Project

General

Profile

Enhancement #648

Updated by Marc Dequènes over 3 years ago

Please update the TODOs below and add a note to comment on the progress.

Identified oneshot changes:
* before migration:
** -add buster in our repo and check if packages needs to be ported- (spoolinger is done, lxd needs more work, nothing else needs porting)
** -"Migrating from legacy network interface names":https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#migrate-interface-names- (all machines migrated to the new [[Naming Rules#Network-Interfaces]])
* after migration:
** /usr is now merged by default and most softwares expect path to be updated (look at the _softwares incompatible with usrmerge layout_ below): apt install usrmerge
** SysV init related packages no longer required: apt purge initscripts sysv-rc insserv startpar
** -PostgreSQL databases need to be reindexed- (in fact pg_upgradecluster dumps/imports so it is not necessary)
** -apt-transport-https is no longer necessary-
** on web servers _php7.0-common_ needs to be removed manually: : apt purge php7.0-common
** -systemd-journal-upload/systemd-journal-gatewayd services user/group can be removed as they are now dynamically allocated- (none found)

Identified deployment changes:
* -hidepid with systemd and polkit: see https://wiki.debian.org/Hardening#Mounting_.2Fproc_with_hidepid-
* -install debian-security-support-

Problematic softwares:
* -phpmyadmin: phpmyadmin: not in Buster but still in Debian; I see a "RFA":https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879741 with work towards newer versions but that requires several many new dependencies- (backport builds done and working, see #670) dependencies, thus a backport of the latest 4.6.6 in our repo seems to be the way to go as I don't think an official backport is going to happen
* -ftp-ssl: still in Debian but missing in Buster because it was not ready for openssl 1.1; 0.17.34+0.2-4.1 contains a patch and could be backported in our repo (unless it comes in Debian first)-
* softwares incompatible with usrmerge layout:
** -molly-guard problems (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930131)- (molly-guard and usrmerge backported in our repo)

Back