<!doctype html>
<html lang=en id=faq>
<title>OpenBSD Upgrade Guide: 4.3 to 4.4</title>
<meta charset=utf-8>
<meta name="description" content="OpenBSD Upgrade Process for 4.3 -> 4.4">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="../openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/faq/upgrade44.html">
<h2 id=OpenBSD>
<a href="../index.html">
<i>Open</i><b>BSD</b></a>
Upgrade Guide: 4.3 to 4.4
</h2>
<hr>
<p>
<a href="index.html">[FAQ Index]</a> |
<a href="upgrade43.html">[4.2 -> 4.3]</a> |
<a href="upgrade45.html">[4.4 -> 4.5]</a>
<p>
<i>Note: Upgrades are only supported from one release to the release
immediately following it.
Do not skip releases.</i>
<p><i>
It is highly recommended that you read through and fully understand
this process before attempting it.
If you are doing it on a critical or physically remote machine, it is
recommended that you test this process on an identical, local system to
verify its success before attempting on a critical or remote computer.
</i>
<p>
Upgrading is a convenient way to bring your OpenBSD system up to the most
recent version.
However, the results are not intended to precisely match the results of
a wipe-and-reload installation.
Old library files in particular are not removed in the upgrade process,
as they may be required by older applications that may or may not be
upgraded at this time.
If you REALLY wish to get rid of all these old files, you are probably
better off reinstalling from scratch.
<p>
Table of Contents:
<ul>
<li><a href="#before">Before upgrading</a>
<ul>
<li><a href="#newsysmerge">New sysmerge tool</a>
<li><a href="#dhcpd.interfaces">dhcpd.interfaces no longer used</a>
<li><a href="#newXdrivers">New X drivers</a>
<li><a href="#pfsync">pfsync</a>
<li><a href="#rc.conf">rc.conf</a>
<li><a href="#kern">Modified kernel</a>
</ul>
<li><a href="#upgrade">The upgrade process</a>
<li><a href="#final">Final steps</a>
<ul>
<li><a href="#UsersGroups">New and changed Users and Groups</a>
<li><a href="#etcUpgrade">Upgrading <code>/etc</code></a>
<li><a href="#Kernchk">Checking the kernel</a>
<li><a href="#Pkgup">Upgrading packages</a>
</ul>
</ul>
<hr>
<p>
<h2 id="before">Before upgrading: things to think about and be aware of</h2>
This is <i>not</i> a complete list of the changes that took place
between 4.3 and 4.4, but rather some of the important things that will
impact a large number of users in the upgrade process.
For a more complete list of changes, see
<a href="../plus44.html">plus44.html</a> and the CVS change logs.
<ul>
<li id="newsysmerge"><b>New
<a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a>
utility:</b><br>
OpenBSD 4.4 includes the new
<a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a>
utility, which helps administrators update configuration files after
upgrading their system.
Sysmerge(8) compares the current files on your system with the files
that would have been installed with a new install, and gives you the
option of keeping the old file, installing the new file, or assisting
you in the manual merging of the old and new files, using
<a href="https://man.openbsd.org/sdiff.1">sdiff</a>.
For past upgrades, we've presented a list of files that are usually
copied over "as-is", and a list of files which should be changed, and a
patch file that applies those changes to what might be in those files on
your system.
For the 4.3 to 4.4 upgrade, instead of using the patch file, you may
opt to use sysmerge to make the changes.
<p>
<b>Who should use sysmerge(8):</b><br>
People running highly modified systems or systems that didn't start out
at the previous release (for example, a snapshot partway between
releases), who are upgrading to a snapshot or who have not carefully
upgraded their system in the past will find sysmerge vastly superior to
using the patches, as it works with what is actually on your system,
instead of what we expected was on your system.
It will also give you much greater control over your upgrade process,
and will involve you in it more closely.
<p>
<b>Who may wish to NOT use sysmerge(8):</b><br>
People who have a lot of machines to upgrade that were kept fairly
simple and at the previous release/stable point will probably find the
old patch file system much faster.
<p>
Note that while sysmerge can handle ALL the changes of <code>/etc</code>,
<code>/dev</code>, <code>/root</code> and <code>/var</code>, we highly recommend
that you do some steps manually before hand, as it will save time and
reduce the possibility of user error.
In particular, it is highly recommended that you do not use sysmerge to
update your user and group accounts, as it is very easy to chose the
wrong option leading to erasing your entire user base and setting the
root password to an empty value, preventing remote login to fix the
problem.
<p>
<li id="dhcpd.interfaces"><b>dhcpd.interfaces no longer used:</b><br>
The file <code>/etc/dhcpd.interfaces</code> is no longer used to select
which interfaces dhcpd listens on.
This can now be specified in the <i>dhcpd_flags</i> setting in
<code>/etc/rc.conf.local</code>.
Most users can probably just let
<a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>
figure out which interface it can listen on from the configuration
information in the dhcpd.conf file.
<p>
<li id="newXdrivers"><b>New X drivers</b>
The xf86-video-openchrome driver has been added to Xenocara for VIA chipsets
in place of the old, "via" driver.
If you're using a VIA chipset with a configuration file, replace
<code>Driver "via"</code> with <code>Driver "openchrome"</code> in
<code>/etc/X11/xorg.conf</code> to use the new driver.
See the
<a href="https://man.openbsd.org/openchrome.4">openchrome(4)</a>
manual page for more configuration options.
<p>
The
<a href="https://man.openbsd.org/ati.4">ati(4)</a>
driver has been updated.
This update of xf86-video-ati brings about some important changes.
<ul>
<li>No more <a href="https://dri.freedesktop.org/wiki/MergedFB">MergedFB</a>:
Support for MergedFB mode has been removed in favor of
<a href="https://man.openbsd.org/xrandr.1">xrandr(1)</a>.
<li>Quirk option for Macbooks changed:
Users with Macs or Macbooks that use the following quirk
<code>Option "iBookHacks" "on"</code>
should read the
<a href="https://man.openbsd.org/radeon.4">radeon(4)</a>
man page, specifically the <code>"MacModel"</code> section, if there are problems.
<br>
As of this revision this quirk has been removed.
</ul>
<p>
<li id="pfsync"><b>pfsync:</b><br>
Due to changes in the
<a href="https://man.openbsd.org/pf">pf(4)</a>
state table, the
<a href="https://man.openbsd.org/pfsync">pfsync(4)</a>
protocol version number has been incremented; firewalls with differing
version numbers will be unable to synchronise state tables, and existing
connections will be terminated on failover.
<p>
<li id="rc.conf"><b>rc.conf:</b><br>
Unlike earlier versions of this process, since
<a href="upgrade41.html">4.1</a> it is assumed that
<code>/etc/rc.conf</code> is not a user-altered file.
If you have made changes to your <code>/etc/rc.conf</code> file, merge those
changes into <code>/etc/rc.conf.local</code>.
If you have NO <code>/etc/rc.conf.local</code>, simply copy your existing
<code>/etc/rc.conf</code> file to <code>/etc/rc.conf.local</code> and
<i>delete the last line of the script!</i>
Otherwise, pull your existing <code>rc.conf</code> into the top of your
existing <code>rc.conf.local</code> file <i>and remove the last line</i>
before doing the rest of this process.
<p>
<li id="kern"><b>Modified kernel:</b><br>
Check whether you have made any modifications to your kernel.
For example, you might have modified your network device to use a
non-default setting using config(8).
Note your changes, so you can repeat them for the new 4.4 kernel.
</ul>
<p>
<hr>
<h2 id="upgrade">The upgrade process</h2>
<h3>Upgrading by install kernel</h3>
If you have access to the system's console, the easiest and safest way
to upgrade is to boot from install media or
<a href="faq4.html#bsd.rd">bsd.rd</a> and follow the upgrade steps,
which are very similar to the <a href="faq4.html">install process</a>.
Afterwards, complete the upgrade by following the <a href="#final">final
steps</a> as detailed below.
<p>
One easy way to boot from the install kernel is to place the 4.4 version
of <i>bsd.rd</i> in the root of your boot drive, then instruct the boot loader
to boot using this new <i>bsd.rd</i> file.
On amd64 and i386, you do this by entering "<code>boot bsd.rd</code>" at the
initial <code>boot></code> prompt.
<h3>Upgrading without install kernel</h3>
<i>This is NOT the recommended process. Use the install kernel method
if at all possible!</i>
<p>
Sometimes, one needs to do an upgrade of a machine when one can't easily
use the normal upgrade process.
The most common case is when the machine is in a remote location and you
don't have easy access to the system console.
One can usually do this by carefully following this process:
<ul>
<li><b>Place install files in a "good" location</b>.
Make sure you have sufficient space!
<p>
<li><b>Stop any "insecure" applications from starting at boot:</b>
There will be a time when PF will be unlikely to be running during this
upgrade process, but your applications may still start and run properly.
Any application dependent upon PF for security should be disabled
before this happens, and should not be re-enabled until proper PF
operation is verified after upgrade.
There may be other applications which you wish to keep from running
during the upgrade, stop and disable them as well.
<p>
<li><b>Check the kernel:</b>
Although <b>most people can skip this step</b>, if you had a modified kernel
in 4.3, it is likely you will need to modify the stock kernel of 4.4.
Especially when you are performing the upgrade process remotely, now is
the time to make sure the new kernel will work upon rebooting the machine.
If any changes must be made to the kernel, the safest thing to do is to
make those changes on a local 4.4 system.
This can be as simple as modifying a specific device using config(8),
or it can involve a recompilation if the option you need is not included
in the GENERIC kernel.
Please consult <a href="faq5.html">FAQ 5 - Building the system from source</a>
before considering to recompile your kernel.
<p>
<li><b>Install new kernel(s)</b>
<blockquote><pre>
<b>export RELEASEPATH=</b><i>/usr/rel</i> <i># where you put the files</i>
<b>cd ${RELEASEPATH}</b>
<b>rm /obsd ; ln /bsd /obsd && cp bsd /nbsd && mv /nbsd /bsd</b>
<b>cp bsd.rd bsd.mp /</b>
</pre></blockquote>
(if you are using the multiprocessor kernel, use<br>
<code> <b>rm /obsd ;
ln /bsd /obsd && cp bsd.mp /nbsd && mv /nbsd /bsd</b></code><br>
instead)
<p>
Note the extra steps for copying over the primary kernel: those are done
to ensure that there is always a valid copy of the kernel on the disk
that the system can boot from should there be a really badly timed power
outage or system crash.
<p>
<li><b>Install new <code>/etc/firmware</code> files and other critical
utilities:</b>
Some uploaded "firmware" files may have been updated, so
you may need to update the files in the <code>/etc/firmware</code> directory.
This will impact users of only a few devices, though all users can use
this step without harm.
To make sure your network is fully functional on reboot, the new kernel
will need updated <code>ifconfig</code> and <code>pfctl</code> utilities to be
configured properly after the reboot in the next step.
Again, it's something that all users can do without harm, but if you are
performing your remote upgrade over a <code>pppoe(4)</code> connection this
step can be crucial.
To extract the firmware files and utilities from <code>base44.tgz</code>,
use the following as root:
<blockquote><pre>
<b>tar -C / -xzphf ${RELEASEPATH}/base44.tgz ./etc/firmware ./sbin/ifconfig ./sbin/pfctl</b>
</pre></blockquote>
<p>
<li><b>Reboot on the new kernel:</b>
This might be a tempting step to skip, but it should be done now, as
usually, the new kernel will run old userland apps (such as the soon to
be important <code>reboot</code>!), but often a new userland will NOT
work on the old kernel.
<p>
<li><b>Install new userland applications.</b>
<i>Do NOT install <code>etc44.tgz</code> and <code>xetc44.tgz</code> now, because
that will overwrite your current configuration files!</i>
<blockquote><pre>
<b>export RELEASEPATH=</b><i>/usr/rel</i>
<b>cd ${RELEASEPATH}</b>
<b>tar -C / -xzphf base44.tgz</b>
<b>tar -C / -xzphf comp44.tgz</b>
<b>tar -C / -xzphf game44.tgz</b>
<b>tar -C / -xzphf man44.tgz</b>
<b>tar -C / -xzphf misc44.tgz</b>
<b>tar -C / -xzphf xbase44.tgz</b>
<b>tar -C / -xzphf xfont44.tgz</b>
<b>tar -C / -xzphf xserv44.tgz</b>
<b>tar -C / -xzphf xshare44.tgz</b>
</pre></blockquote>
Note: not all file sets will need to be installed for all applications,
however if you installed a file set originally, you should certainly
upgrade it with the new file set now.
<p>
Note: the files in <code>/etc</code> are handled separately below, so
<code>etc44.tgz</code> and <code>xetc44.tgz</code> are NOT unpacked here.
<p>
<li><b>Upgrade <code>/dev</code>.</b>
The new
<a href="https://man.openbsd.org/OpenBSD-4.4/i386/MAKEDEV">MAKEDEV</a>
file will be copied to /dev by the installation of
<code>base44.tgz</code>, so you simply need to do the following:
<blockquote><pre>
<b>cd /dev</b>
<b>./MAKEDEV all</b>
</pre></blockquote>
<p>
<li><b>Upgrade <code>/etc</code> as below</b>.
<p>
<li><b>Reboot</b>
</ul>
During this process,
<a href="https://man.openbsd.org/sendmail.8">sendmail(8)</a>
may produce some error messages like the following:
<p>
<code> Nov 1 12:47:05 puffy sm-mta[16733]: filesys_update failed: No such file or directory, fs=., avail=-1, blocksize=380204
</code>
<p>
These messages can be safely ignored for the moment, or you may wish to
halt sendmail(8) during the upgrade process.
Note that sendmail is not working properly at this point, and will need
to be restarted (as part of the reboot) before mail is expected to be
handled properly.
<p>
<hr>
<h2 id="final">Final steps</h2>
Whether you upgrade by using an install kernel and doing a formal
"upgrade" process, or do a "in-place" binary upgrade, there are certain
manual steps that have to be performed.
<h3 id="UsersGroups">1. New Users and Groups</h3>
New users are needed for
<a href="https://man.openbsd.org/rtadvd.8">rtadvd</a>,
and the upcoming ypldap(8).
Create the users and groups using
<a href="https://man.openbsd.org/useradd.8">useradd(8)</a>
<blockquote><pre>
<b>useradd -u92 -g=uid -c"IPv6 Router Advertisement Daemon" -d/var/empty -s/sbin/nologin _rtadvd</b>
<b>useradd -u93 -g=uid -c"YP to LDAP Daemon" -d/var/empty -s/sbin/nologin _ypldap</b>
</pre></blockquote>
<h3 id="etcUpgrade">2. Upgrading <code>/etc</code></h3>
<p>
You will want to extract the <code>etc44.tgz</code> files to a temporary
location:
<blockquote><pre>
<b>tar -C /tmp -xzphf ${RELEASEPATH}/etc44.tgz</b>
</pre></blockquote>
Files that can probably be copied from <code>etc44.tgz</code> "as is":
<blockquote><pre>
etc/magic
etc/netstart
etc/rc
etc/rc.conf
etc/security
etc/services
etc/mail/localhost.cf
etc/mail/sendmail.cf
etc/mail/submit.cf
etc/mtree/4.4BSD.dist
</pre></blockquote>
Note that it IS possible to locally modify these files, if this has been
done, do NOT copy over those files, and use the
<a href="#sysmerge">sysmerge(8) process</a> instead.
Pay special attention to <code>mail/*</code> if you are using something
other than the default Sendmail(8) configuration.
Here are copy/paste lines for copying these files, assuming you unpacked
<code>etc44.tgz</code> in the above recommended place:
<blockquote><pre>
<b>cd /tmp/etc
cp magic netstart rc rc.conf security services /etc
cp mtree/* /etc/mtree
cp mail/*.cf /etc/mail</b> <i># Careful on this one!!</i>
</pre></blockquote>
<p>
<h3 id="patchfile">3a. Merging locally changed files via a patch file</h3>
<i>Use either this patch file process OR the
<a href="#sysmerge">sysmerge</a> process below, not both.</i>
<p>
These files likely have local changes, but should be updated for
4.4. IF you have not altered these files, you can copy over the
new version, otherwise the changes must be merged with your files:
<blockquote><pre>
etc/changelist
etc/ftpusers
etc/hosts.lpd
etc/man.conf
etc/sudoers
etc/mail/aliases
etc/ssh/ssh_config
etc/ssh/sshd_config
</pre></blockquote>
The changes to these files are in <a href="upgrade44.patch">this
patch file</a>.
You can attempt to use this by executing the following as root:
<blockquote><pre>
<b>cd /</b>
<b>patch -C -p0 < upgrade44.patch</b>
</pre></blockquote>
This will test the patch to see how well it will apply to YOUR system;
to actually apply it, leave off the "<code>-C</code>" option.
Note that it is likely that if you have customized files or not kept
them closely updated, or are upgrading from a snapshot of 4.3, they may
not accept the patch cleanly.
In those cases, you will need to manually apply the changes.
Please test this process before relying on it for a machine you can not
easily get to.
<p>
The following files have had changes which should be looked at, but it
is unlikely they should be directly copied or merged (i.e., if you are
using pf.conf, look at the suggested change of strategy, and decide if
it is appropriate for your use).
<blockquote><pre>
etc/dhclient.conf
etc/pf.conf
var/www/conf/httpd.conf
</pre></blockquote>
<p>
There is a file that can be deleted as it is no longer used
in 4.4:
<blockquote><pre>
<b>rm /etc/dhcpd.interfaces</b>
</pre></blockquote>
Finally, use
<a href="https://man.openbsd.org/newaliases.8">newaliases(8)</a>
to update the aliases database,
<a href="https://man.openbsd.org/mtree.8">mtree(8)</a>
create any new directories:
<blockquote><pre>
<b>newaliases</b>
<b>mtree -qdef /etc/mtree/4.4BSD.dist -p / -u</b>
</pre></blockquote>
<h3 id="sysmerge">3b. Merging locally changed files via sysmerge(8)</h3>
<i>Use either this sysmerge(8) process, OR the
<a href="#patchfile">patchfile</a> process above, not both.</i>
<p>
The new
<a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a>
utility will compare the files that are actually on your system with
those that would be installed to a fresh install, and assist you in
merging the changes into your system.
Note that unlike the patch file, there are no assumptions made about
what is actually on your system, so you can use sysmerge(8) to move
between more arbitrary <a href="faq5.html#Flavors">points in the
development process</a>, such as from an earlier <i>-current</i> to
<i>4.4-release</i> or from one <i>-current</i> to a later one.
<p>
Please read the
<a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a>
manual page before using it on your system.
You are also advised to read the
<a href="https://man.openbsd.org/diff.1">diff(1)</a>,
<a href="https://man.openbsd.org/sdiff.1">sdiff(1)</a>
and even review
<a href="https://man.openbsd.org/more.1">more(1)</a>
manual pages before continuing.
<p>
Assuming the <code>etc44.tgz</code> and <code>xetc44.tgz</code> files exists in
your $RELEASEPATH, run it with:
<blockquote><pre>
# <b>sudo sysmerge -as $RELEASEPATH/etc44.tgz -x $RELEASEPATH/xetc44.tgz</b>
</pre></blockquote>
Sysmerge(8) will show you a unified
<a href="https://man.openbsd.org/diff.1">diff(1)</a>,
run through your favorite $PAGER (i.e.,
<a href="https://man.openbsd.org/more.1">more(1)</a>)
and ask you, for most changed files, if you wish to:
<blockquote><pre>
Use 'd' to delete the temporary ./var/www/htdocs/index.html
Use 'i' to install the temporary ./var/www/htdocs/index.html
Use 'm' to merge the temporary and installed versions
Use 'v' to view the diff results again
Default is to leave the temporary file to deal with by hand
</pre></blockquote>
<p>
If you wish to retain your existing file, delete the temporary file, if
you wish to replace your existing file with the new version, install the
temporary file.
If you wish to merge the two together, choosing 'm' will put you into
<a href="https://man.openbsd.org/sdiff.1">sdiff(1)</a>,
where you can manually merge the file.
The default is to come back and deal with the file later, manually.
<p>
While it can work, we do not recommend you use sysmerge to integrate new
users into the system, but rather use the useradd(8) line
<a href="#UsersGroups">above</a>.
We believe it is much less error prone.
(hint: do <i>not</i> <b>i</b>nstall the temporary master.passwd file
over your existing one!).
<p>
Sysmerge(8) saves all your replaced files into a temporary directory,
similar to <code>/var/tmp/sysmerge.24959/backups</code>, so if you accidentally
clobber something that was probably not such a good idea, you have a chance
to recover it. Note that
<a href="https://man.openbsd.org/daily.8">daily(8)</a>
cleans old files from this directory.
<h3 id="Kernchk">4. Checking the kernel</h3>
Note: <b>most people can skip this step!</b>
<p>
If you followed the instructions for the upgrade process without install
kernel, you have already completed this step.
However, if you used the install kernel, and if you had a modified kernel
in 4.3, it is likely you will need to modify the stock kernel of 4.4.
This can be as simple as modifying a specific device using config(8),
or it can involve a recompilation if the option you need is not included
in the GENERIC kernel.
Please consult <a href="faq5.html">FAQ 5 - Building the system from source</a>
before considering to recompile your kernel.
<h3 id="Pkgup">5. Upgrading packages</h3>
If you installed any packages on your system, you should upgrade them
after completing the upgrade of the base system.
Be aware, however, many packages will require further setup before
and/or after upgrading the package.
Check with the application's upgrade guide for details.
<p>
The following packages are known to have significant upgrade issues that
will impact a large number of users.
The fact that a package is not on this list doesn't mean it will have a
trivial upgrade.
You must do some homework on the applications YOU use.
<ul>
<li><b>ejabberd:</b> When upgrading ejabberd from 1.x to 2.x you will
need to dump and restore database as described at
<a href="https://www.ejabberd.im/migrate-host">https://www.ejabberd.im/migrate-host</a>.
<li><b>Postgresql:</b> you must dump your database before upgrade and
restore it after.
</ul>
<p>
The package tools support in-place updating using <code>pkg_add -u</code>.
For instance, to update all your packages, make sure <code>PKG_PATH</code> is
pointing to the 4.4 packages directory on your CD or nearest FTP mirror,
and use something like
<blockquote><pre>
#<b> pkg_add -ui -F update -F updatedepends</b>
</pre></blockquote>
where the <code>-u</code> indicates update mode, and <code>-i</code> specifies
interactive mode, so pkg_add will prompt you for input when it encounters
some ambiguity. Read the
<a href="https://man.openbsd.org/OpenBSD-4.4/pkg_add">pkg_add(1)</a>
manual page and the <a href="faq15.html">package management</a>
chapter of the FAQ for more information.
<p>
<a href="index.html">[FAQ Index]</a> |
<a href="upgrade43.html">[4.2 -> 4.3]</a> |
<a href="upgrade45.html">[4.4 -> 4.5]</a>
<hr>
<small>$OpenBSD: upgrade44.html,v 1.45 2021/03/15 10:18:43 jsg Exp $</small>
![[BACK]](/icons/back.gif){kind=icon}
Return to upgrade44.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www / faq