π± Introduction
Last month was a happy month, again, to me as one of the OpenBSD lovers π
OpenBSD 6.5 was released on 24 April:
This nice artwork by Hans Tseng, Efrain Farias, and Natasha Allegri came together:
I'll show how I upgraded it from 6.4 to 6.5 according to the official upgrade guide in this post βοΈ
π³ Body
Upgrading OpenBSD involves three steps:
- Check incompatible changes
- before upgrading
- Upgrade system
- Update packages in system
- after upgrading
Step 1: Check incompatible changes
It may have syntactically incompatible changes with you.
Therefore, it is strongly recommended to validate upgrading before doing.
The OpenBSD project is excellent in documentation as well as specification.
Two of the official release notes listed below tell you what has changes.
If necessary, modify the settings and so on to apply changes after upgrading.
(1) System
Check: Configuration and syntax changes,
in case of using any of:
(2) Packages
Check: Special packages,
in case of using any of:
- databases/postgresql
- editors/libreoffice
- lang/chicken
- net/dnscrypt-proxy
- net/samba
- security/opendnssec
- sysutils/ansible
- www/gitea
- www/goaccess
* Note: Running pkg_info -Q %PKG_NAME% shows if it is installed by printing "(installed)" at the back of each name.
Besides, the whole detailed changelog is here.
Step 2: Upgrade system
We can do it in three partial steps:
- Prepare the installer
- Download the installer, verify it and set it in the root directory
- Reboot OS and manage manual boot
- Follow the installation program
Step 2-1: Prepare the installer
The installer is provided as ramdisk kernel, named bsd.rd.
Download it first.
There are several files due to architectures.
The file you need will be found in "Get and verify bsd.rd" in the upgrade guide.
Copy the link address to your clipboard.
Open the terminal and run:
$ ftp https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/bsd.rd
* Note: amd64 is my env. It's up to your architecture.
Then, verify it with SHA256.sig, the cryptographically signed checksum file, found in the same page:
$ ftp https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/SHA256.sig
$ signify -C -p /etc/signify/openbsd-65-base.pub -x SHA256.sig bsd.rd
Signature Verified
bsd.rd: OK
If you fail, download the files and try again.
(Optional) Thank you and goodbye, .sig file:
$ rm SHA256.sig
Let's set it in the root directory aka /.
In case of backing up the old installation ramdisk kernel beforehand:
# cp -p /bsd.rd /root/bsd.rd.64
Then, set the new one:
# mv ./bsd.rd /
(Optional) If you host some service which people use, you might have to stop it in a timely manner:
# rcctl stop {httpd,smtpd}
Step 2-2: Reboot OS and manage manual boot
Reboot OS with the display on.
The display example here is CloudSigma's VNC console.
# reboot
As soon as the display shows "boot>", type something in order to stop booting.
Then, run bsd.rd (or boot /bsd.rd).
Step 2-3: Follow the installation program
The installation program will begin.
Choose (U)pgrade and follow the questions.
The upgrading menus are almost the same to those of the installation.
Look at the OpenBSD version.
It's 6.5!
You will be asked which of the files sets are to be installed as usual π
Finishing it and rebooting will bring the new OS for you.
Step 3: Update packages in system
There are files to remove:
# rm /usr/include/openssl/asn1_mac.h
# rm /usr/bin/c2ph \
/usr/bin/pstruct \
/usr/libdata/perl5/Locale/Codes/API.pod \
/usr/libdata/perl5/Module/CoreList/TieHashDelta.pm \
/usr/libdata/perl5/Unicode/Collate/Locale/bg.pl \
/usr/libdata/perl5/Unicode/Collate/Locale/fr.pl \
/usr/libdata/perl5/Unicode/Collate/Locale/ru.pl \
/usr/libdata/perl5/unicore/lib/Sc/Cham.pl \
/usr/libdata/perl5/unicore/lib/Sc/Ethi.pl \
/usr/libdata/perl5/unicore/lib/Sc/Hebr.pl \
/usr/libdata/perl5/unicore/lib/Sc/Hmng.pl \
/usr/libdata/perl5/unicore/lib/Sc/Khar.pl \
/usr/libdata/perl5/unicore/lib/Sc/Khmr.pl \
/usr/libdata/perl5/unicore/lib/Sc/Lana.pl \
/usr/libdata/perl5/unicore/lib/Sc/Lao.pl \
/usr/libdata/perl5/unicore/lib/Sc/Talu.pl \
/usr/libdata/perl5/unicore/lib/Sc/Tibt.pl \
/usr/libdata/perl5/unicore/lib/Sc/Xsux.pl \
/usr/libdata/perl5/unicore/lib/Sc/Zzzz.pl \
/usr/share/man/man1/c2ph.1 \
/usr/share/man/man1/pstruct.1 \
/usr/share/man/man3p/Locale::Codes::API.3p
Then, make sure all patches are applied to the system:
# syspatch
So, it's time to update packages via pkg_add -u.
Take care of its logging:
- "
Error ..." - "
Remember to update ..." - "
You should also run ..." - "
You may wish ..."
# pkg_add -u
The following new rcscripts were installed: /etc/rc.d/php71_fpm
See rcctl(8) for details.
New and changed readme(s):
/usr/local/share/doc/pkg-readmes/php-7.1
/usr/local/share/doc/pkg-readmes/php-7.2
/usr/local/share/doc/pkg-readmes/roundcubemail
--- -certbot-0.27.1 -------------------
You should also run rm -rf /var/log/certbot/*
--- -clamav-0.100.2 -------------------
You should also run rm -fr /var/db/clamav/*
You should also run rm -fr /var/spool/clamav/*
You should also run rm -fr /var/clamav/quarantine/*
You should also run rm -fr /var/clamav/tmp/*
You should also check /etc/clamd.conf (which was modified)
You should also check /etc/freshclam.conf (which was modified)
--- -clamav-unofficial-sigs-4.9.2p2 -------------------
You should also run rm -rf /var/db/clamav-unofficial-sigs/*
--- -cyrus-sasl-2.1.26p25 -------------------
You should also run rm -rf /var/sasl2/*
--- -dkimproxy-1.4.1p1 -------------------
You should also check /etc/dkimproxy_out.conf (which was modified)
--- -dovecot-2.2.36p0 -------------------
You should also run rm -rf /var/dovecot/*
You should also check /etc/dovecot/conf.d/10-auth.conf (which was modified)
You should also check /etc/dovecot/conf.d/10-logging.conf (which was modified)
You should also check /etc/dovecot/conf.d/10-mail.conf (which was modified)
You should also check /etc/dovecot/conf.d/10-ssl.conf (which was modified)
You should also check /etc/dovecot/conf.d/auth-passwdfile.conf.ext (which was modified)
You should also check /etc/dovecot/conf.d/auth-static.conf.ext (which was modified)
You should also check /etc/dovecot/dovecot.conf (which was modified)
Remember to update /etc/ssl/dovecotcert.pem
Remember to update /etc/ssl/private/dovecot.pem
--- -libxml-2.9.8p0 -------------------
Remember to update /var/db/xmlcatalog
--- -php-7.0.32p1 -------------------
You should also run rm -f /etc/php-7.0/php-7.0.sample/*
You should also check /etc/php-fpm.conf (which was modified)
--- -php-7.2.10 -------------------
You should also run rm -f /etc/php-7.2/php-7.2.sample/*
You should also check /etc/php-7.2.ini (which was modified)
--- -roundcubemail-1.3.7p1 -------------------
You should also run rm -rf /var/www/roundcubemail/logs/*
You should also check /var/www/roundcubemail/config/config.inc.php (which was modified)
--- +fish-3.0.0 -------------------
You may wish to add /usr/local/share/fish/man to /etc/man.conf
--- +zip-3.0p1 -------------------
Error deleting directory /etc/php-7.0: Directory not empty
status: Subcommand 'current-command' is not valid
So long, pho-7.0 ! (Thank you for your 3 years.)
πΎ Conclusion
Thus I upgraded my OpenBSD 6.4 -> 6.5.
It works fine today as well β¨π‘β¨
By the way, if you need to upgrade from 6.3 to 6.5, you can do it by upgrading 6.3 -> 6.4 at first and then 6.4 -> 6.5.
In the end, I'm looking forward to meeting sysupgrade maybe half a year later... π
Thank you for your reading.
I wish your happy life with Puffy π
Top comments (0)