[OpenBSD]

[FAQ Index]

Following -current

Table of Contents

Introduction

This document is for people who wish to follow -current. It contains information about changes from 5.4-release to -current, and should NOT be used by anyone upgrading from 5.3 or earlier, or people wishing to follow -stable.

If you wish to update to 5.4-release or 5.4-stable from previous versions, see the upgrade guide.

Make sure you have read and understood FAQ 5 - Building the System from Source before using -current and the instructions below.

You should ALWAYS use a snapshot as the starting point for running -current. Upgrading by compiling your own source code is not supported.

Most of these changes will have to be performed as root.

2013/08/06 - vax port switches to gcc 3

The vax port now uses gcc 3.3.6 as its system compiler. Upgrading with a recent snapshot is recommended; however, for reference, the manual upgrade steps are:

2013/08/12 - kernel modesetting in radeondrm(4)

radeondrm(4) now uses kernel modesetting, either install the firmware and wait for a snapshot or follow the steps below:

2013/08/13 - system ABI break: time_t and others changed

The system ABI has been changed to expand time_t, ino_t, and clock_t and the ident and data members of struct kevent to 64bit types. A GENERIC kernel with this change will not run old binaries and the /etc/{pwd,spwd}.db files must be regenerated after updating the system binaries. Rolling back to stock 5.4 will require reinstalling.
To update across this change you must now use a snapshot. The recommended steps for updating are:
  1. Save a record of what packages you had installed, manually and automatically: 
        pkg_info -mq >/root/pkg_list_manual
    pkg_info -q >/root/pkg_list_full
  2. Review the "package notes" below for information about known problems with packages during the changeover. Some will need additional steps taking before the update.
  3. While their uninstall programs can still execute, remove all packages (except firmware packages): 
        pkg_delete -X /var/db/pkg/*-firmware-[0-9]*
  4. Install/upgrade to the new snapshot. If you upgrade instead of doing a fresh install, then BEFORE rebooting, run 
        /mnt/usr/sbin/pwd_mkdb -d /mnt/etc /mnt/etc/master.passwd
    cp /dev/null /mnt/var/log/lastlog
    cp /dev/null /mnt/var/log/wtmp
  5. Now that the base and X are updated, install new packages: 
        pkg_add -z -l /root/pkg_list_manual
    pkg_add -za -l /root/pkg_list_full

Package notes

2013/08/13 - new identd(8) implementation

/usr/libexec/identd has been replaced by a new libevent-based daemon, /usr/sbin/identd. You should remove the old version: 
   rm -f /usr/libexec/identd
If you are currently using identd(8) as a standalone daemon (identd_flags is set in /etc/rc.conf.local), check the manual to confirm that the flags are still valid.

If you are currently using it from inetd(8), remove the "ident" entries from /etc/inetd.conf, set identd_flags instead, reload inetd and start identd: 

   $EDITOR /etc/inetd.conf
   $EDITOR /etc/rc.conf.local
   /etc/rc.d/inetd reload
   /etc/rc.d/identd start
Note that if you have not yet run sysmerge, "/etc/rc.d/identd start" will report a failure.

2013/08/16 - vlan(4) and pppoe(4) ABI breaks

vlan(4) and pppoe(4) now use their own set of dedicated ioctls. So make sure to compile and install ifconfig(8) against the new headers if you are building your kernel from source.

This specially applies to people relying on these interfaces and willing to cross the time_t ABI break by updating with source.

2013/08/23 - [ports] php 5.4

The primary PHP version used in ports has switched to 5.4. This change means that if you run PHP applications packaged in ports, you will need to switch your webserver config to use the newer version of PHP. Check /etc/php-5.3.ini for changes from the default configuration: 
   diff /usr/local/share/examples/php-5.3/php.ini-production /etc/php-5.4.ini
and carry them across to /etc/php-5.4.ini. You will also need to check for links to any active PHP extension modules in /etc/php-5.3 and re-create them in /etc/php-5.4, e.g. 
   cd /etc/php-5.4
   ls -l ../php-5.4.sample
   ln -s ../php-5.4.sample/pdo_mysql.ini .
   # (etc)
If you are currently using PHP with Apache in base, you will also need to adjust your Apache configuration: 
   cd /var/www/conf/modules
   ln -fs /var/www/conf/modules.sample/php-5.4.conf /var/www/conf/modules/php.conf

2013/09/14 - [ports] dspam 3.10.2

If you were using one of the mysql or pgsql FLAVORS of the dspam package you will have to manually install the corresponding driver subpackage after the update to the 3.10.2 version. If you were using dspam with the PostgreSQL driver: 
   pkg_add dspam-pgsql
If you were using dspam with the MySQL driver: 
   pkg_add dspam-mysql

2013/09/19 - [ports] wordpress 3.6.1

The twentyeleven theme from wordpress 3.5.x is no longer included with wordpress 3.6.x. If you are using this theme, back it up before updating: 
   cd /var/www/wordpress/wp-content/themes &&
   cp -Rp twentyeleven twentyeleven.bak
and restore it after wordpress update: 
   cd /var/www/wordpress/wp-content/themes &&
   mv twentyeleven.bak twentyeleven

2013/10/10 - [ports] Apache Subversion 1.8.3

Apache Subversion has been upgraded to version 1.8.3. This release of Subversion updates the working copy format (client-side). Existing working copies need to be upgraded using svn upgrade because Subversion 1.8 cannot operate with older working copy formats. See the section about working copy upgrades in Subversion's release notes for details. The server is fully backwards compatible and will serve existing repositories just fine. However, to take advantage of new FSFS repository features a repository upgrade is necessary. See the section about FSFS enhancements for details.

2013/10/12 - pf queue changes

PF has a new implementation of packet queueing - the configuration syntax is different to that used by altq. During a transition period, the old mechanism is still available by replacing "queue" keywords in /etc/pf.conf with "oldqueue". If instead you wish to switch to the new implementation, review the documentation in pf.conf(5).

2013/10/14 - [ports] PostgreSQL 9.3.0

Major update to 9.3.0. A dump/restore is required.

2013/10/17 - [ports] Lout 3.40

Lout packages were merged and require removal before upgrade: 
    pkg_delete lout lout-doc
    pkg_add lout

2013/10/31 - new routing message version

To convert the route expire time to 64 bit, it was necessary to change the routing message structure. Make sure that you boot a new kernel before replacing the user land programs.
A small compatibility layer allows to configure addresses with old ifconfig and new kernel. Old route get also works in this setup. Old dhclient with new kernel assigns the address but hangs. Make sure to reboot your machine sucessfully during transition.

2013/11/03 - [ports] ngircd 21

ngircd's configuration directory has changed; if updating from a previous version, you will need to move your old configuration file into place: 
   mv /etc/ngircd.conf /etc/ngircd/ngircd.conf
Additional steps may be needed if you have configured it to use a motd file, ssl or chroot.

2013/11/05 - [ports] RRDtool 1.4.8

RRDtool has changed to using Cairo/Pango for graph and text generation. If using it in a chroot jail (for cgi/php scripts, etc), you will need to take additional steps to install the relevant files. A script is provided to copy the relevant libraries and support files; see /usr/local/share/doc/pkg-readmes/rrdtool-1.4.8 for more details.

2013/11/06 - smtpd.conf changes

smtpd(8) configuration file parser was updated. Some changes might require existing setups to be adapted.

SSL certificates must be explicitely defined, and the "certificate" keyword becomes "pki" in listen and relay rules. 

    pki mail.example.com certificate "/etc/ssl/mail.example.com.crt" \
                         key "/etc/ssl/private/mail.example.com.key"
    listen on egress tls pki mail.example.com auth

The "ssl" keyword in relay urls becomes "secure". 

    table secrets file:/etc/mail/secrets
    accept for any relay via secure+auth://label@some.mx auth <secrets>

Rules matching on source address must use "from source" rather than just "from". 

    accept from source "192.168.0.0/16" for any relay

The "helo" keyword in relay rules becomes "hostnames". 

    accept for any relay source <source> hostnames <htable>

See smtpd.conf(5) for more details.

2013/11/19 - [ports] Icinga 1.10

Note that the deprecated (and ignored) "log_external_commands_user" option has been removed from Icinga. If this is present in your configuration, Icinga will fail to start until you remove it. This is in addition to the database schema upgrades that are needed as usual for Icinga-web/NDOUtils users (see the pkg-readme for more information).

2013/11/26 - NSD 4.0.0 (updated 2014/01/07 with info about zonec)

NSD has had a major update to 4.0.0 which requires some changes. 
    mv /etc/nsd.conf /var/nsd/etc/nsd.conf
    cd /usr/sbin && rm nsd-notify nsd-patch nsd-xfer nsd-zonec nsdc
    cd /usr/share/man/man8 && rm nsd-notify.8 nsd-patch.8 nsd-xfer.8 \
        nsd-zonec.8 nsdc.8
    chown _nsd /var/nsd/db/nsd.db
    printf '\nremote-control:\n\tcontrol-enable: yes\n' >> /var/nsd/etc/nsd.conf

2013/12/04 - libcompat removed (updated 2013/12/08)

libcompat has been removed from base: 
    rm -f /usr/lib/libcompat.a /usr/lib/libcompat_p.a
    rm -f /usr/include/{re_comp,regexp,sgtty,sys/timeb}.h
    rm -f /usr/share/man/man3/{re_comp,re_exec,rexec,regexp}.3
    rm -f /usr/share/man/man3/{cuserid,ftime,gtty,setrgid,setruid,stty}.3

2013/12/15 - popa3d removed

popa3d has been removed from base: 
    rm -f /etc/rc.d/popa3d
    rm -f /usr/sbin/popa3d
    rm -f /usr/share/man/man8/popa3d.8

2013/12/16 - cwm(1) default keybinding change

Default keybinding changed for 'maximize' from CM-f to CM-m. CM-f is now bound to the new 'fullscreen' mode. See cwmrc(5) for re-mapping details.

2013/12/28 - i386 is now PIE

The i386 platform has been switched to PIE (position-independent executables) by default. Everyone is encouraged to update via snapshots (dated after 2013/12/28); if you want to upgrade via sources, follow these instructions:

First, install the new system Makefiles with the change to PIE_ARCH in bsd.own.mk: 

    cd /usr/src/share/mk && make install
Then, recompile and install gcc and binutils. 
    cd /usr/src/gnu/usr.bin/binutils
    make -f Makefile.bsd-wrapper clean && make -f Makefile.bsd-wrapper obj && \
        make -f Makefile.bsd-wrapper depend && make -f Makefile.bsd-wrapper
    cd /usr/src/gnu/usr.bin/cc
    make clean && make obj && make depend && make && make install
    cd /usr/src/gnu/usr.bin/binutils && make -f Makefile.bsd-wrapper install
Finally, recompile your system by following the procedure outlined in release(8).

2013/12/28 - atexit(3) moved

To support the use of atexit(3) in dynamically loaded shared objects, atexit(3) is now provided by the C runtime startup files. If you want to upgrade via source you will need to build and install new C runtime startup files first: 
    cd /usr/src/lib/csu
    make clean
    make obj
    make depend
    make
    make install
Now you can follow the standard procedure outlined in release(8).

2014/01/12 - freetype updated

Freetype in Xenocara was updated to 2.5.2. This update moves the headers files around. Old headers need to be manually removed: 
    rm -rf /usr/X11R6/include/freetype2/freetype
    rm -f /usr/X11R6/include/ft2build.h

2014/01/20 - amd64/i386 installboot

The amd64 and i386 architectures have switched to the new installboot(8). As a result, the old binary and manual should be removed: 
    rm -f /usr/mdec/installboot
    rm -f /usr/share/man/man8/{amd64,i386}/installboot.8

2014/02/10 - [ports] No Java on i386

Be aware that Java is currently broken on i386 so packages are not available. If you rely on Java on OpenBSD, you will either need to make a new installation with the amd64 architecture (which supports 64-bit Intel CPUs as well as AMD CPUs), or stay with an older version of OpenBSD.

2014/02/14 - amd64/i386 serial consoles need current bootloader

This is a reminder of a change which took place earlier: backward compatibility for learning about a serial console device from old boot loaders was removed. This only affects those who will be doing a remote upgrade via serial console on amd64/i386 who do not already have "BOOT 3.20" (amd64) or "BOOT 3.18" (i386).

The boot loader is updated as part of the normal upgrade procedure via the install media, but users who have previously upgraded from OpenBSD 5.2 or earlier using the "without install kernel" method on a running system may have missed this step. If this is the case, you can either do a ramdisk-based update to OpenBSD 5.4 first (even if you are already running 5.4), or manually use installboot(8) to update to boot blocks from OpenBSD 5.3 or 5.4, before attempting to boot a 5.5 kernel or installer.

2014/03/12 - smtpd becomes default MTA

The default system MTA is now smtpd. If you are running sendmail with anything other than the default configuration, please exercise caution and care when upgrading. The sendmail cronjob should be disabled, /etc/mailer.conf and /etc/rc.conf{,local} should be checked to verify one and only one MTA is enabled, and newaliases run. 
    crontab -e
    vi /etc/mailer.conf
    vi /etc/rc.conf
    vi /etc/rc.conf.local
    newaliases

2014/03/12 - spray removed

/usr/sbin/spray and the associated rpc daemon have been removed. 
    rm -f /usr/sbin/spray
    rm -f /usr/libexec/rpc.sprayd
    rm -f /usr/share/man/man8/{,rpc.}spray{,d}.8
    vi /etc/inetd.conf

2014/03/13 - _smtpq user added

A new _smtpq user and group have been added to support privilege separation in smtpd. Add the following passwd line using vipw. 
    _smtpq:*:103:103::0:0:SMTP Daemon:/var/empty:/sbin/nologin
Add the following line to /etc/group. 
    _smtpq:*:103:
If you have previously started smtpd, you will need to change the owner of the queue subdirectories. 
    cd /var/spool/smtpd
    chown -R _smtpq corrupt incoming purge queue temporary

2014/03/13 - httpd(8) removed

/usr/sbin/httpd and the associated tools and files have been removed. Consider using nginx(8) for your http serving needs, but note that nginx is not a drop-in replacement. If you need the old httpd(8) or tools (e.g. logresolve, htdigest, etc) and cannot switch at this time, see the port www/apache-httpd-openbsd. Packages are not yet available due to release engineering, but will follow. All users need to remove the following files and directories: 
    rm -rf /usr/lib/apache
    rm -rf /usr/share/doc/html/httpd
    rm -f /usr/bin/{dbmmanage,htdigest}
    rm -f /usr/sbin/{apachectl,apxs,httpd,logresolve,rotatelogs,suexec}
    rm -f /usr/share/man/man1/{dbmmanage.1,htdigest.1}
    rm -f /usr/share/man/man8/{apachectl.8,apxs.8,httpd.8,logresolve.8}
    rm -f /usr/share/man/man8/{rotatelogs.8,suexec.8}
    rm -f /etc/rc.d/httpd
The following files are associated with httpd(8) and can be deleted in some cases, but may have been replaced with user content or configuration. Warning: On systems which currently or have previously used any http daemon, care must be taken and files analyzed case by case to avoid accidental deletion of user content or important configuration files. In particular, users moving to apache-httpd-openbsd will want to keep many of these files. 
    rm -rf /var/www/icons
    rmdir /var/www/conf/{modules,modules.sample}
    rmdir /var/www/users
    rm -f /var/www/cgi-bin/{printenv,test-cgi}
    rm -f /var/www/conf/{httpd.conf,magic,mime.types}
    rm -f /var/www/htdocs/{apache_pb.gif,blowfish.jpg,bsd_small.gif,index.html}
    rm -f /var/www/htdocs/{lock.gif,logo23.jpg,logo24.jpg,mod_ssl_sb.gif}
    rm -f /var/www/htdocs/{openbsd_pb.gif,openbsdpower.gif,openssl_ics.gif}
    rm -f /var/www/htdocs/smalltitle.gif
Many PHP applications will work under nginx with few or minimal changes; in most cases php-fpm is the preferred method of running PHP under nginx.

2014/03/16 - [ports] unbound(8) moved to base

Unbound has moved to the base OS.

If the package is installed, remove it before upgrading to avoid a conflict in /etc/rc.d/unbound, and edit rc.conf.local to remove "unbound" from "pkg_scripts=..." lines, and add "unbound_flags=" instead. 

    pkg_delete unbound
    vi /etc/rc.conf.local
The following applies only to those updating from source, or updating from a snapshot without using sysmerge: The _unbound user should be added using vipw (or the UID should be modified if you were previously using Unbound from ports). 
    _unbound:*:53:53::0:0:Unbound Daemon:/var/unbound:/sbin/nologin
And _unbound group. 
    _unbound:*:53:
On or before March 19, sysmerge(8) was unable to do the /etc/group crossing automatically if updating from source. Manual intervention will be required in those situations.

2014/03/17 - ftpd(8) disallows uid < 1000 by default

ftpd(8) now defaults to denying access to user accounts with uid below 1000. See the -m option if you need to change this.

2014/03/17 - userland agp(4) interfaces removed

With the introduction of KMS, userland access to agp(4) is no longer needed. Since these interfaces provided low-level access to the hardware, they have been removed. You should remove the associated header file: 
    rm -f /usr/include/sys/agpio.h

2014/03/17 - userland ppp(8) and pppoe(8) implementations removed

The userland ppp(8) daemon and its associated PPPoE helper, pppoe(8), have been removed. As a result, the old binaries and manual pages should be removed: 
    rm -f /etc/ppp/ppp.{conf,linkdown,linkup,secret}.sample
    rm -f /usr/sbin/ppp /usr/share/man/man8/ppp.8
    rm -f /usr/sbin/pppctl /usr/share/man/man8/pppctl.8
    rm -f /usr/sbin/pppoe /usr/share/man/man8/pppoe.8
Many users will be able to migrate to the kernel implementations: pppoe(4) (for PPPoE), ppp(4) and its associated control program pppd(8) (for modems, mobile data, and some use with userland programs via a pipe).

Another option for some users is npppd(8) which supports L2TP, PPTP and PPPoE (currently server-side, IPv4 only).

2014/03/19 - rcp(1) removed

rcp(1) has been removed. As a result, the binary and manual page should be removed: 
    rm -f /bin/rcp /usr/share/man/man1/rcp.1

2014/03/23 - powerpc is now PIE

The powerpc platform has been switched to PIE (position-independent executables) by default. Everyone is encouraged to update via snapshots (dated after 2014/03/23); if you want to upgrade via sources, follow these instructions:

First, make sure you are running an up-to-date kernel. Second, install the new system Makefiles with the change to PIE_ARCH in bsd.own.mk: 

    cd /usr/src/share/mk && make install
Then, recompile and install gcc and binutils. 
    cd /usr/src/gnu/usr.bin/binutils
    make -f Makefile.bsd-wrapper clean && make -f Makefile.bsd-wrapper obj && \
        make -f Makefile.bsd-wrapper depend && make -f Makefile.bsd-wrapper
    cd /usr/src/gnu/usr.bin/cc
    make clean && make obj && make depend && make && make install
    cd /usr/src/gnu/usr.bin/binutils && make -f Makefile.bsd-wrapper install
Finally, recompile your system by following the procedure outlined in release(8).

2014/03/23 - librt removed

The librt static stub library has been removed. The leftover files must be deleted. 
    rm -f /usr/lib/librt{,_p}.a

2014/03/23 - Miscellaneous functions removed

Miscellaneous functions have been removed from libc. The corresponding header files must be deleted. 
    rm -f /usr/include/bm.h
    rm -f /usr/include/md4.h

2014/03/23 - mount(2) changes for NFS, mfs, msdosfs, and ntfs

Changes to the mount(2) API/ABI means that NFS servers must rebuild mountd(8) against the updated headers and restart it after rebooting to the new kernel.
Similarly, the mount_mfs(8), mount_msdos(8), and mount_ntfs(8) must be recompiled and reinstalled. Installing a new snapshot is—as always—recommended.

2014/03/24 - tcpwrappers removed

libwrap and tcpd have been removed. The leftover remnants must be purged. The entries in /etc/host.{allow,deny} can be converted into filtering rules in /etc/pf.conf. 
    rm -f /usr/lib/libwrap{,_p}.*
    rm -f /usr/libexec/tcpd
    rm -f /usr/include/tcpd.h
    rm -f /usr/sbin/tcpd{chk,match}
    rm -f /usr/share/man/man3/hosts_access.3
    rm -f /usr/share/man/man5/hosts.{allow,deny}.5
    rm -f /usr/share/man/man5/hosts_{access,options}.5
    rm -f /usr/share/man/man8/tcpd{,chk,match}.8
    rm -f /etc/hosts.{allow,deny}

2014/03/26 - rmail(8) and uucpd(8) moved to ports

/bin/rmail and uucpd(8) have been removed from the base system and added to the ports tree. As a result, the old binaries and manual pages should be removed: 
    rm -f /bin/rmail
    rm -f /usr/share/man/man8/rmail.8
    rm -f /usr/libexec/uucpd
    rm -f /usr/share/man/man8/uucpd.8
Users of these programs should install the rmail and uucpd packages instead.

2014/03/29 - pflow(4) pflowproto 9 removed

pflow(4)'s pflowproto 9 has been removed. Consider using pflowproto 10.

2014/04/14 - snmpd(8), snmpctl(8), and relayd(8) now communicate via AgentX protocol

The communications channel over which snmpd(8) accepts trap requests has been converted to the AgentX protocol. Users who have configured relayd(8) to send traps on host status changes will have to modify their configurations for both snmpd(8) and relayd(8):
snmpd.conf(5):
    # listen for AgentX connections
    socket "/var/run/agentx.sock" agentx
relayd.conf(5) syntax has changed, from "send trap" to "snmp trap": 
    # used to be "send trap"
    snmp trap "/var/run/agentx.sock"

$OpenBSD: current.html,v 1.496 2014/04/14 14:50:36 jturner Exp $