File: [local] / www / faq / upgrade39.html (download) (as text)
Revision 1.26, Fri Oct 4 10:15:36 2019 UTC (4 years, 7 months ago) by fcambus
Branch: MAIN
CVS Tags: HEAD
Changes since 1.25: +2 -2 lines
Fix a few spelling errors in upgrade notes.
|
<!doctype html>
<html lang=en id=faq>
<title>OpenBSD Upgrade Guide: 3.8 to 3.9</title>
<meta charset=utf-8>
<meta name="description" content="OpenBSD Upgrade Process for 3.8 to 3.9">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="../openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/faq/upgrade39.html">
<h2 id=OpenBSD>
<a href="../index.html">
<i>Open</i><b>BSD</b></a>
Upgrade Guide: 3.8 to 3.9
</h2>
<hr>
<p>
<a href="index.html">[FAQ Index]</a> |
<a href="upgrade38.html">[3.7 -> 3.8]</a> |
<a href="upgrade40.html">[3.9 -> 4.0]</a>
<p>
<i>Note: Upgrades are only supported from one release to the release
immediately following it.
Do not skip releases.</i>
<p><i>
It is highly recommended that you read through and fully understand
this process before attempting it.
If you are doing it on a critical or physically remote machine, it is
recommended that you test this process on an identical, local system to
verify its success before attempting on a critical or remote computer.
</i>
<p>
Upgrading is a convenient way to bring your OpenBSD system up to the most
recent version.
However, the results are not intended to precisely match the results of
a wipe-and-reload installation.
Old library files in particular are not removed in the upgrade process,
as they may be required by older applications that may or may not be
upgraded at this time.
If you REALLY wish to get rid of all these old files, you are probably
better off reinstalling from scratch.
<p>
Table of Contents:
<ul>
<li><a href="#before">Before upgrading</a>
<li><a href="#upgrade">The upgrade process</a>
<li><a href="#final">Final steps</a>
</ul>
<hr>
<p>
<h2 id="before">Before upgrading</h2>
If your machine has a PCI NIC using the
<a href="https://man.openbsd.org/le.4">le(4)</a>
driver, it has probably been replaced by the
<a href="https://man.openbsd.org/pcn.4">pcn(4)</a>
driver.
BEFORE doing the upgrade, copy your <code>/etc/hostname.le*</code> file(s)
to corresponding <code>/etc/hostname.pcn*</code> files, otherwise you will
not have functioning network during and after the upgrade process.
<p>
Due to the addition of debugging symbols, the size of library files
has increased very significantly.
For instance, on the i386 platform, the size taken up by the <code>/usr/lib</code>
directory went up from 47.7MB in 3.8 to 209MB in 3.9.
Make sure you have sufficient space available before starting the
upgrade.
<p>
Check whether you have made any modifications to your kernel.
For example, you might have modified your network device to use a non-default
setting using config(8).
Note your changes, so you can repeat them for the new 3.9 kernel.
<p>
<a href="https://man.openbsd.org/pfsync.4">pfsync(4)</a>
has changed format, so it can not keep state between a 3.8 and a 3.9
box.
Mismatched systems will lose all connections when you switch which box
is master, as states will not be transferred between systems.
You can minimize the impact of this by upgrading your backup boxes
first, so there is only one loss of active states.
<p>
<a href="https://man.openbsd.org/carp.4">carp(4)</a>
users with more than one address on a single carp(4) interface may
experience another bump when upgrading: interfaces are sorted by
address now, so having aliases in exactly the same order is not as
critical as it was in the past.
It does mean, however, there may be problems between old and new
systems.
You can sort aliases manually on the old systems to work around this
problem if necessary.
<p>
<a href="https://man.openbsd.org/ftp-proxy.8">ftp-proxy(8)</a>
has changed, as detailed <a href="#final">below</a>, so your
<a href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a>
file may need to be updated.
<p>
<a href="https://man.openbsd.org/OpenBSD-3.8/ancontrol">ancontrol(8)</a>
has been replaced by additional functionality in
<a href="https://man.openbsd.org/ifconfig.8">ifconfig(8)</a>.
This may impact how you configure your wireless interfaces.
<p>
<hr>
<h2 id="upgrade">The upgrade process</h2>
<h3>Upgrading by install media</h3>
The easiest and safest way to upgrade is to boot from install media and
follow the upgrade steps, which are very similar to the
<a href="faq4.html">install process</a>.
Afterwards, complete the upgrade by following the
<a href="#final">final steps</a> as detailed below.
<h3>Upgrading without install media</h3>
<i>This is NOT the recommended process. Use the install media method
if at all possible!</i>
<p>
Sometimes, one needs to do an upgrade of a machine when one can't easily
use the normal upgrade process.
One can usually do this by carefully following a process similar to
building the system from source:
<ul>
<li><b>Place install files in a "good" location</b>.
Make sure you have sufficient space!
<li><b>Stop any "insecure" applications from starting at boot:</b>
There will be a time when PF will be unlikely to be running during this
upgrade process, but your applications may still start and run properly.
Any application dependent upon PF for security should be disabled
before this happens, and should not be re-enabled until proper PF
operation is verified after upgrade.
There may be other applications which you wish to keep from running
during the upgrade, stop and disable them as well.
<li><b>Check the kernel:</b>
Although <b>most people can skip this step</b>, if you had a modified kernel
in 3.8, it is likely you will need to modify the stock kernel of 3.9.
Especially when you are performing the upgrade process remotely, now is
the time to make sure the new kernel will work upon rebooting the machine.
If any changes must be made to the kernel, the safest thing to do is to
make those changes on a local 3.9 system.
This can be as simple as modifying a specific device using config(8),
or it can involve a recompilation if the option you need is not included
in the GENERIC kernel.
Please consult <a href="faq5.html">FAQ 5 - Building the system from source</a>
before considering to recompile your kernel.
<li><b>Install new kernel(s)</b>
<blockquote><pre>
<b>export RELEASEPATH=<i>/yourpath</i></b>
<b>cd ${RELEASEPATH}</b>
<b>rm /obsd ; ln /bsd /obsd && cp bsd /nbsd && mv /nbsd /bsd</b>
<b>cp bsd.rd bsd.mp /</b>
</pre></blockquote>
Note the extra steps for copying over the primary kernel: those are done
to ensure that there is always a valid copy of the kernel on the disk
that the system can boot from should there be a really badly timed power
outage or system crash.
<li><b>Install new <code>/etc/firmware</code> files:</b>
Due to the fact that some uploaded "firmware" blobs were relocated from
the kernel to files in the <code>/etc/firmware</code> directory, there are
a few drivers which will break if there is no uploadable firmware file
available when the new kernel boots.
This will impact users of only a few devices, though all
users can use this step without harm.
To extract the firmware files from <code>base39.tgz</code>, use the
following as root:
<blockquote><pre>
<b>cd /</b>
<b>tar xzpf ${RELEASEPATH}/base39.tgz "*etc/firmware/*"</b>
</pre></blockquote>
<li><b>Reboot on the new kernel:</b>
This might be a tempting step to skip, but it should be done now, as
usually, the new kernel will run old userland apps (such as the soon to
be important <code>reboot</code>!), but often a new userland will NOT
work on the old kernel.
<li><b>Install new userland applications.</b>
<i>Do NOT install <code>etc39.tgz</code> and <code>xetc39.tgz</code> now, because
that will overwrite your current configuration files!</i>
<blockquote><pre>
<b>export RELEASEPATH=/<i>yourpath</i></b>
<b>cd /</b>
<b>tar xzpf ${RELEASEPATH}/base39.tgz</b>
<b>tar xzpf ${RELEASEPATH}/comp39.tgz</b>
<b>tar xzpf ${RELEASEPATH}/game39.tgz</b>
<b>tar xzpf ${RELEASEPATH}/man39.tgz</b>
<b>tar xzpf ${RELEASEPATH}/misc39.tgz</b>
<b>tar xzpf ${RELEASEPATH}/xbase39.tgz</b>
<b>tar xzpf ${RELEASEPATH}/xfont39.tgz</b>
<b>tar xzpf ${RELEASEPATH}/xserv39.tgz</b>
<b>tar xzpf ${RELEASEPATH}/xshare39.tgz</b>
</pre></blockquote>
Note: not all file sets will need to be installed for all applications,
however if you installed a file set originally, you should certainly
upgrade it with the new file set now.
<p>
Note: the files in <code>/etc</code> are handled separately below, so
<code>etc39.tgz</code> and <code>xetc39.tgz</code> are NOT unpacked here.
<li><b>Upgrade <code>/dev</code>.</b>
The new
<a href="https://man.openbsd.org/OpenBSD-3.8/i386/MAKEDEV">MAKEDEV</a>
file will be copied to /dev by the installation of
<code>base39.tgz</code>, so you simply need to do the following:
<blockquote><pre>
<b>cd /dev</b>
<b>./MAKEDEV all</b>
</pre></blockquote>
<li><b>Upgrade <code>/etc</code> as below</b>.
<li><b>Reboot</b>
</ul>
During this process,
<a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a>
may produce some error messages like the following:
<pre>
Nov 1 12:47:05 puffy sm-mta[16733]: filesys_update failed: No such file or directory, fs=., avail=-1, blocksize=380204
</pre>
These messages can be safely ignored, or you may wish to halt
sendmail(8) during the upgrade process.
<p>
<hr>
<h2 id="final">Final steps</h2>
<h3 id="etcUpgrade">1. Upgrading <code>/etc</code></h3>
Whether you upgrade by using an install media and doing a formal
"upgrade" process, or do a "in-place" binary upgrade, there are certain
manual steps that have to be performed.
<h4 id="users">1.1. New users and groups</h4>
<ul>
<li><i>no new users or groups</i>
</ul>
<h4 id="apps">1.2. Operational changes</h4>
<ul>
<li><b>ftp-proxy</b>
<a href="https://man.openbsd.org/ftp-proxy.8">ftp-proxy(8)</a>
was replaced by what was previously called pftpx.
The new ftp-proxy runs stand-alone and not from
<a href="https://man.openbsd.org/inetd.conf.5">inetd.conf(5)</a>
as it used to.
You will have to update <code>/etc/inetd.conf</code> to no longer invoke
ftp-proxy(8), and update <code>/etc/rc.conf</code> and <code>/etc/rc</code> to
run the new one.
Edit <code>rc.conf</code> or <code>rc.conf.local</code> to invoke the new
program, for example:
<blockquote><pre>
echo 'ftpproxy_flags=""' >> /etc/rc.conf.local
</pre></blockquote>
<p>
The new proxy uses <a href="pf/anchors.html"><i>anchors</i></a> to allow
data connections, which means that your existing
<a href="https://man.openbsd.org/pf.conf.5"><i>/etc/pf.conf</i></a>
must be adapted.
In the NAT section you need:
<blockquote><pre>
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
</pre></blockquote>
They are mandatory, even if you don't use NAT otherwise.
The following rule, that is probably already there for the old ftp-proxy,
must stay:
<blockquote><pre>
rdr pass on $int_if proto tcp from $lan to any port 21 -> \
127.0.0.1 port 8021
</pre></blockquote>
In the rules section, this is needed:
<blockquote><pre>
anchor "ftp-proxy/*"
</pre></blockquote>
Rules that allow the proxy to make FTP control connections
(destination port 21/tcp) must stay.
Rules that allow FTP data connections are no longer needed.
Those rules may contain "user proxy" or "to port > 49151".
Care has been taken to keep the command line switches similar, but some
differ.
See the
<a href="https://man.openbsd.org/ftp-proxy.8">ftp-proxy(8)</a>
man page.
<p>
One case warrants special mention: if you have old clients that rely on
active mode data connections which use 20/tcp as a source port, you need the
'-r' switch (for this you had to run the old proxy with "-u root").
<p>
Run ftp-proxy with "-d -D7" if you run into trouble and want to diagnose
what's happening.
</ul>
<h4 id="etcfiles">1.3. <code>/etc</code> file changes</h4>
You will want to extract the <code>etc39.tgz</code> files to a temporary
location:
<blockquote><pre>
<b>cd /tmp</b>
<b>tar xzpf ${RELEASEPATH}/etc39.tgz</b>
</pre></blockquote>
Files that can probably be copied from <code>etc39.tgz</code> "as is":
<blockquote><pre>
daily
ipsec.conf
magic
monthly
netstart
rc
security
services
weekly
mtree/*
</pre></blockquote>
Note that it IS possible to locally modify these files, if this has been
done, manual merging will be needed.
Here are copy/paste lines for copying these files, assuming you unpacked
<code>etc39.tgz</code> in the above recommended place:
<blockquote><pre>
<b>cd /tmp/etc</b>
<b>cp daily ipsec.conf magic monthly netstart rc security services weekly /etc</b>
<b>cp mtree/* /etc/mtree/</b>
</pre></blockquote>
<p>
Files that must be manually merged, respecting any local
changes made to them, if they were modified from the default,
otherwise, just copy them over, too:
<blockquote><pre>
changelist
inetd.conf
lynx.cfg
rc.conf
ssh/ssh_config
ssh/sshd_config
sysctl.conf
</pre></blockquote>
The changes to these files are in <a href="upgrade39.patch">this
patch file</a>.
You can attempt to use this by executing the following as root:
<blockquote><pre>
<b>cd /</b>
<b>patch -C -p0 < upgrade39.patch</b>
</pre></blockquote>
This will test the patch to see how well it will apply to YOUR system,
to actually apply it, leave off the "<code>-C</code>" option.
Note that it is likely that if you have customized files or not kept
them closely updated, or are upgrading from a snapshot of 3.8, they may
not accept the patch cleanly.
In those cases, you will need to manually apply the changes.
Please test this process before relying on it for a machine you can not
easily get to.
<p>
The following files have had changes which should be looked at, but it
is unlikely they should be directly copied or merged (i.e., if you are
using pf.conf, look at the suggested change of strategy, and decide if
it is appropriate for your use).
<blockquote><pre>
hostapd.conf
pf.conf
spamd.conf
</pre></blockquote>
Delete the libresolv files, which are no longer used:
<blockquote><pre>
<b>rm /usr/lib/libresolv*</b>
</pre></blockquote>
Finally, use
<a href="https://man.openbsd.org/mtree.8">mtree(8)</a>
to create any new directories:
<blockquote><pre>
<b>mtree -qdef /etc/mtree/4.4BSD.dist -p / -u</b>
</pre></blockquote>
<h3>2. Checking the kernel</h3>
Note: <b>most people can skip this step!</b>
<p>
If you followed the instructions for the upgrade process without install
media, you have already completed this step.
However, if you used the install media, and if you had a modified kernel
in 3.8, it is likely you will need to modify the stock kernel of 3.9.
This can be as simple as modifying a specific device using config(8),
or it can involve a recompilation if the option you need is not included
in the GENERIC kernel.
Please consult <a href="faq5.html">FAQ 5 - Building the system from source</a>
before considering to recompile your kernel.
<h3>3. Upgrading packages</h3>
If you installed any packages on your system, you may want to upgrade them
after completing the upgrade of the base system.
In OpenBSD 3.9, the pkg tools now support in-place updating
using <code>pkg_add -u</code>. This has been checked to work with most
packages, in particular with the CD packages available in 3.8.
For instance, to update all your packages, make sure <code>PKG_PATH</code> is
pointing to the 3.9 packages directory on your CD or nearest FTP mirror,
and use something like
<blockquote><pre>
<b># pkg_add -ui -F update -F updatedepends</b>
</pre></blockquote>
where the <code>-u</code> indicates update mode, and <code>-i</code> specifies
interactive mode, so pkg_add will prompt you for input when it encounters
some ambiguity. Read the
<a href="https://man.openbsd.org/OpenBSD-3.9/pkg_add">pkg_add(1)</a>
manual page and the <a href="faq15.html">package management</a>
chapter of the FAQ for more information.
<p>
<a href="index.html">[FAQ Index]</a> |
<a href="upgrade38.html">[3.7 -> 3.8]</a> |
<a href="upgrade40.html">[3.9 -> 4.0]</a>
<hr>
<small>$OpenBSD: upgrade39.html,v 1.26 2019/10/04 10:15:36 fcambus Exp $</small>
![[BACK]](/icons/back.gif){kind=icon}
Return to upgrade39.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www / faq