OpenBSD Upgrade Guide: 4.1 to 4.2

[FAQ Index] | [4.0 -> 4.1] | [4.2 -> 4.3]

Note: Upgrades are only supported from one release to the release immediately following it. Do not skip releases.

It is highly recommended that you read through and fully understand this process before attempting it. If you are doing it on a critical or physically remote machine, it is recommended that you test this process on an identical, local system to verify its success before attempting on a critical or remote computer.

Upgrading is a convenient way to bring your OpenBSD system up to the most recent version. However, the results are not intended to precisely match the results of a wipe-and-reload installation. Old library files in particular are not removed in the upgrade process, as they may be required by older applications that may or may not be upgraded at this time. If you REALLY wish to get rid of all these old files, you are probably better off reinstalling from scratch.

Table of Contents:

• Before upgrading
  • Packages are now using libexpat shipped with X; xbase42.tgz is your friend
  • Enter X.org v7.2, exit XF3
  • Updated ahci driver may change how disks are handled
  • bgpd filter language change
  • SSH protocol 1 discouraged on new installs
  • Changes in the way sudo(8) passes environment
  • [alpha Only] Some de(4) NICs will become dc(4)
  • [i386 Only] apm(4) takes precedence over acpi(4)
  • rc.conf
  • Modified kernel
• The upgrade process
• Final steps
  • Upgrading /etc
  • Checking the kernel
  • X configuration files
  • Upgrading packages

Before upgrading: things to think about and be aware of

• Packages are now using libexpat shipped with X; xbase42.tgz is your friend:
  The libexpat port has been removed. Packages now use the libexpat which is shipped with X instead. Many packages depend on libexpat through other dependencies. For instance, many packages require gettext which depends on libexpat. Therefore, these packages also depend on libexpat.

  This means that many systems that weren't using X before will now need to have xbase42.tgz installed. If you don't do this and try to install a package that requires libexpat, pkg_add(1) will give an error message.

  Also note that building ports is only supported with a full installation, including all X file sets.

  Finally, after upgrading all your packages to the 4.2 versions, clean up by removing the old expat package from your system:

  # pkg_delete expat
  

  This will impact a large number of users! This was an unfortunate decision whose ramifications were not recognized earlier in the process. For 4.3, libexpat will be part of base43.tgz, solving this problem.

• Enter X.org v7.2, exit XF3:
  A new version of X is in OpenBSD 4.2. Your old X configuration may need to be adjusted, but many people will find they don't need an X configuration file at all anymore.

  As OpenBSD adapts to the newest versions of X.org, support for XF3 on the i386 platform (the only platform it was used on still) has been dropped. XF3 was needed only for some very old video chips which were not supported by XF4 and X.org. It is not believed this will impact many people.

  The new X.org version changes a lot of config files, so there is a separate section to this upgrade process for X users.

• Updated ahci driver may change how disks are handled:
  Systems using the ahci(4) driver may find SATA disks which had been recognized and handled by the wd(4) (i.e., wd0) to become sd(4) (i.e., sd0) devices. Watch the dmesg output at boot. A drive which turned up earlier as:

  pciide1 at pci0 dev 31 function 2 "Intel 82801GBM AHCI SATA" rev 0x02: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI
  pciide1: using apic 2 int 11 (irq 11) for native-PCI interrupt
  wd0 at pciide1 channel 0 drive 0: <FUJITSU MHV2080BH>
  wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
  wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
  

  now instead turns up as:

  ahci0 at pci0 dev 31 function 2 "Intel 82801GBM AHCI SATA" rev 0x02: AHCI 1.1: apic 2 int 16 (irq 11)
  scsibus1 at ahci0: 32 targets
  sd0 at scsibus1 targ 0 lun 0: <ATA, FUJITSU MHV2080B, 0084> SCSI2 0/direct fixed
  sd0: 76319MB, 76319 cyl, 64 head, 32 sec, 512 bytes/sec, 156301488 sec total
  

  This will cause problems for people doing remote upgrades of these machines, as if the fstab file is not "correct", the system will not complete booting. Unfortunately, how the driver handles the disk is dependent upon a lot of things including BIOS configurations, so IF one has an AHCI SATA interface, one will have to experiment with a similarly configured local machine to see if the /etc/fstab file will need to be re-worked.

  It is believed very few people will be hit by this now, as ahci(4) devices are moderately rare on existing hardware, though becoming much more common now.

• bgpd filter language change:
  bgpd filters using only prefixlen as filter parameter now need to include an address family identifier like inet or inet6:

  allow from any inet prefixlen 8 - 24
  deny from any inet6 prefixlen > 64
  

  As a reminder, bgplg and associated binaries are disabled at install/upgrade time. If you use them, they must be re-enabled as described in bgplg(8).

• SSH protocol 1 discouraged on new installs:
  New OpenBSD installs will default to not accepting SSH v1 connections. This upgrade process will not replace the /etc/ssh configuration files, but you may wish to manually do this to gain the new behavior. The following diff shows what has changed on new installs:

  --- ./etc/ssh/sshd_config       Sat Mar 10 20:31:32 2007
  +++ ../42/etc/ssh/sshd_config   Tue Aug 28 11:59:52 2007
  @@ -11,3 +11,2 @@
   #Port 22
  -#Protocol 2,1
   #AddressFamily any
  @@ -15,2 +14,7 @@
   #ListenAddress ::
  +
  +# Disable legacy (protocol version 1) support in the server for new
  +# installations. In future the default will change to require explicit
  +# activation of protocol 1
  +Protocol 2
  
  

  Again, this change is NOT part of the standard upgrade process.

• Changes in the way sudo(8) passes environment:
  For security reasons sudo(8) will now reset the environment to a small default set with only certain variables preserved from the previous environment.

  In order for many things to continue to work as expected, the patch file below will add a "Defaults env_keep" line to your /etc/sudoers file and otherwise try to make the file look like the one in etc42.tgz, but will possibly fail. You will want to make sure your sudoers file contains a line that looks something like:

  %wheel       ALL=(ALL) SETENV: ALL
    -- or --
  %wheel       ALL=(ALL) NOPASSWD: SETENV: ALL
  

  assuming you wish "wheel" group users to have full sudo rights. It would probably be wise to test sudo(8) for proper operation before logging out of the system after the patch file is applied.

• [alpha Only] Some de(4) NICs will become dc(4):
  On the alpha platform, some NICs which had been supported by the de(4) driver will now be supported by dc(4).

  IF your NIC is one of these, you will need to alter at least your /etc/hostname.deX (hint: hard link) and your pf.conf files as appropriate.

  Again, this is only on the alpha platform.

• [i386 Only] apm(4) takes precedence over acpi(4)
  The device detection on i386 has been modified to make apm(4) take precedence over acpi(4). It means that if your hardware has both apm and acpi devices, only apm will attach. If for some reason you prefer to use acpi, disable apm on your acpi-enabled kernel using config(8) or boot -c.

• rc.conf:
  Unlike earlier versions of this process, since 4.1 it is assumed that /etc/rc.conf is not a user-altered file. If you have made changes to your /etc/rc.conf file, merge those changes into /etc/rc.conf.local. If you have NO /etc/rc.conf.local, simply copy your existing /etc/rc.conf file to /etc/rc.conf.local and delete the last line of the script! Otherwise, pull your existing rc.conf into the top of your existing rc.conf.local file and remove the last line before doing the rest of this process.

• Modified kernel:
  Check whether you have made any modifications to your kernel. For example, you might have modified your network device to use a non-default setting using config(8). Note your changes, so you can repeat them for the new 4.2 kernel.

The upgrade process

Upgrading by install kernel

One easy way to boot from the install kernel is to place the 4.2 version of bsd.rd in the root of your boot drive, then instruct the boot loader to boot using this new bsd.rd file. On amd64 and i386, you do this by entering "boot bsd.rd" at the initial boot> prompt.

Upgrading without install kernel

Sometimes, one needs to do an upgrade of a machine when one can't easily use the normal upgrade process. The most common case is when the machine is in a remote location and you don't have easy access to the system console. One can usually do this by carefully following this process:

• Place install files in a "good" location. Make sure you have sufficient space!

• Stop any "insecure" applications from starting at boot: There will be a time when PF will be unlikely to be running during this upgrade process, but your applications may still start and run properly. Any application dependent upon PF for security should be disabled before this happens, and should not be re-enabled until proper PF operation is verified after upgrade. There may be other applications which you wish to keep from running during the upgrade, stop and disable them as well.

• Check the kernel: Although most people can skip this step, if you had a modified kernel in 4.1, it is likely you will need to modify the stock kernel of 4.2. Especially when you are performing the upgrade process remotely, now is the time to make sure the new kernel will work upon rebooting the machine. If any changes must be made to the kernel, the safest thing to do is to make those changes on a local 4.2 system. This can be as simple as modifying a specific device using config(8), or it can involve a recompilation if the option you need is not included in the GENERIC kernel. Please consult FAQ 5 - Building the system from source before considering to recompile your kernel.

• Install new kernel(s)

  export RELEASEPATH=/usr/rel   # where you put the files
  cd ${RELEASEPATH}
  rm /obsd ; ln /bsd /obsd && cp bsd /nbsd && mv /nbsd /bsd
  cp bsd.rd bsd.mp /
  

  Note the extra steps for copying over the primary kernel: those are done to ensure that there is always a valid copy of the kernel on the disk that the system can boot from should there be a really badly timed power outage or system crash.

• Install new /etc/firmware files: Due to the fact that some uploaded "firmware" files may have been updated, you may need to update the files in the /etc/firmware directory. This will impact users of only a few devices, though all users can use this step without harm. To extract the firmware files from base42.tgz, use the following as root:

  cd /
  tar -C / -xzphf ${RELEASEPATH}/base42.tgz ./etc/firmware
  

• Reboot on the new kernel: This might be a tempting step to skip, but it should be done now, as usually, the new kernel will run old userland apps (such as the soon to be important reboot!), but often a new userland will NOT work on the old kernel.

• Install new userland applications. Do NOT install etc42.tgz and xetc42.tgz now, because that will overwrite your current configuration files!

  export RELEASEPATH=/usr/rel
  cd ${RELEASEPATH}
  tar -C / -xzphf base42.tgz
  tar -C / -xzphf comp42.tgz
  tar -C / -xzphf game42.tgz
  tar -C / -xzphf man42.tgz
  tar -C / -xzphf misc42.tgz
  tar -C / -xzphf xbase42.tgz
  tar -C / -xzphf xfont42.tgz
  tar -C / -xzphf xserv42.tgz
  tar -C / -xzphf xshare42.tgz
  

  Note: not all file sets will need to be installed for all applications, however if you installed a file set originally, you should certainly upgrade it with the new file set now.

  Note: the files in /etc are handled separately below, so etc42.tgz and xetc42.tgz are NOT unpacked here.

• Upgrade /dev. The new MAKEDEV file will be copied to /dev by the installation of base42.tgz, so you simply need to do the following:

  cd /dev
  ./MAKEDEV all
  

• Upgrade /etc as below.

• Reboot

    Nov 1 12:47:05 puffy sm-mta[16733]: filesys_update failed: No such file or directory, fs=., avail=-1, blocksize=380204

Final steps

1. Upgrading /etc

You will want to extract the etc42.tgz files to a temporary location:

tar -C /tmp -xzphf ${RELEASEPATH}/etc42.tgz

etc/magic
etc/man.conf
etc/netstart
etc/rc
etc/rc.conf
etc/rpc
etc/services
etc/mail/helpfile
etc/mail/localhost.cf
etc/mail/sendmail.cf
etc/mail/submit.cf
etc/mtree/4.4BSD.dist
etc/mtree/BSD.local.dist
etc/mtree/special

cd /tmp/etc
cp magic man.conf netstart rc rc.conf rpc services /etc
cp mtree/* /etc/mtree/
cp mail/helpfile mail/localhost.cf mail/submit.cf /etc/mail
cp mail/sendmail.cf /etc/mail     # Careful on this one!!

Files that must be manually merged, respecting any local changes made to them, if they were modified from the default, otherwise, just copy them over, too:

etc/ntpd.conf
etc/sensorsd.conf
etc/ssh/ssh_config
etc/ssl/x509v3.cnf
etc/sudoers
etc/sysctl.conf
etc/wsconsctl.conf
var/www/conf/httpd.conf

cd /
patch -C -p0 < upgrade42.patch

The following files have had changes which should be looked at, but it is unlikely they should be directly copied or merged (i.e., if you are using bgpd.conf, look at the suggested change of strategy, and decide if it is appropriate for your use).

etc/bgpd.conf
etc/mail/spamd.conf
etc/ospfd.conf
etc/ssh/sshd_config

newaliases
mtree -qdef /etc/mtree/4.4BSD.dist -p / -u

2. Checking the kernel

If you followed the instructions for the upgrade process without install kernel, you have already completed this step. However, if you used the install kernel, and if you had a modified kernel in 4.1, it is likely you will need to modify the stock kernel of 4.2. This can be as simple as modifying a specific device using config(8), or it can involve a recompilation if the option you need is not included in the GENERIC kernel. Please consult FAQ 5 - Building the system from source before considering to recompile your kernel.

3. X configuration files

The files you are most likely to want to save a copy of are /etc/X11/xorg.conf and /etc/X11/xinit/xinitrc. As X now often works with NO xorg.conf file, you may wish to try it without one before you copy your file back.

Unpack xetc42.tgz as you would other file sets:

export RELEASEPATH=/usr/rel
cd ${RELEASEPATH}
tar -C / -xzphf xetc42.tgz

4. Upgrading packages

The following package is known to have significant upgrade issues that will impact a large number of users. The fact that a package is not on this list doesn't mean it will have a trivial upgrade. You must do some homework on the applications YOU use.

• xfce: Configuration base directory and files have completely changed. You will probably have to re-create your configuration from scratch.

Before continuing, there are some major changes in the 4.2 release which you should know about:

• The libexpat port has been removed, and packages are now using the libexpat shipped with X11 instead. Many packages depend on libexpat through other dependencies. For instance, all the packages which require gettext also depend on libexpat. This means that before you can add or upgrade packages, you most likely need to have xbase42.tgz installed, even if the packages you are installing don't have a graphical operation. Refer to the FAQ about adding xbase42.tgz to an installed system. If you don't do this and try to install a package that requires libexpat, pkg_add(1) will give an error message.
• If you are using pkg_add(1) in combination with sudo(8), you will need to change your /etc/sudoers as the patch file attempts to. See changes in sudo(8) for more info.

# pkg_add -ui -F update -F updatedepends

You will very possibly see something like this when running the above command:

Looking for updates: complete
Cannot find updates for expat-2.0.0
Proceed? [y/N]

Finally, after upgrading all your packages, clean up by removing the old expat package from your system:

# pkg_delete expat

[FAQ Index] | [4.0 -> 4.1] | [4.2 -> 4.3]