End of Debian Jessie support is on October 1st 2020

zebambam · September 15, 2020, 9:18pm

We are ending support for the older and out-of-support “Jessie” distribution of Debian, and removing packages for that OS from our apt repository on October 1st 2020.

Please be aware that Jessie users who do not upgrade will experience an End Of Service halt of zcashd, version 3.1.0 will EOS halt at block height 1046024, near the end of October.

To install the latest version 4.0.0 zcashd debian package from ECC, please upgrade your base OS to debian “Stretch” or “Buster” and follow the installation instructions here Zcashd Debian Package Installation Instructions..

NOTE: If you are using “stretch” or “buster” already, and you are pointing at the “jessie” repo at apt.z.cash, now is a good time to update that file to point to the “stretch” repo instead. Our docs have recently been updated to reflect this change.

BostonZcash · September 9, 2020, 6:06pm

Thanks for the head’s up.

FYI, if you must stay on Ubuntu 16.04 (or presumably Debian Jessie), you can do this to remain compatible with zcashd v4.0.0:

sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test
sudo apt update
sudo apt install -y gcc-4.9
sudo apt install -y --only-upgrade libstdc++6

zebambam · September 9, 2020, 8:29pm

Hey BostonZcash, everyone. I don’t recommend continuing to run an operating system that is not receiving security updates. That’s definitely an anti-pattern.

BostonZcash · September 9, 2020, 8:55pm

Agreed, however, Ubuntu 16.04 LTS has general support until 2021-04, and extended security support is available until 2024-04, so this OS is receiving security updates.

zebambam · September 15, 2020, 9:11pm

Ah right yes, good point. Regular support for that OS is available for another seven months. I wonder how many users are in that predicament, or how many users are likely to pay the something like 750 dollars per server after the end of the seven months to receive the ESM.

LTS releases from Ubuntu have a life of about five years, meaning that 16.04 is about 90% of the way through its life.

Part of the difficulty of working in this culture is that I have absolutely no idea who is on what OS, how the software is being used in the field etc. We have some idea of node versions on the network from peer chatting with them but other than that we don’t collect any type of user statistics anonymized or otherwise that’s helpful in making these decisions.

In the absence of that and in the presence of knowing that many users of other products expect vendors to make sure they’re doing the right thing only by following our instructions, I haven’t yet found a way of support make a package compatible with Ubuntu 16.04 for the few months left in it’s regular security life.

Personally I would recommend moving from LTS version to LTS version on a regular cadence as part of normal system operations and maintenance.

There’s a thread going on about it internally though. I’ll come back here when we’ve got something concrete, probably closer to the time.

In the meantime my recommendation is to try to stay ahead of the deprecation curve and run an OS with more than a year left in its security updates, or perhaps adopt a new LTS version around a year after it is made available. That way there’s a buffer for testing etc… if there are problems.

zebambam · September 15, 2020, 9:38pm

Okay, it looks to me like your workaround should allow Ubuntu 16.04 LTS users to continue to use the Debian packages that we put out, intended for stretch and buster until it’s deprecation. Thanks for your help.

I recommend not using Debian Jessie because it no longer receives OS security updates, and cryptocurrency software is certainly an application that requires a secure base OS.

zebambam · October 1, 2020, 5:35pm

Today is October 1st and I just made the change to remove access to Jessie packages via apt.z.cash.

If you are running an outdated OS, please upgrade your entire OS and then install zcash according to the instructions here: Zcashd Debian Package Installation Instructions.

Users of supported OSes but configured on the old repo, please upgrade your zcash sources.list entry to point to “stretch” instead of “jessie”.

If you haven’t yet done that, you should be able to see the new packages in an “apt update” as I added an HTTP redirect to the new location, although Buster users will be prevented from automatically upgrading because of the change in received vs. expected package metadata. You shouldn’t rely on that behavior though, as it will eventually go away too, you should change your apt sources to point to stretch.

Relevant apt output that people might be searching for to find this page:

(expected jessie but got stretch)

N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

The following packages have unmet dependencies:
zcash : Depends: libstdc++6 (>= 6) but 4.9.2-10+deb8u2 is to be installed
E: Unable to correct problems, you have held broken packages.