![[OpenBSD]](../images/smalltitle.gif)
[FAQ Index]
Following -current
Table of Contents
Introduction
This document is for people who wish to follow -current.
It contains information about changes from 5.6-release to -current,
and should NOT be used by anyone upgrading from 5.5 or earlier, or people
wishing to follow -stable.
If you wish to upgrade to 5.6-release or 5.6-stable from previous
versions, see the upgrade guide.
Make sure you have read and understood
FAQ 5 - Building the System from Source
before using -current and the instructions below.
You should ALWAYS use a snapshot as the starting point for running
-current.
Upgrading by compiling your own source code is not supported.
Most of these changes will have to be performed as root.
2014/08/13 - X resources files moved to /usr/X11R6/share/X11/
The X resource files have moved their installation directory
from /etc/X11/app-defaults/
to /usr/X11R6/share/X11/app-defaults/
/etc/X11/app-defaults stays 1st in the libXt search path so, people
and ports can put customized versions there if needed.
If you didn't customize the versions in /etc/X11/app-defaults, they
should be removed to avoid future issues when one file changes:
cd /etc/X11/app-defaults
rm Beforelight Bitmap Bitmap-color Bitmap-nocase Chooser Clock-color
rm Editres Editres-color KOI8RXTerm SshAskpass UXTerm Viewres
rm Viewres-color XCalc XCalc-color XClipboard XClock
rm XClock-color XConsole XFontSel XLoad XLock XLogo
rm XLogo-color XMore XSm XTerm XTerm-color Xedit
rm Xedit-color Xfd Xgc Xgc-color Xmag Xman Xmessage
rm Xmessage-color Xsystrace Xvidtune
2014/08/22 - BIND has moved to ports
named(8) a.k.a. BIND has been removed from the base OS.
In many cases, unbound(8) and nsd(8) will make good replacements,
however users with some configurations (for example split horizon
DNS) may find it simpler to continue with BIND (which is available
in packages). The old binaries and manual pages should be removed:
rm -f /etc/rc.d/named
rm -f /usr/sbin/dnssec-keygen
rm -f /usr/sbin/dnssec-signzone
rm -f /usr/sbin/named
rm -f /usr/sbin/named-checkconf
rm -f /usr/sbin/named-checkzone
rm -f /usr/sbin/nsupdate
rm -f /usr/sbin/rndc
rm -f /usr/sbin/rndc-confgen
rm -f /usr/share/man/man5/named.conf.5
rm -f /usr/share/man/man5/rndc.conf.5
rm -f /usr/share/man/man8/dnssec-keygen.8
rm -f /usr/share/man/man8/dnssec-signzone.8
rm -f /usr/share/man/man8/named.8
rm -f /usr/share/man/man8/named-checkconf.8
rm -f /usr/share/man/man8/named-checkzone.8
rm -f /usr/share/man/man8/nsupdate.8
rm -f /usr/share/man/man8/rndc-confgen.8
rm -f /usr/share/man/man8/rndc.8
If you would like to move to BIND from packages, install it:
pkg_add isc-bind
This will run as a different user id ("_bind" instead of "named"),
so check that file and directory permissions permit access - in many
cases, this should work:
find /var/named -group named -print0 | xargs -r0 chgrp _bind
To enable startup at boot time:
rcctl enable isc_named
Caution: as this is from a package, it will start relatively late
in the boot process, so if you normally have 'nameserver 127.0.0.1' or
similar in resolv.conf and require working name resolution during system
startup, you may need to make alternative arrangements.
Options include running unbound on localhost only, or adding a fallback
server to /etc/resolv.conf.
2014/08/26 - openssl(1) has moved to /usr/bin
The openssl(1) binary has moved from /usr/sbin to /usr/bin.
As such, the old binary should be removed:
rm -f /usr/sbin/openssl
2014/08/26 - nginx has moved to ports
nginx(8) has been removed from the base OS.
The old binaries and manual pages should be removed:
rm -f /etc/rc.d/nginx
rm -f /usr/sbin/nginx
rm -f /usr/share/man/man8/nginx.8
rm -f /usr/share/man/man5/nginx.conf.5
If you would like to move to nginx from packages, install it:
pkg_add nginx
To enable startup at boot time:
rcctl enable nginx
Caution: as the nginx package is using the same rc.d script that was
used by the base system it is mandatory to remove the old nginx rc.d script
to avoid installation issues of the nginx packages.
2014/08/29 - puppetdb split single config file into multiple files
With puppetdb-2.1.0p1 the single puppetdb.ini file was split into multiple
.ini files. The configuration needs to be adapted after upgrade. More
information in the puppetdb package README.
2014/09/08 - procfs removed
procfs has been removed, thus the binary and manual page should be deleted:
rm -f /sbin/mount_procfs
rm -f /usr/share/man/man8/mount_procfs.8
2014/09/15 - sendmail moved to packages, updated
Sendmail has moved from the base OS to packages.
The following binaries, libraries, headers, and manual pages should
be deleted:
rm -rf /usr/include/libmilter
rm -rf /usr/libdata/perl5/site_perl/`uname -p`-openbsd/libmilter
rm -rf /usr/libexec/sendmail
rm -rf /usr/share/sendmail # preserve mc files first if needed
rm -f /etc/rc.d/sendmail
rm -f /usr/lib/{libmilter.a,libmilter.so.3.0,libmilter_p.a}
rm -f /usr/libexec/smrsh
rm -f /usr/sbin/{editmap,mailstats,praliases}
rm -f /usr/share/man/man1/{hoststat.1,praliases.1,purgestat.1}
rm -f /usr/share/man/man8/{editmap.8,mailq.8,mailstats.8,smrsh.8}
rm -f /var/log/sendmail.st
rmdir /usr/libexec/sm.bin
userdel smmsp
groupdel smmsp
If you are going to continue to use sendmail, install it from packages
and adjust permissions:
pkg_add sendmail
chown -R _smmsp:_smmsp /var/spool/clientmqueue
Compare your configuration files against the new default files in
/usr/local/share/examples/sendmail.
In particular, submit.cf must be updated as the userid has changed.
Review your file for local changes and if safe, copy the new file across:
diff /usr/local/share/examples/sendmail/submit.cf /etc/mail/
cp /usr/local/share/examples/sendmail/submit.cf /etc/mail/
If you will be moving to another MTA, for example smtpd(8),
check that there is nothing you need to keep (e.g. unsent messages in the
queue), then the following files can be removed:
rm -f /etc/mail/{README,access,access.db,genericstable,genericstable.db}
rm -f /etc/mail/{helpfile,local-host-names,localhost.cf,mailertable}
rm -f /etc/mail/{mailertable.db,relay-domains,sendmail.cf,submit.cf}
rm -f /etc/mail/{trusted-users,virtusertable,virtusertable.db}
rm -rf /var/spool/clientmqueue
rm -rf /var/spool/mqueue
2014/09/19 - rc.conf(8) moved to the base set
/etc/rc.conf has moved away from the etc to the base set.
Effectively this means that:
any manual changes made to /etc/rc.conf will be lost
at next upgrade.
If such changes were made, they must be merged into /etc/rc.conf.local.
Note that a backup version of rc.conf(8) can be found under /var/backups/.
2014/09/25 - [ports] collectd updated to 5.4.1
sysutils/collectd has been updated to version 5.4.1, users of previous
4.10.1 version should review this
upgrade guide
to migrate their existing setups.
2014/10/13 - lkm removed
The lkm interface has been removed; thus several binaries, manual pages,
the lkm directory, and the group _lkm should be removed:
rm -rf /usr/lkm /usr/share/lkm /dev/lkm
rm -f /usr/bin/modstat
rm -f /sbin/mod{,un}load
rm -f /usr/share/man/man8/mod{stat,load,unload}.8
rm -f /usr/share/man/man4/lkm.4
rm -f /usr/share/mk/bsd.lkm.mk /usr/include/sys/lkm.h
groupdel _lkm
2014/10/30 - [ports] symon package split
The split between subpackages for symon has been adjusted.
Depending on which subpackage you installed previously, you may lose
the "symux" monitor after a pkg_add -u, if so, just run "pkg_add symux".
2014/10/31 - libressl renamed to libtls
The libressl library has been renamed to libtls to avoid confusion and to make
it easier to distinguish between LibreSSL (the project) and libressl (the
library). There are several files that should be removed post update:
rm -f /usr/include/ressl.h
rm -f /usr/lib/libressl.* /usr/lib/libressl_*
rm -f /usr/share/man/man3/ressl_*
2014/10/31 - [ports] sendmail port uid/gid change
The uid and gid used by the enqueuer have changed.
/etc/rc.d/sendmail stop
groupmod -g 745 _smmsp
usermod -u 745 -g 745 _smmsp
chown -R _smmsp:_smmsp /var/spool/clientmqueue
chgrp _smmsp /usr/local/libexec/sendmail/sendmail
chmod g+s /usr/local/libexec/sendmail/sendmail
/etc/rc.d/sendmail start
2014/11/06 - [ports] php version bump
The default version of PHP has been switched to 5.5.
After updating to new packages when they are available, you will need
to move the configuration across from 5.4.
Check for local changes in /etc/php-5.4.ini and apply them to php-5.5.ini,
and create new symbolic links for any required extensions in /etc/php-5.5.
For the common case where you would like to keep existing extensions
you can do this:
cd /etc/php-5.4
for i in *; do ln -s ../php-5.5.sample/$i ../php-5.5/; done
pecl-APC does not support newer PHP versions and has been retired;
xcache is still available, or you can use the new opcode cache built-in
to 5.5:
ln -s ../php-5.5.sample/opcache.ini /etc/php-5.5
2014/11/17 - /var/tmp becomes a symlink to /tmp
/var/tmp is now a symlink to /tmp. Recommend updating the
/etc/daily script (with sysmerge or by hand), since the /tmp
purge has been adjusted for vi.recover, and extended to 7 days.
rm -r /var/tmp
ln -s /tmp /var/tmp
2014/11/20 - login.conf and crypt changes
Support for creating DES hashed passwords has been removed from most userland
utilities. login.conf only supports the blowfish option; this
was previously the default for localcipher. Additionally, the
ypcipher capability is no longer used; the localcipher cap will
be used for both local and YP passwords. These changes should not affect default
installations.
2014/11/23 - sparc64 switched to new installboot(8)
The sparc64 architecture has been switched to the new installboot(8)
implementation /usr/sbin/installboot. Old installboot files can be removed:
rm /usr/mdec/installboot /usr/share/man/man8/sparc64/installboot.8
2014/12/03 - rtsol(8) and rtsold(8) removed
Sending of router solicitations was moved to the kernel some time ago.
There is no longer a need for rtsol(8):
rm /etc/rc.d/rtsold /sbin/rtsol /usr/sbin/rtsold
rm /usr/share/man/man8/rtsol.8 /usr/share/man/man8/rtsold.8
2014/12/09 - [ports] login_duo file location moved
The login_duo port now installs under /usr/local/sbin rather than
/usr/local/libexec/auth (which is normally only used for bsd-auth programs).
If you use this, update paths in your ForceCommand strings.
2014/12/12 - relayd(8) and httpd(8) changed "ssl" keyword to "tls"
The occurences of the ssl have been changed to tls in
relayd.conf(5)
and
httpd.conf(5).
The configuration files have to be updated accordingly.
2014/12/22 - static PIE
Work is progressing to build OpenBSD's static binaries as Position
Independent Executables such that they fully benefit from address
space randomization. Since many of these static binaries are
essential for system recovery, we strongly advise people to upgrade
from snapshots. For those who are stubborn enough to upgrade from
source, here are some instructions to get yourself over this bump:
Start with building and installing a new kernel and reboot.
Build and install rcrt0.o:
cd /usr/src/lib/csu
make obj
make depend
make
make install
Build and install new binutils:
cd /usr/src/gnu/usr.bin/binutils
make -f Makefile.bsd-wrapper obj
make -f Makefile.bsd-wrapper
make -f Makefile.bsd-wrapper install
Build and install new gcc:
cd /usr/src/gnu/usr.bin/cc
make obj
make depend
make
make install
Then proceed with doing a full build. It is essential that you don't
install the files in /usr/src/share/mk before completing the steps
outlined above!
At this point in time static PIE support is available for amd64, hppa
and sparc64. Other architectures will follow soon and will require
these same steps.
2014/12/24 - crypt_checkpass changes
The crypt_checkpass function used to verify a user's password no longer
supports obsolete DES crypt password hashes. Effectively, this means if a
user's passwd hash is DES (not the default), they will be unable to login
via password authentication.
2015/01/04 - [ports] gnustep sudoku renamed
Because the ports games/sudoku and x11/gnustep/sudoku used the same
package name, the gnustep one had been renamed to gnustep-sudoku.
If you have the gnustep version installed (the exact package is
currently sudoku-0.7p5), you should delete it before and re-add it
after updating installed packages, like this:
pkg_delete sudoku-0.7p5
pkg_add -u
pkg_add gnustep-sudoku
2015/01/08 - [ports] PostgreSQL 9.4.0
Major update to 9.4.0. A dump/restore is required.
2015/01/21 - carp(4) setups now require a "carpdev" argument
carp(4) interfaces no longer look for a compatible parent interface with
the same subnet if no "carpdev" argument has been specified with ifconfig(8)
or in the corresponding /etc/hostname.carp* file. Such setups are now
treated as invalid and should be updated.
2015/01/25 - [ports] wordpress 4.1
The twentytwelve theme from wordpress 4.0.x is no longer included with
wordpress 4.1.x. If you are using this theme, back it up before updating:
cd /var/www/wordpress/wp-content/themes &&
cp -Rp twentytwelve twentytwelve.bak
and restore it after wordpress update:
cd /var/www/wordpress/wp-content/themes &&
mv twentytwelve.bak twentytwelve
2015/02/06 - [ports] MySQL replaced with MariaDB, updated
MySQL has been replaced with the MariaDB fork.
The changeover should be straightforward and package updates will be handled
by pkg_add -u, but there are a couple of additional steps to take:
- Before upgrading to OpenBSD 5.7, run mysqladmin flush-logs to simplify recovery in case of problems
- After upgrading, run mysql_upgrade to upgrade system tables
- Replace "skip-locking" in /etc/my.cnf with "skip-external-locking"
Note that replication between MySQL 5.1.x and MariaDB 10.x should work,
but is not a supported configuration.
2015/02/21 - Mesa changed back to 10.2
The Mesa 10.4 update done in January has been reverted back to 10.2
due to various issues. The following include files should be removed.
rm -f /usr/X11R6/include/GL/glcorearb.h
rm -f /usr/X11R6/include/EGL/eglextchromium.h
$OpenBSD: current.html,v 1.593 2015/02/25 16:49:06 sthen Exp $