【关键字】:Openbsd,Upgrade,Guide,4.0,to,4.1
【来 源】:http://www.cublog.cn/u/22965/showart.php?id=278192
Openbsd Upgrade Guide: 4.0 to 4.1
![[OpenBSD]](http://www.openbsd.org/images/smalltitle.gif){kind=small}
[3.4 -> 3.5] | [3.5 -> 3.6] | [3.6 -> 3.7] | [3.7 -> 3.8] | [3.8 -> 3.9] | [3.9 -> 4.0] | [FAQ Index]
Upgrade Guide: 4.0 to 4.1
Note: Upgrades are only supported from one release to the release immediately following it. Do not skip releases.
It is highly recommended that you read through and fully understand this process before attempting it. If you are doing it on a critical or physically remote machine, it is recommended that you test this process on an identical, local system to verify its success before attempting on a critical or remote computer.
Upgrading is a convenient way to bring your OpenBSD system up to the most recent version. However, the results are not intended to precisely match the results of a wipe-and-reload installation. Old library files in particular are not removed in the upgrade process, as they may be required by older applications that may or may not be upgraded at this time. If you REALLY wish to get rid of all these old files, you are probably better off reinstalling from scratch.
Table of Contents:
Before upgrading
Check whether you have made any modifications to your kernel. For example, you might have modified your network device to use a non-default setting using config(8). Note your changes, so you can repeat them for the new 4.1 kernel.
rc.conf: Unlike previous versions of this process, it is now assumed that /etc/rc.conf is not a user-altered file. If you have made changes to your /etc/rc.conf file, merge those changes into /etc/rc.conf.local. If you have NO /etc/rc.conf.local, simply copy your existing /etc/rc.conf file to /etc/rc.conf.local and delete the last line of the script! Otherwise, pull your existing rc.conf into the top of your existing rc.conf.local file and remove the last line before doing the rest of this process.
Special note for ARM users (armish, zaurus): Changes in the ABI requires a slightly different upgrade process if not using standard install kernel. Do not reboot after installing the kernel and before installing the new userland.
The upgrade process
Upgrading by install kernel
If you have access to the system's console, the easiest and safest way to upgrade is to boot from install media or bsd.rd and follow the upgrade steps, which are very similar to the install process. Afterwards, complete the upgrade by following the final steps as detailed below.One easy way to boot from the install kernel is to place the 4.1 version of bsd.rd in the root of your boot drive, then instruct the boot loader to boot using this new bsd.rd file. On amd64 and i386, you do this by entering "boot bsd.rd" at the initial boot> prompt.
Upgrading without install kernel
This is NOT the recommended process. Use the install kernel method if at all possible!Sometimes, one needs to do an upgrade of a machine when one can't easily use the normal upgrade process. The most common case is when the machine is in a remote location and you don't have easy access to the system console. One can usually do this by carefully following this process:
- Place install files in a "good" location.
Make sure you have sufficient space!
- Stop any "insecure" applications from starting at boot:
There will be a time when PF will be unlikely to be running during this
upgrade process, but your applications may still start and run properly.
Any application dependent upon PF for security should be disabled
before this happens, and should not be re-enabled until proper PF
operation is verified after upgrade.
There may be other applications which you wish to keep from running
during the upgrade, stop and disable them as well.
- Check the kernel:
Although most people can skip this step, if you had a modified kernel
in 4.0, it is likely you will need to modify the stock kernel of 4.1.
Especially when you are performing the upgrade process remotely, now is
the time to make sure the new kernel will work upon rebooting the machine.
If any changes must be made to the kernel, the safest thing to do is to
make those changes on a local 4.1 system.
This can be as simple as modifying a specific device using config(8),
or it can involve a recompilation if the option you need is not included
in the GENERIC kernel.
Please consult FAQ 5 - Building the system from source
before considering to recompile your kernel.
- Install new kernel(s)
Note the extra steps for copying over the primary kernel: those are done to ensure that there is always a valid copy of the kernel on the disk that the system can boot from should there be a really badly timed power outage or system crash.export RELEASEPATH=/usr/rel # where you put the files
cd ${RELEASEPATH}
rm /obsd ; ln /bsd /obsd && cp bsd /nbsd && mv /nbsd /bsd
cp bsd.rd bsd.mp / - Install new /etc/firmware files:
Due to the fact that some uploaded "firmware" files may have been updated,
you may need to update the files in the /etc/firmware directory.
This will impact users of only a few devices, though all users can use
this step without harm.
To extract the firmware files from base41.tgz, use the
following as root:
cd /
tar -C / -xzpf ${RELEASEPATH}/base41.tgz ./etc/firmware - Reboot on the new kernel: (NOT for ARM users)
This might be a tempting step to skip, but it should be done now, as
usually, the new kernel will run old userland apps (such as the soon to
be important reboot!), but often a new userland will NOT
work on the old kernel.
Note: ARM users (armish/zaurus) SHOULD skip this step for this upgrade cycle.
- Install new userland applications.
Do NOT install etc41.tgz and xetc41.tgz now, because
that will overwrite your current configuration files!
Note: not all file sets will need to be installed for all applications, however if you installed a file set originally, you should certainly upgrade it with the new file set now.export RELEASEPATH=/usr/rel
cd ${RELEASEPATH}
tar -C / -xzpf base41.tgz
tar -C / -xzpf comp41.tgz
tar -C / -xzpf game41.tgz
tar -C / -xzpf man41.tgz
tar -C / -xzpf misc41.tgz
tar -C / -xzpf xbase41.tgz
tar -C / -xzpf xfont41.tgz
tar -C / -xzpf xserv41.tgz
tar -C / -xzpf xshare41.tgzNote: the files in /etc are handled separately below, so etc41.tgz and xetc41.tgz are NOT unpacked here.
- Upgrade /dev.
The new
MAKEDEV
file will be copied to /dev by the installation of
base41.tgz, so you simply need to do the following:
cd /dev
./MAKEDEV all - Upgrade /etc as below.
- Reboot
Nov 1 12:47:05 puffy sm-mta[16733]: filesys_update failed: No such file or direThese messages can be safely ignored, or you may wish to halt sendmail(8) during the upgrade process.
ctory, fs=., avail=-1, blocksize=380204
Final steps
1. Upgrading /etc
Whether you upgrade by using an install kernel and doing a formal "upgrade" process, or do a "in-place" binary upgrade, there are certain manual steps that have to be performed.1.1. New users and groups
- A RIP daemon and a host state daemon have been imported, and in
order to use these new daemons, new users and groups are required.
As root, add the following users and groups, using
useradd(8):
These steps will add both the new users and their corresponding groups. Your environment may allow you to copy/paste those commands.useradd -u88 -g=uid -c"RIP Daemon" -d/var/empty -s/sbin/nologin _ripd
useradd -u89 -g=uid -c"HostState Daemon" -d/var/empty -s/sbin/nologin _hoststated
1.2. Operational changes
- "flags S/SA keep state" implicit in pf.conf(5)
flags S/SA keep state is now the default for pass rules in pf.conf(5), and new no state and flags any options have been added to override these defaults. Current rulesets will continue to load, but the behaviour may be slightly changed as these defaults are more restrictive. Rulesets with stateless filtering (no state) or a requirement to create states on intermediate packets (flags any) should be updated to explicitly request the desired behaviour.In particular care should be taken with the enc0 interface, as floating states are a potential problem for filtering IPsec traffic: states need to be interface bound, to avoid permitting unencrypted traffic should isakmpd(8) exit. Therefore all rules on the enc0 interface should explicitly set keep state (if-bound).
- FreeBSD and NetBSD DOS MBR partitions are no longer used to store
disklabels, and are no longer searched for a disklabel
As a result, disks with only FreeBSD or NetBSD DOS MBR partitions will no longer have an 'a' partition created in the spoofed disklabel. The disklabel on such disks will be stored and loaded from sector 1, and this could find an old accidental disklabel. Use fdisk(8) to change the partition type to OpenBSD ('A6') to use the existing disklabel. - amd64, i386, macppc, and mvmeppc no longer try to boot from the first
NetBSD partition when no OpenBSD partition is found.
Again, use fdisk(8) to change the partition type to OpenBSD ('A6'). - New way to enable/disable system accounting on boot
In order to enable accounting on boot you need to set the new rc.conf variable "accounting=YES". The presence of the /var/account/acct file does not make it start automatically anymore. - spamd(8) now runs in greylist mode by default
Whereas before greylisting had to be enabled via the -g flag, it is now the default runtime mode. The -b flag (which used to indicate which IP spamd(8) should listen on) can be used to run spamd in blacklist-only mode. The new -l flag is used to indicate which IP spamd should listen on. - spamd.conf(5) now stored in /etc/mail
The spamd.conf(5) file which used to be stored in /etc has been moved to /etc/mail. Move your spamd.conf file into /etc/mail so that spamd(8) loads the proper configuration. - Kernel sensors sysctl(3) MIB is now hierarchical
The sensors sysctl(3) MIB now contains the name of the sensor device as well as the type and index of the actual sensor. So before when running "sysctl hw.sensors" you might've seen "hw.sensors.12=it0, Temp 1, 25.00 degC" you will now see "hw.sensors.it0.temp0=25.00 degC". Update your sensorsd.conf(5) file to reflect the new names of your sensors.
1.3. /etc file changes
You will want to extract the etc41.tgz files to a temporary location:tar -C /tmp -xzpf ${RELEASEPATH}/etc41.tgz
Note that it IS possible to locally modify these files, if this has been done, manual merging will be needed. Pay special attention to mail/* if you are using something other than the default Sendmail(8) configuration. Here are copy/paste lines for copying these files, assuming you unpacked etc41.tgz in the above recommended place:etc/daily
etc/disktab
etc/hoststated.conf
etc/magic
etc/monthly
etc/netstart
etc/rc
etc/rc.conf
etc/ripd.conf
etc/sasyncd.conf
etc/security
etc/weekly
etc/mail/Makefile
etc/mail/localhost.cf
etc/mail/sendmail.cf
etc/mail/submit.cf
etc/mail/spamd.conf
etc/mtree/*
var/www/conf/bgplg.css
var/www/conf/bgplg.foot
var/www/conf/bgplg.head
var/www/htdocs/bgplg/*
cd /tmp/etc
cp daily disktab hoststated.conf magic monthly netstart rc rc.conf ripd.conf sasyncd.conf security weekly /etc
cp mtree/* /etc/mtree/
cp mail/Makefile mail/localhost.cf mail/submit.cf /etc/mail
cp mail/sendmail.cf /etc/mail # Careful on this one!!
cp mail/spamd.conf /etc/mail # OR... mv /etc/spamd.conf /etc/mail
cd /tmp/var/www
cp conf/bgplg.css conf/bgplg.foot conf/bgplg.head /var/www/conf
mkdir /var/www/htdocs/bgplg
cp htdocs/bgplg/* /var/www/htdocs/bgplg/
Files that must be manually merged, respecting any local changes made to them, if they were modified from the default, otherwise, just copy them over, too:
The changes to these files are in this patch file. You can attempt to use this by executing the following as root:etc/changelist
etc/ftpusers
etc/login.conf
etc/newsyslog.conf
etc/services
etc/sysctl.conf
etc/mail/aliases
var/cron/tabs/root
This will test the patch to see how well it will apply to YOUR system, to actually apply it, leave off the "-C" option. Note that it is likely that if you have customized files or not kept them closely updated, or are upgrading from a snapshot of 3.9, they may not accept the patch cleanly. In those cases, you will need to manually apply the changes. Please test this process before relying on it for a machine you can not easily get to.cd /
patch -C -p0 < upgrade41.patch
The following files have had changes which should be looked at, but it is unlikely they should be directly copied or merged (i.e., if you are using pf.conf, look at the suggested change of strategy, and decide if it is appropriate for your use).
Finally, use newaliases(8) to update the aliases database and mtree(8) to create any new directories:etc/hostapd.conf
etc/pf.conf
etc/sensorsd.conf
newaliases
mtree -qdef /etc/mtree/4.4BSD.dist -p / -u
2. Checking the kernel
Note: most people can skip this step!If you followed the instructions for the upgrade process without install kernel, you have already completed this step. However, if you used the install kernel, and if you had a modified kernel in 4.0, it is likely you will need to modify the stock kernel of 4.1. This can be as simple as modifying a specific device using config(8), or it can involve a recompilation if the option you need is not included in the GENERIC kernel. Please consult FAQ 5 - Building the system from source before considering to recompile your kernel.
3. Upgrading packages
If you installed any packages on your system, you may want to upgrade them after completing the upgrade of the base system. The package tools support in-place updating using pkg_add -u. For instance, to update all your packages, make sure PKG_PATH is pointing to the 4.1 packages directory on your CD or nearest FTP mirror, and use something likewhere the -u indicates update mode, and -i specifies interactive mode, so pkg_add will prompt you for input when it encounters some ambiguity. Read the pkg_add(1) manual page and the package management chapter of the FAQ for more information.# pkg_add -ui -F update -F updatedepends
[3.4 -> 3.5] | [3.5 -> 3.6] | [3.6 -> 3.7] | [3.7 -> 3.8] | [3.8 -> 3.9] | [3.9 -> 4.0] | [FAQ Index]
![[back]](http://www.openbsd.org/images/back.gif){kind=small}
www@openbsd.org
$OpenBSD: upgrade41.html,v 1.22 2007/04/12 23:52:51 nick Exp $
|