OpenBSD Upgrade Guide: 6.9 to 7.0

Upgrades are only supported from one release to the release immediately following.
Read through and understand this process before attempting it. For critical or physically remote machines, test it on an identical, local system first.

Before using any upgrade method

Check available disk space in /usr. Verify that the /usr partition has a size of at least 1.1G. With less space the upgrade may fail and you should consider reinstalling the system instead.
Read configuration and syntax changes and the package upgrade instructions. There were several configuration changes and changes in packages that may require planning before starting the upgrade.

Upgrade Methods

Unattended Upgrade: The easiest method is an unattended upgrade using sysupgrade(8). The program will download all the install sets, verify their signatures, and reboot to perform the upgrade automatically. Once the unattended upgrade has completed, continue below.
Interactive Upgrade: If you insist on leaving out some of the install sets, you will want to perform an interactive upgrade. (sysupgrade upgrades with all install sets.)
Manual Upgrade: The final option is using the manual upgrade process. (This is not recommended as it is the most error-prone method.)

Interactive Upgrade

Get and verify bsd.rd. Download the ramdisk kernel and the cryptographically-signed checksum file for your architecture.

bsd.rd

[alpha] [amd64] [arm64] [armv7] [hppa] [i386] [landisk] [loongson] [luna88k] [macppc] [octeon] [powerpc64] [sparc64]

SHA256.sig

[alpha] [amd64] [arm64] [armv7] [hppa] [i386] [landisk] [loongson] [luna88k] [macppc] [octeon] [powerpc64] [sparc64]

Verify bsd.rd and SHA256.sig using signify(1):
```
$ signify -C -p /etc/signify/openbsd-70-base.pub -x SHA256.sig bsd.rd
Signature Verified
bsd.rd: OK
```
Next, boot from the install kernel, bsd.rd, retrieved in the previous step. Place it in the root of your filesystem and instruct the boot loader to boot this kernel. Once this kernel is booted, choose the (U)pgrade option and follow the prompts.
After the filesets have been installed, the system will reboot with the upgraded kernel. Now continue with the next step:

After the Upgrade

After upgrading the sets, the system will reboot with the upgraded kernel and run sysmerge(8) during boot. In some cases, configuration files cannot be modified automatically. Run

 # sysmerge

to check and perform these configuration changes.

Next remove the old files. Finish up by upgrading the packages using pkg_add -u.

You may wish to check the errata page for any post-release fixes.

Manual Upgrade (without the install kernel)

This is NOT the recommended process. Use the unattended or interactive upgrade methods if at all possible!

Sometimes, you need to perform an upgrade of a machine for which the normal unattended or interactive upgrade process is not possible.

Preparation

Place install files in a good location. Make sure you have sufficient space! Running out of space on a remote upgrade could be...unfortunate. Note that using softdeps can exacerbate the situation as deleted and overwritten files do not release their space immediately. Consider disabling the softdep mount option in /etc/fstab and rebooting before undertaking a manual upgrade. Having at least 500MB free on /usr would be recommended.
Become root. While using doas(1) before each command is generally a good practice, the command will likely be broken by the last steps, so you should become root before starting this process. It might be good to verify your access to root using a method other than doas at this point, i.e., direct login or using su(1).
Stop and/or disable any appropriate applications. During this process, all the userland applications will be replaced but may not be runnable, and strange things may happen as a result. You may also have issues with DNS resolution during the first reboot, so PF rules and NFS mounts dependent upon DNS may cause boot-up problems. There may be other applications which you wish to keep from running immediately after the upgrade; stop and disable them as well.
Install new boot blocks. This should actually be done at the end of any upgrade. If this has been neglected, then failure to do this now may break serial console or other things, depending on your platform. Use installboot(8), assuming sd0 is your boot disk:
```
# installboot sd0
```

Upgrading manually

Install new kernels. The extra steps for copying over the primary kernel are done to ensure that there is always a valid kernel on the disk.

If using the multiprocessor kernel:

# cd /usr/rel    # where you put the release files
# ln -f /bsd /obsd && cp bsd.mp /nbsd && mv /nbsd /bsd
# cp bsd.rd /
# cp bsd /bsd.sp

If using the single processor kernel:

# cd /usr/rel    # where you put the release files
# ln -f /bsd /obsd && cp bsd /nbsd && mv /nbsd /bsd
# cp bsd.rd bsd.mp /    # may give a harmless warning

Enable KARL. Store the kernel's checksum:
```
# sha256 -h /var/db/kernel.SHA256 /bsd 
```

Install new userland. Save a copy of reboot(8), extract and install the release tarballs, reboot. Install base70.tgz last, because the new base system, in particular tar(1), gzip(1) and reboot(8), will not work with the old kernel. Either untar the needed filesets manually:

# cp /sbin/reboot /sbin/oreboot
# tar -C / -xzphf xshare70.tgz
# tar -C / -xzphf xserv70.tgz
# tar -C / -xzphf xfont70.tgz
# tar -C / -xzphf xbase70.tgz
# tar -C / -xzphf man70.tgz
# tar -C / -xzphf game70.tgz
# tar -C / -xzphf comp70.tgz
# tar -C / -xzphf base70.tgz    # Install last!
# /sbin/oreboot

or, if you use ksh(1), you can do:

# cp /sbin/reboot /sbin/oreboot
# for _f in [!b]*70.tgz base70.tgz; do tar -C / -xzphf "$_f" || break; done
# /sbin/oreboot

Note that tar(1) can expand only one archive per invocation, so a simple glob won't work.

After reboot, update /dev. Run MAKEDEV(8):
```
# cd /dev
# ./MAKEDEV all
```
Update the boot loader. Still assuming sd0 is your boot disk:
```
# installboot sd0
```
Update system configuration files. Run sysmerge(8):
```
# sysmerge
```
Update firmware. There may be new firmware for your system. Update it with fw_update(1):
```
# fw_update
```
Finish up. Review the console output from boot (using dmesg -s) and correct any failures as necessary. All the steps following configuration changes below also apply to manual upgrades. Finally, remove /sbin/oreboot and update packages: pkg_add -u. Reboot once more to make sure you use the newest firmware files and run on your own kernel generated by KARL.

Configuration and syntax changes

snmpd(8). Default security settings have been tightened.
- The default protocol has changed to SNMPv3.
- The default communities public and private have been removed. Communities must now be set explicitly.
- seclevel default changed from none to enc.
- The default SNMPv3 encryption has changed to AES.
- The protocol version for trap receiver (for sending traps to another host) no longer defaults to SNMPv2.
To configure SNMPv3, you will need to add one or more users to the configuration, e.g.:
```
    user "manager" authkey "XblueQ300ZyAbUIbndmWjfl" auth hmac-sha1 enc aes enckey "tVadj9jxq8rdJ"
```
If you need to reinstate SNMPv1/v2c, you can add something like the following to snmpd.conf(5)
```
      listen on any snmpv1 snmpv2c read
      read-only community U9PeBY1694bcxMnm
      seclevel none
```
The community name should not be common or easily brute-forced, especially if exposed to the internet.
snmp(1).
- The default protocol version has changed from v2c to v3.
- The default encryption has changed to AES.
- The default authentication has changed to SHA1.
- The default community public has been removed.

Files to remove

The dmx library was removed.

  # rm -f /usr/X11R6/lib/libdmx.* \
	  /usr/X11R6/include/X11/extensions/dmxext.h \
	  /usr/X11R6/lib/pkgconfig/dmx.pc \
	  /usr/X11R6/man/man3/DMX*.3

A more detailed cleanup can be done with the aid of the sysclean package.

Special packages

net/freeradius. FreeRADIUS removed LEAP in 3.0.22. This was previously in the default configuration, so if you have enabled EAP you are likely to need to update /etc/raddb/mods-available/eap and remove the leap { ... } lines.

[FAQ Index] | [6.8 -> 6.9] [7.0 -> 7.1]

$OpenBSD: upgrade70.html,v 1.4 2022/04/20 15:55:48 kmos Exp $