もっと詳しく

Raspberry Pi OSのメジャーアップグレードの手段として推奨されているのは、新しいSDカードに焼き直す「ReImage」なのは重々承知も、遠隔地にある Raspberry Pi 3B+をssh越しにaptパッケージマネージャを使い、サポートの切れた Raspbian Jessie から Stretch への アップグレード をしてみました。

Jessieサポート終了による弊害

DebianのwikiページによるとDebian Jessie のサポートは2020年6月30日に終了済みで、Raspbianもこれに準じてレポジトリから既にJessieを引き揚げていました。

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Raspbian
Description:	Raspbian GNU/Linux 8.0 (jessie)
Release:	8.0
Codename:	jessie

$ sudo apt update
- 略 -
W: Failed to fetch http://mirrordirector.raspbian.org/raspbian/dists/jessie/main/binary-armhf/Packages  404  Not Found
W: Failed to fetch http://mirrordirector.raspbian.org/raspbian/dists/jessie/contrib/binary-armhf/Packages  404  Not Found
W: Failed to fetch http://mirrordirector.raspbian.org/raspbian/dists/jessie/non-free/binary-armhf/Packages  404  Not Found
W: Failed to fetch http://mirrordirector.raspbian.org/raspbian/dists/jessie/rpi/binary-armhf/Packages  404  Not Found

ブラウザで開いてみてもこの通りで、ここにもうJessieはいません。

図1.Raspbianレポジトリ内の構成

図1.Raspbianレポジトリ内の構成

サポート終了後にJessieを最終版へ更新

Stretchへのアップグレード前に現在のJessieを最終版へアップデートするためには、参照先をレガシーレポジトリへ変更する必要がありました。

## Browse "http://legacy.raspbian.org/raspbian/dists/"
jessie/                        15-Apr-2021 19:56
jessie-staging/                15-Apr-2021 19:56
wheezy/                        21-Mar-2019 23:09
wheezy-staging/                04-Apr-2019 18:40

早速

sources.list

 を以下のように書き換えます。

$ sudo nano /etc/apt/sources.list
前)
deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi
後)
deb http://legacy.raspbian.org/raspbian/ jessie main contrib non-free rpi

 

Webminの公式レポジトリとのやり取りでエラー

こうしてJessieの基本的なアップデートは再び可能になりましたが、このデバイスに入っているWebminのレポジトリのhttps接続エラーは相変わらずで、

apt update

 で次のエラーが出力されます。

Err https://download.webmin.com sarge/contrib armhf Packages
  server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

こちらのフォーラムによると、JessieのOpenSSLが古すぎることに起因する問題なようです。

$ openssl version
OpenSSL 1.0.1t  3 May 2016

まずは、jessie-backportsレポジトリを

source.list

に暫定追加。

$ sudo nano /etc/apt/sources.list
deb http://archive.debian.org/debian jessie-backports main contrib non-free

このとき

apt update

を実行すると、追加したレポジトリの鍵が無いと警告を受けますが、

$ sudo apt update
Fetched 11.4 MB in 2min 22s (79.7 kB/s)
W: GPG error: http://archive.debian.org jessie-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: Failed to fetch https://download.webmin.com/download/repository/dists/sarge/contrib/binary-armhf/Packages  server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

OpenSSLを新しくしないことにはどうしようもないので、このまま、追加したレポジトリを指名して、OpenSSLをインストール(更新)します。途中、証明書が無いことについてのプロンプトを受けますが、「Y」でインストール処理は完走。

$ sudo apt install -t jessie-backports openssl
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  libssl1.0.0
The following packages will be upgraded:
  libssl1.0.0 openssl
2 upgraded, 0 newly installed, 0 to remove and 55 not upgraded.
Need to get 1,603 kB of archives.
After this operation, 357 kB disk space will be freed.
Do you want to continue? [Y/n] y
WARNING: The following packages cannot be authenticated!
  libssl1.0.0 openssl
Install these packages without verification? [y/N] y
Get:1 http://archive.debian.org/debian/ jessie-backports/main libssl1.0.0 armhf 1.0.2l-1~bpo8+1 [921 kB]
Get:2 http://archive.debian.org/debian/ jessie-backports/main openssl armhf 1.0.2l-1~bpo8+1 [682 kB]
Fetched 1,603 kB in 2s (698 kB/s)
Preconfiguring packages ...
(Reading database ... 93989 files and directories currently installed.)
Preparing to unpack .../libssl1.0.0_1.0.2l-1~bpo8+1_armhf.deb ...
Unpacking libssl1.0.0:armhf (1.0.2l-1~bpo8+1) over (1.0.1t-1+deb8u12) ...
Preparing to unpack .../openssl_1.0.2l-1~bpo8+1_armhf.deb ...
Unpacking openssl (1.0.2l-1~bpo8+1) over (1.0.1t-1+deb8u12) ...
Processing triggers for man-db (2.7.5-1~bpo8+1) ...
Setting up libssl1.0.0:armhf (1.0.2l-1~bpo8+1) ...
Setting up openssl (1.0.2l-1~bpo8+1) ...
Processing triggers for libc-bin (2.19-18+deb8u10) ...

続いてLet’s Encryptのルート証明書を更新します。

$ sudo curl -k https://letsencrypt.org/certs/isrgrootx1.pem.txt -o /usr/local/share/ca-certificates/isrgrootx1.crt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1939  100  1939    0     0   3160      0 --:--:-- --:--:-- --:--:--  3157
$ sudo curl -k https://letsencrypt.org/certs/letsencryptauthorityx1.pem.txt -o /usr/local/share/ca-certificates/letsencryptauthorityx1.crt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1984  100  1984    0     0   2354      0 --:--:-- --:--:-- --:--:--  2356
$ sudo curl -k https://letsencrypt.org/certs/letsencryptauthorityx2.pem.txt -o /usr/local/share/ca-certificates/letsencryptauthorityx2.crt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1984  100  1984    0     0   2184      0 --:--:-- --:--:-- --:--:--  2185
$ sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx1.crt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1675  100  1675    0     0   2016      0 --:--:-- --:--:-- --:--:--  2015
$ sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx2.crt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1675  100  1675    0     0   1745      0 --:--:-- --:--:-- --:--:--  1744
$ sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx3.crt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1647  100  1647    0     0   2746      0 --:--:-- --:--:-- --:--:--  2745
$ sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx4.crt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1647  100  1647    0     0   1892      0 --:--:-- --:--:-- --:--:--  1893
$ sudo dpkg-reconfigure ca-certificates
Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate ISRG_Root_X1.pem
WARNING: Skipping duplicate certificate ISRG_Root_X1.pem
7 added, 0 removed; done.
Processing triggers for ca-certificates (20141019+deb8u4) ...
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.

一連の作業を終えて再びOpenSSLのバージョンを確認すると、小数点以下の末尾が少し進んだのですが、Webminレポジトリのエラー解消には至りませんでした。

$ openssl version
OpenSSL 1.0.2l  25 May 2017

 

StretchやBusterが動作する他のRaspberry Piでは問題無いことから、OSのアップグレードが解決してくれると信じて、一旦Webminレポジトリをコメントアウトして、Jessieでの更新が無い状態にして先に進みます。

$ sudo apt update
- 略 -
Fetched 133 kB in 59s (2,242 B/s)
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.

$ sudo apt upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

 

JessieからStretchへ振り向けてアップグレード

上述でレガシーレポジトリに振り向けた

sources.list

を再び元のサーバへ戻し、JessieからStretchへ振り向かせます。さらに、

sources.list.d/

 内にもレポジトリを記したファイルがあれば同様にJessieからStretchへ。

$ sudo nano /etc/apt/sources.list
前)
deb http://legacy.raspbian.org/raspbian/ jessie main contrib non-free rpi
後)
deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi

$ sudo nano /etc/apt/sources.list.d/raspi.list
前)
deb http://archive.raspberrypi.org/debian/ jessie main ui
後)
deb http://archive.raspberrypi.org/debian/ stretch main ui

この状態でapt updateを実行すると、

$ sudo apt update
Get:1 http://mirrordirector.raspbian.org stretch InRelease [15.0 kB]
Get:2 http://archive.raspberrypi.org stretch InRelease [25.3 kB]
Get:3 http://archive.raspberrypi.org stretch/main armhf Packages [192 kB]                  
Get:4 http://mirrordirector.raspbian.org stretch/main armhf Packages [11.7 MB]
Get:5 http://archive.raspberrypi.org stretch/ui armhf Packages [44.6 kB]      
Get:6 http://mirrordirector.raspbian.org stretch/contrib armhf Packages [56.9 kB]                                   
Get:7 http://mirrordirector.raspbian.org stretch/non-free armhf Packages [98.9 kB]                                  
Get:8 http://mirrordirector.raspbian.org stretch/rpi armhf Packages [1,360 B]                                       
Fetched 12.1 MB in 1min 12s (166 kB/s)
Reading package lists... Done
Building dependency tree       
Reading state information... Done
466 packages can be upgraded. Run 'apt list --upgradable' to see them.

そしていよいよStretchへのアップグレードを始めます。

$ sudo apt --simulate upgrade
Calculating upgrade... The following packages were automatically installed and are no longer required:
  libasan3 libasn1-8-heimdal libbind9-90 libclass-method-modifiers-perl libcpan-changes-perl
  libdevel-globaldestruction-perl libdns100 libencode-locale-perl libexporter-tiny-perl libfile-slurp-perl
  libgcc-6-dev libhcrypto4-heimdal libhdb9-heimdal libheimbase1-heimdal libhtml-tagset-perl libhttp-date-perl
  libhttp-message-perl libhx509-5-heimdal libio-html-perl libio-stringy-perl libisc95 libisccc90 libisccfg90
  libkrb5-26-heimdal liblinear3 liblua5.3-0 liblwp-mediatypes-perl liblwres90 libntdb1 libpng-tools
  libpython3.4-minimal libpython3.4-stdlib libroken18-heimdal librole-tiny-perl libstrictures-perl
  libsub-exporter-progressive-perl libtimedate-perl libtry-tiny-perl liburi-perl libvpx1 libwind0-heimdal
  python-cffi python-colorama python-distlib python-ndg-httpsclient python-ntdb python-openssl python-ply
  python-pycparser python-requests python-support python-urllib3 python3.4 python3.4-minimal
Use 'apt-get autoremove' to remove them.
Done
The following NEW packages will be installed:
  busybox cpp-6 dirmngr distro-info-data gcc-6-base gettext-base gir1.2-glib-2.0 gnupg-agent gnupg-l10n
  initramfs-tools-core keyutils libapparmor1 libassuan0 libbabeltrace-ctf1 libbabeltrace1 libbind9-140 libc-l10n
  libclass-method-modifiers-perl libcpan-changes-perl libdbus-glib-1-2 libdns-export162 libdns162 libdw1 libelf1
  libfastjson4 libfdisk1 libfftw3-single3 libfile-slurp-perl libgirepository-1.0-1 libgnutls30 libgpgme11
  libhogweed4 libidn2-0 libip4tc0 libip6tc0 libiptc0 libisc-export160 libisc160 libisccc140 libisccfg140 libisl15
  libksba8 libldap-common liblinear3 liblognorm5 liblua5.3-0 liblwres141 liblz4-1 libmagic-mgc libmnl0
  libmodule-load-conditional-perl libnetfilter-conntrack3 libnettle6 libnghttp2-14 libnpth0 libpam-systemd
  libpng16-16 libprocps6 libpsl5 libpython-all-dev libpython3.5 libpython3.5-minimal libpython3.5-stdlib
  libreadline7 librole-tiny-perl libseccomp2 libssl1.0.2 libssl1.1 libtry-tiny-perl libunistring0 libwebp6
  libxtables12 linux-base pinentry-curses publicsuffix python-all python-all-dev python-bs4 python-cffi-backend
  python-dbus python-enum34 python-gi python-idna python-ipaddress python-keyring python-keyrings.alt
  python-pip-whl python-secretstorage python-webencodings python-xdg python3.5 python3.5-minimal read-edid rfkill
  xxd
The following packages have been kept back:
  apt apt-transport-https apt-utils aptitude aptitude-common build-essential cpp-4.9 g++ g++-4.9 gcc gcc-4.9
  gcc-4.9-base gdisk kmod libalgorithm-diff-xs-perl libasan1 libauthen-pam-perl libcgi-pm-perl libclass-c3-xs-perl
  libcpan-meta-perl libfcgi-perl libfile-fcntllock-perl libgcc-4.9-dev libio-pty-perl libkmod2
  liblocale-gettext-perl libmodule-pluggable-perl libnet-ssleay-perl libparams-util-perl libpng12-0 libpng12-dev
  libpod-readme-perl libstdc++-4.9-dev libstdc++6 libtext-charwidth-perl libtext-iconv-perl libtext-soundex-perl
  libv4l-0 libv4l2rds0 libv4lconvert0 libxml2 lshw ndiff nmap perl perl-base v4l-utils
The following packages will be upgraded:
  acl adduser alsa-utils autoconf automake autotools-dev avahi-daemon avahi-utils base-files base-passwd bash
  bash-completion bcrelay bind9-host binutils bluez bluez-firmware bridge-utils bsd-mailx bsdmainutils bsdutils
  bzip2 ca-certificates cifs-utils console-setup console-setup-linux coreutils cpio cpp crda cron curl dash dbus
  debconf debconf-i18n debconf-utils debianutils device-tree-compiler dh-python dhcpcd5 diffutils dmidecode dmsetup
  dosfstools dphys-swapfile dpkg dpkg-dev e2fslibs e2fsprogs ed exim4-base exim4-config exim4-daemon-light
  fake-hwclock fakeroot fbset file findutils firmware-atheros firmware-brcm80211 firmware-libertas firmware-realtek
  fontconfig-config fonts-dejavu-core gcc-4.8-base gdb gdbserver geoip-database git git-man gnupg gpgv grep
  groff-base gzip hostname i2c-tools ifupdown info init init-system-helpers initramfs-tools initscripts insserv
  install-info iproute2 iptables iputils-ping isc-dhcp-client isc-dhcp-common iw kbd keyboard-configuration
  klibc-utils less libacl1 libaio1 libalgorithm-c3-perl libalgorithm-diff-perl libalgorithm-merge-perl
  libarchive-extract-perl libasn1-8-heimdal libasound2 libasound2-data libatomic1 libaudit-common libaudit1
  libavahi-client3 libavahi-common-data libavahi-common3 libavahi-core7 libblas-common libblas3 libblkid1 libbsd0
  libbz2-1.0 libc-bin libc-dev-bin libc6 libc6-dbg libc6-dev libcap-ng0 libcap2 libcap2-bin libcgi-fast-perl
  libclass-c3-perl libcloog-isl4 libcomerr2 libcryptsetup4 libcups2 libcurl3 libcurl3-gnutls libdata-optlist-perl
  libdb5.3 libdbus-1-3 libdebconfclient0 libdevmapper1.02.1 libdpkg-perl libdrm2 libedit2 liberror-perl libestr0
  libevent-2.0-5 libexpat1 libexpat1-dev libfakeroot libffi6 libfontconfig1 libfreetype6 libfreetype6-dev libgcc1
  libgcrypt20 libgd3 libgdbm3 libgeoip1 libgfortran3 libglib2.0-0 libglib2.0-data libgmp10 libgnutls-openssl27
  libgomp1 libgpg-error0 libgssapi-krb5-2 libhcrypto4-heimdal libhdb9-heimdal libheimbase1-heimdal
  libhx509-5-heimdal libident libidn11 libiw30 libjpeg62-turbo libk5crypto3 libkeyutils1 libklibc
  libkrb5-26-heimdal libkrb5-3 libkrb5support0 libldap-2.4-2 libldb1 liblockfile-bin liblockfile1
  liblogging-stdlog0 libltdl-dev libltdl7 liblua5.2-0 libluajit-5.1-common liblzma5 libmagic1 libmodule-build-perl
  libmodule-signature-perl libmount1 libmpc3 libmpdec2 libmpfr4 libncurses5 libncursesw5 libnewt0.52 libnfsidmap2
  libnih-dbus1 libnih1 libnl-3-200 libnl-genl-3-200 libnss-mdns libntdb1 libopts25 libp11-kit0
  libpackage-constants-perl libpam-modules libpam-modules-bin libpam-runtime libpam0g libparted2 libpcap0.8 libpci3
  libpcre3 libpcsclite1 libpipeline1 libplymouth4 libpod-latex-perl libpython-dev libpython-stdlib libpython2.7
  libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython3-stdlib libpython3.4-minimal
  libpython3.4-stdlib libraspberrypi-bin libraspberrypi-dev libraspberrypi-doc libraspberrypi0 libreadline6
  libregexp-common-perl libroken18-heimdal librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libselinux1
  libsemanage-common libsemanage1 libsepol1 libsigsegv2 libslang2 libsmartcols1 libsoftware-license-perl
  libsqlite3-0 libss2 libssh2-1 libsystemd0 libtalloc2 libtasn1-6 libtdb1 libterm-ui-perl libtevent0
  libtext-wrapi18n-perl libtiff5 libtimedate-perl libtinfo5 libtirpc1 libtool libubsan0 libudev1 libusb-0.1-4
  libusb-1.0-0 libustr-1.0-1 libuuid1 libwbclient0 libwind0-heimdal libwrap0 libx11-6 libx11-data libxcb1 libxdmcp6
  libxmuu1 libxpm4 libxslt1.1 linux-libc-dev locales login logrotate lsb-base lsb-release lua5.1 luajit m4 make
  man-db manpages manpages-dev mdadm mime-support mount multiarch-support nano ncdu ncurses-base ncurses-bin
  ncurses-term net-tools netbase netcat-openbsd nfs-common ntp openresolv openssh-client openssh-server
  openssh-sftp-server openssl parted passwd patch pciutils pi-bluetooth pkg-config plymouth ppp pptpd procps psmisc
  pv python python-cffi python-chardet python-colorama python-crypto python-cryptography python-dev python-distlib
  python-dnspython python-html5lib python-ldb python-lxml python-minimal python-ndg-httpsclient python-ntdb
  python-openssl python-pip python-pkg-resources python-ply python-pyasn1 python-pycparser python-requests
  python-rpi.gpio python-samba python-setuptools python-six python-smbus python-talloc python-tdb python-urllib3
  python-wheel python2.7 python2.7-dev python2.7-minimal python3 python3-minimal python3.4 python3.4-minimal
  raspberrypi-bootloader raspberrypi-kernel raspberrypi-sys-mods raspi-config raspi-copies-and-fills
  readline-common rename rpcbind rsync rsyslog samba samba-common samba-common-bin samba-dsdb-modules samba-libs
  samba-vfs-modules sed sensible-utils sgml-base shared-mime-info ssh startpar strace sudo systemd systemd-sysv
  sysv-rc sysvinit-utils tar tasksel tasksel-data tcpd tdb-tools traceroute triggerhappy tzdata ucf udev ufw unzip
  update-inetd usbutils util-linux vim-common vim-tiny vnstat vnstati wget whiptail whois wireless-regdb
  wireless-tools wpasupplicant xkb-data xml-core xz-utils zlib1g zlib1g-dev419 upgraded, 95 newly installed, 0 to remove and 47 not upgraded.

長いインストール作業中、何度かグラフィカルなプロンプトで設定ファイルを上書きするかどうか聞かれることがあります。見に覚えのある事項であれば上書きせずに現在のファイルを維持で。

図2.設定ファイルの上書き可否確認

図2.設定ファイルの上書き可否確認

さらには、インストールを反映させるためにサービスの再起動を適宜しても良いか聞かれますが、インストール中にsshが切れては困るので「No」を選択。

図3.サービス自動再起動可否確認

図3.サービス自動再起動可否確認

するとしばらくして、どうしても再起動させたいサービスがあり、その中にsshが挙がっているので青ざめますが、現在のsshセッションには影響は無いことがわざわざ記されており一安心。

図4.サービス再起動通知

図4.サービス再起動通知

こうして1時間以上掛けてアップグレードは完走しました。デバイスの再起動後Stretchを確認し(OpenSSLのバージョンもだいぶ進みました)、問題が無ければ不要になったパッケージを削除します(削除される数が多いので、本当に消して良いのかチェックを忘れずに)。

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Raspbian
Description:	Raspbian GNU/Linux 9.13 (stretch)
Release:	9.13
Codename:	stretch
$ openssl version
OpenSSL 1.1.0l  10 Sep 2019

$ sudo apt autoremove
$ sudo apt autoclean

なお、アップグレード中は無効にしていたWebminレポジトリを有効に戻すと、無事にアップデートすることが出来ました。

$ sudo apt upgrade
Reading package lists... Done
Building dependency tree        
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  webmin
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 28.1 MB of archives.
After this operation, 2,986 kB disk space will be freed.
Do you want to continue? [Y/n] yGet:1 https://download.webmin.com/download/repository sarge/contrib armhf webmin all 1.982 [28.1 MB]
Fetched 28.1 MB in 31s (888 kB/s)                                                                                   
(Reading database ... 96072 files and directories currently installed.)
Preparing to unpack .../archives/webmin_1.982_all.deb ...
Unpacking webmin (1.982) over (1.973) ...
Setting up webmin (1.982) ...####################................................................................] 
Webmin install complete.

 

今回アップグレードしたStretchも2022年上半期でサポート終了を迎えてしまうことから、この状態で数ヶ月運用して問題が無ければ、同じ方法でBusterへのアップグレードを考えています。

 

 

投稿 Raspberry Pi 3B+のRaspbian JessieからStretchへのアップグレードFun Scripting 2.0 に最初に表示されました。