Stephen Northcutt's picture

First off thanks for the great products. Your hard work is appreciated.  I would like to upgrade my Bugzilla VM to the release of 3.6 but have not found a way to do that. Is there a easy way to upgrade?

Thanks again,


Jeremy Davis's picture

Is there a reason why you wish to upgrade? Is it beacuse there is a new feature you want, or is it because you are concerned about security?

The reason I ask is because if you are new to Linux you may not be aware of how the Linux package management system works. In TKL Bugzilla, the Buzilla program comes from the "repositories" (a big online archive of compatible programs). What this means is that in the interests of stability, all security bugfixes are backported to the old version rather than a new version being added. As an added bonus, TKL appliances are designed to automatically install these security fixes everyday.

Also TKL will be doing an updated release at some time in the relatively near future (I imagine in the next month or 2).

If you want a new feature or you want to upgrade to the current (or newer) version anyway (and can't wait for the new TKL release) then there is no really easy way that I'm aware of. Having said that, a quick google turned up the upgrading Bugzilla section in the documentation and it seems at least somewhat straightforward.

Please ensure that you do some sort of backup prior to upgrade just in case something goes wrong. It sounds like you are using a VM so you may be able to export your current setup or even do some sort of snapshot.

Whether it works or not, it may be useful for others for you to report how you go.

Stephen Northcutt's picture

The main reason is to get some of the new features in 3.6. I would like to try and upgrade it but I am a little new to Linix and wanted to see if anyone has done it yet and had the steps. Which is why Turnkey Linux is so great.

Thanks for the help.

Colby S.'s picture

What are your plans for bugzilla 3.6 now, if any?  My reason to use 3.6 is that when I roll something out I would prefer to use the current release suggested by the software vender, in this case  I want it to last as long as possible so I don't have to upgrade/migrate the system for as long as possible. I see you are using Ubuntu 10.04 LTS on the 11.1 version, why not use current versions on all the software (mysql, apache, bugzilla) for the appliance?

Jeremy Davis's picture

Which is the latest version supplied in the Ubuntu repositories. I doubt that they crrently have any plans to change that.

Unless there are new features available in later releases that you want/need then you are best just to stick with the included version. It should be rock solid stable and automatically receive security updates (although not 100% guaranteed - see below).

Having the latest version of things is not generally the Linux way. Any decision that is made always requires tradeoffs, in this scenario Linux devs tend to prioritise stability, reliability and security over and above the latest and greatest. When released Ubuntu/Debian (and most distros released on a schedule; as opposed to 'rolling release' distros) are designed as a complete ecosystem of OS, programs and scripts that interact together reliably and as expected.

Theoretically you could install any combination of software available in the repos and everything would work nicely, with no conflicts or issues. In practice it's not always that perfect but that is the aim. Once you start introducing software from alternative sources (ie not the standard repos) you start introducing unknowns and you lose the advantages provided by the package management system (such security and stability updates that can be applied automatically, automatic consideration of dependancies and conflicts, etc). In some cases the benifits outweigh these considerations. For example the TKL Moodle appliance uses the upstream v2.0 rather than the pre-packaged 1.9. This is for 2 reasons, firstly the new Moodle version has some significant upgrades and changes that are deemed desirable and secondly the repo provided Moodle package is buggy (one that fell through the testing cracks obviously).

So in relation to Bugzilla, you could update to the latest version but if you do so you will then need to monitor the development of Bugzilla and manually update everytime that a security issue appears. In consulation it is probably worth knowing that the Bugzilla package provided by Ubuntu (as used in the TKL appliance) is in the Universe repository and so is community provided rather than directly provided by Ubuntu/Cannonical. This means that support and updates are provided by the community rather than directly by Ubuntu/Cannonical. This makes the argument against installing from upstream less powerful.

So perhaps there is a good argument for TKL including an upstream installation of Bugzilla v3.6 rather than the Ubuntu supplied version. If so please feel free to provide your argument and perhaps the devs will consider it for the next v11.x release? From casual observation it does look pretty easy to install from upstream and looks quite easy to update from then on.

From the above, the reason for using 'old' versions of software in the TKL appliances should be obvious. This applies particularly for MySQL and Apache (these versions are tried and tested with guaranteed security and stability updates provided by Cannonical until 2015). It makes for a lot less maintenance work by the devs - therefore freeing their energy for new inovations and new appliances. With packages such as these two there needs to be a pretty good argument against them before the devs would consider switching to an upstream installation.

As well as your argument for including the latest version, if you were to provide clear concise steps to installing the new version (or even better still; a TKLPatch) that may encourage the devs to consider an upstream install of the latest version of Bugzilla.

Hope thats of some use to you.

Colby S.'s picture

I wouldn't want you to use the very latest software (bugzilla 3.7 for example).  The fact that the version of mqsql and appache are supported untile 2015 is good.  That is what I am looking for; long term support.  

When I go to bugzilla's site they say they strongly recommend upgrade from 3.2.  See .  

I will try to upgrade your appliance to the latest 3.6 of bugzilla and if time I will report back here if successfull. I think it will still save me time from setting up a machine with bugzilla 3.6 from scratch.

By they way I really appreciate the effort in making this bugzilla virtual appliance.  I was able to deply the OVF in minutes! And was able to set my own passwords too!  I think I am somewhat proficient with linux but it would take me a while to set it up from scratch.  

Jeremy Davis's picture

I'm not sure if the Ubuntu repo version is/has/will be patched so perhaps it may be a better idea for TKL to use the upstream install. Hopefully the devs will come across this post and let us know their intensions.

If you document your upgrade process then at least others could follow your lead and perhaps it will encourage the devs to include it in future releases.

saar.mac's picture

I also want to upgrade, the main reasons are:

1. BZ 4.3 is out there, and has tons of new features/upgrades.


The main thing for me will be to use SMTP by Google within BZ (which is not working in 3.6 (and lower even I think).


are there plans to create a new TKL?

Gareth Pye's picture

As 3.6 is now officially unsupported and no longer receiving security updates the appliance needs some updates to not become a security flaw. It's been clear for a while now that no one appears interested in releasing deb releases for bugzilla of a newer install of bugzilla.

Should we all be abandoning bugzilla as an option?

Jeremy Davis's picture

So even though there may not be upstream support, the Debian package maintainers should continue to backport security fixes to this version for the supported life of Squeeze... (possibly another 6-12 mths?)

But it appears that you are correcct in suggesting that there is no interest in providing debs for later versions. It seems that there is no Bugzilla package in the repos for Debian Wheezy (aka 7 aka stable) or Debian Jessie (aka 8 aka testing).

Although abandoning it altogether is an option, personally I think a better one would be to just install from upstream (as many other appliances do for software that is not packaged). I have noted this on the TKL Issue Tracker against the (still in development) v13 build, see here.

Add new comment