Debian Upgrade Marathon: 5.0 Lenny
May. 20, 2025 [technology] [hardware] [history] [libre]With two versions now behind us, it is a good time to start tracking a sort of “technical debt” as it accrues from upgrades. There are undoubtedly package selections made earlier in Sarge which wouldn’t have been present for users freshly installing Etch or Lenny. This is likely what happened with the oodles of KDE applets bloating up the system menus. Things are also missing, too. For one, SELinux will not get installed automatically in today’s Lenny upgrade.
And I want to go easy on the reigns because it is interesting to see issues corrected by structural changes to Debian. Already, Etch had gotten pluggable USB storage devices working for me. Probably as a result of moving from hotplug to udev. And the display server continues to improve without any administrative touches from me. And longer term, I want to see what interesting artifacts get left over from older releases as we approach the end.
Upgrading from Etch to Lenny
Checked pending changes in aptitude in which some libraries, tuxkart, alsamixergui and moc were marked for removal (*shakes fist!).
Checked that all packages are in an upgradeable state: dpkg --audit
✔
sudoedit /etc/apt/sources.list and modified all instances of ’etch’ to ’lenny'.
Debian, as of Lenny, still recommends aptitude as the primary means of upgrading.
Update the package list: sudo aptitude update
The release notes cite that apt and aptitude should be upgraded first since their solving for dependency chains is much better as of Lenny.
sudo aptitude install aptitude apt dpkg
Which necessarily upgraded libc6 packages and also removed gnome 🤔.
gdm, along with some other services were restarted. I opted to install the maintainer’s versions of configuration files, and will continue to do so as I have not custom configured anything beyond the package selection.
The new Lenny version of aptitude needs to be dry run so that its list of automatically installed packages can be converted to a new format.
aptitude search "?false"
Here I assume no output is good.
Next is the first change we see to the recommended two-step upgrade procedure since the upgrade from Sarge to Etch. They call for the option ‘safe-upgrade’ wherein installed packages will not be automatically removed unless they are unused.
sudo aptitude safe-upgrade
Some whiptail prompts appear during the upgrade:
“Enable saned as standalone server?”
No
“Add saned user to the scanner group?”
No
Since I don’t want anything scanning or printing related communicating or listening on network.
“Please purge the hotplug package!”
Note to self - will do.
Then the rest of the upgrade (though I see that the modern ‘full-upgrade’ is now an option according to the man pages):
sudo aptitude dist-upgrade
This step replaced ‘gnome’ removed earlier with the ‘gnome-desktop-environment’ package and synaptic also got reinstalled.
“Schedule daily execution of the ‘rundig’ script?”
No
“Encrypt snapshot [that is written to disk during suspend]?”
No
“Show splash screen [during suspend and resume process]?”
Yes
Sheesh, all these yes/no prompts are sure to make you feel like you’re at an examination.
I’m beginning to see why recent versions of packages just run with defaults leaving anyone interested enough in customization to explore the conf files. Side note that this leg of the upgrade has taken significantly longer than during the upgrade to Etch. Is it bigger package sizes? More packages? This dist-upgrade reported “12635 new” packages after completion.
I then checked whether the upgrade automatically installed the “new” Linux kernel linux-image-2.6-686:
dpkg -l "linux-image*" | grep ^ii
2.6.26+17+lenny1
✔
Upgrades from Etch are advised to replace sysklogd with rsyslog which the upgrade does not handle automatically. dpkg -s sysklogd reports it still installed, and dpkg -s rsyslog shows no such installation. Time to upgrade this manually:
sudo aptitude install rsyslog && sudo aptitude purge sysklogd
Post-upgrade items, before rebooting
I was right earlier about the way disks are named would rear its ugly head.
“The IDE disk naming convention for the old drivers was hda, hdb, hdc, hdd. The new drivers will name the same disks respectively sda, sdb, sdc, sdd. The problem appears when the upgrade does not generate a new / boot/grub/menu.lst file to take the new naming convention into account. During the boot, Grub will pass a system root partition to the kernel that the kernel doesn’t find.”
I determined to change the identifier for the root file system to a UUID. Find the UUID of the disk:
ls -l /dev/disk/by-uuid | grep hd*
Sure enough, hdc1 is the only disk present.
sudoedit /boot/grub/menu.lst and add the UUID provided by from ls.
from:
kopt=root=/dev/hdc1 ro
to:
kopt=root=UUID=4e76825b-e15b-4ffa-b332-8eb657bacdd4 ro
And sudoedit /etc/fstab:
from:
/dev/hdc1
to:
UUID=4e76825b-e15b-4ffa-b332-8eb657bacdd4
Lastly, finally remove the hotplug package noted earlier (which I think was supposed to be removed after the upgrade to Etch, oh well): sudo aptitude purge hotplug
And restart the system: sudo reboot
Upon first rebooting, it hanged unable to find the root partition. Exactly the issue the release notes described preemptively changing the disk naming convention for. What gives?
I manually edited the GRUB entry to point back to /dev/hdc1 and the system then went on to run a check with fsck. I rebooted it again, this time with no edits to GRUB and it booted successfully to gdm. It is likely that the disk naming convention never actually changed from /dev/hdX. Perhaps this moment will come when I decide to yank the drive and put it into a 64-bit capable host, directly on a real SATA interface.
Post-upgrade items, after rebooting
Both libvte-common and iceweasel needed to be upgraded manually, replacing libvte4.
sudo aptitude install iceweasel libvte-common
moc, openoffice.org needed to be reinstalled manually.
sudo aptitude install moc openoffice.org
The exim daemon didn’t get a chance to restart during the upgrade, so I cleared the warnings posted at startup and shutdown by zeroing the paniclog:
sudo rm /var/log/exim4/paniclog
sudo touch /var/log/exim4/paniclog
Impressions of Lenny
After first logging in, I am greeted with a wallpaper that doesn’t match the aspect ratio and a full wastebasket. For some reason, a Volume Control shortcut ended up in there. I must have inadvertently drag’n’dropped it while exploring Etch. And, for the first time, xserver is rendering an accurate 1440x900 on this 16:10 monitor. At last, proper video output.
The icon theme looks much better with its rounded, glassy design obviously following in the footsteps of the Aero theming direction taken by Windows at the time. Gnome 2.22 doesn’t navigate or feel like something from 2009. Like it hadn’t kept up with UI conventions for the time. Just purely visual enhancements which probably wouldn’t have won me over had I been introduced to desktop Linux back then.
*For the test file set, I will begin omitting file types that had already been found to work.
| Filetype | Functionality | Notes |
|---|---|---|
| Animated GIF | 🗷 | Eye of Gnome 2.22.3, but mplayer playsback properly |
| MP3 Audio | ? | Decodes but no audio out, all players |
| OGG Audio | ? | Decodes but no audio out, all players |
| MP4 Video | 🗷 | “Video codec ‘hev1’ is not handled.” Totem 2.22.2 |
| MP4 Video | 🗷 | At least began to play but with no video VLC 0.8.6h |
| Webm Video | 🗷 | “There is no plugin to handle this movie.” Totem 2.22.2 |
| Webm Video | 🗷 | No video playback VLC 0.8.6h |
| Web | ? | Many connections fail with “Error code: ssl_error_no_cypher_overlap”, third party frames can also fail with this even if the main page loads. SSL and TLS can be explicitly disabled, at discretion of the user. Iceweasel 3.0.6-3 |
Adblock Plus 0.7.2.4 was not compatible with Iceweasel 3.0.6. It offered to locate a newer version but was unsurprisingly unable to do so, likely an issue to do with deprecated SSL standards. So I attempted to manually install a newer Adblock Plus 1.0.2 which should be compatible. And the download is amazingly still live at the Internet archive.
But, sadly, I was unable to install it, with an error “install script not found [-204]”. I tried importing the newer Digicert certificates thinking this might help, but there is additionally no common cypher between the SSL versions being negotiated. Even after navigating to a seemingly compatible .xpi file from addons.mozilla.org using the Wayback Machine, it fails to install citing no_cypher_overlap. By Firefox 3.0 making certificate handling more secure, it has also assured a hard sunsetting once this version fell out of compatibility with modern web standards.
Like with Debian adding GPG signature verification to packages, the immediate way to work around this may be to try to disable certificate checking entirely. I disabled SSL and TLS entirely from the preferences menu and searched for several Adblock Plus versions from the internet archive, but they haven’t captured any copies old enough for the 3.0.6 installer to accept. Maybe we’ll have better luck later with Squeeze.
Anyway, enjoy some completely unfiltered pages accessed via unencrypted plaintext HTTP:
Silly, me. I forgot that Debian has often packaged browser addons as dedicated packages. Sure enough, adblock-plus could be installed through Debian’s repositories. Much better.
Konquerer and Epiphany both worked for accessing sites while blindly trusting certificates.
SuperTuxKart 0.5 sports settings for full screen and wider aspect ratios. And the additional characters and tracks suggest the game had gotten a little love since Etch.
Adding too many racers into a race would slow things down. Higher resolutions also drag out the framerate on this Intel 845G onboard GPU.
Fun Factoids
The heritage of mpv can be seen in how much mplayer feels like mpv to use.
AMOR “creature for your desktop”, a sort of Bonzi Buddy for Linux, gets installed by some KDE package.
Lenny is the release where the Debian team began deblobbing the kernel, having created the non-free repository for bits to reside in.
TLS 1.0 makes its appearance with Iceweasel/Firefox 3.0 family.
vrms reports no non-free software (both on this Lenny system and also before upgrading from Etch), probably overlooking the proprietary kernel modules. vrms has since been renamed to check-dfsg-status.
Always a fun way to spend an evening, now I get to look forward to breaking even more things in Squeeze!