[3.4 -> 3.5] | [3.5 -> 3.6] | [3.6 -> 3.7] | [3.7 -> 3.8] | [3.9 -> 4.0] | [FAQ Index]
It is highly recommended that you read through and fully understand this process before attempting it. If you are doing it on a critical or physically remote machine, it is recommended that you test this process on an identical, local system to verify its success before attempting on a critical or remote computer.
Upgrading is a convenient way to bring your OpenBSD system up to the most recent version. However, the results are not intended to precisely match the results of a wipe-and-reload installation. Old library files in particular are not removed in the upgrade process, as they may be required by older applications that may or may not be upgraded at this time. If you REALLY wish to get rid of all these old files, you are probably better off reinstalling from scratch.
Table of Contents:
Due to the addition of debugging symbols, the size of library files has increased very significantly. For instance, on the i386 platform, the size taken up by the /usr/lib directory went up from 47.7MB in 3.8 to 209MB in 3.9. Make sure you have sufficient space available before starting the upgrade.
Check whether you have made any modifications to your kernel. For example, you might have modified your network device to use a non-default setting using config(8). Note your changes, so you can repeat them for the new 3.9 kernel.
pfsync(4) has changed format, so it can not keep state between a 3.8 and a 3.9 box. Mismatched systems will lose all connections when you switch which box is master, as states will not be transfered between systems. You can minimize the impact of this by upgrading your backup boxes first, so there is only one loss of active states.
carp(4) users with more than one address on a single carp(4) interface may experience another bump when upgrading: interfaces are sorted by address now, so having aliases in exactly the same order is not as critical as it was in the past. It does mean, however, there may be problems between old and new systems. You can sort aliases manually on the old systems to work around this problem if necessary.
ftp-proxy(8) has changed, as detailed below, so your pf.conf(5) file may need to be updated.
ancontrol(8) has been replaced by additional functionality in ifconfig(8). This may impact how you configure your wireless interfaces.
Sometimes, one needs to do an upgrade of a machine when one can't easily use the normal upgrade process. One can usually do this by carefully following a process similar to building the system from source:
export RELEASEPATH=/yourpath
cd ${RELEASEPATH}
rm /obsd ; ln /bsd /obsd && cp bsd /nbsd && mv /nbsd /bsd
cp bsd.rd bsd.mp /
Note the extra steps for copying over the primary kernel: those are done
to ensure that there is always a valid copy of the kernel on the disk
that the system can boot from should there be a really badly timed power
outage or system crash.
cd /
tar xzpf ${RELEASEPATH}/base39.tgz "*etc/firmware/*"
export RELEASEPATH=/yourpath
cd /
tar xzpf ${RELEASEPATH}/base39.tgz
tar xzpf ${RELEASEPATH}/comp39.tgz
tar xzpf ${RELEASEPATH}/game39.tgz
tar xzpf ${RELEASEPATH}/man39.tgz
tar xzpf ${RELEASEPATH}/misc39.tgz
tar xzpf ${RELEASEPATH}/xbase39.tgz
tar xzpf ${RELEASEPATH}/xfont39.tgz
tar xzpf ${RELEASEPATH}/xserv39.tgz
tar xzpf ${RELEASEPATH}/xshare39.tgz
Note: not all file sets will need to be installed for all applications,
however if you installed a file set originally, you should certainly
upgrade it with the new file set now.
Note: the files in /etc are handled separately below, so etc39.tgz and xetc39.tgz are NOT unpacked here.
cd /dev
./MAKEDEV all
Nov 1 12:47:05 puffy sm-mta[16733]: filesys_update failed: No such file or dire
ctory, fs=., avail=-1, blocksize=380204
These messages can be safely ignored, or you may wish to halt
sendmail(8) during the upgrade process.
echo 'ftpproxy_flags=""' >> /etc/rc.conf.local
The new proxy uses anchors to allow data connections, which means that your existing /etc/pf.conf must be adapted. In the NAT section you need:
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
They are mandatory, even if you don't use NAT otherwise.
The following rule, that is probably already there for the old ftp-proxy,
must stay:
rdr pass on $int_if proto tcp from $lan to any port 21 -> \
127.0.0.1 port 8021
In the rules section, this is needed:
anchor "ftp-proxy/*"
Rules that allow the proxy to make FTP control connections
(destination port 21/tcp) must stay.
Rules that allow FTP data connections are no longer needed.
Those rules may contain "user proxy" or "to port > 49151".
Care has been taken to keep the command line switches similar, but some
differ.
See the
ftp-proxy(8)
man page.
One case warrants special mention: if you have old clients that rely on active mode data connections which use 20/tcp as a source port, you need the '-r' switch (for this you had to run the old proxy with "-u root").
Run ftp-proxy with "-d -D7" if you run into trouble and want to diagnose what's happening.
cd /tmp
tar xzpf ${RELEASEPATH}/etc39.tgz
Files that can probably be copied from etc39.tgz "as is":
daily
ipsec.conf
magic
monthly
netstart
rc
security
services
weekly
mtree/*
Note that it IS possible to locally modify these files, if this has been
done, manual merging will be needed.
Here are copy/paste lines for copying these files, assuming you unpacked
etc39.tgz in the above recommended place:
cd /tmp/etc
cp daily ipsec.conf magic monthly netstart rc security services weekly /etc
cp mtree/* /etc/mtree/
Files that must be manually merged, respecting any local changes made to them, if they were modified from the default, otherwise, just copy them over, too:
changelist
inetd.conf
lynx.cfg
rc.conf
ssh/ssh_config
ssh/sshd_config
sysctl.conf
The changes to these files are in this
patch file.
You can attempt to use this by executing the following as root:
cd /
patch -C -p0 < upgrade39.patch
This will test the patch to see how well it will apply to YOUR system,
to actually apply it, leave off the "-C" option.
Note that it is likely that if you have customized files or not kept
them closely updated, or are upgrading from a snapshot of 3.8, they may
not accept the patch cleanly.
In those cases, you will need to manually apply the changes.
Please test this process before relying on it for a machine you can not
easily get to.
The following files have had changes which should be looked at, but it is unlikely they should be directly copied or merged (i.e., if you are using pf.conf, look at the suggested change of strategy, and decide if it is appropriate for your use).
hostapd.conf
pf.conf
spamd.conf
Delete the libresolv files, which are no longer used:
rm /usr/lib/libresolv*
Finally, use
mtree(8)
to create any new directories:
mtree -qdef /etc/mtree/4.4BSD.dist -p / -u
If you followed the instructions for the upgrade process without install media, you have already completed this step. However, if you used the install media, and if you had a modified kernel in 3.8, it is likely you will need to modify the stock kernel of 3.9. This can be as simple as modifying a specific device using config(8), or it can involve a recompilation if the option you need is not included in the GENERIC kernel. Please consult FAQ 5 - Building the system from source before considering to recompile your kernel.
# pkg_add -ui -F update -F updatedepends
where the -u indicates update mode, and -i specifies
interactive mode, so pkg_add will prompt you for input when it encounters
some ambiguity. Read the
pkg_add(1)
manual page and the package management
chapter of the FAQ for more information.
[3.4 -> 3.5] | [3.5 -> 3.6] | [3.6 -> 3.7] | [3.7 -> 3.8] | [3.9 -> 4.0] | [FAQ Index]