Skip to main content

Corellium Ubuntu 24.04 Upgrade

This package will upgrade your Corellium Server Appliance to Ubuntu 24.04. This delicate process involves removing, replacing, and upgrading many system packages. We recommend you remove any manually installed packages before running this script. We make reasonable attempts to remove packages that do not have a suitable update in the offline cache.

Please make sure all the VMs/devices on the machine are shutdown before continuing with the upgrade.

Assisted Upgrades

Please contact your customer representative if you would prefer assistance from Corellium staff through your upgrade process. We can schedule a video call with our Support Team to guide you through the process and answer any questions.

Getting Help

If at any time during this process you encounter an error, please reach out to your customer representative and we will evaluate the issue. Just remember, we can diagnose issues more quickly if you are able to share logs from the upgrade process.

Getting Started

  1. Download the upgrade package from your Corellium files portal.

  2. Extract the upgrade package.

    tar -xf ubuntu-24-upgrade.xz

  3. Change directory to ubuntu-24-upgrade.

    cd ubuntu-24-upgrade

  4. Inspect the contents of the archive.

    ubuntu-24-upgrade/
      ├─ 18-etc/             # legacy Ubuntu 18 apt configuration
      ├─ 18-cache/           # legacy apt cache for arm64 servers
      ├─ 24-etc/             # new Ubuntu 24 apt configuration
      ├─ 24-cache/           # new apt cache for amd64 servers
      ├─ shared-cache/       # shared apt cache for sources used by both 18 and 24
      ├─ README.md           # This README file
      ├─ remote-upgrade.sh   # Use this script to upgrade remote server(s)
      └─ upgrade.sh          # Use this script to upgrade current server

  5. Decide how you would like to perform the upgrade.

    1. Remote Upgrade - Suitable for unassisted, hands free, upgrades of combined and multi-node clusters.

    2. Local Update - Suitable when you do not have another macOS or linux host to run the process.

i. Remote Upgrade

You must run this process for each node in your cluster

Note for macOS Users

Mac users must ensure the timeout command is available on their system. If timeout is not recognized in your terminal, you can install it by adding the coreutils package:

brew install coreutils

  1. Ensure you can connect to the server using a key.

    ssh -oBatchMode=yes -q root@<your-corellium-server> echo "Access Granted" || echo "Access Denied"

    If you see "Access Granted", you are ready to continue to the next step, otherwise create and add your key to the server.

  2. Run the Remote upgrade script. (linux/macOS)

    ./remote-upgrade.sh <your-corellium-server>

  3. Please be patient it may take a while your Corellium Server Appliance updates to Ubuntu 24.

    • Retain Virtual Device and User data,
    • Uninstall Corellium packages and dependencies,
    • Reboot,
    • Uninstall Ubuntu 18 and package dependencies,
    • Install Ubuntu 24 and package dependencies,
    • Reboot

  4. You will see an Upgrade Complete status message when the process completes.

  5. Now continue by installing Corellium 7.0.0.

  6. Enjoy your modernized Corellium Appliance!

Sample output of a remote upgrade

Waiting for server... (this may take up to 10 minutes).
Copying upgrade package to server...
Checking Stage 1...
<> Removing Corellium packages
<> Removing CHARM Kernel
<> Removing any unexpected packages
Waiting for server... (this may take up to 10 minutes).
Checking Stage 2...
<> Removing Corellium packages
<> Removing CHARM Kernel
<> Preparing updated apt cache
<> Disabling system APT sources
<> Managing package conflicts
<> Removing package hold/pins
<> Installing libc6
<> Installing Ubuntu 24.04 packages
<> Installing updated kernel
<> Migrating network interfaces
<> Installing libgcc-s1
<> Setting system apt to use Ubuntu 24 Upgrade Cache until corellium is installed
<> Installing GPU Drivers
Waiting for server... (this may take up to 10 minutes).
Removing temporary upgrade files
Your server upgrade is complete! Please install Corellium.

ii. Local Upgrade

  1. Copy the installer to the system.

    For example, using rsync.

    rsync -va ubuntu-24-upgrade/ root@<your-corellium-server>:/usr/share/corellium/ubuntu-24-upgrade

  2. Connect to the system via SSH.

    ssh root@<your-corellium-server>

  3. Navigate to the ubuntu-24-upgrade directory.

    cd /usr/share/corellium/ubuntu-24-upgrade/

  4. Start the upgrade process

    ./upgrade.sh

  5. Wait while Corellium is uninstalled, the server will restart automatically.

  6. Wait for the server to restart. Note: this can take up to 10 minutes.

  7. Connect to the system via SSH.

    ssh root@<your-corellium-server>

  8. Navigate to the ubuntu-24-upgrade directory.

    cd /usr/share/corellium/ubuntu-24-upgrade/

  9. Start the 2nd stage of the upgrade process.

    ./upgrade.sh

  10. Wait while Ubuntu 24 is installed, the server will restart automatically.

  11. Wait for the server to restart. Note: this can take up to 10 minutes.

Recovery and Troubleshooting

Stuck on boot at initramfs prompt

Try the following if you are stuck at (initramfs)

  1. reboot -f
  2. select Advanced Options in grub menu
  3. Boot older kernel
  4. depmod -a 6.8.0-40-generic && update-initramfs -k 6.8.0-40-generic -u
  5. reboot

AppArmor audit messages

This message is an expected behavior and not an issue. For further details, please see the AppArmor documentation.

[   14.638574] audit: type=1400 audit(1728494753.814:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="ch-checkns" pid=1386 comm="apparmor_parser"
[   14.638665] audit: type=1400 audit(1728494753.814:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="busybox" pid=1384 comm="apparmor_parser"
[   14.638758] audit: type=1400 audit(1728494753.814:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="epiphany" pid=1393 comm="apparmor_parser"
[   14.638877] audit: type=1400 audit(1728494753.815:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="Discord" pid=1378 comm="apparmor_parser"
[   14.638969] audit: type=1400 audit(1728494753.815:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name=4D6F6E676F444220436F6D70617373 pid=1379 comm="apparmor_parser"
[   14.639073] audit: type=1400 audit(1728494753.815:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="buildah" pid=1383 comm="apparmor_parser"
[   14.639196] audit: type=1400 audit(1728494753.815:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="brave" pid=1382 comm="apparmor_parser"
[   14.639292] audit: type=1400 audit(1728494753.815:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="crun" pid=1390 comm="apparmor_parser"
[   14.639386] audit: type=1400 audit(1728494753.815:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="1password" pid=1377 comm="apparmor_parser"
[   14.639498] audit: type=1400 audit(1728494753.815:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="ch-run" pid=1387 comm="apparmor_parser"

First Stage Sample Output

This is a sample of the output from the first stage of the upgrade process to give you an idea of the commands and output to expect. The upgrade process is designed to handle many situations, so do not be alarmed if you see error messages in the output.

./upgrade.sh

=======================================================================
                  Corellium Ubuntu 24.04 Upgrade
=======================================================================

This script will upgrade your system to Ubuntu 24.04. This is a
delicate process that involves removing, replacing, and upgrading many
system packages.

We recommend you remove any manually installed packages before running
this script. We make reasonable attempts to remove packages that do
not have a suitable update in the offline cache.

To continue, press [y]y
See you on the other side.
++ dpkg-query -Wf '${Version}\n' corellium-combined
+ CORELLIUM_VERSION=6.6.2-24788
+ '[' x6.6.2-24788 '!=' x ']'
+ echo '<> Removing Corellium packages'
<> Removing Corellium packages
+ apt remove --yes --allow-remove-essential corellium-combined
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'corellium-combined' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+ echo '<> Removing CHARM Kernel'
<> Removing CHARM Kernel
+ '[' -f /boot/charm-vmlinuz-5.3.18 ']'
+ '[' x6.6.2-24788 '!=' x ']'
+ echo '<> Removing Installer preparation'
<> Removing Installer preparation
+ DEBIAN_FRONTEND=noninteractive
+ apt remove -fy software-properties-common curl gdebi-core apt-transport-https ncurses-term
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'gdebi-core' is not installed, so not removed
Package 'curl' is not installed, so not removed
Package 'ncurses-term' is not installed, so not removed
Package 'software-properties-common' is not installed, so not removed
Package 'apt-transport-https' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+ DEBIAN_FRONTEND=noninteractive
+ apt autoremove -fy
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+ DEBIAN_FRONTEND=noninteractive
+ apt-get purge libegl1-mesa
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'libegl1-mesa' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+ DEBIAN_FRONTEND=noninteractive
+ apt-get purge --allow-remove-essential --yes apport chrony cloud-init irqbalance network-manager ntp ntpdate prometheus-node-exporter resolvconf usbmuxd
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'prometheus-node-exporter' is not installed, so not removed
Package 'apport' is not installed, so not removed
Package 'chrony' is not installed, so not removed
Package 'cloud-init' is not installed, so not removed
Package 'irqbalance' is not installed, so not removed
Package 'network-manager' is not installed, so not removed
Package 'usbmuxd' is not installed, so not removed
Package 'ntp' is not installed, so not removed
Package 'ntpdate' is not installed, so not removed
Package 'resolvconf' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+ apt-get purge --allow-remove-essential --yes ureadahead
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'ureadahead' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+ REBOOT_DELAY=30s
++ uname -r
+ dpkg --compare-versions 5.3.18 lt 5.4.0
+ set +x
Sourcing file `/etc/default/grub'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.4.0-150-generic
Found initrd image: /boot/initrd.img-5.4.0-150-generic
lsblk: /dev/mapper/stack--volumes-_snapshot--27cb48b2--1e6e--4c79--b0df--519fbb502846: not a block device
lsblk: /dev/mapper/stack--volumes-_snapshot--d958b53b--dc28--47fb--9871--060b7654c399: not a block device
Adding boot menu entry for EFI firmware configuration
done
REBOOT (1 of 2): Corellium software and kernel successfully removed. Rebooting in 30s to perform OS Upgrade
Press ctrl-c to exit the script and manually inspect the system. Manually reboot with 'shutdown -r now' when ready
After reboot, please run ./upgrade.sh again to continue the OS Upgrade.