Quantcast

FWD: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

classic Classic list List threaded Threaded
42 messages Options
123
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

FWD: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Markus Neteler
Hi SAC,

http://seclists.org/bugtraq/2011/Dec/30
is an advance notice that security support for Debian GNU/Linux 5.0
(code name "lenny") will be terminated in two months.
The security support for the old release of 5.0 is going
to end on the 6th of February 2012 as previously announced.

We need to upgrade all (almost) OSGeo machines to the
current stable release.
Is there anything special to consider for the VMs?

Markus
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Martin Spott
On Fri, Dec 09, 2011 at 07:42:53PM +0100, Markus Neteler wrote:

> Is there anything special to consider for the VMs?

I'm already in preparation of such upgrade for the Wiki VM and given
the fact that these VM's are running a regular distro kernel I don't
expect any major trouble.

Cheers,
        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

hamish-2
In reply to this post by Markus Neteler
Markus N wrote:
> > Is there anything special to consider for the
> > VMs?

usually the 'dist-upgrade' process is pretty
straight forward as long as the recipe is followed:
 http://www.debian.org/releases/stable/amd64/

I've done the same upgrade remotely before, nothing
much to report..


Martin S wrote:
> I'm already in preparation of such upgrade for
> the Wiki VM and given the fact that these VM's
> are running a regular distro kernel I don't
> expect any major trouble.

I'm happy to take on the adhoc VM as a guinea pig.
AFAIK the only issue there may be the custom
installed sphinx. The new debian ships a slightly
newer version of that that so I think it is mostly
a question of dealing with any left over cruft.


Hamish
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Markus Neteler
On Sun, Dec 11, 2011 at 8:25 AM, Hamish <[hidden email]> wrote:
> Markus N wrote:
>> > Is there anything special to consider for the VMs?
>
> usually the 'dist-upgrade' process is pretty
> straight forward as long as the recipe is followed:
>  http://www.debian.org/releases/stable/amd64/
>
> I've done the same upgrade remotely before, nothing
> much to report..

Same here on one of my own servers, just wanted to be
sure for the virtual machines.

> Martin S wrote:
>> I'm already in preparation of such upgrade for
>> the Wiki VM and given the fact that these VM's
>> are running a regular distro kernel I don't
>> expect any major trouble.
>
> I'm happy to take on the adhoc VM as a guinea pig.
> AFAIK the only issue there may be the custom
> installed sphinx. The new debian ships a slightly
> newer version of that that so I think it is mostly
> a question of dealing with any left over cruft.

OK, so I would suggest to do
- first wiki VM and adhoc
- then projects VM
- then the rest (lists is still to be migrated)

Markus
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Martin Spott
On Sun, Dec 11, 2011 at 11:34:03AM +0100, Markus Neteler wrote:

> OK, so I would suggest to do
> - first wiki VM and adhoc

Ok, herewith I'm announcing approx. 30 minutes of planned downtime for
the Wiki this Sunday afternoon (for those who are 'feeling' UTC time).
I can't predict when exactly this will be but will post a short
announcement before downtime starts.

Cheers,
        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OSGeo Wiki downtime starting now

Martin Spott
On Sun, Dec 11, 2011 at 12:25:53PM +0100, Martin Spott wrote:

> Ok, herewith I'm announcing approx. 30 minutes of planned downtime for
> the Wiki this Sunday afternoon (for those who are 'feeling' UTC time).
> I can't predict when exactly this will be but will post a short
> announcement before downtime starts.

Voila,
        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Martin Spott
In reply to this post by hamish-2
On Sat, Dec 10, 2011 at 11:25:31PM -0800, Hamish wrote:

> usually the 'dist-upgrade' process is pretty
> straight forward as long as the recipe is followed:
>  http://www.debian.org/releases/stable/amd64/

Oh my, way too much to read  ;-)

        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Markus Neteler
On Sun, Dec 11, 2011 at 7:19 PM, Martin Spott <[hidden email]> wrote:
> On Sat, Dec 10, 2011 at 11:25:31PM -0800, Hamish wrote:
>
>> usually the 'dist-upgrade' process is pretty
>> straight forward as long as the recipe is followed:
>>  http://www.debian.org/releases/stable/amd64/
>
> Oh my, way too much to read  ;-)

Try this:

http://www.howtoforge.com/upgrade-debian-lenny-to-squeeze-in-a-few-simple-steps
(I used it successfully)

cheers
Markus
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Martin Spott
On Sun, Dec 11, 2011 at 07:24:53PM +0100, Markus Neteler wrote:

> Try this:

Heh, I already did a couple of dist-upgrades to Squeeze, including some
without access to the console, therefore I'm slightly confident that I
know what I'm looking at  ;-)

Cheers,
        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OSGeo Wiki downtime starting now

Martin Spott
In reply to this post by Martin Spott
System upgrade over, start chasing bugs  :-)

        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

hamish-2
In reply to this post by Martin Spott
Hamish wrote:
> > usually the 'dist-upgrade' process is pretty
> > straight forward as long as the recipe is followed:
> >  http://www.debian.org/releases/stable/amd64/

Martin S:
> Oh my, way too much to read  ;-)

sorry I posted the wrong link! this is the one to
look at,

http://www.debian.org/releases/stable/amd64/release-notes/


specifically "4. Upgrades from Debian 5.0 (lenny)"
and "5. Issues to be aware of for squeeze"

e.g. have a peek at "4.5. Possible issues during upgrade"
and "5.2. LDAP support"


just like painting the house it's all about the
prep work :)


thanks,
Hamish

ps- http://wiki.osgeo.org [[Category:Portugal]] ?

_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Martin Spott
On Sun, Dec 11, 2011 at 12:12:12PM -0800, Hamish wrote:

> e.g. have a peek at "4.5. Possible issues during upgrade"
> and "5.2. LDAP support"

Without looking at this document I know that LDAP support in Squeeze is
a lot more mature than in any Debian release before.  I was used to
maintain PAM auth files by hand, but this isn't necessary any more with
Squeeze.

Cheers,
        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

hamish-2
In reply to this post by Martin Spott
Hi,

I plan on upgrading the adhoc VM to Squeeze tomorrow, starting at
00:00 UTC Sat 18 Dec.  That's about 23 hours from now.
Expected downtime ~ 1 hour.


Hamish
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

hamish-2
Hamish wrote:
> I plan on upgrading the adhoc VM to Squeeze tomorrow,
> starting at 00:00 UTC Sat 18 Dec.  That's about 23 hours from
> now.


Hi,

well, I got as far as upgrading the stuff which didn't need dist-upgrade,
then the kernel and udev, but upon rebooting directly after installing
udev it doesn't seem to want to come back up. :-(
maybe stuck on fsck wanting to press "c" to continue or something..?

manual edits (sync with earlier custom mods) of note were to bootmisc.sh
and hosts.deny.

some host level intervention on the non-virtual machine is requested to
see what the trouble is..


thanks,
Hamish
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Martin Spott
On Sat, Dec 17, 2011 at 06:02:33PM -0800, Hamish wrote:

> well, I got as far as upgrading the stuff which didn't need dist-upgrade,
> then the kernel and udev, but upon rebooting directly after installing
> udev [...]

For the next distro upgrade of any OSGeo VM I'd recommend to draw a
well-defined line.  Rebooting is safe after upgrading ("aptitude
install") apt, aptitude, dpkg plus their required dependencies.  But
everything past this point, including kernel environment and boot
loader, should be done in one single "dist-upgrade" without further
reboot.

Cheers,
        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

hamish-2
> Hamish wrote:
> > well, I got as far as upgrading the stuff which didn't need
> > dist-upgrade, then the kernel and udev, but upon rebooting
> > directly after installing udev [...]

Martin wrote:
> For the next distro upgrade of any OSGeo VM I'd recommend
> to draw a well-defined line.  Rebooting is safe after upgrading
> ("aptitude install") apt, aptitude, dpkg plus their required
> dependencies.  But everything past this point, including kernel
> environment and boot loader, should be done in one single
> "dist-upgrade" without further reboot.

... simply following the order of ceremonies from
  http://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.en.html#upgrading-udev

which recommends that you take care of the kernel & udev + reboot before
the doing the dist-upgrade.


we'll see what happened soon enough, Alex was kind enough to pass a request
to osuosl & I was logging the session up to that point.


Hamish


ps- mod file was /etc/init.d/denyhosts not hosts.deny btw
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Markus Neteler
Since the  6th of February 2012 is approaching quickly, we should
get a plan for the other machines to be updated.

I would like to get the projectsVM updated soon and I am willing to
do that (maybe with some remote assistance backup from others).

No idea though about the other systems awaiting update.

Markus
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Martin Spott
On Sun, Jan 22, 2012 at 05:08:45PM +0100, Markus Neteler wrote:

> No idea though about the other systems awaiting update.

As far as I can tell, the only systems having seen a dist-upgrade are
"wiki" and "adhoc".  To be honest, my main motivation for upgrading the
Wiki was to get a newer PHP version as a preparatory step for a
MediaWiki update ....

I'll take care of the "secure" and the "backup" VM.  I'm planning to do
the dist-upgrade on "secure" this monday starting at approx. 15:00 UTC
In contrast, the "backup" is pretty non-critical because it's idling
most of the day.

Cheers,
        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Martin Spott
On Sun, Jan 22, 2012 at 05:34:35PM +0100, Martin Spott wrote:

> I'll take care of the "secure" and the "backup" VM.  I'm planning to do
> the dist-upgrade on "secure" this monday starting at approx. 15:00 UTC

Sorry, I had been away on the road at this time, next try this
wednesday, same time,

        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [SECURITY] [DSA 2360-1] Two month advance notification for upcoming end-of-life for Debian oldstable (lenny)

Martin Spott
On Mon, Jan 23, 2012 at 07:48:19PM +0100, Martin Spott wrote:
> On Sun, Jan 22, 2012 at 05:34:35PM +0100, Martin Spott wrote:
>
> > I'll take care of the "secure" and the "backup" VM.  I'm planning to do
> > the dist-upgrade on "secure" this monday starting at approx. 15:00 UTC
>
> Sorry, I had been away on the road at this time, next try this
> wednesday, same time,

Starting to dist-upgrade the "secure" VM now, expect occasional LDAP
outages,

        Martin.
--
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/sac
123
Loading...