File: [local] / www / faq / upgrade41.html (download) (as text)
Revision 1.46, Tue May 28 01:53:11 2019 UTC (5 years ago) by bentley
Branch: MAIN
CVS Tags: HEAD
Changes since 1.45: +2 -2 lines
Give FAQ pages their own HTML id, for future use.
|
<!doctype html>
<html lang=en id=faq>
<title>OpenBSD Upgrade Guide: 4.0 to 4.1</title>
<meta charset=utf-8>
<meta name="description" content="OpenBSD Upgrade Process for 4.0 to 4.1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="../openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/faq/upgrade41.html">
<h2 id=OpenBSD>
<a href="../index.html">
<i>Open</i><b>BSD</b></a>
Upgrade Guide: 4.0 to 4.1
</h2>
<hr>
<p>
<a href="index.html">[FAQ Index]</a> |
<a href="upgrade40.html">[3.9 -> 4.0]</a> |
<a href="upgrade42.html">[4.1 -> 4.2]</a>
<p>
<i>Note: Upgrades are only supported from one release to the release
immediately following it.
Do not skip releases.</i>
<p><i>
It is highly recommended that you read through and fully understand
this process before attempting it.
If you are doing it on a critical or physically remote machine, it is
recommended that you test this process on an identical, local system to
verify its success before attempting on a critical or remote computer.
</i>
<p>
Upgrading is a convenient way to bring your OpenBSD system up to the most
recent version.
However, the results are not intended to precisely match the results of
a wipe-and-reload installation.
Old library files in particular are not removed in the upgrade process,
as they may be required by older applications that may or may not be
upgraded at this time.
If you REALLY wish to get rid of all these old files, you are probably
better off reinstalling from scratch.
<p>
Table of Contents:
<ul>
<li><a href="#before">Before upgrading</a>
<li><a href="#upgrade">The upgrade process</a>
<li><a href="#final">Final steps</a>
</ul>
<hr>
<p>
<h2 id="before">Before upgrading</h2>
<p>
Check whether you have made any modifications to your kernel.
For example, you might have modified your network device to use a non-default
setting using config(8).
Note your changes, so you can repeat them for the new 4.1 kernel.
<p>
<b>rc.conf:</b>
Unlike previous versions of this process, it is now assumed that
<code>/etc/rc.conf</code> is not a user-altered file.
If you have made changes to your <code>/etc/rc.conf</code> file, merge those
changes into <code>/etc/rc.conf.local</code>.
If you have NO <code>/etc/rc.conf.local</code>, simply copy your existing
<code>/etc/rc.conf</code> file to <code>/etc/rc.conf.local</code> and
<i>delete the last line of the script!</i>
Otherwise, pull your existing <code>rc.conf</code> into the top of your
existing <code>rc.conf.local</code> file <i>and remove the last line</i>
before doing the rest of this process.
<p>
<b><i>Special note for ARM users (<a href="../armish.html">armish</a>,
<a href="../zaurus.html">zaurus</a>):</i></b>
Changes in the ABI requires a slightly different upgrade process if not
using standard install kernel.
Do not reboot after installing the kernel and before installing the new
userland.
<p>
<hr>
<h2 id="upgrade">The upgrade process</h2>
<h3>Upgrading by install kernel</h3>
If you have access to the system's console, the easiest and safest way
to upgrade is to boot from install media or
<a href="faq4.html#bsd.rd">bsd.rd</a> and follow the upgrade steps,
which are very similar to the <a href="faq4.html">install process</a>.
Afterwards, complete the upgrade by following the <a href="#final">final
steps</a> as detailed below.
<p>
One easy way to boot from the install kernel is to place the 4.1 version
of <i>bsd.rd</i> in the root of your boot drive, then instruct the boot loader
to boot using this new <i>bsd.rd</i> file.
On amd64 and i386, you do this by entering "<code>boot bsd.rd</code>" at the
initial <code>boot></code> prompt.
<h3>Upgrading without install kernel</h3>
<i>This is NOT the recommended process. Use the install kernel method
if at all possible!</i>
<p>
Sometimes, one needs to do an upgrade of a machine when one can't easily
use the normal upgrade process.
The most common case is when the machine is in a remote location and you
don't have easy access to the system console.
One can usually do this by carefully following this process:
<ul>
<li><b>Place install files in a "good" location</b>.
Make sure you have sufficient space!
<p>
<li><b>Stop any "insecure" applications from starting at boot:</b>
There will be a time when PF will be unlikely to be running during this
upgrade process, but your applications may still start and run properly.
Any application dependent upon PF for security should be disabled
before this happens, and should not be re-enabled until proper PF
operation is verified after upgrade.
There may be other applications which you wish to keep from running
during the upgrade, stop and disable them as well.
<p>
<li><b>Check the kernel:</b>
Although <b>most people can skip this step</b>, if you had a modified kernel
in 4.0, it is likely you will need to modify the stock kernel of 4.1.
Especially when you are performing the upgrade process remotely, now is
the time to make sure the new kernel will work upon rebooting the machine.
If any changes must be made to the kernel, the safest thing to do is to
make those changes on a local 4.1 system.
This can be as simple as modifying a specific device using config(8),
or it can involve a recompilation if the option you need is not included
in the GENERIC kernel.
Please consult <a href="faq5.html">FAQ 5 - Building the system from source</a>
before considering to recompile your kernel.
<p>
<li><b>Install new kernel(s)</b>
<blockquote><pre>
<b>export RELEASEPATH=</b><i>/usr/rel</i> <i># where you put the files</i>
<b>cd ${RELEASEPATH}</b>
<b>rm /obsd ; ln /bsd /obsd && cp bsd /nbsd && mv /nbsd /bsd</b>
<b>cp bsd.rd bsd.mp /</b>
</pre></blockquote>
Note the extra steps for copying over the primary kernel: those are done
to ensure that there is always a valid copy of the kernel on the disk
that the system can boot from should there be a really badly timed power
outage or system crash.
<p>
<li><b>Install new <code>/etc/firmware</code> files:</b>
Due to the fact that some uploaded "firmware" files may have been updated,
you may need to update the files in the <code>/etc/firmware</code> directory.
This will impact users of only a few devices, though all users can use
this step without harm.
To extract the firmware files from <code>base41.tgz</code>, use the
following as root:
<blockquote><pre>
<b>cd /</b>
<b>tar -C / -xzpf ${RELEASEPATH}/base41.tgz ./etc/firmware</b>
</pre></blockquote>
<p>
<li><b>Reboot on the new kernel: (NOT for ARM users)</b>
This might be a tempting step to skip, but it should be done now, as
usually, the new kernel will run old userland apps (such as the soon to
be important <code>reboot</code>!), but often a new userland will NOT
work on the old kernel.
<p>
<i><b>Note:</b> ARM users (armish/zaurus) SHOULD skip this step for
this upgrade cycle.</i>
<p>
<li><b>Install new userland applications.</b>
<i>Do NOT install <code>etc41.tgz</code> and <code>xetc41.tgz</code> now, because
that will overwrite your current configuration files!</i>
<blockquote><pre>
<b>export RELEASEPATH=</b><i>/usr/rel</i>
<b>cd ${RELEASEPATH}</b>
<b>tar -C / -xzpf base41.tgz</b>
<b>tar -C / -xzpf comp41.tgz</b>
<b>tar -C / -xzpf game41.tgz</b>
<b>tar -C / -xzpf man41.tgz</b>
<b>tar -C / -xzpf misc41.tgz</b>
<b>tar -C / -xzpf xbase41.tgz</b>
<b>tar -C / -xzpf xfont41.tgz</b>
<b>tar -C / -xzpf xserv41.tgz</b>
<b>tar -C / -xzpf xshare41.tgz</b>
</pre></blockquote>
Note: not all file sets will need to be installed for all applications,
however if you installed a file set originally, you should certainly
upgrade it with the new file set now.
<p>
Note: the files in <code>/etc</code> are handled separately below, so
<code>etc41.tgz</code> and <code>xetc41.tgz</code> are NOT unpacked here.
<p>
<li><b>Upgrade <code>/dev</code>.</b>
The new
<a href="https://man.openbsd.org/OpenBSD-4.1/i386/MAKEDEV">MAKEDEV</a>
file will be copied to /dev by the installation of
<code>base41.tgz</code>, so you simply need to do the following:
<blockquote><pre>
<b>cd /dev</b>
<b>./MAKEDEV all</b>
</pre></blockquote>
<p>
<li><b>Upgrade <code>/etc</code> as below</b>.
<p>
<li><b>Reboot</b>
</ul>
During this process,
<a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a>
may produce some error messages like the following:
<pre>
Nov 1 12:47:05 puffy sm-mta[16733]: filesys_update failed: No such file or directory, fs=., avail=-1, blocksize=380204
</pre>
These messages can be safely ignored, or you may wish to halt
sendmail(8) during the upgrade process.
<p>
<hr>
<h2 id="final">Final steps</h2>
<h3 id="etcUpgrade">1. Upgrading <code>/etc</code></h3>
Whether you upgrade by using an install kernel and doing a formal
"upgrade" process, or do a "in-place" binary upgrade, there are certain
manual steps that have to be performed.
<h4 id="users">1.1. New users and groups</h4>
<ul>
<li>A RIP daemon and a host state daemon have been imported, and in
order to use these new daemons, new users and groups are required.
As <i>root</i>, add the following users and groups, using
<a href="https://man.openbsd.org/useradd.8">useradd(8)</a>:
<blockquote><pre>
<b>useradd -u88 -g=uid -c"RIP Daemon" -d/var/empty -s/sbin/nologin _ripd</b>
<b>useradd -u89 -g=uid -c"HostState Daemon" -d/var/empty -s/sbin/nologin _hoststated</b>
</pre></blockquote>
These steps will add both the new users and their corresponding groups.
Your environment may allow you to copy/paste those commands.
</ul>
<h4 id="apps">1.2. Operational changes</h4>
This is <i>not</i> a complete list of the changes that took place
between 4.0 and 4.1, but rather some of the important things that will
impact a large number of users in the upgrade process.
For a more complete list of changes, see
<a href="../plus41.html">plus41.html</a> and the CVS change logs.
<ul>
<li><b>"flags S/SA keep state" implicit in pf.conf(5)</b><br>
<i>flags S/SA keep state</i> is now the default for pass rules in
<a href="https://man.openbsd.org/pf.conf.5">pf.conf(5)</a>,
and new <i>no state</i> and <i>flags any</i> options have been added to
override these defaults. Current rulesets will continue to load, but the
behaviour may be slightly changed as these defaults are more restrictive.
Rulesets with stateless filtering (<i>no state</i>) or a requirement to
create states on intermediate packets (<i>flags any</i>) should be updated
to explicitly request the desired behaviour.
<p>
In particular care should be taken with the
<a href="https://man.openbsd.org/enc.4">enc0</a>
interface, as floating states are a potential problem for filtering IPsec
traffic: states need to be interface bound, to avoid permitting unencrypted
traffic should
<a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>
exit. Therefore all rules on the enc0 interface should explicitly set
<i>keep state (if-bound)</i>.
<p>
<li><b>FreeBSD and NetBSD DOS MBR partitions are no longer used to store
disklabels, and are no longer searched for a disklabel</b><br>
As a result, disks with only FreeBSD or NetBSD DOS MBR partitions will
no longer have an 'a' partition created in the spoofed disklabel.
The disklabel on such disks will be stored and loaded from sector 1, and
this could find an old accidental disklabel.
Use fdisk(8) to change the partition type to OpenBSD ('A6') to use the
existing disklabel.
<p>
<li><b>amd64, i386, macppc, and mvmeppc no longer try to boot from the first
NetBSD partition when no OpenBSD partition is found.</b><br>
Again, use
<a href="https://man.openbsd.org/fdisk.8">fdisk(8)</a>
to change the partition type to OpenBSD ('A6').
<p>
<li><b>New way to enable/disable process accounting on boot</b><br>
In order to enable accounting on boot you need to set the new rc.conf
variable "accounting=YES".
The presence of the /var/account/acct file does not make it start
automatically anymore.
<p>
<li><b>spamd(8) now runs in greylist mode by default</b><br>
Whereas before greylisting had to be enabled via the <code>-g</code> flag,
it is now the default runtime mode.
The <code>-b</code> flag (which used to indicate which IP spamd(8) should
listen on) can be used to run spamd in blacklist-only mode.
The new <code>-l</code> flag is used to indicate which IP spamd should
listen on.
<p>
<li><b>spamd.conf(5) now stored in /etc/mail</b><br>
The spamd.conf(5) file which used to be stored in <code>/etc</code> has been
moved to <code>/etc/mail</code>.
Move your spamd.conf file into <code>/etc/mail</code> so that spamd(8) loads
the proper configuration.
<p>
<li><b>Kernel sensors sysctl(3) MIB is now hierarchical</b><br>
The sensors sysctl(3) MIB now contains the name of the sensor device as
well as the type and index of the actual sensor.
So before when running "sysctl hw.sensors" you might've seen
"<code>hw.sensors.12=it0, Temp 1, 25.00 degC</code>" you will now see
"<code>hw.sensors.it0.temp0=25.00 degC</code>".
Update your
<a href="https://man.openbsd.org/sensorsd.conf.5"
>sensorsd.conf(5)</a> file to reflect the new names of your sensors.
</ul>
<h4 id="etcfiles">1.3. <code>/etc</code> file changes</h4>
You will want to extract the <code>etc41.tgz</code> files to a temporary
location:
<blockquote><pre>
<b>tar -C /tmp -xzpf ${RELEASEPATH}/etc41.tgz</b>
</pre></blockquote>
Files that can probably be copied from <code>etc41.tgz</code> "as is":
<blockquote><pre>
etc/daily
etc/disktab
etc/hoststated.conf
etc/magic
etc/monthly
etc/netstart
etc/rc
etc/rc.conf
etc/ripd.conf
etc/sasyncd.conf
etc/security
etc/weekly
etc/mail/Makefile
etc/mail/localhost.cf
etc/mail/sendmail.cf
etc/mail/submit.cf
etc/mail/spamd.conf
etc/mtree/*
var/www/conf/bgplg.css
var/www/conf/bgplg.foot
var/www/conf/bgplg.head
var/www/htdocs/bgplg/*
</pre></blockquote>
Note that it IS possible to locally modify these files, if this has been
done, manual merging will be needed.
Pay special attention to <code>mail/*</code> if you are using something
other than the default Sendmail(8) configuration.
Here are copy/paste lines for copying these files, assuming you unpacked
<code>etc41.tgz</code> in the above recommended place:
<blockquote><pre><b>
cd /tmp/etc
cp daily disktab hoststated.conf magic monthly netstart rc rc.conf ripd.conf sasyncd.conf security weekly /etc
cp mtree/* /etc/mtree/
cp mail/Makefile mail/localhost.cf mail/submit.cf /etc/mail
cp mail/sendmail.cf /etc/mail </b><i># Careful on this one!!</i><b>
cp mail/spamd.conf /etc/mail </b><i># OR... mv /etc/spamd.conf /etc/mail </i><b>
cd /tmp/var/www
cp conf/bgplg.css conf/bgplg.foot conf/bgplg.head /var/www/conf
mkdir /var/www/htdocs/bgplg
cp htdocs/bgplg/* /var/www/htdocs/bgplg/
</b></pre></blockquote>
<p>
Files that must be manually merged, respecting any local
changes made to them, if they were modified from the default,
otherwise, just copy them over, too:
<blockquote><pre>
etc/changelist
etc/ftpusers
etc/login.conf
etc/newsyslog.conf
etc/services
etc/sysctl.conf
etc/mail/aliases
var/cron/tabs/root
</pre></blockquote>
The changes to these files are in <a href="upgrade41.patch">this
patch file</a>.
You can attempt to use this by executing the following as root:
<blockquote><pre>
<b>cd /</b>
<b>patch -C -p0 < upgrade41.patch</b>
</pre></blockquote>
This will test the patch to see how well it will apply to YOUR system,
to actually apply it, leave off the "<code>-C</code>" option.
Note that it is likely that if you have customized files or not kept
them closely updated, or are upgrading from a snapshot of 3.9, they may
not accept the patch cleanly.
In those cases, you will need to manually apply the changes.
Please test this process before relying on it for a machine you can not
easily get to.
<p>
The following files have had changes which should be looked at, but it
is unlikely they should be directly copied or merged (i.e., if you are
using pf.conf, look at the suggested change of strategy, and decide if
it is appropriate for your use).
<blockquote><pre>
etc/hostapd.conf
etc/pf.conf
etc/sensorsd.conf
</pre></blockquote>
Finally, use
<a href="https://man.openbsd.org/newaliases.8">newaliases(8)</a>
to update the aliases database and
<a href="https://man.openbsd.org/mtree.8">mtree(8)</a>
to create any new directories:
<blockquote><pre>
<b>newaliases</b>
<b>mtree -qdef /etc/mtree/4.4BSD.dist -p / -u</b>
</pre></blockquote>
<h3>2. Checking the kernel</h3>
Note: <b>most people can skip this step!</b>
<p>
If you followed the instructions for the upgrade process without install
kernel, you have already completed this step.
However, if you used the install kernel, and if you had a modified kernel
in 4.0, it is likely you will need to modify the stock kernel of 4.1.
This can be as simple as modifying a specific device using config(8),
or it can involve a recompilation if the option you need is not included
in the GENERIC kernel.
Please consult <a href="faq5.html">FAQ 5 - Building the system from source</a>
before considering to recompile your kernel.
<h3>3. Upgrading packages</h3>
If you installed any packages on your system, you should upgrade them
after completing the upgrade of the base system.
Be aware, however, many packages will require further setup before
and/or after upgrading the package.
Check with the application's upgrade guide for details.
<p>
The following package is known to have significant upgrade issues
that will impact a large number of users.
The fact that a package is not on this list doesn't mean it will have a
trivial upgrade.
You must do some homework on the applications YOU use.
<ul>
<li><b>Postgresql:</b> you must dump your database before upgrade and
restore it after
</ul>
The package tools support in-place updating using <code>pkg_add -u</code>.
For instance, to update all your packages, make sure <code>PKG_PATH</code> is
pointing to the 4.1 packages directory on your CD or nearest FTP mirror,
and use something like
<blockquote><pre>
<b># pkg_add -ui -F update -F updatedepends</b>
</pre></blockquote>
where the <code>-u</code> indicates update mode, and <code>-i</code> specifies
interactive mode, so pkg_add will prompt you for input when it encounters
some ambiguity. Read the
<a href="https://man.openbsd.org/OpenBSD-4.1/pkg_add">pkg_add(1)</a>
manual page and the <a href="faq15.html">package management</a>
chapter of the FAQ for more information.
<p>
<a href="index.html">[FAQ Index]</a> |
<a href="upgrade40.html">[3.9 -> 4.0]</a> |
<a href="upgrade42.html">[4.1 -> 4.2]</a>
<hr>
<small>$OpenBSD: upgrade41.html,v 1.46 2019/05/28 01:53:11 bentley Exp $</small>
![[BACK]](/icons/back.gif){kind=icon}
Return to upgrade41.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www / faq