Keycloak 26 doesn't support postgesql-11 any longer. One idea is to backport postgesql-15 from Debian Bookworm (UCS 5.2) to 5.0-9, but if we do that we need to ensure that: * the postgresql migration works (ideally via diagnostic module) * if we don't do a forced migration but e.g. via diagnostic module, then we have a transition phase, where we need to ensure that the new postgresql-common (248) works with the old postgresql-11 * the update from 5.0-9 to 5.2-0 works (via 5.1-0 / Debian bullseye)
ucs-patches: 3dbacdadb | Backport postgresql-common from Debian bookworm to UCS 5.0-9 1007078b9 | fixup! Backport postgresql-common from Debian bookworm to UCS 5.0-9 420ee0877 | fixup! Backport postgresql-common from Debian bookworm to UCS 5.0-9 370a22770 | fixup! Backport postgresql-common from Debian bookworm to UCS 5.0-9 Package: postgresql-common Version: 248A~5.0.0.202412021632 Branch: 5.0-0 Scope: errata5.0-9 fc621856b | Backport libzstd from Debian bullseye to UCS 5.0-9 900af8ea9 | Backport libzstd from Debian bullseye to UCS 5.0-9 Package: libzstd Version: 1.4.8+dfsg-2.1A~5.0.0.202412021701 Branch: 5.0-0 Scope: errata5.0-9 3fa91ab8b | Backport postgresql-15 from Debian bookworm to UCS 5.0-9 e39403296 | fixup! Backport postgresql-15 from Debian bookworm to UCS 5.0-9 Package: postgresql-15 Version: 15.8-0+deb12u1A~5.0.0.202412021725 Branch: 5.0-0 Scope: errata5.0-9 Merge request for metapackage univention-postgresql-15: * https://git.knut.univention.de/univention/ucs/-/merge_requests/1306 We also may need to adjust the migration guide: * https://help.univention.com/t/updating-from-postgresql-11-to-postgresql-15/22162 And I guess we need to backport also to UCS 5.1-0, at least the metapackage, otherwise I guess we may have issues with a non.starting postgresql-15 breaking the update.
a377b9cf4 | Disable message about postgresql-11. In UCS 5.0-9 postgresql-11 is still supported. 9fb35d262 | fixup broken patch syntax (last empty line dropped) Package: postgresql-common Version: 248A~5.0.0.202412031320 Branch: 5.0-0 Scope: errata5.0-9
aa24086f61d | Backport postgresql-15 bafe94f1faa | fix(pkgdb) for postgresql-15 63e06d527e0 | Add metapackage univention-postgresql-15 ea27995ec90 | Advisories Package: univention-appcenter Version: 9.0.13-2 Branch: 5.0-0 Scope: errata5.0-9 Package: univention-pkgdb Version: 13.0.8-2 Branch: 5.0-0 Scope: errata5.0-9 Package: univention-postgresql Version: 12.0.9-2 Branch: 5.0-0 Scope: errata5.0-9
OK QA But not verified as don't want to release this now.
To uncouple an update of univention-appcenter for Bug 57802 I removed this Bug number from the advisory for that package. That update will ship the added UCR templates supporting postgresql-15, but not bring functional changes in this regard yet, which will get activated once we release the postgresql-15 backport done for this Bug in preparation to Keycloak 26. 620a030a8a0 | Unblock Errata release for Bug #57802
> repo_admin.py --cherrypick --release 5.2-0 --source "" --releasedest 5.0-0 --dest errata5.0-9 --package postgresql-15 A patch has been found and merged Cherry picked package postgresql-15[173354] version 15.10-0+deb12u1 from 5.2[85]/[0] to 5.0[83]/errata5.0-9[703 > ucs-patches# git log --oneline --follow postgresql-15/ucs_5.0-0-errata5.0-9/15.10-0+deb12u1/01_backport_to_buster.patch | tac 3fa91ab8b | Backport postgresql-15 from Debian bookworm to UCS 5.0-9 [...] To mark the backport I used `+deb10u1` like Freexian does it: > build-package-ng -p postgresql-15 -r 5.0 -s errata5.0-9 -v '15.10-0+deb10u1A~5.2.0.202412161512' Package: postgresql-15 Version: 15.10-0+deb10u1A~5.2.0.202412161512 Branch: 5.0-0 Scope: errata5.0-9 ad740087ac2 | Advisories
To make the versioning more consistent and robust for future updates, I've added a patch for debian/changelog which adds the +deb10u1 to remind us: $ git log --oneline 01_backport_to_buster.patch | tac f90b6ca8f | adding patch to new version 6a78eb772 | Adjust version in debian/changelog 5a9cd3048 | fixup! Adjust version in debian/changelog Package: postgresql-15 Version: 15.10-0+deb10u1A~5.0.0.202412161634 Branch: 5.0-0 Scope: errata5.0-9
Package: univention-postgresql Version: 12.0.10-2 Branch: 5.0-0 Scope: errata5.0-10 made postgresql 15 the default
Successful build Package: univention-management-console-module-diagnostic Version: 6.0.11-2 Branch: 5.0-0 Scope: errata5.0-10 fb0e9aed922c09ec8b39702b3af6db0a2f06f352 - fix 67_postgresql_version.py
To backport the security errata from Bug 58115: 4b0684e9e1b | Pin postgresql-15 in 5.1-0 91afd205bf5 | Pin libzstd1 in 5.1-0 too Activated on mirror/testing (and test_mirror) Then: > repo_admin.py --cherrypick --release 5.2-0 --source errata5.2-1 --releasedest 5.0-0 --dest errata5.0-10 --package postgresql-15 A patch has been found and merged Cherry picked package postgresql-15[173888] version 15.12-0+deb12u2 from 5.2[85]/errata5.2-1[715] to 5.0[83]/errata5.0-10[713] To mark the backport I used `+deb10u2` like Freexian does it: > build-package-ng -p postgresql-15 -r 5.0 -s errata5.0-10 -v '15.12-0+deb10u2A~5.0.0.202504011628' 98b9957e3@ucs-patches | patch merged manually Package: postgresql-15 Version: 15.12-0+deb10u2A~5.0.0.202504011628 Branch: 5.0-0 Scope: errata5.0-10 f97265ca065@5.0-10 | Advisory version
change default password encryption for postgresql-15 to md5 Successful build Package: univention-pkgdb Version: 13.0.9-2 Branch: 5.0-0 Scope: errata5.0-10 Successful build Package: univention-postgresql Version: 12.0.10-3 Branch: 5.0-0 Scope: errata5.0-10 Successful build Package: univention-appcenter Version: 9.0.14-1 Branch: 5.0-0 Scope: errata5.0-10
As decided on the issue: to avoid complications with subsequent updates to UCS 5.2: aa63b13ace3 | Don't support adjusting the password-encryption to scram-sha-256 in UCS 5.0-x Package: univention-postgresql Version: 12.0.10-4 Branch: 5.0-0 Scope: errata5.0-10 Package: univention-pkgdb Version: 13.0.9-3 Branch: 5.0-0 Scope: errata5.0-10 Package: univention-appcenter Version: 9.0.14-2 Branch: 5.0-0 Scope: errata5.0-10 Additionally Felix did a fixup commit for the preup.sh in 5.1-0: 44e282b3364 | Pin all binary packages for libzstd and postgresql-15
OK - psql 15 OK - update from 5.0 to 5.2 (apt pinning) OK - re-index after update to 5.2
<https://errata.software-univention.de/#/?erratum=5.0x1249> <https://errata.software-univention.de/#/?erratum=5.0x1250> <https://errata.software-univention.de/#/?erratum=5.0x1251> <https://errata.software-univention.de/#/?erratum=5.0x1252> <https://errata.software-univention.de/#/?erratum=5.0x1253> <https://errata.software-univention.de/#/?erratum=5.0x1254> <https://errata.software-univention.de/#/?erratum=5.0x1255>