I probably should have checked the mailing lists before writing my last two blog posts on how I install and “beautify” an OpenBSD bare-metal install on a laptop because sure as I was done with the second one and shared it to my friends on Reddit, I saw the announcement that 6.8 was available. Well, probably a good time to show how I do an in-place upgrade of a running system. I heavily leverage this post from the main site, so I thought I should give it a shout out for its helpfulness!
First things first, I make sure I have patched up to the latest and greatest kernel of what I’ll now be calling the “old version” of OpenBSD:
# syspatch
I then make sure my firmware is fully upgraded:
# fw_update
Then, just for double-dog-sure’edness (I just made that compound word up on the spot), I reboot:
# reboot
By the way, I always have my laptop set to boot into Windows by default so that if it is “checked” at a border crossing (I always approach security with all of my devices powered down) it boots into a benign and mostly unused install of Windows. I know, it’s a bit “security through obscurity” but what the heck, right?
If this is the first upgrade for the system, I create a directory called /root/upgrade and then within it create subdirectories for the versions where I copy the files. I generally clean out the old one when I’m setting up a new one just to preserve a little disk space:
# mkdir /root/upgrade
# cd /root/upgrade
# mkdir 6.8
# cd 6.8
I now download all of the install files from the CDN using the built-in ftp client (I used to use wget but why install another port if you don’t need it <grin>):
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/base68.tgz
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/comp68.tgz
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/game68.tgz
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/man68.tgz
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/xbase68.tgz
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/xfont68.tgz
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/xserv68.tgz
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/xshare68.tgz
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/bsd
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/bsd.mp
# ftp https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/bsd.rd
For those who are extra paranoid like me, I always make sure I have a total of 11 files in this directory. Remember the name of the blog after all… <grin>
Now, you are about TO DO SOMETHING DANGEROUS to your system so don’t blame me if it goes awry. The sequence is very critical because you need to preserve an “old kernel” reboot command and only update the “base” install last. Otherwise you will get in a situation where you have the wrong userland files for the kernel you are running and things will get messy. So, here goes everything in the correct sequence:
# ln -f bsd obsd && cp bsd.mp /nbsd && mv /nbsd /bsd
# cp bsd.rd /
# cp bsd /bsd.sp
# sha256 -h /var/db/kernel.SHA256 /bsd
# cp /sbin/reboot /sbin/oreboot
# tar -C / -zxphf xshare68.tgz
# tar -C / -zxphf xserv68.tgz
# tar -C / -zxphf xfont68.tgz
# tar -C / -zxphf xbase68.tgz
# tar -C / -zxphf man68.tgz
# tar -C / -zxphf game68.tgz
# tar -C / -zxphf comp68.tgz
# tar -C / -zxphf base68.tgz
I then comment out all of my cool stuff in /etc/rc.conf.local and reboot using the old reboot command:
# /sbin/oreboot
You then need to update some other things as root:
# cd /dev
# ./MAKEDEV all
# installboot sd1
# sysmerge
# fw_update
I typically reboot (just to be safe) and then log in as root and update my packages:
# pkg_add -u
Finally, remove the old reboot command:
# rm /sbin/oreboot
Uncomment all of the cool stuff in your /etc/rc.conf.local and reboot. At this point you should be AOK and running the new kernel, userland and packages from the release version!
If you get stuck somewhere along the way, remember you can boot into single-user mode with:
boot> boot -s
You can then manually mount your filesystem and poke around to see what you need to fix. This should serve to reinforce why having physical possession of a machine trumps most of your security preparations and also reinforce the need to run a full-disk encryption (if you aren’t already).
I hope you found this post helpful!
Did you know that OpenBSD has a wonderful tool for this, called sysupgrade? First run syspatch, then sysupgrade and you are good to go!
Updating the packages is ofcourse still required.
I had no idea until now. Thanks!
Yes, sysupgrade appeared in OpenBSD 6.6.
Sorry to say this but this post could have been replaced by:
$ doas sysupgrade
;^)
What’s the point of running syspatch before sysupgrade?
There can be a bit more to it than that. Not a lot, but it could be important.
https://www.openbsd.org/faq/upgrade68.html
Read the sections “After the upgrade” and “Configuration and syntax changes”
I had to do a few of those.
TKS
Pingback: Quick and dirty version upgrades (OpenBSD) | 0ddn1x: tricks with *nix
Hi Bryan, So you didn’t mention what hardware (or I missed it). Is it what you mentioned in an earlier post (Thinkpad x220)? Thanks
It’s an X250