I recently acquired a vServer hosted by Server4You and decided to install a Debian Wheezy image. Usually I boot any device in backup mode and first install a fresh Debian copy using debootstrap over the provided image, to have a clean system. In this case I did not and I came across a few glitches I want to talk about. So hopefully, if you are running the same system image, it saves you some time to figure out, why the h*ll some things don't work as expected :)
Cron jobs not running
I installed unattended-upgrades and adjusted all configuration files to enable unattended upgrades. But I never received any mail about an update although looking at the system, I saw updates waiting. I checked with
# run-parts --list /etc/cron.daily
and apt was not listed although /etc/cron.daily/apt was there. After spending some time to figure out, what was going on, I found the rather simple cause: Several scripts were missing the executable bit, thus did not run. So it seems, for whatever reason, the image authors have tempered with file permissions and of course, not by using dpkg-statoverride :( It was easy to fix the file permissions for everything beyond /etc/cron*, but that still leaves a very bad feeling, that there are more files that have been tempered with! I'm not speaking about customizations. That are easy to find using debsums. I'm speaking about file permissions and ownership.
Now there seems no easy way to either check for changed permissions or ownership. The only solution I found is to get a list of all installed packages on the system, install them into a chroot environment and get all permission and ownership information from this very fresh system. Then compare file permissions/ownership of the installed system with this list. Not fun.
init from testing / upstart on hold
Today I've discovered, that apt-get wanted to update the init package. Of course I was curious, why unattended-upgrades didn't yet already do so. Turns out, init is only in testing/unstable and essential there. I purged it, but apt-get keeps bugging me to update/install this package. I really began to wonder, what is going on here, because this is a plain stable system:
- no sources listed for backports, volatile, multimedia etc.
- sources listed for testing and unstable
- only packages from stable/stable-updates installed
- sets
APT::Default-Release "stable";
First I checked with aptitude:
# aptitude why init Unable to find a reason to install init.
Ok, so why:
# apt-get dist-upgrade -u Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following NEW packages will be installed: init 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/4674 B of archives. After this operation, 29.7 kB of additional disk space will be used. Do you want to continue [Y/n]?
JFTR: I see a stable system bugging me to install systemd for no obvious reason. The issue might be similar! I'm still investigating. (not reproducible anymore)
Now I tried to debug this:
# apt-get -o Debug::pkgProblemResolver="true" dist-upgrade -u Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Starting Starting 2 Investigating (0) upstart [ amd64 ] < 1.6.1-1 | 1.11-5 > ( admin ) Broken upstart:amd64 Conflicts on sysvinit [ amd64 ] < none -> 2.88dsf-41+deb7u1 | 2.88dsf-58 > ( admin ) Conflicts//Breaks against version 2.88dsf-58 for sysvinit but that is not InstVer, ignoring Considering sysvinit:amd64 5102 as a solution to upstart:amd64 10102 Added sysvinit:amd64 to the remove list Fixing upstart:amd64 via keep of sysvinit:amd64 Done Done The following NEW packages will be installed: init 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/4674 B of archives. After this operation, 29.7 kB of additional disk space will be used. Do you want to continue [Y/n]?
Eh, upstart?
# apt-cache policy upstart upstart: Installed: 1.6.1-1 Candidate: 1.6.1-1 Version table: 1.11-5 0 500 http://ftp.de.debian.org/debian/ testing/main amd64 Packages 500 http://ftp.de.debian.org/debian/ sid/main amd64 Packages *** 1.6.1-1 0 990 http://ftp.de.debian.org/debian/ stable/main amd64 Packages 100 /var/lib/dpkg/status
# dpkg -l upstart Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=============================-===================-===================-=============================================================== hi upstart 1.6.1-1 amd64 event-based init daemon
Ok, at least one package is at hold. This is another questionable customization, but in case easy to fix. But I still don't understand apt-get and the difference to aptitude behaviour? Can someone please enlighten me?
Customized files
This isn't really an issue, but just for completion: several files have been customized. debsums easily shows which ones:
# debsums -ac I don't have the original list anymore - please check yourself
You should really not be using a system someone else installed for you… I’ve only had bad experience with those.
ReplyDelete