Upgrading Raspbian 8 (Jessie) to Raspbian 9 (Stretch)

I decided to upgrade my oldest Raspberry Pi to the latest Raspbian. Since I was two releases behind, I decided to do it step-by-step. Today I updated from 8 – 9. I plan. to perform similar steps to upgrade 9 – 10.

Following are the quick sequence of steps I followed to perform the upgrade. This is a Model B Rev 2 Pi, so was considerably slow to update and took me more than 4 hours to complete.

Step 1 – Prepare The System For Upgrade

Apply the latest updates to the system.

$ sudo apt update && sudo apt upgrade -y && sudo apt-get dist-upgrade -y

Next step is to search for packages which have been only partially installed on the system using dpkg -C command.

$ sudo dpkg -C

The dpkg may indicate what needs to be done with these. I did not find anything under this category, which was good. In last, I ran apt-mark showhold command to get a list of all packages which have been marked as hold.

$ sudo apt-mark showhold

While I did not get any packages in this list, but if there are any, we are expected to resolve this before proceedig to step 2.

Stpe 2 – Prepare the APT System for Upgrade

$ sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list
$ sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/raspi.list
$ echo 'deb http://archive.raspberrypi.org/debian/ stretch main' >> /etc/apt/sources.list

I am updating only the two files but if your system has any other source files, then you need to update them appropriately as well. A list of such files can be found using – grep -lnr jessie /etc/apt

In addition to this I also removed the package apt-listchange which displays what changed in the new version of the Debian package as compared to the version currently installed on the system. This is expected to speed-up the entire process. This is not mandatory, so you can skip it.

# optional step
$ sudo apt-get remove apt-listchange 

Step 3 – Perform The Upgrade and Cleanup

As a last step initiate the upgrade process. This is the time where you can just leave the system for few hours.

$ sudo apt update && sudo apt upgrade -y && sudo apt-get dist-upgrade -y

I faced issues with chromium-browser and at the last command (dist-upgrade), the dpkg bailed out with a message indicating archive corruption of chromium-browser package. Since I am at Run Level 3, and do not need chromium on the headless pi, I decided to remove the following three packages. In any case in the absence of chromium, the debian system will automatically use update-alternatives and choose epiphany-browser to satisfy gnome-www-browser requirement.

$ sudo apt-get remove chromium-browser chromium-browser-l10n rpi-chromium-mods

After removing the chromium browser, I did another round of update, upgrade and dist-upgrade, just to make sure before initiating the cleanup as below –

$ sudo apt-get autoremove -y && sudo apt-get autoclean

The new OS version can be verified by

$ cat /etc/debian_version;cat /etc/os-release

I also took this opportunity to update the firmware of the raspberry pi by running the following command. Please note this step is absolutely optional and it is recomended also that do not perform this unless you know what you are doing or you are being asked by a support person.

$ sudo rpi-update

Posted in FLOSS, RaspberryPi, Tips/Code Snippets | Tagged , | Leave a comment

Raspberry Pi – rsyslog fixes on Raspbian 8 (Jessie)

One of my Raspberry Pi (Raspberry Pi Model B Rev 2) is running quite old versio of Rasbian – although fully updated and patched. Today while checking the syslog on my raspberry pi, I noticed the following error which was very frequently – almost every minute and thus was filling up the syslog.

Dec 24 20:59:35 rads rsyslogd-2007: action 'action 17' suspended, next retry is Thu Dec 24 21:01:05 2020 [try http://www.rsyslog.com/e/2007 ]

Thanks to logrotate I was not in an immediate need for action, but still I thought it will be better to fix this – atleast that will reduce the write and increase life of my SD Card.

The URL at the end of the message was very helpful. According to the specified URL this message simply means that rsyslog.conf contains the instruction to write to the xconsole pipe, but this pipe is never read. on editing the /etc/rsyslog file, the following section can be commented out or removed completely.

daemon.*;mail.*;\        news.err;\        *.=debug;*.=info;\        *.=notice;*.=warn       |/dev/xconsole

A simple systemctl restart rsyslog after that will fix the issue.

I did not see this issue on my other Raspberry Pi which runs Raspbian based on Debian Buster (Debian 10). I checked the /etc/rsyslog.conf on that and could not find the offending lines there. So my understanding is that this issue is with Raspbian based on Jessie.

Posted in FLOSS, RaspberryPi, Tips/Code Snippets | Tagged , | Leave a comment

Using Wrap Utility to Hide the SQL Code in Oracle

At times we may need to encrypt sensitive information in certain columns in Oracle Database. Oracle provides a DBMS_CRYPTO package for the purpose. More details about this package can be found in Oracle Documentation here.

The approach I followed is as follows –

  • Create a custom package using features provided in DBMS_CRYPTO, which will consists for functions to encrypt / decrypt varchar and blob type columns.
  • Use this package to encrypt / decrypt the data in the fields.

For a reference implementation of such a code, you can refer to the Oracle Documentation mentioned above.

One key aspect is the use of a ‘Key’ in the encryption logic. In the sample code given on the documentation, a random key has been chosen. This random key is fine as long as you do not recompile the package. If the package is recompiled then the key changes and hence invalidates all the encrypted data which can not be decrypted in the absence of the old key.

If we keep the key as fixed, then anyone looking at the source code of the package can see the key and thus potentially compromising on the security aspects.

To resolve this, fortunately Oracle provides a wrap utility to hide the source code.

$ wrap iname=enc_dec.sql oname=enc_dec.sql.wrp

SQL> @enc_dec.sql.wrp;

Now anyone looking at the source code of the package will find gibberish understood by Oracle only. However, the original source with the key has to be kept safe, just incase you need it back again.

Posted in Databases | Leave a comment

Apt Pinning in Raspbian

Quite sometime back I wrote a blog entry on apt-pinning to mix multiple repositories in debian and prioritize them. Recently, I felt the need to do the same on my raspberry pi.

I use rsnapshot to backup remote systems. Rsnapshot has an associated perl script which is meant to send beautiful reports via email at the end of the backup. The script in the version which came with raspbian was broken (1.3.1-4+deb8u1) and I needed 1.4.2-1, which is available in Debian Stretch.

Following my earlier post, I performed the following steps to perform the installation of the required version without impacting the rest of the system. As you can see that the priority of Jessie is higher than that of Stretch, which will ensure that the system does not get messed up when you do an upgrade.

# Create the preferences file for jessie and stretch as shown below
$ sudo vi /etc/apt/preferences.d/jessie.pref
Package: *
Pin: release n=jessie
Pin-Priority: 900

$ sudo vi /etc/apt/preferences.d/stretch.pref
Package: *
Pin: release a=stretch
Pin-Priority: 750

# Define the package sources for both jessie and stretch
$ sudo vi /etc/apt/sources.list.d/jessie.list
deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi

$ sudo vi /etc/apt/sources.list.d/stretch.list
deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi

# Refresh the cache and sources list
$ sudo apt-get update

# Install the desired package by specifying the repository from which 
# it has to be installed
$ sudo apt-get install rsnapshot -t stretch

Please be careful before performing these steps in a production system.

Posted in FLOSS, RaspberryPi | Tagged , , | Leave a comment

Ansible Quirks – 4

I was installing ansible on OpenSuSE Leap 42.3 machine and faced a problem with multiple python versions. I have both python 2.7 and python 3.4 installed on this machine. Python 2.7 is the default one.

I tried installed ansible with the usual pip install and was faced with an error related to setuptools (could not capture the error message). I upgraded my pip version to the latest one 10.0.1 and then installed ansible.

$ sudo pip install --upgrade pip
$ sudo pip install ansible

After that I ran an ansible-galaxy init command to create one of the roles and I was welcome with the error stating “Error: Ansible requires a minimum of Python2 version 2.6 or Python3 version 3.5. Current version: 3.4.6”. And I was wondering what happened because my default python version was 2.7.

The usual google search did not help me go anywhere. So I looked at the /usr/bin/ansible file and found that it was using python3 interpreter.

$ head -1 /usr/bin/ansible

I then checked the source of pip command and found the same thing.

$ head -1 /usr/bin/pip

So I looked at pip documentation on installing pip for python 2.7 and found this link which helped me with the command to install pip for the default version of python installed –

$ sudo python -m ensurepip --default-pip
Requirement already satisfied: setuptools in /usr/lib/python2.7/site-packages
Collecting pip
Installing collected packages: pip
Successfully installed pip-9.0.1

Now when I reinstalled ansible, it installed the correct python interpreter for my system.

$ sudo pip install ansible
Collecting ansible
  Cache entry deserialization failed, entry ignored
You are using pip version 9.0.1, however version 10.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
$ head -1 /usr/bin/pip /usr/bin/ansible
==> /usr/bin/pip <==

==> /usr/bin/ansible <==

Now when I upgraded pip it was for the default python version

$ sudo pip install --upgrade pip
Collecting pip
Using cached https://files.pythonhosted.org/packages/0f/74/ecd13431bcc456ed390b44c8a6e917c1820365cbebcb6a8974d1cd045ab4/pip-10.0.1-py2.py3-none-any.whl
Installing collected packages: pip
Found existing installation: pip 9.0.1
Uninstalling pip-9.0.1:
    Successfully uninstalled pip-9.0.1
    Successfully installed pip-10.0.1
$ head -1 /usr/bin/pip /usr/bin/ansible
==> /usr/bin/pip  <==

==> /usr/bin/ansible <==

In all probability all this was my fault and I think the pip which I upgraded in the beginning of this process may have been installed for python3 by me, otherwise I do not see any reason for all these issues.

Still I thought to share this entry, just in case someone can be helped.


Posted in Tips/Code Snippets | Tagged , | 1 Comment