Debian Stretch to Buster upgrade woes

Help with issues regarding installation of Debian

Debian Stretch to Buster upgrade woes

Postby maxibuntu » 2019-08-20 10:05

I run Linux almost exclusively since december 1999, so that's 20 years. I started with RedHat, moved on to Mandriva > Ubuntu > Mint LMDE > SolydXK > Debian Wheezy testing > Jessie stable > Stretch stable > Buster stable. I have done a large number of installs over the years and I currently maintain 6 desktops, 3 laptops, and one 32bit VM. All contain Debian Stretch or Buster at the moment.

About one week after Buster was released I upgraded my two main desktops, a 32bit VM and did a fresh install
on a HP Stream 14 laptop. Much to my dismay I had to keep bugsquashing for weeks on end. This is one of the worst upgrades I did in years.

Here is a summary (in order of appearance) of things that you also might come across, and some workarounds.

### FIREWALL ###

- Debian has changed firewalling from iptables to nftables, but the default configuration is to use a compatibility layer so that you can use iptables rules. But in my case this did not work at all, and my system would hang 15 minutes at boot trying to raise network interfaces. Once I converted the iptables ruleset, removed the iptables deb and installed nftables the system would start normally.

There is a shortcut to convert all your iptables rules to nftables rules:

Code: Select all
iptables-save > save.txt
iptables-restore-translate -f save.txt
iptables-restore-translate -f save.txt > ruleset.nft
nft -f ruleset.nft


This worked fine. However nftables is not enabled at boot by default, you have to run "systemctl enable nftables" to activate it at boot.

Bottom line: converting your ruleset and going with pure nftables might be simpler than using a buggy compat layer.

Furthermore, as of yet there is no GUI tool for easy nft configuration.

### KERNEL ###

- Debian ships with kernel 4.19 and that seems to have been quite buggy during development, even to the point of ext filesystem corruption issues. It is probably still buggy, because with this kernel lightdm would hang at a black screen with cursor on the HP Stream laptop. GDM gave no problems, but on a weak laptop I don't want GDM. The lightdm error is documented so I don't understand how Buster was even released with such a glaring bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857554
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930631
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932162
http://forums.debian.net/viewtopic.php?f=17&t=142680
http://forums.debian.net/viewtopic.php?f=5&t=142931

The 32bit Virtualbox install would hang at boot with the Virtual Machine itself giving an error. After a forced shutdown of the VM it started normally. After a reboot this whole process repeats itself. So I had to boot twice everytime to get into the VM.

All these problems vanished instantly when I downgraded the kernel to 4.18 from the MX Linux repos. Some people might say that I'm breaking Debian with a foreign repo, but in this case it fixed an issue.

EDIT: These issues seem to be fixed in point release 10.1. Kernel 4.19.0.6 works fine on both systems.

### WAYLAND / SSH ###

- Debian uses Wayland/GNOME as the default, big mistake. Gparted would not even start as root, effectively making the program useless. Xhost workarounds did not work for me.

https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/1713313
https://wiki.ubuntu.com/Wayland/gks

After various other weird glitches I quickly decided to use Xorg as the default. But even then, X Forwarding over SSH and then starting an application like synaptic as root on the remote system would give a vague error message about me using Wayland:

Code: Select all
X11 connection rejected because of wrong authentication.
Unable to init server: Could not connect: Connection refused
Failed to initialize GTK.

Probably you're running Synaptic on Wayland with root permission.
Please restart your session without Wayland, or run Synaptic without root permission


But here I wasn't using Wayland anymore on any of those remote systems! At this point I was getting a Windows with erroneuos error messages feel.

I worked around this by adding "AddressFamily inet" AND/OR "X11UseLocalhost no" in the SSH server configuration on the remote machines. Any of these options worked.

### SAMBA NETWORK ###

- SAMBA network/host browsing with any graphical file manager that uses gvfsd does not work at all. This is a major screwup, making home networks useless. It seems that gvfsd needs SMB1 enabled or else it just won't work. The only way to work around this is to install samba-common. This is installed already on samba server machines, BUT IN BUSTER IT IS ALSO NEEDED ON CLIENT MACHINES. This package installs a template /etc/smb.conf and you have to add the line "client max protocol = NT1" to make the graphical browsing work. The weird thing here is that /etc/smb.conf, which is a smb server configuration file, seems to be needed by gvfsd.

https://forums.linuxmint.com/viewtopic.php?t=270442

### APPARMOR ###

- Apparmor is now installed and enabled by default. Due to this paranoid strategy Thunderbird would not start anymore. I could not even get my mail! I disabled apparmor on the kernel command line in /etc/default/grub with GRUB_CMDLINE_LINUX_DEFAULT="apparmor=0". After that TB would start. If I didn't have snapd installed (I need this for one lousy package taken from the polarr website), I would purge apparmor altogether.

### OPENSSL ###

I have a downloaded application (not in the Debian repos) that would start in Stretch, but it did not in Buster:

Code: Select all
user@host$ pixeluvo
/usr/bin/pixeluvo: line 13: ldconfig: command not found
Using Pixeluvo Shipped Qt Libraries
Auto configuration failed
140329841391552:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(libssl_conf.so): libssl_conf.so: cannot open shared object file: No such file or directory
140329841391552:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
140329841391552:error:0E07506E:configuration file routines:MODULE_LOAD_DSO:error loading dso:conf_mod.c:285:module=ssl_conf, path=ssl_conf
140329841391552:error:0E076071:configuration file routines:MODULE_RUN:unknown module name:conf_mod.c:222:module=ssl_conf


If you come across such an application you will have to start it like this:

Code: Select all
user@host$ OPENSSL_CONF=/etc/ssl /usr/bin/pixeluvo
/usr/bin/pixeluvo: line 13: ldconfig: command not found
Using Pixeluvo Shipped Qt Libraries


I don't know what was wrong here, but at least it works now.

### OPT ###

- For some reason ownership of my /opt directory had been changed to the active user after upgrading. I had to execute "chown -R root.root /opt"

### XFCE NOTIFICATIONS ###

- Notifications in XFCE were broken. This happens if you also have KDE installed. The workaround is:

Code: Select all
mv -f /usr/share/dbus-1/services/org.kde.plasma.Notifications.service
 /usr/share/dbus-1/services/org.kde.plasma.Notifications.service.000


https://bugzilla.redhat.com/show_bug.cgi?id=1471560

### OBSOLETE PACKAGES ###

- Removed packages: Some packages that I used frequently were obsoleted:

Phatch: This was a must-have, but I have now found an even better solution, XnConvert. I have to add an Ubuntu PPA for this however.

pyRenamer: This is the best mass file renaming tool available and it's obsoleted in Buster! I tried GPRename (no recursion) and KRename (convoluted gui, have to save/load renaming preferences every time, recursion only available from file selection dialog). The strange thing is that when you add the oldstable/stretch repo and get pyrenamer via apt-pinning, it just works allright. It beats me why this package has been obsoleted.

gui-apt-key: In Stretch, the description of apt keys was broken when viewed with software properties. In Buster this is fixed so gui-apt-key is no longer needed.

chromium-widevine: The chromium-widevine DRM package to view Netflix is no longer available. Chromium now downloads the plugin the first time it is needed. However it downloads a version that did not work. I fixed this by installing google-chrome-stable and copying over /opt/google/chrome/libwidevinecdm.so to /usr/lib/chromium/libwidevinecdm.so. Of course you could also symlink it if you prefer that.

https://gist.github.com/ruario/3c873d43eb20553d5014bd4d29fe37f1

### FIREFOX ###

- There is again no Firefox Quantum available in Buster, unbelievable. You are stuck with Firefox ESR. To add Quantum I added the repo from SolydXK.

### LOCAL GUI PROGRAMS AS ROOT ###

- gksu/gksudo has been deprecated. The recommended method to run GUI programs with root is now to run them with "pkexec programname" (policykit). However, some programs do not run as root because they are not shipped wit a *.policy file in /usr/share/polkit-1/actions. You will have to create such a file yourself if the application does not start as root, for example for gnome-logs and lshw-gtk:

Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">

<policyconfig>
    <vendor>Debian Stable</vendor>
    <vendor_url>https://wiki.debian.org/DebianStable</vendor_url>
    <icon_name>debian-swirl</icon_name>

    <action id="missing.actions.debian-stable-gnome-logs">
        <description>Run Gnome Logs as root</description>
        <message>Authentication is required to run Gnome Logs as root</message>
        <defaults>
            <allow_any>auth_admin</allow_any>
            <allow_inactive>auth_admin</allow_inactive>
            <allow_active>auth_admin</allow_active>
        </defaults>
        <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gnome-logs</annotate>
        <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
    </action>

    <action id="missing.actions.debian-stable-lshw-gtk">
        <description>Run LSHW GTK as root</description>
        <message>Authentication is required to run LSHW GTK as root</message>
        <defaults>
            <allow_any>auth_admin</allow_any>
            <allow_inactive>auth_admin</allow_inactive>
            <allow_active>auth_admin</allow_active>
        </defaults>
        <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/lshw-gtk</annotate>
        <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
    </action>

</policyconfig>


### GDEBI ###

- gdebi has a documented bug where it just crashes when clicking the install/reinstall button. This happens after you right click a file to install from a graphical filemanager.

### GIMP ###

- GIMP 2.10 is significantly slower than 2.8. The old 2.8 version worked very well for me. There is no option to roll back to 2.8 anywhere. Even the official GIMP site has no 2.8 debs or AppImage available. There is only a 2.8 Windoze version available, but I'm not gonna run this in Wine.

### KEYBOARD CONFIG ###

- "dpkg-reconfigure keyboard-configuration" has a French (screen 1) and Russian (screen 2) dialog menu.

### TOUCHPAD ###

- The touchpad from the HP Stream laptop worked, but there was no "click on tap". I had to research options and add a file in /etc/X11/xorg.conf.d:

Code: Select all
Section "InputClass"

    Identifier "libinput touchpad catchall"
    MatchIsTouchpad "on"
    MatchDevicePath "/dev/input/event*"
    Driver "libinput"

    # Enable tapping
    Option "Tapping" "on"

    # The following options determines how "crisp" a tap must be to be
    # considered a real tap. Decrease the value to require a more crisp
    # tap. Properly adjusting this parameter can reduce false positives
    # when the hands hover over or lightly touch the pad.

    # Maximum time (in milliseconds) for detecting a tap.
    Option "MaxTapTime" "125"

    # Maximum time (in milliseconds) for detecting a double tap.
    Option "MaxDoubleTapTime" "300"

EndSection


### MOUNTING ###

- Mounting external media happens in /media/username since Stretch. This is quite annoying in Buster because I have an rsnapshot backup script which runs as root and relies on large harddrives being mounted under /media directly. But the updated Rapid Photo Downloader in Buster relies on SD cards being mounted under /media/username or else the photos on my SD cards don't even show. I worked around this for now with adding a configuration file in /etc/udev/rules.d:

Code: Select all
# Prevent harddrive mounting in /media/username

# EXTERNAL SATA DRIVES
ENV{ID_ATA}=="1", ENV{ID_BUS}=="ata", ENV{ID_ATA_SATA}=="1", ENV{UDISKS_FILESYSTEM_SHARED}="1"

# MEMORY CARDS
ENV{ID_BUS}=="usb", ENV{ID_USB_DRIVER}=="usb-storage", ENV{UDISKS_FILESYSTEM_SHARED}="0"


### APT-PINNING ###

- Apt-pinning behaviour seems to have been changed. I edited the /etc/apt/preferences.d/pin-priorities file that I used in stretch to reflect the new repos, but that did not work right. I had to revise every Pin-Priority line to get everything working as it should.

### GUI SHARES ADMIN FOR SAMBA ###

- Samba GUI tool "shares-admin" from package "gnome-system-tools" complains that samba is not installed while it is in fact installed.

### KDE MIMETYPES ###

- Mimetypes in KDE/Plasma were all wrong. When I tried to open desktop folders catfish would open. When I uninstalled catfish, gwenview would open. Fixed now but don't remember how.

### SPELLCHECK ###

- LibreOffice: myspell has been replaced by hunspell.

### KDE CUSTOM MENU ENTRIES ###

- I have a large collection of custom desktop files in /usr/local/share/applications, because the default menus are an unintuitive mess with those weird linux application names like "Gwenview" that no new user seems to be able to remember. My custom entries all show up in XFCE and GNOME. However KDE would not read the custom entries on one desktop, the laptop, and the virtual machine. It did read custom entries on my main desktop however. The thing is that the startkde scripts wrongly sets $XDG_DATA_DIRS to /usr/share:/usr/share:/usr/local/share. That way /usr/share takes precedence over /usr/local/share and so the custom menu entries don't show. But why was my main desktop showing the custom versions correctly? It seems that another thing went wrong, during the upgrade of snapd. The snapd package from Stretch has an /etc/X11/Xsession.d/65snappy configuration file which unintentionally corrects the $XDG_DATA_DIRS path for KDE. This 65snappy file was not removed during the upgrade!

I fixed the KDE custom menus by adding a file in /etc/X11/Xsession.d:

Code: Select all
BASESTARTUP=$(basename "$STARTUP" | cut -d\  -f1)

if [ "$BASESTARTUP" = x-session-manager ]; then
    BASESTARTUP=$(basename $(readlink /etc/alternatives/x-session-manager))
fi

case "$BASESTARTUP" in
  startkde)
    if [ -z "$XDG_DATA_DIRS" ]; then
      XDG_DATA_DIRS=/usr/local/share/:/usr/share/
    else
      XDG_DATA_DIRS=/usr/local/share:"$XDG_DATA_DIRS"
    fi
    export XDG_DATA_DIRS
    ;;
esac


### RELEASE VERSION ###

lsb_release -r no longer shows the minor OS version. Instead of 10.1, I get 10.

### INXI ###

INXI has been updated to work with Perl. I used INXI in a shell script to get some temperatures. But bunning INXI from a bash script will fill up your memory very fast and when it is full the system starts swapping like crazy and the computer will lock up! Try it with:

Code: Select all
#!/bin/bash
inxi


################

So now, in the end everything seems to work allright on Buster, but this is the worst upgrade I ever had to do. Even in my Mandriva days +10 years ago I upgraded every half a year almost without a hitch. I can't say that Buster gives me the feel of a stable operating system. Next time I'll wait several point releases before upgrading Debian, that's for sure.
Last edited by maxibuntu on 2019-09-11 18:54, edited 9 times in total.
maxibuntu
 
Posts: 10
Joined: 2011-12-28 21:52

Re: DEBIAN STRETCH TO BUSTER UPGRADE WOES

Postby CwF » 2019-08-20 13:18

I hear you!
It seems there are more issues now with mixing and matching, as you have found out. The lords of Linux need to admit wayland is a fork and should not be mixed. It's simply mucking things up for users of X11 extensions. I vm'ify everything I can as to not mix things into a mess. I do have the horsepower, and agree it's a cheat not everyone can do, but here's a few things I've found;

In my pure Debian 10.0 XFCE thigs are working well. I have no issues with root permissions. In my user environment synaptic, gparted, root terminal, thunar (or spacefm) and gdebi are all working fine. All passwordless click it just works. In other threads I tried to point out gdebi works fine using its own filechooser dialog, or from a root thunar. I purged gksu in stretch and started the transition, and waited for all the fixes, and now on buster everything does work. If I want to, I still have a functional root logon to a fully graphical desktop - OMG the worlds going to blow up! bite me...

Not sure on your samba config, but I do not have samba-common anywhere. I use gigolo and it works flawlessly. It can benefit from and does read the samba.conf without samba installed. For a file server I use what works best, a vm that is not debian and does other non-debian things - so it's there anyway.. My debian formula is gigolo gvfs-fuse gvfs-backends.

On the apt-pinning I gave up years ago. Pinning and multiple foreign repos seem to always lead to issues. I use a single stable source, and manually gdebi everything outside of that. Sometimes that means gdebi'ing the dependencies in first, as instant orphans until the main deb in in place. Not once has this caused apt to get confused. It just list them as orphans or obsolete, they work, and there is no repository arguments trying to upgrade into conflict, apt basically ignores them. This does mean autoclean type operations are verboten.

I'm still on iptables, so I may have to look into that before it bites me.

Enjoy!
CwF
 
Posts: 487
Joined: 2018-06-20 15:16

Re: DEBIAN STRETCH TO BUSTER UPGRADE WOES

Postby maxibuntu » 2019-08-20 16:47

CwF wrote:Not sure on your samba config, but I do not have samba-common anywhere. I use gigolo and it works flawlessly. It can benefit from and does read the samba.conf without samba installed. For a file server I use what works best, a vm that is not debian and does other non-debian things - so it's there anyway.. My debian formula is gigolo gvfs-fuse gvfs-backends.


That's nice, I used gigolo about 10 years ago. I'm surprised that this is still maintained, might give it another try someday. For now I have written a bash script which searches for hosts on the network and if found, mounts any available shares with cifs. If the hosts go down the shares are unmounted as well.
maxibuntu
 
Posts: 10
Joined: 2011-12-28 21:52

Re: DEBIAN STRETCH TO BUSTER UPGRADE WOES

Postby Wheelerof4te » 2019-08-21 11:13

A lot of your issues come from misconfiguration. Decide on the default setup that you want and stick with it. As you have found out, GNOME now does it's own thing, while XFCE4/lightdm are stuck in the past on Debian. So naturally, you can't mix new and old anymore.

Some of your complaints are just opinions on the verge of misinformation. Such as:
maxibuntu wrote:- Debian uses Wayland/GNOME as the default, big mistake. Gparted would not even start as root, effectively making the program useless.

For one, Gparted never should have been designed to start as root. It should perform some tasks with elevated priviledges, but that's it. Wayland makes applications impossible to run as root without a workaround, and that's a good thing. Same thing with Synaptic.
- Apparmor is now installed and enabled by default. Due to this paranoid strategy Thunderbird would not start anymore.

Huh? Starts fine on my system, again, you misconfigured something while "hacking" around apparmor. There is a reason we have defaults.
- Notifications in XFCE were broken.

They worked, at least a day when I decided to try XFCE again. It still has broken compositor on Debian and it has frozen my desktop once. Hopefully, it will be better on Bullseye.
- The touchpad from the HP Stream laptop worked, but there was no "click on tap".

Blame XFCE for that, most other desktops have this option in their configuration GUIs.
etc...

It seems you are not familiar with the current state of GNU/Linux desktop. Much has changed since Debian 9's release, even though it may not be obvious at first.
Wheelerof4te
 
Posts: 1423
Joined: 2015-08-30 20:14

Re: DEBIAN STRETCH TO BUSTER UPGRADE WOES

Postby maxibuntu » 2019-08-21 16:53

A lot of your issues come from misconfiguration. Decide on the default setup that you want and stick with it. As you have found out, GNOME now does it's own thing, while XFCE4/lightdm are stuck in the past on Debian. So naturally, you can't mix new and old anymore.


I have always been attracted to Linux because it was configurable. If the new mantra is "to stick with the defaults" it loses its appeal entirely for me and I could just as well migrate to Windows and "stick with the defaults".

For one, Gparted never should have been designed to start as root. It should perform some tasks with elevated priviledges, but that's it. Wayland makes applications impossible to run as root without a workaround, [b]and that's a good thing. Same thing with Synaptic.


I don't care how these apps should have been designed. I want them to work. If Gparted on Wayland does not start then there are two options: Fix either Wayland or Gparted before you ship anything broken.

- Apparmor is now installed and enabled by default. Due to this paranoid strategy Thunderbird would not start anymore.

Huh? Starts fine on my system, again, you misconfigured something while "hacking" around apparmor. There is a reason we have defaults.


I'm sorry but I did not "hack" anything in apparmor. I did not even look at the configuration files. Thunderbird will only start if I disable apparmor, period.

- The touchpad from the HP Stream laptop worked, but there was no "click on tap".

Blame XFCE for that, most other desktops have this option in their configuration GUIs.
etc...


It is irrelevant where it is configured. The click behaviour should be default. How would you feel if you had to first configure your mouse to click?

It seems you are not familiar with the current state of GNU/Linux desktop. Much has changed since Debian 9's release, even though it may not be obvious at first.


Oh I went through the systemd change as well. A change that had much bigger implications, but at least it was done well. As I recall I upgraded then without any major issues.
maxibuntu
 
Posts: 10
Joined: 2011-12-28 21:52

Re: DEBIAN STRETCH TO BUSTER UPGRADE WOES

Postby CwF » 2019-08-21 18:08

Diametrically opposed it is! Both sides like to lip the other. Wayland is a spork, works well only with just the right meal. Wayland will gain on the desktop. Root fears have a place in mixed environments. Neither has any credence with me. That old school X11 XFCE scales far past wayland. 'Desktop' is a fuzzy term. Wayland leans towards the laptop, X11 towards the server. Pick one...

The ability for linux's to mix up all kinds of stuff is (has been) an attraction. It is also its achilles heal. Focus and choice are not friends, pick one.

Many here portray many technical and theoretical issues as applicable to all situations. I like focus, but many rabbit holes are empty.
CwF
 
Posts: 487
Joined: 2018-06-20 15:16

Re: DEBIAN STRETCH TO BUSTER UPGRADE WOES

Postby Bulkley » 2019-08-21 18:24

I've spent 20+ years happily upgrading versions without serious problems. That is just not happening with Buster; I've seen most of the issues maxibuntu detailed so well. Yes, I can install a fresh Buster and it will run without problems as long as I accept all the defaults. My Stretch is running faultlessly so I see no need to upgrade to Buster.
Bulkley
 
Posts: 5831
Joined: 2006-02-11 18:35


Return to Installation

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable