It went smooth… so I thought…
Oh. wait, this sounds worse than it is… it WENT smooth.. but not totally flawless!.. Here’s what I found out when upgrading Fedora 9 to 10.
Continue reading Upgrade from Fedora 9 to 10
{"id":48,"date":"2008-12-23T08:57:08","date_gmt":"2008-12-23T06:57:08","guid":{"rendered":"http:\/\/www.hoekstra.nu\/wordpress\/?p=48"},"modified":"2008-12-23T08:57:08","modified_gmt":"2008-12-23T06:57:08","slug":"upgrade-from-fedora-9-to-10","status":"publish","type":"post","link":"https:\/\/www.hoekstra.nu\/wordpress\/blog\/2008\/12\/23\/upgrade-from-fedora-9-to-10\/","title":{"rendered":"Upgrade from Fedora 9 to 10"},"content":{"rendered":"It went smooth… so I thought…<\/p>\n
Oh. wait, this sounds worse than it is… it WENT smooth.. but not totally flawless!.. Here’s what I found out when upgrading Fedora 9 to 10.<\/p>\n
<\/p>\n
First of all, I had my system online and performed a ‘yum upgrade’ to upgrade the system.. After downloading over 800MB of RPMs, the upgrade went well…<\/p>\n
Cyrus-imapd<\/strong><\/p>\n Cyrus-imapd got stressful after the upgrade, due to the incompatible upgrade of db4 from 4.6 to 4.7.<\/p>\n This is what I got when checking the maillog for errors:<\/p>\n Dec 22 18:39:51 thunderbolt cvt_cyrusdb[9261]: DBERROR db4: file \/var\/lib\/imap\/deliver.db has LSN 1\/807708, past end of log at 1\/544 As usual I forgot some administrative precautions.. like this cyrus-imapd which should have been taken offline before the upgrade.. because of the db4 upgrade, the cyrus-imapd was unable to dump the old ‘deliver.db’ and ‘tls_sessions.db’. Without the dump, a restart of the daemon (with the new db4 libraries) were not possible to read the mentioned database files, causing an error when stopping the daemon.<\/p>\n While I read it was easy and safe to remove the mentioned files and start up the server, it was my honor of making a dump of the databases manually and loading them in an upgraded version of the database. Here’s how I did this..<\/p>\n # cd \/var\/lib\/imap This, of course while the imapd is stopped… after this the daemon works as expected.. This is a simple action, but not done very often if you are not inclined in this manual work… easy when described for future reference \ud83d\ude42<\/p>\n SELinux<\/strong><\/p>\n Yep, also SELinux caused little trouble after the upgrade.. Being familiar with SELinux, it was no problem for me to recover the errors at hand, but it needs to be mentioned..<\/p>\n As it turned out, the \/home\/ directories got a weird situation in SELinux contexts, where (and here’s where I found out) sshd isn’t able to retrieve pubkeys \/ authorized_keys entries. A simple restorecon fixed the issue though..<\/p>\n maia-mailguard<\/strong><\/p>\n After the upgrade, mail didn’t get checked by maia-mailguard. This was due to a change in the Crypt::CBC perl module. No solution I could find was satisfying (downgrade Crypt::CBC because it breaks when above 2.24). I found that at (or around) line 2993 the Crypt::CBC module is initialized using a key. This has to be untainted before getting used. Not reading in depth about this, I found out this solution helps and satisfied my system:<\/p>\n — amavisd.org\u00a0\u00a0\u00a0 2008-12-23 07:52:59.000000000 +0100 $key = $1 if $key =~ \/^([^\\0]{56})$\/si; # untaint Any more?<\/strong><\/p>\n As the upgrade was rather smooth, I am not fully convinced what more I can run into… My checks aren’t complete yet. I will add my possible findings to this post.<\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[42,38,36,37,21,39,70,40,41,35],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.hoekstra.nu\/wordpress\/wp-json\/wp\/v2\/posts\/48"}],"collection":[{"href":"https:\/\/www.hoekstra.nu\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hoekstra.nu\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hoekstra.nu\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hoekstra.nu\/wordpress\/wp-json\/wp\/v2\/comments?post=48"}],"version-history":[{"count":2,"href":"https:\/\/www.hoekstra.nu\/wordpress\/wp-json\/wp\/v2\/posts\/48\/revisions"}],"predecessor-version":[{"id":53,"href":"https:\/\/www.hoekstra.nu\/wordpress\/wp-json\/wp\/v2\/posts\/48\/revisions\/53"}],"wp:attachment":[{"href":"https:\/\/www.hoekstra.nu\/wordpress\/wp-json\/wp\/v2\/media?parent=48"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hoekstra.nu\/wordpress\/wp-json\/wp\/v2\/categories?post=48"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hoekstra.nu\/wordpress\/wp-json\/wp\/v2\/tags?post=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nDec 22 18:39:51 thunderbolt cvt_cyrusdb[9261]: DBERROR db4: Commonly caused by moving a database from one database environment
\nDec 22 18:39:51 thunderbolt cvt_cyrusdb[9261]: DBERROR db4: to another without clearing the database LSNs, or by removing all of
\nDec 22 18:39:51 thunderbolt cvt_cyrusdb[9261]: DBERROR db4: the log files from a database environment
\nDec 22 18:39:51 thunderbolt cvt_cyrusdb[9261]: DBERROR db4: \/var\/lib\/imap\/deliver.db: unexpected file type or format
\nDec 22 18:39:51 thunderbolt cvt_cyrusdb[9275]: DBERROR db4: file \/var\/lib\/imap\/tls_sessions.db has LSN 1\/703034, past end of log at 1\/544
\nDec 22 18:39:51 thunderbolt cvt_cyrusdb[9275]: DBERROR db4: Commonly caused by moving a database from one database environment
\nDec 22 18:39:51 thunderbolt cvt_cyrusdb[9275]: DBERROR db4: to another without clearing the database LSNs, or by removing all of
\nDec 22 18:39:51 thunderbolt cvt_cyrusdb[9275]: DBERROR db4: the log files from a database environment
\nDec 22 18:39:51 thunderbolt cvt_cyrusdb[9275]: DBERROR db4: \/var\/lib\/imap\/tls_sessions.db: unexpected file type or format<\/p><\/blockquote>\n
\n# db_dump deliver.db >deliver.db.dump
\n# rm deliver.db
\n# db_load -f deliver.db.dump deliver.db
\n# db_dump tls_sessions.db >~\/tls_sessions.db.dump
\n# rm tls_sessions.db
\n# db_load -f ~\/tls_sessions.db.dump tls_sessions.db<\/p><\/blockquote>\n
\n+++ amavisd\u00a0\u00a0\u00a0 2008-12-23 07:53:37.000000000 +0100
\n@@ -2990,7 +2990,7 @@
\nrequire Crypt::CBC;<\/p>\n
\n–\u00a0\u00a0\u00a0 $cipher = Crypt::CBC->new( {‘key’ => $key,
\n+\u00a0\u00a0\u00a0 $cipher = Crypt::CBC->new( {‘key’ => untaint($key),
\n‘cipher’ => ‘Blowfish’,
\n‘regenerate_key’ => 0,
\n‘padding’ => ‘null’,<\/p><\/blockquote>\n