DEV Community

loading...

Upgrading OpenBSD From 6.4 To 6.5

nabbisen profile image Heddi Nabbisen ・6 min read

🌱 Introduction

Last month was a happy month, again, to me as one of the OpenBSD lovers πŸ™‚

OpenBSD 6.5 was released on 24 April:

This nice artwork by Hans Tseng, Efrain Farias, and Natasha Allegri came together:

OpenBSD 6.5 artwork

I'll show how I upgraded it from 6.4 to 6.5 according to the official upgrade guide in this post ✍️

🌳 Body

Upgrading OpenBSD involves three steps:

  1. Check incompatible changes
    • before upgrading
  2. Upgrade system
  3. Update packages in system
    • after upgrading

Step 1: Check incompatible changes

It may have syntactically incompatible changes with you.
Therefore, it is strongly recommended to validate upgrading before doing.
The OpenBSD project is excellent in documentation as well as specification.
Two of the official release notes listed below tell you what has changes.
If necessary, modify the settings and so on to apply changes after upgrading.

(1) System

Check: Configuration and syntax changes,
in case of using any of:

(2) Packages

Check: Special packages,
in case of using any of:

* Note: Running pkg_info -Q %PKG_NAME% shows if it is installed by printing "(installed)" at the back of each name.

Besides, the whole detailed changelog is here.

Step 2: Upgrade system

We can do it in three partial steps:

  1. Prepare the installer
    • Download the installer, verify it and set it in the root directory
  2. Reboot OS and manage manual boot
  3. Follow the installation program

Step 2-1: Prepare the installer

The installer is provided as ramdisk kernel, named bsd.rd.
Download it first.

There are several files due to architectures.
The file you need will be found in "Get and verify bsd.rd" in the upgrade guide.
Copy the link address to your clipboard.

Open the terminal and run:

$ ftp https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/bsd.rd
Enter fullscreen mode Exit fullscreen mode

* Note: amd64 is my env. It's up to your architecture.

Then, verify it with SHA256.sig, the cryptographically signed checksum file, found in the same page:

$ ftp https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/SHA256.sig

$ signify -C -p /etc/signify/openbsd-65-base.pub -x SHA256.sig bsd.rd
Signature Verified
bsd.rd: OK
Enter fullscreen mode Exit fullscreen mode

If you fail, download the files and try again.

(Optional) Thank you and goodbye, .sig file:

$ rm SHA256.sig
Enter fullscreen mode Exit fullscreen mode

Let's set it in the root directory aka /.
In case of backing up the old installation ramdisk kernel beforehand:

# cp -p /bsd.rd /root/bsd.rd.64
Enter fullscreen mode Exit fullscreen mode

Then, set the new one:

# mv ./bsd.rd /
Enter fullscreen mode Exit fullscreen mode

(Optional) If you host some service which people use, you might have to stop it in a timely manner:

# rcctl stop {httpd,smtpd}
Enter fullscreen mode Exit fullscreen mode

Step 2-2: Reboot OS and manage manual boot

Reboot OS with the display on.
The display example here is CloudSigma's VNC console.

# reboot
Enter fullscreen mode Exit fullscreen mode

As soon as the display shows "boot>", type something in order to stop booting.
Then, run bsd.rd (or boot /bsd.rd).

manual boot

Step 2-3: Follow the installation program

The installation program will begin.
Choose (U)pgrade and follow the questions.
The upgrading menus are almost the same to those of the installation.

upgrade menu

Look at the OpenBSD version.
It's 6.5!

You will be asked which of the files sets are to be installed as usual πŸ˜€
Finishing it and rebooting will bring the new OS for you.

Step 3: Update packages in system

There are files to remove:

# rm /usr/include/openssl/asn1_mac.h

# rm /usr/bin/c2ph \
    /usr/bin/pstruct \
    /usr/libdata/perl5/Locale/Codes/API.pod \
    /usr/libdata/perl5/Module/CoreList/TieHashDelta.pm \
    /usr/libdata/perl5/Unicode/Collate/Locale/bg.pl \
    /usr/libdata/perl5/Unicode/Collate/Locale/fr.pl \
    /usr/libdata/perl5/Unicode/Collate/Locale/ru.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Cham.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Ethi.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Hebr.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Hmng.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Khar.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Khmr.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Lana.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Lao.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Talu.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Tibt.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Xsux.pl \
    /usr/libdata/perl5/unicore/lib/Sc/Zzzz.pl \
    /usr/share/man/man1/c2ph.1 \
    /usr/share/man/man1/pstruct.1 \
    /usr/share/man/man3p/Locale::Codes::API.3p
Enter fullscreen mode Exit fullscreen mode

Then, make sure all patches are applied to the system:

# syspatch
Enter fullscreen mode Exit fullscreen mode

So, it's time to update packages via pkg_add -u.
Take care of its logging:

  • "Error ..."
  • "Remember to update ..."
  • "You should also run ..."
  • "You may wish ..."
# pkg_add -u
The following new rcscripts were installed: /etc/rc.d/php71_fpm
See rcctl(8) for details.
New and changed readme(s):
    /usr/local/share/doc/pkg-readmes/php-7.1
    /usr/local/share/doc/pkg-readmes/php-7.2
    /usr/local/share/doc/pkg-readmes/roundcubemail
-------- -certbot-0.27.1 -------------------
You should also run rm -rf /var/log/certbot/*
-------- -clamav-0.100.2 -------------------
You should also run rm -fr /var/db/clamav/*
You should also run rm -fr /var/spool/clamav/*
You should also run rm -fr /var/clamav/quarantine/*
You should also run rm -fr /var/clamav/tmp/*
You should also check /etc/clamd.conf (which was modified)
You should also check /etc/freshclam.conf (which was modified)
-------- -clamav-unofficial-sigs-4.9.2p2 -------------------
You should also run rm -rf /var/db/clamav-unofficial-sigs/*
-------- -cyrus-sasl-2.1.26p25 -------------------
You should also run rm -rf /var/sasl2/*
-------- -dkimproxy-1.4.1p1 -------------------
You should also check /etc/dkimproxy_out.conf (which was modified)
-------- -dovecot-2.2.36p0 -------------------
You should also run rm -rf /var/dovecot/*
You should also check /etc/dovecot/conf.d/10-auth.conf (which was modified)
You should also check /etc/dovecot/conf.d/10-logging.conf (which was modified)
You should also check /etc/dovecot/conf.d/10-mail.conf (which was modified)
You should also check /etc/dovecot/conf.d/10-ssl.conf (which was modified)
You should also check /etc/dovecot/conf.d/auth-passwdfile.conf.ext (which was modified)
You should also check /etc/dovecot/conf.d/auth-static.conf.ext (which was modified)
You should also check /etc/dovecot/dovecot.conf (which was modified)
Remember to update /etc/ssl/dovecotcert.pem
Remember to update /etc/ssl/private/dovecot.pem
-------- -libxml-2.9.8p0 -------------------
Remember to update /var/db/xmlcatalog
-------- -php-7.0.32p1 -------------------
You should also run rm -f /etc/php-7.0/php-7.0.sample/*
You should also check /etc/php-fpm.conf (which was modified)
-------- -php-7.2.10 -------------------
You should also run rm -f /etc/php-7.2/php-7.2.sample/*
You should also check /etc/php-7.2.ini (which was modified)
-------- -roundcubemail-1.3.7p1 -------------------
You should also run rm -rf /var/www/roundcubemail/logs/*
You should also check /var/www/roundcubemail/config/config.inc.php (which was modified)
-------- +fish-3.0.0 -------------------
You may wish to add /usr/local/share/fish/man to /etc/man.conf
-------- +zip-3.0p1 -------------------
Error deleting directory /etc/php-7.0: Directory not empty
status: Subcommand 'current-command' is not valid
Enter fullscreen mode Exit fullscreen mode

So long, pho-7.0 ! (Thank you for your 3 years.)

🌾 Conclusion

Thus I upgraded my OpenBSD 6.4 -> 6.5.
It works fine today as well ✨🐑✨

By the way, if you need to upgrade from 6.3 to 6.5, you can do it by upgrading 6.3 -> 6.4 at first and then 6.4 -> 6.5.

In the end, I'm looking forward to meeting sysupgrade maybe half a year later... 😊

Thank you for your reading.
I wish your happy life with Puffy 😎

Discussion (0)

Forem Open with the Forem app