File: [local] / www / faq / upgrade72.html (download) (as text)
Revision 1.7, Thu May 2 19:32:53 2024 UTC (3 weeks, 4 days ago) by sthen
Branch: MAIN
CVS Tags: HEAD
Changes since 1.6: +2 -2 lines
fix section number for fw_update manual, it moved from 1 to 8 in 7.1
|
<!doctype html>
<html lang=en id=faq>
<title>OpenBSD Upgrade Guide: 7.1 to 7.2</title>
<meta charset=utf-8>
<meta name="description" content="OpenBSD Upgrade Process for 7.1 -> 7.2">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="../openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/faq/upgrade72.html">
<style>
dt { margin-left: 20px; float: left; }
dd { margin: 0 0 0 8em; }
</style>
<h2 id=OpenBSD>
<a href="../index.html">
<i>Open</i><b>BSD</b></a>
Upgrade Guide: 7.1 to 7.2
</h2>
<hr>
<p>
<a href="index.html">[FAQ Index]</a> |
<a href="upgrade71.html">[7.0 -> 7.1]</a>
<a href="upgrade73.html">[7.2 -> 7.3]</a>
<p>
<blockquote>
<p><i>
Upgrades are only supported from one release to the release immediately
following.</i>
<p>
<strong><i>Read through and understand this process before attempting it.
For critical or physically remote machines, test it on an identical,
local system first.
</i></strong></blockquote>
<h3 id="BeforeUpdate">Before using any upgrade method</h3>
<ul>
<li><b>Check available disk space in /usr.</b>
Verify that the <code>/usr</code> partition has a size of at least 1.1G.
With less space the upgrade may fail and you should consider reinstalling
the system instead.
<p>
<li><b>Read configuration and syntax changes and the
package upgrade instructions.</b>
There were several <a href="#ConfigChanges">configuration changes</a>
and <a href="#SpecialPackages">changes in packages</a> that may
require planning before starting the upgrade.
</ul>
<h3 id="UpgradeMethods">Upgrade Methods</h3>
<ul>
<li><b>Unattended Upgrade:</b>
The easiest method is an unattended upgrade using
<a href="https://man.openbsd.org/OpenBSD-7.2/sysupgrade.8">sysupgrade(8)</a>.
The program will download all the install sets, verify their signatures, and
reboot to perform the upgrade automatically. Once the unattended upgrade has
completed, continue <a href="upgrade72.html#AfterSets">below</a>.
<p>
<li><b>Interactive Upgrade:</b>
If you insist on leaving out some of the install sets, you will want to
perform an <a href="#InteractiveUpgrade">interactive upgrade</a>. (sysupgrade
upgrades with all install sets.)
<p>
<li><b>Manual Upgrade:</b>
The final option is using the <a href="#NoInstKern">manual upgrade process</a>.
(This is not recommended as it is the most error-prone method.)
</ul>
<hr>
<h3 id="InteractiveUpgrade">Interactive Upgrade</h3>
<ul>
<li><b>Get and verify <code>bsd.rd</code>.</b>
Download the ramdisk kernel and the cryptographically-signed checksum file
for your architecture.
<p>
<dl>
<dt><code>bsd.rd</code></dt>
<dd>
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/alpha/bsd.rd">alpha</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/amd64/bsd.rd">amd64</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/arm64/bsd.rd">arm64</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/armv7/bsd.rd">armv7</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/hppa/bsd.rd">hppa</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/i386/bsd.rd">i386</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/landisk/bsd.rd">landisk</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/luna88k/bsd.rd">luna88k</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/macppc/bsd.rd">macppc</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/octeon/bsd.rd">octeon</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/powerpc64/bsd.rd">powerpc64</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/riscv64/bsd.rd">riscv64</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/sparc64/bsd.rd">sparc64</a>]
</dd>
<dt><code>SHA256.sig</code></dt>
<dd>
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/alpha/SHA256.sig">alpha</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/amd64/SHA256.sig">amd64</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/arm64/SHA256.sig">arm64</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/armv7/SHA256.sig">armv7</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/hppa/SHA256.sig">hppa</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/i386/SHA256.sig">i386</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/landisk/SHA256.sig">landisk</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/luna88k/SHA256.sig">luna88k</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/macppc/SHA256.sig">macppc</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/octeon/SHA256.sig">octeon</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/powerpc64/SHA256.sig">powerpc64</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/riscv64/SHA256.sig">riscv64</a>]
[<a href="https://cdn.openbsd.org/pub/OpenBSD/7.2/sparc64/SHA256.sig">sparc64</a>]
</dd>
</dl>
<p>
Verify <code>bsd.rd</code> and <code>SHA256.sig</code> using
<a href="https://man.openbsd.org/OpenBSD-7.2/signify">signify(1)</a>:
<pre class="cmdbox">
$ <b>signify -C -p /etc/signify/openbsd-72-base.pub -x SHA256.sig bsd.rd</b>
Signature Verified
bsd.rd: OK<!--
--></pre>
<p>
<li> Next, boot from the install kernel, <code>bsd.rd</code>, retrieved
in the previous step. Place it in the root of your filesystem and
instruct the boot loader to boot this kernel. Once this kernel is
booted, choose the <code>(U)pgrade</code> option and follow the prompts.
<p>
<li>After the filesets have been installed, the system will reboot with
the upgraded kernel. Now continue <a
href="upgrade72.html#AfterSets">with the next step</a>:
</ul>
<hr>
<h3 id="AfterSets">After the Upgrade</h3>
<p>
After upgrading the sets, the system will reboot with the upgraded
kernel and run <a
href="https://man.openbsd.org/OpenBSD-7.2/sysmerge">sysmerge(8)</a>
during boot. In some cases, configuration files cannot be modified
automatically. Run
<pre class="cmdbox"> # <b>sysmerge</b><!-- --></pre>
to check and perform these <a href="#ConfigChanges">configuration
changes</a>.
<p>Next <a href="#RmFiles">remove the old files</a>.
Finish up by upgrading the packages using <code><b>pkg_add -u</b></code>.
<p>
You may wish to check the <a href="../errata72.html">errata page</a> for
any post-release fixes.
<p>
<hr>
<h2 id="NoInstKern">Manual Upgrade (without the install kernel)</h2>
<b style="color:#e00000">This is NOT the recommended process.
Use the unattended or interactive upgrade methods if at all possible!</b>
<p>
Sometimes, you need to perform an upgrade of a machine for which the normal
unattended or interactive upgrade process is not possible.
<h3>Preparation</h3>
<ul>
<li><b>Place install files in a good location.</b>
Make sure you have sufficient space!
Running out of space on a remote upgrade could be...unfortunate.
Note that using softdeps can exacerbate the situation as deleted and
overwritten files do not release their space immediately.
Consider disabling the <code>softdep</code> mount option in
<code>/etc/fstab</code> and rebooting before undertaking a manual upgrade.
Having at least 500MB free on <code>/usr</code> would be recommended.
<p>
<li><b>Become root.</b>
While using
<a href="https://man.openbsd.org/OpenBSD-7.2/doas">doas(1)</a>
before each command is generally a good practice, the command will likely
be broken by the last steps, so you should become root before starting
this process.
It might be good to verify your access to root using a method other than
doas at this point, i.e., direct login or using
<a href="https://man.openbsd.org/OpenBSD-7.2/su">su(1)</a>.
<p>
<li><b>Stop and/or disable any appropriate applications.</b>
During this process, all the userland applications will be replaced but
may not be runnable, and strange things may happen as a result.
You may also have issues with DNS resolution during the first reboot, so
PF rules and NFS mounts dependent upon DNS may cause boot-up problems.
There may be other applications which you wish to keep from running
immediately after the upgrade; stop and disable them as well.
<p>
<li><b>Install new boot blocks.</b>
This should actually be done at the end of any upgrade.
If this has been neglected, then failure to do this now may break serial
console or other things, depending on your platform.
Use <a href="https://man.openbsd.org/OpenBSD-7.2/amd64/installboot">
installboot(8)</a>, assuming <code>sd0</code> is your boot disk:
<pre class="cmdbox">
# <b>installboot sd0</b><!--
--></pre>
</ul>
<h3>Upgrading manually</h3>
<ul>
<li><b>Install new kernels.</b>
The extra steps for copying over the primary kernel are done
to ensure that there is always a valid kernel on the disk.
<p>
If using the multiprocessor kernel:
<pre class="cmdbox">
# <b>cd /usr/rel</b> # where you put the release files
# <b>ln -f /bsd /obsd && cp bsd.mp /nbsd && mv /nbsd /bsd</b>
# <b>cp bsd.rd /</b>
# <b>cp bsd /bsd.sp</b><!--
--></pre>
If using the single processor kernel:
<pre class="cmdbox">
# <b>cd /usr/rel</b> # where you put the release files
# <b>ln -f /bsd /obsd && cp bsd /nbsd && mv /nbsd /bsd</b>
# <b>cp bsd.rd bsd.mp /</b> # may give a harmless warning<!--
--></pre>
<p>
<li><b>Enable KARL.</b>
Store the kernel's checksum:
<pre class="cmdbox">
# <b>sha256 -h /var/db/kernel.SHA256 /bsd</b> <!--
--></pre>
<p>
<li><b>Install new userland.</b>
Save a copy of reboot(8), extract and install the release tarballs, reboot.
Install <code>base72.tgz</code> last, because the new base system,
in particular <a href="https://man.openbsd.org/OpenBSD-7.2/tar">tar(1)</a>,
<a href="https://man.openbsd.org/OpenBSD-7.2/gzip">gzip(1)</a> and
<a href="https://man.openbsd.org/OpenBSD-7.2/reboot">reboot(8)</a>,
will not work with the old kernel.
Either untar the needed filesets manually:
<pre class="cmdbox">
# <b>cp /sbin/reboot /sbin/oreboot</b>
# <b>tar -C / -xzphf xshare72.tgz</b>
# <b>tar -C / -xzphf xserv72.tgz</b>
# <b>tar -C / -xzphf xfont72.tgz</b>
# <b>tar -C / -xzphf xbase72.tgz</b>
# <b>tar -C / -xzphf man72.tgz</b>
# <b>tar -C / -xzphf game72.tgz</b>
# <b>tar -C / -xzphf comp72.tgz</b>
# <b>tar -C / -xzphf base72.tgz</b> # Install last!
# <b>/sbin/oreboot</b><!--
--></pre>
or, if you use
<a href="https://man.openbsd.org/OpenBSD-7.2/ksh">ksh(1)</a>, you can do:
<pre class="cmdbox">
# <b>cp /sbin/reboot /sbin/oreboot</b>
# <b>for _f in [!b]*72.tgz base72.tgz; do tar -C / -xzphf "$_f" || break; done</b>
# <b>/sbin/oreboot</b><!--
--></pre>
Note that <a href="https://man.openbsd.org/OpenBSD-7.2/tar">tar(1)</a>
can expand only one archive per invocation, so a simple glob won't work.
<p>
<li><b>After reboot, update <code>/dev</code>.</b>
Run
<a href="https://man.openbsd.org/OpenBSD-7.2/amd64/MAKEDEV">MAKEDEV(8)</a>:
<pre class="cmdbox">
# <b>cd /dev</b>
# <b>./MAKEDEV all</b><!--
--></pre>
<p>
<li><b>Update the boot loader.</b>
Still assuming <code>sd0</code> is your boot disk:
<pre class="cmdbox">
# <b>installboot sd0</b><!--
--></pre>
<p>
<li><b>Update system configuration files.</b>
Run <a href="https://man.openbsd.org/OpenBSD-7.2/sysmerge">sysmerge(8)</a>:
<pre class="cmdbox">
# <b>sysmerge</b><!--
--></pre>
<p>
<li><b>Update firmware.</b>
There may be new firmware for your system.
Update it with
<a href="https://man.openbsd.org/OpenBSD-7.2/fw_update">fw_update(8)</a>:
<pre class="cmdbox">
# <b>fw_update</b><!--
--></pre>
<p>
<li><b>Finish up.</b>
Review the console output from boot (using <code><b>dmesg -s</b></code>)
and correct any failures as necessary.
All the steps following <a href="#ConfigChanges">configuration changes</a>
below also apply to manual upgrades.
Finally, remove <code><b>/sbin/oreboot</b></code> and update packages:
<code><b>pkg_add -u</b></code>.
Reboot once more to make sure you use the newest firmware files
and run on your own kernel generated by KARL.
</ul>
<p>
<hr>
<h3 id="ConfigChanges">Configuration and syntax changes</h3>
<ul>
<li><b>pluart(4).</b> Hardware using pluart(4), such as the Raspberry Pi,
has the wrong baud rate in <code>/etc/ttys</code> making the serial
console unusable.
<p>
Change the baud rate from 38400 to 115200 for the console entry in
<code>/etc/ttys</code>.
<p>
<li><b>rc.d(8).</b> The use of ${rcexec} in rc.d scripts has been deprecated.
<p>
The ${rcexec} variable used to start daemons with rc.d(8) has been
replaced with a more complete rc_exec() function.
<p>
Handcrafted rc.d(8) scripts must be modified to use this new function:
<pre class="cmdbox">
# <b>sed -i 's/\${rcexec}/rc_exec/' /etc/rc.d/myscript</b><!--
--></pre>
<p>
Compatibility will be retained until next release.
<p>
<li><b>snmpd(8) / snmpd.conf(5).</b> snmpd.conf's
<code>filter-pf-addresses</code> has been deprecated.
<p>
If you have <code>filter-pf-addresses yes</code> in your config, it should be
changed to <code>blocklist pfTblAddrTable</code>.
<p>
<li><b>switchd(8).</b> switchd(8) and switch(4) have been removed.
</ul>
<h3 id="RmFiles">Files to remove</h3>
<ul>
<li><b>switch(4)</b> and <b>switchd(8)</b> have been removed from the base
system.
<p>
To cleanup the user, group, and associated files execute the following
commands:
<pre class="cmdbox">
# userdel _switchd
# groupdel _switchd
# rm /etc/rc.d/switchd \
/usr/sbin/switchctl \
/usr/sbin/switchd \
/usr/share/man/man4/switch.4 \
/usr/share/man/man5/switchd.conf.5 \
/usr/share/man/man8/switchctl.8 \
/usr/share/man/man8/switchd.8<!--
--></pre>
</ul>
<h3 id="SpecialPackages">Special packages</h3>
<ul>
<li><b>databases/openldap.</b>
The OpenLDAP packages have been updated to the 2.6 branch which has
changes that will affect many users of the server ("slapd").
<p>
<b>Backup before updating</b>, and be prepared for a more complicated
upgrade than usual. Some pointers are given here, but you should also
consult the upstream documentation regarding upgrades.
<p>
OpenLDAP no longer supports the BDB/HDB legacy database formats
based on Berkeley DB. If you are using BDB/HDB, you will need to
prepare in advance so that you can move to MDB.
<p>
Before updating, stop slapd and use <code>slapcat</code> to dump your
database(s) to ldif files. (Saving ldif files is recommended as part
of your regular maintenance anyway, but particularly important at
this time).
<p>
Adjust the backend database in your configuration to use
mdb instead of bdb/hdb. If you are using the old-style
<code>/etc/openldap/slapd.conf</code> config file, this is relatively
straightforward. If you are using upstream's recommended online
configuration ("cn=config"), this is normally edited "in-band" via
LDAP, but you might find it difficult to make this type of change
in the usual way. Instead, you can export to ldif with
<code>slapcat -n 0</code>, edit the exported file, then reload with
<code>slapadd -n 0</code>. Do not edit the ldif files in
<code>/etc/openldap/slapd.d</code> directly.
<p>
Regarding the actual changes you need to make: for the simplest case
you just need to change "bdb" to "mdb". slapd-bdb(5) has various
tuning options which are not used by slapd-mdb(5) (for example,
cachesize) - these will need to be removed. For more information,
consult the upstream documentation.
<p>
After restarting with the updated configuration, you will need to
reload your database from the ldif file using slapadd (or if you are
updating a read-only replica you could let syncrepl pick it up).
<p>
The openldap-server package has changed to a modular build.
<p>
The most important backend and overlay (mdb and syncprov) are still
compiled-in as before, but if you use the less common ones
(including backends like back_perl) you will need to adjust your
configuration to load them. If you use online configuration, see
"olcModuleLoad". If you use slapd.conf, see "moduleload".
<p>
<li><b>editors/vim.</b>
Vim includes <a href="https://github.com/vim/colorschemes">new colour
schemes</a> that aim to be more consistent in different environments
(e.g. between text and gui versions), but in some cases result in a
significant change, especially for the text version.
<p>
If you find the changes unwelcome, the OpenBSD package includes a
copy of the old colour schemes under the <code>legacy</code>
subdirectory to make it easier to revert if desired. You can use
the subdirectory directly in <code>colorscheme</code> in your
configuration, but as these are not included as standard in upstream
Vim, if you share config files between various machines you may wish
to copy the relevant files from
<code>/usr/local/share/vim/vim82/colors/legacy</code> to
<code>~/.vim/colors</code> which take priority.
<p>
<li><b>inputmethods/fcitx.</b>
Fcitx splits some input methods into different packages and requires
manual reconfiguration after upgrade.
<p>
PinYin is no longer bundled. You will need to install
<code><b>fcitx-chinese-addons</b></code> to use it.
<p>
Methods previously provided by the fcitx-table package have been split
into two packages:
<ul>
<li>For CangJie / ShuangPin / WuBi / ErBi / ZiRanMa, install
<code><b>fcitx-chinese-addons</b></code>.
<li>For ZhengMa / Boshiamy / Quick and other WuBi / CangJie tables,
install <code><b>fcitx-table-extra</b></code>.
</ul>
<p>
If you are starting fcitx from <code>.xsession</code>, update it with
the following:
<pre class="cmdbox">
<b>export XMODIFIERS=@im=fcitx</b>
<b>export GTK_IM_MODULE=fcitx</b>
<b>export QT_IM_MODULE=fcitx</b>
<b>/usr/local/bin/fcitx5 &</b><!--
--></pre>
<p>
You might need to re-run <code>fcitx5-configtool</code>
to reconfigure your input method.
<p>
To setup an input engine, run <code>fcitx5-configtool</code> after
starting fcitx5, then select and add your preferred input method from
the Available Input Method panel. You might need to uncheck 'Only Show
Current Language' to find your preferred input method.
<p>
After restarting with the updated configuration, fcitx should be
usable. Refer to <code>/usr/local/share/doc/pkg-readmes/fcitx</code>
if something doesn't work or you need to troubleshoot.
<p>
<li><b>lang/python.</b>
Python 3.8 has been removed.
<p>
<li><b>net/isc-bind.</b>
For the 9.18.x releases, ISC BIND has completely removed a number of
obsolete configuration options. The presence of any of these options
will cause startup to fail.
<pre class="cmdbox">
acache-cleaning-interval
acache-enable
additional-from-auth
additional-from-cache
allow-v6-synthesis
cleaning-interval
dnssec-enable
dnssec-lookaside
filter-aaaa
filter-aaaa-on-v4
filter-aaaa-on-v6
geoip-use-ecs
lwres
max-acache-size
nosit-udp-size
queryport-pool-ports
queryport-pool-updateinterval
request-sit
sit-secret
support-ixfr
use-queryport-pool
use-ixfr<!--
--></pre>
<p>
<li><b>www/sogo.</b>
With the update of SOGo to 5.7.1, sogod may fail to start if you don't
have WOPort explicitly configured.
To set the WOPort explicitly to the prior default, execute the following
command as the _sogod user.
<pre class="cmdbox">
defaults write sogod WOPort 127.0.0.1:20000<!--
--></pre>
</ul>
<a href="index.html">[FAQ Index]</a> |
<a href="upgrade71.html">[7.0 -> 7.1]</a>
<a href="upgrade73.html">[7.2 -> 7.3]</a>
<hr>
<small>$OpenBSD: upgrade72.html,v 1.7 2024/05/02 19:32:53 sthen Exp $</small>
![[BACK]](/icons/back.gif){kind=icon}
Return to upgrade72.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www / faq