[Samba] Samba 4.16 and 4.17 ubuntu focal and jammy packages
Kees van Vloten
keesvanvloten at gmail.com
Sat Oct 29 16:48:20 UTC 2022
On 29-10-2022 18:06, Rowland Penny via samba wrote:
>
>
> On 28/10/2022 11:28, Michael Tokarev via samba wrote:
>> 28.10.2022 13:20, Kees van Vloten wrote:
>> ..
>>>>> Why don't you use bullseye-backports??
>> ..
>>> Because a single repo means a single repo-index with a single Samba
>>> version. Any apt-get update && apt-get dist-upgrade has the risk of
>>> going to a different Samba version. I want that for *all* packages
>>> except Samba.
>>
>> Aha. Now I see. Once I update samba-backports with samba-4.17 it
>> will be
>> upgraded automatically which you don't want to do. But you still want it
>> to be upgraded from 4.16.5 to 4.16.6. That makes sense.
>>
>> It's an interesting observation indeed. I'll think about it.
>>
>> Now, there's one more question. Why it is so risky to upgrade
>> to a new samba "major" release?
>>
>> /mjt
>>
>
> Because Samba has an habit of removing, adding or changing things and
> this leads to old versions of things being left on disk and
> interfering with the smooth running of Samba. One that springs to mind
> is the python 'time', Samba had its own version and then removed it,
> but the distros didn't.
>
> Starting with a new OS, also ensures that everything is correct and
> nothing 'old' is there.
>
> Rowland
>
What Roland says is one of the issues, config options come and go. That
can breaks stuff, also security fixes can break things (notably November
2021).
The point is not so much a very high the risk, the point is that the
consequences are very serious when the risk materializes (i.e upgrade
failed). In that case no user, including myself, can login on any system.
Therefore I always do a phased upgrade: fileserver first, when that
works for some time then one domain-controller, when that works the
second domain-controller. With pinning + sources.list per version I can
prevent that my all systems upgrade at the same time which is a point in
time chosen by the package maintainer.
I really do not want my users to call me that they are locked-out only
to discover that I am locked-out as well.
As stated earlier I have an automate everything policy, that include
these upgrades. I change the version numbers in the code and then run it
one by one against the samba fileservers and domain-controllers (so no
manual apt-get commands, nor am I logged in during an upgrade, I do
watch the output on my controller and run some tests).
- Kees.
More information about the samba
mailing list