Why did I subject myself to this?
As part of an R&D project, I had to find a way to update a few old systems we have in the field that have been completely locked down (i.e. you can use a VPN to visit but that’s it). There is no DNS and no other external internet connection. To add to the challenge, I needed to work with a system that has 3.4GB of storage with 2.5GB of it used, and I needed to update Java and install some other test .deb files. In this series, I’ll tell you what I did to make it work, what I tried that didn’t work, and how you can be your own offline master.
Disclaimer
This guide strictly deals with upgrading your system. It will not cover dist-upgrade although that is certainly something you can try and test. This information is provided as-is, and, therefore, I take no responsibility for incidents with your equipment. I am a huge proponent of testing. Please ensure you know what you are doing before you attempt this.
Tools you need
- WinSCP (If you’re using Windows and, for this, it’s almost, almost worth using Windows just to use this awesome, free tool)
- Two systems. One should be online and the other is, of course, the offline one. They both should be very close build-wise. NOTE: If you want to test this out, I recommend changing the /etc/resolv.conf file on one of the systems. Comment out everything in there and save it. This ensures apt will break without using the correct options and your test is as clean as it’s going to get without removing an ethernet cable and introducing USB flash drives.
- Putty, or if you’re on Linux, SSH
- Internet connection with both systems on the same network if you’re testing. Otherwise, you’ll just need internet for the online portion.
Online System Update, Upgrade, and Captures
Ok now let’s get to the interesting part. We start with the online system. In my case, I had an original image and a test box to play with. I won’t cover the uses of the “dd” command in this post, but that’s what I used to image my test drive. Once you get the system booted and ssh’d into, the first thing to do is to clear the archives.
Use the following to do so:
apt-get clean
This cleans out all of the downloaded packages in the archives. This is a critical part as you’ll see later.
Next we’re going to edit the /etc/apt/sources.list. For this experiment, we were moving from Debian 8 (Jessie) to Stretch (9) as Buster (10) the current version is still too new. Now to edit, you can do this by hand using the editor of your choice. Mine is nano like so:
nano /etc/apt/sources.list
And you can replace each of the “jessie” words with “stretch”. Or if you want to save a bit of time you can try this sed code. If you want to change from stretch to buster for example just change the words as needed below.
sed -i 's/jessie/stretch/g' /etc/apt/sources.list;
All good? Good deal. Next, we’re going to do the normal song and dance we do to upgrade a Debian-based system. I like chaining commands and automating things a little bit, so I’m going to tell the apt system to update itself and its files (yes, this is important for something later on), and then I’m going to ask the system to proceed to upgrade itself.
apt-get update; apt-get upgrade -y;
You may wish to install what I call “generic system packages”. What I mean by that is these packages are part of the default repo’s found in the /etc/apt/sources.list. I didn’t need to add a key or another repository to get them. This is important because to run what I call “special packages”, as you’ll see, I need to do something else. We’ll get to that in a little further down. For now, we’ll run something generic like Java11.
apt-get install -y openjdk-11-jre openjdk-11-jre-headless openjdk-11-jdk openjdk-11-jdk-headless;
Now that we have that installed, it’s time to put our WinSCP into play. (As a Linux guy, I’m going to utter a curse…. Due to the simplicity of this, you might get Windows envy if you don’t have one to work with.)
I’m not going to go over WinSCP in this post, but it’s a fairly intuitive tool to use especially if you’ve ever used Putty before. Once you’ve created your scp or sftp connection through WinSCP, you should create a “dump” folder. I named mine “apt-offline” after a tool that was not useful to me at all.
Now for the difficult part. I’m joking. On the left is my Windows computer drive and on the right is the remote computer drive. So I’m going to do some clicking around where you see /tmp/ listed out. Specifically, I’m going to click on “/” because that takes me to the root directory. Where we need to go is:
/var/cache/apt
Once there, click on the “archives” folder. That’s where the meat is. Let’s drag the archives folder to the folder we set up and (hopefully) navigated to on our Windows computer. You will get errors on the “lock” file and the “partial” folder. That’s perfectly fine as we don’t need them.
Now we run:
apt-get clean
The archives directory will be empty now with the exception of the “lock” file and “partial” folder. Ok so remember when I said we’d cover what to do if we had a special case that required installing something additional that is not in the main repo’s? Well, I’m going to deliver on that promise here. To make this simple, I’m going to install “influxdb” which requires a key to be added and a repo and is NOT part of the main repo’s.
##Things I found I needed, we run slim systems
##Below could have been installed at time of the
##Java install
#apt-get install -y gnupg2 apt-transport-https ca-certificates curl software-properties-common;
##Now lets get installing. This is from the
##InfluxDB install page for your reference :-)
wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - ;
source /etc/os-release
test $VERSION_ID = "7" && echo "deb https://repos.influxdata.com/debian wheezy stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
test $VERSION_ID = "8" && echo "deb https://repos.influxdata.com/debian jessie stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
test $VERSION_ID = "9" && echo "deb https://repos.influxdata.com/debian stretch stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
apt-get update;
apt-get install -y influxdb;
Imagine everything installed. Now it’s time to check that treasure trove in archives and see what we got. This should have given us the .deb file and any other dependencies we didn’t know about.
In this case, I found all that had been downloaded was the “influxdb_1.7.9-1_amd64.deb” file. I’ll copy this over with WinSCP and place it with the other packages in the archives file, but NOT before I note the full name. I will use this when I run the dpkg script later on in the archives folder.
dpkg -i influxdb_1.7.9-1_amd64.deb;
Well, that wraps up this section of prep. In the next post, I’ll show you how you can put this into action.