Skip to main content Logo (IEC resistor symbol)logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

Raspberry Pi unattended upgrade Raspbian to Debian Testing

Published: 27-07-2016 | Author: Remy van Elst | Text only version of this article

Table of Contents

I'm working on a Nitrokey/SmartCard-HSM cluster article and therefore I neededthree identical computers. The current version of Raspbian (2016-05-27) is basedon Debian Jessie and comes with a version of OpenSC that is too old (0.14) towork with the Nitrokey/SmartCard-HSM. Since there is no Ubuntu 16.04 officialimage yet I decided to upgrade Raspbian to Debian Testing. Since I don't want toanswer yes to any config file changes or service restarts I figured out how todo an unattended dist-upgrade.

The 3-Pi HSM cluster to be used for the cluster articles

If you like this article, consider sponsoring me by trying out a Digital OceanVPS. With this link you'll get $100 credit for 60 days). (referral link)

The Nitrokey HSM is an open hardware and open software device. It is a USBversion of the SmartCard-HSM. Both the SmartCard-HSM as the NitrokeyHSM have sources available and are fully supported by the OpenSCproject.

I have multiple articles on the Nitrokey HSM/SmartCard-HSM. I alsohave a lot of professional experience with large expensive HSM hardware.

ARM repositories

Since Raspbian is a fork of Debian I first checked if there were any testingrepositories in the mirrors and as it turns out, there are. Sincethe current version ships with OpenSC 0.14 and there is a 0.16 package inthe repo here I suspected that that was the testing package. Installing iton Jessie failed however, so a dist-upgrade it was.


A regular repository change in sources.list and a dist-upgrade are veryinteractive. It involves manual editing and the apt upgrade asks a lot ofquestions, for example, retain a config file, restart services, changelogs, etc.Since I tend to reinstall Pi SD cards often I don't want to do that manualprocess every time. So here are the commands to do an unattended upgrade totesting. Which in my case works the 7 times I tried now, without askingquestions. Do note that in your case it might hose your Pi and destroy all dataand projects on it, so make sure you have a tested working backup.

Place this in a file named

# vim Remove any third party sourcesrm -rf /etc/apt/sources.list.d/*# Change te repo'ssed -i -e 's/jessie/testing/g' /etc/apt/sources.list# Update package listsapt-get update## UPGRADE ALL THE THINGS!!!DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get -q -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" dist-upgrade# Remove no longer needed packagesDEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get -q -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" autoremove --purge# FINISH HIMreboot

Save it and then run it to start the upgrade:

bash ./

Debian upgrade, unattended explanation

Debian packages can prompt a user during install to generate customconfiguration, or in the case of MySQL, set a root password. It can also havemessages with different priorities. The critical priority is (almost) neverused so it won't prompt you. The noninteractive frontend tells the terminalthat you're not able to answer any questions.

The two Dpkg::Options mean the following:

If you supply --force-confnew instead of --force-confold it will overwriteany changes by the new config file.

If you want to install a package unattended you know will ask questions (likeMySQL), then you can use debconf to set the answer to those questionsbeforehand (scriptable, yay). In the case of MySQL on 12.04:

echo mysql-server-5.5 mysql-server/root_password password P@ssw0rd | debconf-set-selectionsecho mysql-server-5.5 mysql-server/root_password_again password P@ss0wrd | debconf-set-selections

You can view all possible selections (questions) with the debconf-get-selections command:

debconf-get-selections | grep mysql-server


mysql-server-5.5  mysql-server/root_password_again  password  mysql-server-5.5  mysql-server/root_password  password  mysql-server-5.5  mysql-server/error_setting_password error mysql-server-5.5  mysql-server-5.5/postrm_remove_databases  boolean falsemysql-server-5.5  mysql-server-5.5/start_on_boot  boolean true

If debconf is not installed, the package debconf-utils provides it.

Tags: blog, debian, hsm, nitrokey, raspberry-pi, raspbian, smartcard-hsm