June 3rd 2018

linux, server, debian

Dist-upgrade Debian stable from jessie to stretch


(before LTS support runs out)

Disclaimer: This article is not a complete tutorial, it is simply a set of notes I took down following these instructions.

Today I found out that the debian security team handles oldstable releases only for a year or so, after which the LTS team takes over, which is arguably less secure.
Please see here.

Time to finally dist-upgrade my sturdy kitchenserver, still running on a minimal jessie install!

The release notes for stretch provide copious information on the topic, so that's what I'm going with for now.

According to this, i can use ssh for the upgrade.
However, the computer is sitting in the next room and I can just walk over during reboots and watch the screen. I'd feel a lot less comfortable if that weren't possible.

I have some jessie-backports on my system and one package that is installed locally.
According to the backports FAQ, there's nothing to worry about.
Nevertheless, I booted into the mainline kernel and purged the backported kernel. Now my only backported packages are borgbackup and ffmpeg. Oops, I'm not even using ffmpeg anymore. Purged.
Now purge residual configs also.

Note that the document refered to recommends using apt-get for the upgrade, not aptitude, not apt. I am also recording the upgrading session from now on, as outlined in the same section.

Step 0:

Change sources: I just removed the jessie-backports section and changed every occurence of jessie to stretch. My /etc/apt/sources.list now looks exactly like this one (only the servers are different).

Step 1:

Minimal upgrade

fail2ban failed.

Rebooting anyway.
My blog still works!
Anyhow, after some searching I found this bug report:

So I had to edit /etc/fail2ban/jail.local to replace [ssh] with [sshd] and [ssh-ddos] with [sshd-ddos]. It fixed the problem.

Step 2:

Full dist-upgrade

Don't walk away, there's quite a few configurations that require your attention and intervention.

Reboot.

I'm still on the 3.16 kernel. Strange? No, the article tells me what I can do about it.

Another apt-get autoremove --purge, another reboot.

Everything still works, no red lights anywhere.