. ?
? ?
? If you do not build the database now, it will be built the next time ?
? /etc/cron.weekly/mandb runs, or you can do it yourself using 'mandb -c' ?
? as user 'man'. In the meantime, the 'whatis' and 'apropos' commands ?
? will not be able to display any output. ?
? ?
? Incompatible changes like this should happen rarely. ?
? ?
? Should mandb build its database now? ?
? ?
? <Yes> ?
? ?
????????????????????????????????????????????????????????????????????????????
Debian Configuration
??????????????????????????? [!!] Configuring Ssh ???????????????????????????
? ?
? Password authentication appears to be disabled in your current OpenSSH ?
? server configuration. In order to prevent users from logging in using ?
? passwords (perhaps using only public key authentication instead) with ?
? recent versions of OpenSSH, you must disable challenge-response ?
? authentication, or else ensure that your PAM configuration does not ?
? allow Unix password file authentication. ?
? ?
? If you disable challenge-response authentication, then users will not ?
? be able to log in using passwords. If you leave it enabled (the default ?
? answer), then the 'PasswordAuthentication no' option will have no ?
? useful effect unless you also adjust your PAM configuration in ?
? /etc/pam.d/ssh. ?
? ?
? Disable challenge-response authentication? ?
? ?
? <Yes> ?
? ?
????????????????????????????????????????????????????????????????????????????
Debian Configuration
???????????????????????? [?] Configuring Apache-ssl ????????????????????????
? ?
? suExec is a feature of apache where CGI scripts are run by the user who ?
? owns the script. It is useful if your users have CGI access and don't ?
? trust each other. ?
? ?
? Enable suExec? ?
? ?
? <Yes> ?
? ?
????????????????????????????????????????????????????????????????????????????
Debian Configuration
?????????????????????????? [?] Configuring Apache ??????????????????????????
? ?
? suExec is a feature of apache where CGI scripts are run by the user who ?
? owns the script. It is useful if your users have CGI access and don't ?
? trust each other. ?
? ?
? Enable suExec? ?
? ?
? <Yes> ?
? ?
????????????????????????????????????????????????????????????????????????????
Debian Configuration
?????????????????????? [?] Configuring Squidguard ???????????????????????
? ?
? Rebuilding the blacklist databases is time consuming and under some ?
? circumstances could cause problems. With the breakout of individual ?
? blacklist section packages the time it takes for each package to ?
? rebuild will be extensive. Also it may not be desireable to rebuild ?
? these databases on production servers. You can manually perform a ?
? rebuild by running /usr/sbin/update-squidguard. ?
? ?
? Rebuild Squidguard blacklist database during postinst? ?
? ?
? <Yes> ?
? ?
?????????????????????????????????????????????????????????????????????????
Debian Configuration
????????????????????? [?] Configuring Chastity-list ?????????????????????
? ?
? Rebuilding the blacklist databases is time consuming and under some ?
? circumstances could cause problems. With the breakout of individual ?
? blacklist section packages the time it takes for each package to ?
? rebuild will be extensive. Also it may not be desireable to rebuild ?
? these databases on production servers. You can manually perform a ?
? rebuild by running /usr/sbin/update-chastity-list. ?
? ?
? Rebuild Chastity blacklist database during postinst? ?
? ?
? <Yes> ?
? ?
?????????????????????????????????????????????????????????????????????????
Debian Configuration
?????????????????????????? [!] Configuring Lilo ??????????????????????????
? ?
? It was detected that it's necessary to run /sbin/lilo in order to ?
? update the new LILO configuration. ?
? ?
? WARNING: This procedure will write data in your MBR and may overwrite ?
? some things in that place. If you skip this step, you must run ?
? /sbin/lilo before reboot your computer or your system may not boot ?
? again. ?
? ?
? Do you want to run /sbin/lilo now? ?
? ?
? <No> ?
? ?
??????????????????????????????????????????????????????????????????????????
RICORDARSi DI UPGRADARe KERNEL DOPO
Configuring Debconf
What interface should be used for configuring packages? ?
? Dialog
See only questions that are of what priority and higher? ?
? low
Configuring Netkit-inetd
Disable chargen, echo, daytime/udp, time/udp services?
? <Yes>
Do you want system wide readable home directories? ?
? ?
? <No>
Postfix Configuration
Local networks? ?
? ?
? 127.0.0.0/8_
Postfix Configuration ????????????????????????????????????????????
? What limit should Postfix place on mailbox files to prevent runaway software errors. A value of zero (0) ?
? means no limit. (The upstream default is 51200000.) ?
? ?
? Mailbox size limit ?
? ?
? 0_____________________________________________________________
???????????????????Postfix Configuration ??????????????????
? What character defines a local address extension? ?
? ?
? To not use address extensions, leave the string blank. ?
? ?
? Local address extension character? ?
? ?
? +__________________________________________
Configuring Apt-listchanges ??????????????
? news - important news items only ?
? both - both news and detailed changelogs ?
? changelogs - detailed changelogs only ?
? ?
? Which types of changes should be displayed with apt? ?
? ?
? both
??????????????????????????????????????????????? Configuring Gpm ???????????????????????????????????????????????
? ?
? Usually, GPM should be started or restarted when it is installed or upgraded. But when X is running and ?
? trying to use the same mouse device, this can sometimes cause a problem with the X mouse cursor. Switching ?
? to the console and then back to X will usually fix it. ?
? ?
? Do you want to start or restart GPM while X is running? ?
? ?
? <No> ?
? ?
???????????????????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????? Configuring Gpm ???????????????????????????????????????????
? ?
? I can remember this setting and not prompt for it when future GPM upgrades occur, but this may be ?
? undesirable if your X mouse configuration changes. ?
? ?
? Remember the restart setting? ?
? ?
? <No> ?
? ?
??????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????? Configuring Gpm ???????????????????????????????????????????????
? Where is your mouse device? If you have a regular PS/2 mouse, you probably want /dev/psaux. If you have a ?
? serial mouse, it may be something like /dev/ttyS0. If you have a usb mouse (make sure you have the modules ?
? loaded), it's /dev/input/mice. If you're on a Sun machine, it's probably /dev/sunmouse. If you're on an ?
? 68k Macintosh, it's probably /dev/mouse. ?
? ?
? Which mouse device should gpm use? ?
? ?
? /dev/psaux_________________________________________________________________________________________________ ?
? ?
? <Ok> ?
? ?
???????????????????????????????????????????????????????????????????????????????????????????????????????????????
?????? Configuring Gpm ???????
? What type is your mouse? ?
? ?
? imps2_____________________ ?
? ?
? <Ok> ?
? ?
??????????????????????????????
?????????????????????????????????????????????? Configuring Gpm ??????????????????????????????????????????????
? Responsiveness defines the how often the cursor responds to mouse movement, and is expressed as a number ?
? here. If your mouse seems to move too slowly, try setting this to 15. ?
? ?
? How responsive should the mouse be? ?
? ?
? _________________________________________________________________________________________________________ ?
? ?
? <Ok> ?
? ?
?????????????????????????????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????? Configuring Gpm ??????????????????????????????????????????
? GPM can act as a repeater via /dev/gpmdata, and give both GPM and X access to the mouse data in ?
? configurations where it would otherwise only be available to only X or GPM. ?
? ?
? Enter 'none' to turn repeating off. ?
? ?
? What protocol should be used to repeat mouse events? ?
? ?
? ms3_____________________________________________________________________________________________ ?
? ?
? <Ok> ?
? ?
????????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????? Configuring Gpm ???????????????????????????????????????????????
? The sample rate defines how often GPM polls the mouse device for new position data. This is often tweaked ?
? to make the mouse appear to move more smoothly, but it should not be changed unless you really know what ?
? you are doing. ?
? ?
? What should the sample rate for the mouse be? ?
? ?
? __________________________________________________________________________________________________________ ?
? ?
? <Ok> ?
? ?
??????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????? Configuring Gpm ???????????????????????????????????????
? If you need any additional arguments to make GPM work for your environment, add them here. ?
? ?
? Additional arguments to GPM ?
? ?
? ___________________________________________________________________________________________ ?
? ?
? <Ok> ?
? ?
???????????????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????? Configuring Mdadm ??????????????????????????????????????????????
? ?
? If RAID devices are started automatically, all RAID devices are discovered and assembled automatically at ?
? system startup. This option should only be used if the md driver is compiled as a module. If it is ?
? compiled into your kernel, the automatic startup will be performed at boot time by the kernel and ?
? therefore you should not choose this option. ?
? ?
? Do you want to start the RAID devices automatically? ?
? ?
? <Yes> ?
? ?
??????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????? Samba Server ????????????????????????????????????????????????
? ?
? If your computer gets IP address information from a DHCP server on the network, the DHCP server may also ?
? provide information about WINS servers ("NetBIOS name servers") present on the network. This requires a ?
? change to your smb.conf file so that DHCP-provided WINS settings will automatically be read from ?
? /etc/samba/dhcp.conf. ?
? ?
? You must have the dhcp3-client package installed to take advantage of this feature. ?
? ?
? Modify smb.conf to use WINS settings from DHCP? ?
? ?
? <No> ?
? ?
?????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????? Samba Server ????????????????????????????????????????????????
? ?
? If your computer gets IP address information from a DHCP server on the network, the DHCP server may also ?
? provide information about WINS servers ("NetBIOS name servers") present on the network. This requires a ?
? change to your smb.conf file so that DHCP-provided WINS settings will automatically be read from ?
? /etc/samba/dhcp.conf. ?
? ?
? You must have the dhcp3-client package installed to take advantage of this feature. ?
? ?
? Modify smb.conf to use WINS settings from DHCP? ?
? ?
? <Yes> <No> ?
? ?
?????????????????????????????????????????????????????????????????????????????????????????????????????????????
???????????????????????????????????????????? Configuring Setserial ????????????????????????????????????????????
? Setserial contains the ability to save your current serial configurations, but you have to decide the ?
? method which setserial is to use. ?
? ?
? autosave once - this saves your serial configuration the first time you select this option, using kernel ?
? information. From this point on this information is never changed automatically again. If you want the ?
? configuration to change you have to edit serial.conf by hand. This is the default and is good in almost ?
? all cases. ?
? ?
? manual - control serial.conf yourself right from the start. Good for experts who like to get their hands ?
? dirty, but autosave-once is probably still better. ?
? ?
? autosave always - save the serial configuration on every system shutdown, and reload the saved state when ?
? you reboot. Good if you change your serial configuration a lot, but DANGEROUS as rebooting a system with ?
? "errors" can result in the complete loss of your serial configuration! ?
? ?
? kernel - blank the serial.conf file and use the kernel settings on bootup. This may be useful for standard ?
? situations or where setserial has become confused. ?
? ?
? Type of automatic serial port configuration to use? ?
? autosave once ?
? <Ok> ?
? ?
???????????????????????????????????????????????????????????????????????????????????????????????????????????????
update-passwd has found some differences between your system accounts
and the current Debian defaults. It is advisable to allow update-passwd
to change your system; without those changes some packages might not work
correctly. For more documentation on the Debian account policies please
see /usr/share/doc/base-passwd/README.
The list of proposed changes is:
Adding group "man" (12)
Adding group "sasl" (45)
Adding group "plugdev" (46)
Changing gid of sync from 100 (users) to 65534 (nogroup)
Changing gid of games from 100 (users) to 60 (games)
Changing gid of man from 100 (users) to 12 (man)
Changing GECOS of list from "SmartList" to "Mailing List Manager".
Changing home-directory of irc from /var to /var/run/ircd
Changing home-directory of nobody from /home to /nonexistent
Would commit 9 changes
It is highly recommended that you allow update-passwd to make these changes
(a backup file of modified files is made with the extension .org so you can
always restore the current settings).
May I update your system? [Y/n] Y
????????????????????????????? Configuring dash ?????????????????????????????
? ?
? Bash is the default /bin/sh on a Debian system. However, since our ?
? policy requires all shell scripts using /bin/sh to be POSIX compliant, ?
? any shell that conforms to POSIX can serve as /bin/sh. Since dash is ?
? POSIX compliant, it can be used as /bin/sh. You may wish to do this ?
? because dash is faster and smaller than bash. ?
? ?
? Install dash as /bin/sh? ?
? ?
? <Yes> <No> ?
? ?
????????????????????????????????????????????????????????????????????????????
???????????????????????????? Configuring man-db ?????????????????????????????
? ?
? This version of man-db is incompatible with your existing database of ?
? manual page descriptions, so that database needs to be rebuilt. This may ?
? take some time, depending on how many pages you have installed; it will ?
? happen in the background, possibly slowing down the installation of ?
? other packages. ?
? ?
? If you do not build the database now, it will be built the next time ?
? /etc/cron.weekly/mandb runs, or you can do it yourself using 'mandb -c' ?
? as user 'man'. In the meantime, the 'whatis' and 'apropos' commands will ?
? not be able to display any output. ?
? ?
? Incompatible changes like this should happen rarely. ?
? ?
? Should mandb build its database now? ?
? ?
? <Yes> <No> ?
? ?
?????????????????????????????????????????????????????????????????????????????
????????????????????????? Configuring localepurge ?????????????????????????
? ?
? Based on the same locale information you chose above, localepurge can ?
? also delete superfluous localized man pages. ?
? ?
? Also delete localized man pages? ?
? ?
? <Yes> ?
? ?
???????????????????????????????????????????????????????????????????????????
?????????????????????????? Configuring localepurge ??????????????????????????
? ?
? If you are content with the selection of locales you chose to keep and ?
? don't want to care about whether to delete or keep newly found locales, ?
? just deselect this option to automatically remove new locales you ?
? probably wouldn't care about anyway. If you select this option, you will ?
? be given the opportunity to decide whether to keep or delete newly ?
? introduced locales. ?
? ?
? Inform about new locales? ?
? ?
? <No> ?
? ?
?????????????????????????????????????????????????????????????????????????????
??????????????????????? Configuring localepurge ???????????????????????
? ?
? localepurge can calculate and display the disk space freed by its ?
? operations and show a saved disk space summary at quitting. ?
? ?
? Display freed disk space? ?
? ?
? <Yes> ?
? ?
???????????????????????????????????????????????????????????????????????
?????????????????????????? Configuring localepurge ??????????????????????????
? ?
? There are two ways for calculation of freed disk space available. One is ?
? much faster than the other but far less accurate if other changes occur ?
? on the filesystem during disc space calculation. The other one works ?
? more accurately and is therefore the preferred choice. ?
? ?
? Accurate disk space calculation? ?
? ?
? <Yes> ?
? ?
?????????????????????????????????????????????????????????????????????????????
????????????????????????? Configuring localepurge ??????????????????????????
? ?
? localepurge may be configured to explicitly show which locale files it ?
? deletes. This possibly causes a lot of screen output. ?
? ?
? Display verbose output? ?
? ?
? <Yes> ?
? ?
????????????????????????????????????????????????????????????????????????????
== Attività Post Aggiornamento ==
=== Verifica dei files di configurazione sostituiti ===
Creare lo script di confronto:
<pre>
cat > /root/bin/confronta <<'EOFile'
#!/bin/bash
#set -x
diff --left-column -y $1 $1.dpkg-old | less -S
EOFile
chmod 755 /root/bin/confronta
Per ogni file di configurazione sostituito lanciare:
/root/bin/confronta /etc/nomefile
Verrà mostrato sulla sx il file modificato con sulla DX le sole differenze del file vecchio.
esempio:
# /etc/mkinitrd/mkinitrd.conf: (
(
# If this is set to probe mkinitrd will try to figure out wha (
# mount the root file system. This is equivalent to the old (
ROOT=probe | ROOT=/dev/md0
(
# image. (
INITRD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH (
<
# Hardcode partition to resume from so it doesn't have to be <
# on the command line. The command line will override this s <
# RESUME= <
I simboli che dividono la pagina significano :
( la riga è uguale in entrambi i file | la riga è presente in entrambi, ma diversa < la riga è presente solo nel file di sx
Valutare quali sono le modifche da apportare ai files.
Verifica pacchetti obsoleti
Verificare la presenza di pacchetti obsoleti non più presenti in sarge o rimasugli di backports:
dpkg -l | grep 'woody\|backports'
Provvedere alla rimozione e sostituzione dei pacchetti necessari con altri equivalenti.
Se rimangono dei pacchetti con lo stato removed ma non purged, tipo:
rc mc-common 4.5.55-1.2woody6 Common files for mc and gmc
pulire con:
dpkg --purge mc-common
Upgrade di pacchetti particolari
kernel
IL KERNEL NON VIENE UPGRADATO. BISOGNA FARLO MANUALMENTE
FIXME: TODO
mc-common
Rimane rimosso ma non purged:
rc mc-common 4.5.55-1.2woody6 Common files for mc and gmc
Pulire con:
dpkg --purge mc-common
Clamav
Rimangono i backports:
dpkg -l | grep woody ii clamav 0.85.1-1woody1 antivirus scanner for Unix ii clamav-base 0.85.1-1woody1 base package for clamav, an anti-virus utility for Unix ii clamav-daemon 0.85.1-1woody1 antivirus scanner daemon ii clamav-freshclam 0.85.1-1woody1 downloads clamav virus databases from the Internet
Per aggiornarli rimuoverli senza purge:
apt-get remove apt-get install clamav clamav-base clamav-daemon clamav-freshclam libclamav1
Installarli nuovamente:
apt-get install clamav clamav-base clamav-daemon clamav-freshclam libclamav1
Configurazione:
?????? Configuring clamav-freshclam ???????
? ?
? ?
? Number of freshclam updates per day: ?
? ?
? 24_____________________________________ ?
? ?
? <Ok> <Cancel> ?
? ?
???????????????????????????????????????????
Sasl
E' stato sostituito da Sasl2, ma rimangono installate le vecchie versioni. Inoltre il nuovo Postfix usa Sasl2, quindi bisogna installarlo.
Verifica:
# export COLUMNS=132; dpkg -l | grep woody ii libsasl-digestmd5-plain 1.5.27-3.1woody5 DIGEST-MD5 module for SASL ii libsasl-modules-plain 1.5.27-3.1woody5 Basic Pluggable Authentication Modules for SASL ii libsasl7 1.5.27-3.1woody5 Authentication abstraction library. ii sasl-bin 1.5.27-3.1woody5 Programs for manipulating the SASL users database ...
Rimozione di tutto quanto listato sopra:
apt-get remove --purge sasl-bin libsasl7 libsasl-modules-plain libsasl-gssapi-mit libsasl-digestmd5-plain
Installazione di sals2-bin
apt-get install sasl2-bin
Modifica del file di partenza:
echo -e "%s/# START=yes/START=yes\t# START=yes/g\nwq\n" | ed - /etc/default/saslauthd
Verifica:
# cat /etc/default/saslauthd # This needs to be uncommented before saslauthd will be run automatically START=yes # START=yes # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam"
Impostarne l'avvio in automatico:
update-rc.d saslauthd defaults
Avvio:
/etc/init.d/saslauthd start
Verifica
# pstree -p | grep sasl
??saslauthd(27910)???saslauthd(27911)
? ??saslauthd(27912)
? ??saslauthd(27913)
? ??saslauthd(27914)
Postfix
Occorre solo configurare SASL2.
cd /etc/postfix/sasl cp smtpd.conf smtpd.conf.dpkg-old echo "pwcheck_method: saslauthd mech_list: PLAIN LOGIN " > /etc/postfix/sasl/smtpd.conf /etc/init.d/postfix restart
Vedi comunque la Postfix Howto
.dpkg-old