Raspberry Pi OSのメジャーアップグレードの手段として推奨されているのは、新しいSDカードに焼き直す「ReImage」なのは重々承知も、遠隔地にある Raspberry Pi 3B+をssh越しにaptパッケージマネージャを使い、サポートの切れた Raspbian Jessie から Stretch への アップグレード をしてみました。
Jessieサポート終了による弊害
DebianのwikiページによるとDebian Jessie のサポートは2020年6月30日に終了済みで、Raspbianもこれに準じてレポジトリから既にJessieを引き揚げていました。
$ lsb_release -a No LSB modules are available. Distributor ID: Raspbian Description: Raspbian GNU/Linux 8.0 (jessie) Release: 8.0 Codename: jessie $ sudo apt update - 略 - W: Failed to fetch http://mirrordirector.raspbian.org/raspbian/dists/jessie/main/binary-armhf/Packages 404 Not Found W: Failed to fetch http://mirrordirector.raspbian.org/raspbian/dists/jessie/contrib/binary-armhf/Packages 404 Not Found W: Failed to fetch http://mirrordirector.raspbian.org/raspbian/dists/jessie/non-free/binary-armhf/Packages 404 Not Found W: Failed to fetch http://mirrordirector.raspbian.org/raspbian/dists/jessie/rpi/binary-armhf/Packages 404 Not Found
ブラウザで開いてみてもこの通りで、ここにもうJessieはいません。
サポート終了後にJessieを最終版へ更新
Stretchへのアップグレード前に現在のJessieを最終版へアップデートするためには、参照先をレガシーレポジトリへ変更する必要がありました。
## Browse "http://legacy.raspbian.org/raspbian/dists/" jessie/ 15-Apr-2021 19:56 jessie-staging/ 15-Apr-2021 19:56 wheezy/ 21-Mar-2019 23:09 wheezy-staging/ 04-Apr-2019 18:40
早速
sources.list
を以下のように書き換えます。
$ sudo nano /etc/apt/sources.list 前) deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi 後) deb http://legacy.raspbian.org/raspbian/ jessie main contrib non-free rpi
Webminの公式レポジトリとのやり取りでエラー
こうしてJessieの基本的なアップデートは再び可能になりましたが、このデバイスに入っているWebminのレポジトリのhttps接続エラーは相変わらずで、
apt update
で次のエラーが出力されます。
Err https://download.webmin.com sarge/contrib armhf Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
こちらのフォーラムによると、JessieのOpenSSLが古すぎることに起因する問題なようです。
$ openssl version OpenSSL 1.0.1t 3 May 2016
まずは、jessie-backportsレポジトリを
source.list
に暫定追加。
$ sudo nano /etc/apt/sources.list deb http://archive.debian.org/debian jessie-backports main contrib non-free
このとき
apt update
を実行すると、追加したレポジトリの鍵が無いと警告を受けますが、
$ sudo apt update Fetched 11.4 MB in 2min 22s (79.7 kB/s) W: GPG error: http://archive.debian.org jessie-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 W: Failed to fetch https://download.webmin.com/download/repository/dists/sarge/contrib/binary-armhf/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
OpenSSLを新しくしないことにはどうしようもないので、このまま、追加したレポジトリを指名して、OpenSSLをインストール(更新)します。途中、証明書が無いことについてのプロンプトを受けますが、「Y」でインストール処理は完走。
$ sudo apt install -t jessie-backports openssl Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libssl1.0.0 The following packages will be upgraded: libssl1.0.0 openssl 2 upgraded, 0 newly installed, 0 to remove and 55 not upgraded. Need to get 1,603 kB of archives. After this operation, 357 kB disk space will be freed. Do you want to continue? [Y/n] y WARNING: The following packages cannot be authenticated! libssl1.0.0 openssl Install these packages without verification? [y/N] y Get:1 http://archive.debian.org/debian/ jessie-backports/main libssl1.0.0 armhf 1.0.2l-1~bpo8+1 [921 kB] Get:2 http://archive.debian.org/debian/ jessie-backports/main openssl armhf 1.0.2l-1~bpo8+1 [682 kB] Fetched 1,603 kB in 2s (698 kB/s) Preconfiguring packages ... (Reading database ... 93989 files and directories currently installed.) Preparing to unpack .../libssl1.0.0_1.0.2l-1~bpo8+1_armhf.deb ... Unpacking libssl1.0.0:armhf (1.0.2l-1~bpo8+1) over (1.0.1t-1+deb8u12) ... Preparing to unpack .../openssl_1.0.2l-1~bpo8+1_armhf.deb ... Unpacking openssl (1.0.2l-1~bpo8+1) over (1.0.1t-1+deb8u12) ... Processing triggers for man-db (2.7.5-1~bpo8+1) ... Setting up libssl1.0.0:armhf (1.0.2l-1~bpo8+1) ... Setting up openssl (1.0.2l-1~bpo8+1) ... Processing triggers for libc-bin (2.19-18+deb8u10) ...
続いてLet’s Encryptのルート証明書を更新します。
$ sudo curl -k https://letsencrypt.org/certs/isrgrootx1.pem.txt -o /usr/local/share/ca-certificates/isrgrootx1.crt % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1939 100 1939 0 0 3160 0 --:--:-- --:--:-- --:--:-- 3157 $ sudo curl -k https://letsencrypt.org/certs/letsencryptauthorityx1.pem.txt -o /usr/local/share/ca-certificates/letsencryptauthorityx1.crt % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1984 100 1984 0 0 2354 0 --:--:-- --:--:-- --:--:-- 2356 $ sudo curl -k https://letsencrypt.org/certs/letsencryptauthorityx2.pem.txt -o /usr/local/share/ca-certificates/letsencryptauthorityx2.crt % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1984 100 1984 0 0 2184 0 --:--:-- --:--:-- --:--:-- 2185 $ sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx1.crt % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1675 100 1675 0 0 2016 0 --:--:-- --:--:-- --:--:-- 2015 $ sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx2.crt % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1675 100 1675 0 0 1745 0 --:--:-- --:--:-- --:--:-- 1744 $ sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx3.crt % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1647 100 1647 0 0 2746 0 --:--:-- --:--:-- --:--:-- 2745 $ sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx4.crt % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1647 100 1647 0 0 1892 0 --:--:-- --:--:-- --:--:-- 1893 $ sudo dpkg-reconfigure ca-certificates Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate ISRG_Root_X1.pem WARNING: Skipping duplicate certificate ISRG_Root_X1.pem 7 added, 0 removed; done. Processing triggers for ca-certificates (20141019+deb8u4) ... Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d....done.
一連の作業を終えて再びOpenSSLのバージョンを確認すると、小数点以下の末尾が少し進んだのですが、Webminレポジトリのエラー解消には至りませんでした。
$ openssl version OpenSSL 1.0.2l 25 May 2017
StretchやBusterが動作する他のRaspberry Piでは問題無いことから、OSのアップグレードが解決してくれると信じて、一旦Webminレポジトリをコメントアウトして、Jessieでの更新が無い状態にして先に進みます。
$ sudo apt update - 略 - Fetched 133 kB in 59s (2,242 B/s) Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. $ sudo apt upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. $ sudo apt dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
JessieからStretchへ振り向けてアップグレード
上述でレガシーレポジトリに振り向けた
sources.list
を再び元のサーバへ戻し、JessieからStretchへ振り向かせます。さらに、
sources.list.d/
内にもレポジトリを記したファイルがあれば同様にJessieからStretchへ。
$ sudo nano /etc/apt/sources.list 前) deb http://legacy.raspbian.org/raspbian/ jessie main contrib non-free rpi 後) deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi $ sudo nano /etc/apt/sources.list.d/raspi.list 前) deb http://archive.raspberrypi.org/debian/ jessie main ui 後) deb http://archive.raspberrypi.org/debian/ stretch main ui
この状態でapt updateを実行すると、
$ sudo apt update Get:1 http://mirrordirector.raspbian.org stretch InRelease [15.0 kB] Get:2 http://archive.raspberrypi.org stretch InRelease [25.3 kB] Get:3 http://archive.raspberrypi.org stretch/main armhf Packages [192 kB] Get:4 http://mirrordirector.raspbian.org stretch/main armhf Packages [11.7 MB] Get:5 http://archive.raspberrypi.org stretch/ui armhf Packages [44.6 kB] Get:6 http://mirrordirector.raspbian.org stretch/contrib armhf Packages [56.9 kB] Get:7 http://mirrordirector.raspbian.org stretch/non-free armhf Packages [98.9 kB] Get:8 http://mirrordirector.raspbian.org stretch/rpi armhf Packages [1,360 B] Fetched 12.1 MB in 1min 12s (166 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 466 packages can be upgraded. Run 'apt list --upgradable' to see them.
そしていよいよStretchへのアップグレードを始めます。
$ sudo apt --simulate upgrade Calculating upgrade... The following packages were automatically installed and are no longer required: libasan3 libasn1-8-heimdal libbind9-90 libclass-method-modifiers-perl libcpan-changes-perl libdevel-globaldestruction-perl libdns100 libencode-locale-perl libexporter-tiny-perl libfile-slurp-perl libgcc-6-dev libhcrypto4-heimdal libhdb9-heimdal libheimbase1-heimdal libhtml-tagset-perl libhttp-date-perl libhttp-message-perl libhx509-5-heimdal libio-html-perl libio-stringy-perl libisc95 libisccc90 libisccfg90 libkrb5-26-heimdal liblinear3 liblua5.3-0 liblwp-mediatypes-perl liblwres90 libntdb1 libpng-tools libpython3.4-minimal libpython3.4-stdlib libroken18-heimdal librole-tiny-perl libstrictures-perl libsub-exporter-progressive-perl libtimedate-perl libtry-tiny-perl liburi-perl libvpx1 libwind0-heimdal python-cffi python-colorama python-distlib python-ndg-httpsclient python-ntdb python-openssl python-ply python-pycparser python-requests python-support python-urllib3 python3.4 python3.4-minimal Use 'apt-get autoremove' to remove them. Done The following NEW packages will be installed: busybox cpp-6 dirmngr distro-info-data gcc-6-base gettext-base gir1.2-glib-2.0 gnupg-agent gnupg-l10n initramfs-tools-core keyutils libapparmor1 libassuan0 libbabeltrace-ctf1 libbabeltrace1 libbind9-140 libc-l10n libclass-method-modifiers-perl libcpan-changes-perl libdbus-glib-1-2 libdns-export162 libdns162 libdw1 libelf1 libfastjson4 libfdisk1 libfftw3-single3 libfile-slurp-perl libgirepository-1.0-1 libgnutls30 libgpgme11 libhogweed4 libidn2-0 libip4tc0 libip6tc0 libiptc0 libisc-export160 libisc160 libisccc140 libisccfg140 libisl15 libksba8 libldap-common liblinear3 liblognorm5 liblua5.3-0 liblwres141 liblz4-1 libmagic-mgc libmnl0 libmodule-load-conditional-perl libnetfilter-conntrack3 libnettle6 libnghttp2-14 libnpth0 libpam-systemd libpng16-16 libprocps6 libpsl5 libpython-all-dev libpython3.5 libpython3.5-minimal libpython3.5-stdlib libreadline7 librole-tiny-perl libseccomp2 libssl1.0.2 libssl1.1 libtry-tiny-perl libunistring0 libwebp6 libxtables12 linux-base pinentry-curses publicsuffix python-all python-all-dev python-bs4 python-cffi-backend python-dbus python-enum34 python-gi python-idna python-ipaddress python-keyring python-keyrings.alt python-pip-whl python-secretstorage python-webencodings python-xdg python3.5 python3.5-minimal read-edid rfkill xxd The following packages have been kept back: apt apt-transport-https apt-utils aptitude aptitude-common build-essential cpp-4.9 g++ g++-4.9 gcc gcc-4.9 gcc-4.9-base gdisk kmod libalgorithm-diff-xs-perl libasan1 libauthen-pam-perl libcgi-pm-perl libclass-c3-xs-perl libcpan-meta-perl libfcgi-perl libfile-fcntllock-perl libgcc-4.9-dev libio-pty-perl libkmod2 liblocale-gettext-perl libmodule-pluggable-perl libnet-ssleay-perl libparams-util-perl libpng12-0 libpng12-dev libpod-readme-perl libstdc++-4.9-dev libstdc++6 libtext-charwidth-perl libtext-iconv-perl libtext-soundex-perl libv4l-0 libv4l2rds0 libv4lconvert0 libxml2 lshw ndiff nmap perl perl-base v4l-utils The following packages will be upgraded: acl adduser alsa-utils autoconf automake autotools-dev avahi-daemon avahi-utils base-files base-passwd bash bash-completion bcrelay bind9-host binutils bluez bluez-firmware bridge-utils bsd-mailx bsdmainutils bsdutils bzip2 ca-certificates cifs-utils console-setup console-setup-linux coreutils cpio cpp crda cron curl dash dbus debconf debconf-i18n debconf-utils debianutils device-tree-compiler dh-python dhcpcd5 diffutils dmidecode dmsetup dosfstools dphys-swapfile dpkg dpkg-dev e2fslibs e2fsprogs ed exim4-base exim4-config exim4-daemon-light fake-hwclock fakeroot fbset file findutils firmware-atheros firmware-brcm80211 firmware-libertas firmware-realtek fontconfig-config fonts-dejavu-core gcc-4.8-base gdb gdbserver geoip-database git git-man gnupg gpgv grep groff-base gzip hostname i2c-tools ifupdown info init init-system-helpers initramfs-tools initscripts insserv install-info iproute2 iptables iputils-ping isc-dhcp-client isc-dhcp-common iw kbd keyboard-configuration klibc-utils less libacl1 libaio1 libalgorithm-c3-perl libalgorithm-diff-perl libalgorithm-merge-perl libarchive-extract-perl libasn1-8-heimdal libasound2 libasound2-data libatomic1 libaudit-common libaudit1 libavahi-client3 libavahi-common-data libavahi-common3 libavahi-core7 libblas-common libblas3 libblkid1 libbsd0 libbz2-1.0 libc-bin libc-dev-bin libc6 libc6-dbg libc6-dev libcap-ng0 libcap2 libcap2-bin libcgi-fast-perl libclass-c3-perl libcloog-isl4 libcomerr2 libcryptsetup4 libcups2 libcurl3 libcurl3-gnutls libdata-optlist-perl libdb5.3 libdbus-1-3 libdebconfclient0 libdevmapper1.02.1 libdpkg-perl libdrm2 libedit2 liberror-perl libestr0 libevent-2.0-5 libexpat1 libexpat1-dev libfakeroot libffi6 libfontconfig1 libfreetype6 libfreetype6-dev libgcc1 libgcrypt20 libgd3 libgdbm3 libgeoip1 libgfortran3 libglib2.0-0 libglib2.0-data libgmp10 libgnutls-openssl27 libgomp1 libgpg-error0 libgssapi-krb5-2 libhcrypto4-heimdal libhdb9-heimdal libheimbase1-heimdal libhx509-5-heimdal libident libidn11 libiw30 libjpeg62-turbo libk5crypto3 libkeyutils1 libklibc libkrb5-26-heimdal libkrb5-3 libkrb5support0 libldap-2.4-2 libldb1 liblockfile-bin liblockfile1 liblogging-stdlog0 libltdl-dev libltdl7 liblua5.2-0 libluajit-5.1-common liblzma5 libmagic1 libmodule-build-perl libmodule-signature-perl libmount1 libmpc3 libmpdec2 libmpfr4 libncurses5 libncursesw5 libnewt0.52 libnfsidmap2 libnih-dbus1 libnih1 libnl-3-200 libnl-genl-3-200 libnss-mdns libntdb1 libopts25 libp11-kit0 libpackage-constants-perl libpam-modules libpam-modules-bin libpam-runtime libpam0g libparted2 libpcap0.8 libpci3 libpcre3 libpcsclite1 libpipeline1 libplymouth4 libpod-latex-perl libpython-dev libpython-stdlib libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython3-stdlib libpython3.4-minimal libpython3.4-stdlib libraspberrypi-bin libraspberrypi-dev libraspberrypi-doc libraspberrypi0 libreadline6 libregexp-common-perl libroken18-heimdal librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libselinux1 libsemanage-common libsemanage1 libsepol1 libsigsegv2 libslang2 libsmartcols1 libsoftware-license-perl libsqlite3-0 libss2 libssh2-1 libsystemd0 libtalloc2 libtasn1-6 libtdb1 libterm-ui-perl libtevent0 libtext-wrapi18n-perl libtiff5 libtimedate-perl libtinfo5 libtirpc1 libtool libubsan0 libudev1 libusb-0.1-4 libusb-1.0-0 libustr-1.0-1 libuuid1 libwbclient0 libwind0-heimdal libwrap0 libx11-6 libx11-data libxcb1 libxdmcp6 libxmuu1 libxpm4 libxslt1.1 linux-libc-dev locales login logrotate lsb-base lsb-release lua5.1 luajit m4 make man-db manpages manpages-dev mdadm mime-support mount multiarch-support nano ncdu ncurses-base ncurses-bin ncurses-term net-tools netbase netcat-openbsd nfs-common ntp openresolv openssh-client openssh-server openssh-sftp-server openssl parted passwd patch pciutils pi-bluetooth pkg-config plymouth ppp pptpd procps psmisc pv python python-cffi python-chardet python-colorama python-crypto python-cryptography python-dev python-distlib python-dnspython python-html5lib python-ldb python-lxml python-minimal python-ndg-httpsclient python-ntdb python-openssl python-pip python-pkg-resources python-ply python-pyasn1 python-pycparser python-requests python-rpi.gpio python-samba python-setuptools python-six python-smbus python-talloc python-tdb python-urllib3 python-wheel python2.7 python2.7-dev python2.7-minimal python3 python3-minimal python3.4 python3.4-minimal raspberrypi-bootloader raspberrypi-kernel raspberrypi-sys-mods raspi-config raspi-copies-and-fills readline-common rename rpcbind rsync rsyslog samba samba-common samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules sed sensible-utils sgml-base shared-mime-info ssh startpar strace sudo systemd systemd-sysv sysv-rc sysvinit-utils tar tasksel tasksel-data tcpd tdb-tools traceroute triggerhappy tzdata ucf udev ufw unzip update-inetd usbutils util-linux vim-common vim-tiny vnstat vnstati wget whiptail whois wireless-regdb wireless-tools wpasupplicant xkb-data xml-core xz-utils zlib1g zlib1g-dev419 upgraded, 95 newly installed, 0 to remove and 47 not upgraded.
長いインストール作業中、何度かグラフィカルなプロンプトで設定ファイルを上書きするかどうか聞かれることがあります。見に覚えのある事項であれば上書きせずに現在のファイルを維持で。
さらには、インストールを反映させるためにサービスの再起動を適宜しても良いか聞かれますが、インストール中にsshが切れては困るので「No」を選択。
するとしばらくして、どうしても再起動させたいサービスがあり、その中にsshが挙がっているので青ざめますが、現在のsshセッションには影響は無いことがわざわざ記されており一安心。
こうして1時間以上掛けてアップグレードは完走しました。デバイスの再起動後Stretchを確認し(OpenSSLのバージョンもだいぶ進みました)、問題が無ければ不要になったパッケージを削除します(削除される数が多いので、本当に消して良いのかチェックを忘れずに)。
$ lsb_release -a No LSB modules are available. Distributor ID: Raspbian Description: Raspbian GNU/Linux 9.13 (stretch) Release: 9.13 Codename: stretch $ openssl version OpenSSL 1.1.0l 10 Sep 2019 $ sudo apt autoremove $ sudo apt autoclean
なお、アップグレード中は無効にしていたWebminレポジトリを有効に戻すと、無事にアップデートすることが出来ました。
$ sudo apt upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: webmin 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 28.1 MB of archives. After this operation, 2,986 kB disk space will be freed. Do you want to continue? [Y/n] yGet:1 https://download.webmin.com/download/repository sarge/contrib armhf webmin all 1.982 [28.1 MB] Fetched 28.1 MB in 31s (888 kB/s) (Reading database ... 96072 files and directories currently installed.) Preparing to unpack .../archives/webmin_1.982_all.deb ... Unpacking webmin (1.982) over (1.973) ... Setting up webmin (1.982) ...####################................................................................] Webmin install complete.
今回アップグレードしたStretchも2022年上半期でサポート終了を迎えてしまうことから、この状態で数ヶ月運用して問題が無ければ、同じ方法でBusterへのアップグレードを考えています。
投稿 Raspberry Pi 3B+のRaspbian JessieからStretchへのアップグレード は Fun Scripting 2.0 に最初に表示されました。