loading...

Upgrading OpenBSD From 6.4 To 6.5

nabbisen profile image Heddi Nabbisen ใƒป6 min read

๐ŸŒฑ Introduction

Last month was a happy month, again, to me as one of the OpenBSD lovers ๐Ÿ™‚

OpenBSD 6.5 was released on 24 April:

This nice artwork by Hans Tseng, Efrain Farias, and Natasha Allegri came together:

OpenBSD 6.5 artwork

I'll show how I upgraded it from 6.4 to 6.5 according to the official upgrade guide in this post โœ๏ธ

๐ŸŒณ Body

Upgrading OpenBSD involves three steps:

  1. Check incompatible changes
    • before upgrading
  2. Upgrade system
  3. Update packages in system
    • after upgrading

Step 1: Check incompatible changes

It may have syntactically incompatible changes with you.
Therefore, it is strongly recommended to validate upgrading before doing.
The OpenBSD project is excellent in documentation as well as specification.
Two of the official release notes listed below tell you what has changes.
If necessary, modify the settings and so on to apply changes after upgrading.

(1) System

Check: Configuration and syntax changes,
in case of using any of:

(2) Packages

Check: Special packages,
in case of using any of:

* Note: Running pkg_info -Q %PKG_NAME% shows if it is installed by printing "(installed)" at the back of each name.

Besides, the whole detailed changelog is here.

Step 2: Upgrade system

We can do it in three partial steps:

  1. Prepare the installer
    • Download the installer, verify it and set it in the root directory
  2. Reboot OS and manage manual boot
  3. Follow the installation program

Step 2-1: Prepare the installer

The installer is provided as ramdisk kernel, named bsd.rd.
Download it first.

There are several files due to architectures.
The file you need will be found in "Get and verify bsd.rd" in the upgrade guide.
Copy the link address to your clipboard.

Open the terminal and run:

$ ftp https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/bsd.rd

* Note: amd64 is my env. It's up to your architecture.

Then, verify it with SHA256.sig, the cryptographically signed checksum file, found in the same page:

$ ftp https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/SHA256.sig

$ signify -C -p /etc/signify/openbsd-65-base.pub -x SHA256.sig bsd.rd
Signature Verified
bsd.rd: OK

If you fail, download the files and try again.

(Optional) Thank you and goodbye, .sig file:

$ rm SHA256.sig

Let's set it in the root directory aka /.
In case of backing up the old installation ramdisk kernel beforehand:

# cp -p /bsd.rd /root/bsd.rd.64

Then, set the new one:

# mv ./bsd.rd /

(Optional) If you host some service which people use, you might have to stop it in a timely manner:

# rcctl stop {httpd,smtpd}

Step 2-2: Reboot OS and manage manual boot

Reboot OS with the display on.
The display example here is CloudSigma's VNC console.

# reboot

As soon as the display shows "boot>", type something in order to stop booting.
Then, run bsd.rd (or boot /bsd.rd).

manual boot

Step 2-3: Follow the installation program

The installation program will begin.
Choose (U)pgrade and follow the questions.
The upgrading menus are almost the same to those of the installation.

upgrade menu

Look at the OpenBSD version.
It's 6.5!

You will be asked which of the files sets are to be installed as usual ๐Ÿ˜€
Finishing it and rebooting will bring the new OS for you.

Step 3: Update packages in system

There are files to remove:

# rm /usr/include/openssl/asn1_mac.h

# rm /usr/bin/c2ph \
    /usr/bin/pstruct \
    /usr/libdata/perl5/Locale/Codes/API.pod \
    /usr/libdata/perl5/Module/CoreList/TieHashDelta.pm \
    /usr/libdata/perl5/Unicode/Collate/Locale/bg.pl \
    /usr/libdata/perl5/Unicode/Collate/Locale/fr.pl \
    /usr/libdata/perl5/Unicode/Collate/Locale/ru.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Cham.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Ethi.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Hebr.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Hmng.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Khar.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Khmr.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Lana.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Lao.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Talu.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Tibt.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Xsux.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Zzzz.pl \
    /usr/share/man/man1/c2ph.1 \
    /usr/share/man/man1/pstruct.1 \
    /usr/share/man/man3p/Locale::Codes::API.3p

Then, make sure all patches are applied to the system:

# syspatch

So, it's time to update packages via pkg_add -u.
Take care of its logging:

  • "Error ..."
  • "Remember to update ..."
  • "You should also run ..."
  • "You may wish ..."
# pkg_add -u
The following new rcscripts were installed: /etc/rc.d/php71_fpm
See rcctl(8) for details.
New and changed readme(s):
    /usr/local/share/doc/pkg-readmes/php-7.1
    /usr/local/share/doc/pkg-readmes/php-7.2
    /usr/local/share/doc/pkg-readmes/roundcubemail
--- -certbot-0.27.1 -------------------
You should also run rm -rf /var/log/certbot/*
--- -clamav-0.100.2 -------------------
You should also run rm -fr /var/db/clamav/*
You should also run rm -fr /var/spool/clamav/*
You should also run rm -fr /var/clamav/quarantine/*
You should also run rm -fr /var/clamav/tmp/*
You should also check /etc/clamd.conf (which was modified)
You should also check /etc/freshclam.conf (which was modified)
--- -clamav-unofficial-sigs-4.9.2p2 -------------------
You should also run rm -rf /var/db/clamav-unofficial-sigs/*
--- -cyrus-sasl-2.1.26p25 -------------------
You should also run rm -rf /var/sasl2/*
--- -dkimproxy-1.4.1p1 -------------------
You should also check /etc/dkimproxy_out.conf (which was modified)
--- -dovecot-2.2.36p0 -------------------
You should also run rm -rf /var/dovecot/*
You should also check /etc/dovecot/conf.d/10-auth.conf (which was modified)
You should also check /etc/dovecot/conf.d/10-logging.conf (which was modified)
You should also check /etc/dovecot/conf.d/10-mail.conf (which was modified)
You should also check /etc/dovecot/conf.d/10-ssl.conf (which was modified)
You should also check /etc/dovecot/conf.d/auth-passwdfile.conf.ext (which was modified)
You should also check /etc/dovecot/conf.d/auth-static.conf.ext (which was modified)
You should also check /etc/dovecot/dovecot.conf (which was modified)
Remember to update /etc/ssl/dovecotcert.pem
Remember to update /etc/ssl/private/dovecot.pem
--- -libxml-2.9.8p0 -------------------
Remember to update /var/db/xmlcatalog
--- -php-7.0.32p1 -------------------
You should also run rm -f /etc/php-7.0/php-7.0.sample/*
You should also check /etc/php-fpm.conf (which was modified)
--- -php-7.2.10 -------------------
You should also run rm -f /etc/php-7.2/php-7.2.sample/*
You should also check /etc/php-7.2.ini (which was modified)
--- -roundcubemail-1.3.7p1 -------------------
You should also run rm -rf /var/www/roundcubemail/logs/*
You should also check /var/www/roundcubemail/config/config.inc.php (which was modified)
--- +fish-3.0.0 -------------------
You may wish to add /usr/local/share/fish/man to /etc/man.conf
--- +zip-3.0p1 -------------------
Error deleting directory /etc/php-7.0: Directory not empty
status: Subcommand 'current-command' is not valid

So long, pho-7.0 ! (Thank you for your 3 years.)

๐ŸŒพ Conclusion

Thus I upgraded my OpenBSD 6.4 -> 6.5.
It works fine today as well โœจ๐Ÿกโœจ

By the way, if you need to upgrade from 6.3 to 6.5, you can do it by upgrading 6.3 -> 6.4 at first and then 6.4 -> 6.5.

In the end, I'm looking forward to meeting sysupgrade maybe half a year later... ๐Ÿ˜Š

Thank you for your reading.
I wish your happy life with Puffy ๐Ÿ˜Ž

Posted on by:

nabbisen profile

Heddi Nabbisen

@nabbisen

An ICT designer/developer and a security monk. "With a cool brain and a warm heart", I am challenging unsolved problems in our society. I use OpenBSD/Rust/etc.

Discussion

markdown guide