OpenBSD Following -current and using snapshots [FAQ Index]

Active OpenBSD development is known as the -current branch. These sources are frequently compiled into releases known as snapshots. Active development sometimes pushes aggressive changes, and complications can arise when building the latest code from a previous point in time. Some of the shortcuts for getting over these hurdles are explained on this page. In general, it's far better to use the OpenBSD upgrade procedure with a newer snapshot, as developers will have gone through the trouble for you already.

Make sure you've read and understand how to build the system from source before using -current and the instructions below.

You should always use a snapshot as the starting point for running -current. Upgrading by compiling your own source code is not supported.

Most of these changes will have to be performed as root.

2016/08/01 - new mandoc.db(5) format

To update all mandoc.db(5) files to the new format, run:

2016/08/08 - mandatory W^X enforcement

W^X violations are now only permitted for binaries marked wxneeded executed from filesystems marked wxallowed.

2016/08/10 - RELRO by default on all archs but luna88k

The system now uses the RELRO design ("read-only after relocation") to lay out executables and libraries such that they use fewer mappings and more of the initial data can be protected as read-only. Unlike other OSes, this applies to all dynamic executables and libraries by default, as well as to static PIE executables.

To upgrade over this, start from a system running 6.0-release or later and an up-to-date source tree:

cd /usr/src && make obj && make clean && make includes
cd /usr/src/libexec/
make SUBDIR= depend && make SUBDIR= && doas make SUBDIR= install
cd /usr/src/lib/csu
make depend && make && doas make install
cd /usr/src/gnu/usr.bin/binutils-2.17
make -f Makefile.bsd-wrapper && doas make -f Makefile.bsd-wrapper install
cd /usr/src && make build

2016/08/12 - [ports] py-elasticsearch-curator update

With the update of Elasticsearch Curator to the 4.x version, the CLI interface changed. Instead of parameters, yaml configuration files are used to steer actions of curator. Configuration file documentation can be found on the curator reference pages.

2016/08/14 - qabs(3) and qdiv(3) manpages removed

Their content was merged into the labs(3) and lldiv(3) manpages, so the separate files should be removed and and the database updated.
rm -f /usr/share/man/man3/qabs.3 /usr/share/man/man3/qdiv.3

2016/09/01 - armv7 complete ABI break

OpenBSD/armv7 moved to the ARM EABI. This is a hard ABI break which you cannot cross with a simple build. To upgrade through this break, you need to upgrade from a snapshot.

2016/09/01 - [ports] letskencrypt renamed/moved to base

letskencrypt, previously in ports/security, has been imported to base under its new name acme-client. Adjust scripts/cronjobs as necessary.

2016/09/03 - armv7 is now PIE

The armv7 platform has been switched to PIE (position-independent executables) by default. Everyone is encouraged to update via snapshots (dated after 2016/09/02); if you want to upgrade via sources, follow these instructions:

First, install the new system Makefiles with the change to PIE_ARCH in

cd /usr/src/share/mk && make install
Then, recompile and install gcc and binutils.
cd /usr/src/gnu/usr.bin/binutils-2.17
make -f Makefile.bsd-wrapper clean && make -f Makefile.bsd-wrapper obj && \
       make -f Makefile.bsd-wrapper depend && make -f Makefile.bsd-wrapper
cd /usr/src/gnu/usr.bin/cc
make clean && make obj && make depend && make && make install
cd /usr/src/gnu/usr.bin/binutils-2.17 && make -f Makefile.bsd-wrapper install
Finally, recompile your system by following the procedure outlined in release(8).

2016/09/08 - armv7 now supports static PIE

The armv7 platform now also supports PIE for static binaries. Everyone is encouraged to update via snapshots (dated after 2016/09/09); if you want to upgrade via sources, follow these instructions:

First, install the new system Makefiles with the change to STATICPIE_ARCH in

cd /usr/src/share/mk && make install
Then, build and install rcrt0.o:
cd /usr/src/lib/csu
make clean && make obj && make depend && make && make install
Then, recompile and install gcc:
cd /usr/src/gnu/usr.bin/cc
make clean && make obj && make depend && make && make install
Finally, recompile your system by following the procedure outlined in release(8).

2016/09/09 - /dev/sound removed

Remove unused device nodes:
rm -f /dev/sound*

2016/09/13 - [ports] Railo replaced with Lucee

Railo has been replaced with Lucee (a fork). Make notes on your existing Railo configuration before updating. You will need to adjust Tomcat configuration, and configure Lucee according to your previous Railo configuration.

2016/09/19 - softraid crypto switched to bcrypt PBKDF

New volumes will be created with bcrypt PBKDF, however existing volumes will continue to use PKCS5 PBKDF2 until a passphrase change is made.

If you're booting from softraid crypto, ensure that your boot loader has been upgraded to a version that supports bcrypt prior to changing your passphrase. That is to say, it should be from a snapshot dated after 2016/09/19. The boot(8) version should be at least 3.33 on amd64 and 3.31 on i386. Also be aware that once the passphrase has been changed, an older version of bioctl(8) (one that does not support bcrypt PBKDF) will not be able to "unlock" the volume.

2016/09/23 - sqlite3 moved back to ports

SQLite has moved from base back to ports. The old files must be removed before building from ports:
rm /usr/bin/sqlite3
rm /usr/include/sqlite3*.h
rm /usr/lib/pkgconfig/sqlite3.pc
rm /usr/libdata/perl5/site_perl/*-openbsd/sqlite3*.ph
rm /usr/share/man/man1/sqlite3.1
rm /usr/lib/libsqlite3*         # see below
Ports bulk builders must remove the old libraries before building new packages.

Users should wait until updated packages are available before removing the libraries, otherwise many installed packages will break. You can check:

$ pkg_info -S nss
Information for inst:nss-3.26

Signature: nss-3.26,@nspr-4.12p0,c.89.1,nspr4.23.3,plc4.23.3,plds4.23.3,pthread.23.0,sqlite3.33.0,z.5.0
If the sqlite3 version number is 32.0 or lower, they are not updated yet.

2016/09/27 - more secure package and firmware signatures

Packages and firmware are now signed with a more secure scheme. If pkg_add(1) and fw_update(1) complain about unsigned packages/firmware, you must upgrade to a more recent snapshot or rebuild the system—involves pieces in libc, signify(1) and pkg_add(1), so following release(8) is the best way.

2016/10/06 - new build infrastructure, noperm release process

The infrastructure to build the base system from source and to make a release has changed. The SUDO variable was removed from the base system makefiles and the make build command now must be issued by root. Whenever possible, the makefiles will de-escalate privileges to BUILDUSER (as specified in mk.conf(5); defaults to USER). Make sure that /usr/obj or /usr/xobj is empty and owned by BUILDUSER before starting a build.

Start the build as follows:

# cd /usr/src/share/mk && make install	# only needed the first time
# cd /usr/src && make obj && make build
To make a release(8), further setup is required: To build a base release, set DESTDIR=/dest/base and to build a xenocara release, set DESTDIR=/dest/xbase.

2016/10/14 - [ports] Ansible copy module change

The copy module of Ansible added a newline to the value of the content attribute in case it was not present. This behaviour is non-standard and was not documented. It has been reverted in the ansible- package.
If you previously relied on this behaviour you will need to explicitly add \n to your playbooks.

2016/10/14 - kernel builds now need make obj

Kernels now build in an obj directory just like the rest of the source tree. This helps ensuring that the src tree can be read-only during builds. Some cleanup needs to be done before updating your source trees via cvs:
$ cd /sys
$ rm -r arch/*/compile/[GR]*
$ rm arch/*/compile/.cvsignore
$ cvs up
The new way of configuring, building and installing a kernel is:
$ cd /sys/arch/$(machine)/compile/GENERIC.MP
$ doas make obj
$ make config
$ make
$ doas make install

2016/10/24 - uxterm and koi8xterm removed

The uxterm and koi8rxterm shell scripts have been removed, as xterm(1) on OpenBSD is already set up to support UTF-8. Some cleanup needs to be done after upgrading to -current:
cd /usr/X11R6
rm bin/koi8rxterm bin/uxterm
rm share/X11/app-defaults/KOI8RXTerm share/X11/app-defaults/UXTerm
rm man/man1/koi8rxterm.1 man/man1/uxterm.1

$OpenBSD: current.html,v 1.744 2016/10/24 23:38:30 tb Exp $