I'm running a production webserver on Debian Etch. I have never done a dist-upgrade simply because I'm afraid of doing so and because the server is otherwise running incredibly stable.

Anyway, I saw a security advisory today for Apache2. I'm currently running 2.2.3 so I would really like to upgrade to the latest stable version with the vulnerability - as mentioned in the advisory - patched.

Problem is, I don't know how.

My thought was to download the 2.2.19 sources (the latest stable version) and compile it on my system. Then somehow patch it. But again, I really wouldn't know if that's the way to go.

Could someone please advise how I can get the latest stable and patched version of apache2 running on my Etch system?

Thanks in advance.

You won't be happy with this answer.

I seriously warn against upgrading your Etch system to the current stable (Squeeze) when you are not sitting next to your server. As a matter of fact last weekend I did a kernel upgrade from Etch to Squeeze on my server (in my room!) and never mind any trick to set a default in Grub it wouldn't work. Instead, at boot, I was asked to "press a key to continue". Whatever caused this, you don't want to happen this on a server 2 hours driving away from you.

Then about compiling a new Apache version from source: you have a fair chance that too many dependencies fail. Nice libraries like libc6-dev or so where all packages on your system depend upon. Etch is simply too old.

My favorite way for such a fundamental upgrade on a production machine is to install a new machine with the current version of Debian, get the old system's package list with dpkg --get-selections and install those packages on the new computer. Since you are running a server packages exclude complications like sound and video drivers, so you could prepare a new hard disk at home on arbitrary hardware, and then drive down to tje coloc and swap the hard disk. Be prepared for quite some manual tuning of config files though.

Another option is to clone your server to a machine at home, do the dist-upgrades at home, and swap those hard drives when finished.

jlinkels

1 members found this post helpful.

First of all, thank you for your answer.

Which is exactly the reason I haven't tried it yet. Although I could handle the "press any key to continue" since I built this server with remote KVM. I could even make BIOS changes remotely if I wanted to. Even so, there are many things that could happen that can't be solved with just a few key presses...

I was afraid of that.

I actually tried creating a clone for use in a VM but have been unsuccessful so far.

I'm trying to avoid building a second server (it's not really money well spent). If the hardware was at the end of its life I wouldn't mind building a new server but its still more than sufficient for what I use it for (Core 2 Duo E6750, 2GB, 2x160GB HDD (RAID 1) as main storage, 500GB HDD for in-system backups, Remote KVM, Remote ON/OFF, built-in 5 Gb switch, etc). Also, Etch is running rock stable but as you said, it's getting too old and security is becoming a concern.

What I proposed was to put a new hard disk in a temporary machine at home and make at home a clone of your server. Then take out the disk and bring it to your production server.

I have no experience with cloning into a VM image. But ordinary cloning is as easy as setting up the partitions on the empty disk, mount them in a running system and perform rsync. Once done chroot into the copied system and install grub. In your case you would have to create a RAID1 array out of that afterwards (also at home). That used to be easy in Etch and Lenny, but I haven't tried it yet in Squeeze. The difference is grub2.

You are right not wanting to replace the server hardware, but maybe just replacing the disks is an option for you.

jlinkels