[FAQ Index]

Following -current

Table of Contents


This document is for people who wish to follow -current. It contains information about changes from 5.6-release to -current, and should NOT be used by anyone upgrading from 5.5 or earlier, or people wishing to follow -stable.

If you wish to upgrade to 5.6-release or 5.6-stable from previous versions, see the upgrade guide.

Make sure you have read and understood FAQ 5 - Building the System from Source before using -current and the instructions below.

You should ALWAYS use a snapshot as the starting point for running -current. Upgrading by compiling your own source code is not supported.

Most of these changes will have to be performed as root.

2014/08/13 - X resources files moved to /usr/X11R6/share/X11/

The X resource files have moved their installation directory from /etc/X11/app-defaults/ to /usr/X11R6/share/X11/app-defaults/ /etc/X11/app-defaults stays 1st in the libXt search path so, people and ports can put customized versions there if needed. If you didn't customize the versions in /etc/X11/app-defaults, they should be removed to avoid future issues when one file changes:
	cd /etc/X11/app-defaults
	rm Beforelight Bitmap Bitmap-color Bitmap-nocase Chooser Clock-color 
	rm Editres Editres-color KOI8RXTerm SshAskpass UXTerm Viewres
	rm Viewres-color XCalc XCalc-color XClipboard XClock
	rm XClock-color XConsole XFontSel XLoad XLock XLogo
	rm XLogo-color XMore XSm XTerm XTerm-color Xedit
	rm Xedit-color Xfd Xgc Xgc-color Xmag Xman Xmessage
	rm Xmessage-color Xsystrace Xvidtune

2014/08/22 - BIND has moved to ports

named(8) a.k.a. BIND has been removed from the base OS. In many cases, unbound(8) and nsd(8) will make good replacements, however users with some configurations (for example split horizon DNS) may find it simpler to continue with BIND (which is available in packages). The old binaries and manual pages should be removed:
	rm -f /etc/rc.d/named
	rm -f /usr/sbin/dnssec-keygen
	rm -f /usr/sbin/dnssec-signzone
	rm -f /usr/sbin/named
	rm -f /usr/sbin/named-checkconf
	rm -f /usr/sbin/named-checkzone
	rm -f /usr/sbin/nsupdate
	rm -f /usr/sbin/rndc
	rm -f /usr/sbin/rndc-confgen
	rm -f /usr/share/man/man5/named.conf.5
	rm -f /usr/share/man/man5/rndc.conf.5
	rm -f /usr/share/man/man8/dnssec-keygen.8
	rm -f /usr/share/man/man8/dnssec-signzone.8
	rm -f /usr/share/man/man8/named.8
	rm -f /usr/share/man/man8/named-checkconf.8
	rm -f /usr/share/man/man8/named-checkzone.8
	rm -f /usr/share/man/man8/nsupdate.8
	rm -f /usr/share/man/man8/rndc-confgen.8
	rm -f /usr/share/man/man8/rndc.8
If you would like to move to BIND from packages, install it:
	pkg_add isc-bind
This will run as a different user id ("_bind" instead of "named"), so check that file and directory permissions permit access - in many cases, this should work:
	find /var/named -group named -print0 | xargs -r0 chgrp _bind
To enable startup at boot time:
	rcctl enable isc_named
Caution: as this is from a package, it will start relatively late in the boot process, so if you normally have 'nameserver' or similar in resolv.conf and require working name resolution during system startup, you may need to make alternative arrangements. Options include running unbound on localhost only, or adding a fallback server to /etc/resolv.conf.

2014/08/26 - openssl(1) has moved to /usr/bin

The openssl(1) binary has moved from /usr/sbin to /usr/bin. As such, the old binary should be removed:
	rm -f /usr/sbin/openssl

2014/08/26 - nginx has moved to ports

nginx(8) has been removed from the base OS. The old binaries and manual pages should be removed:
	rm -f /etc/rc.d/nginx
	rm -f /usr/sbin/nginx
	rm -f /usr/share/man/man8/nginx.8
	rm -f /usr/share/man/man5/nginx.conf.5
If you would like to move to nginx from packages, install it:
	pkg_add nginx
To enable startup at boot time:
	rcctl enable nginx
Caution: as the nginx package is using the same rc.d script that was used by the base system it is mandatory to remove the old nginx rc.d script to avoid installation issues of the nginx packages.

2014/08/29 - puppetdb split single config file into multiple files

With puppetdb-2.1.0p1 the single puppetdb.ini file was split into multiple .ini files. The configuration needs to be adapted after upgrade. More information in the puppetdb package README.

2014/09/08 - procfs removed

procfs has been removed, thus the binary and manual page should be deleted:
	rm -f /sbin/mount_procfs
	rm -f /usr/share/man/man8/mount_procfs.8

2014/09/15 - sendmail moved to packages, updated

Sendmail has moved from the base OS to packages. The following binaries, libraries, headers, and manual pages should be deleted:
	rm -rf /usr/include/libmilter
	rm -rf /usr/libdata/perl5/site_perl/`uname -p`-openbsd/libmilter
	rm -rf /usr/libexec/sendmail
	rm -rf /usr/share/sendmail  # preserve mc files first if needed
	rm -f /etc/rc.d/sendmail
	rm -f /usr/lib/{libmilter.a,libmilter.so.3.0,libmilter_p.a}
	rm -f /usr/libexec/smrsh
	rm -f /usr/sbin/{editmap,mailstats,praliases}
	rm -f /usr/share/man/man1/{hoststat.1,praliases.1,purgestat.1}
	rm -f /usr/share/man/man8/{editmap.8,mailq.8,mailstats.8,smrsh.8}
	rm -f /var/log/sendmail.st

	rmdir /usr/libexec/sm.bin

	userdel smmsp
	groupdel smmsp
If you are going to continue to use sendmail, install it from packages and adjust permissions:
	pkg_add sendmail
	chown -R _smmsp:_smmsp /var/spool/clientmqueue
If you will be moving to another MTA, for example smtpd(8), check that there is nothing you need to keep (e.g. unsent messages in the queue), then the following files can be removed:
	rm -f /etc/mail/{README,access,access.db,genericstable,genericstable.db}
	rm -f /etc/mail/{helpfile,local-host-names,localhost.cf,mailertable}
	rm -f /etc/mail/{mailertable.db,relay-domains,sendmail.cf,submit.cf}
	rm -f /etc/mail/{trusted-users,virtusertable,virtusertable.db}

	rm -rf /var/spool/clientmqueue
	rm -rf /var/spool/mqueue

2014/09/19 - rc.conf(8) moved to the base set

/etc/rc.conf has moved away from the etc to the base set.

Effectively this means that:
any manual changes made to /etc/rc.conf will be lost at next upgrade. If such changes were made, they must be merged into /etc/rc.conf.local.

Note that a backup version of rc.conf(8) can be found under /var/backups/.

2014/09/25 - [ports] collectd updated to 5.4.1

sysutils/collectd has been updated to version 5.4.1, users of previous 4.10.1 version should review this upgrade guide to migrate their existing setups.

2014/10/13 - lkm removed

The lkm interface has been removed; thus several binaries, manual pages, the lkm directory, and the group _lkm should be removed:
	rm -rf /usr/lkm /usr/share/lkm /dev/lkm
	rm -f /usr/bin/modstat
	rm -f /sbin/mod{,un}load
	rm -f /usr/share/man/man8/mod{stat,load,unload}.8
	rm -f /usr/share/man/man4/lkm.4
	rm -f /usr/share/mk/bsd.lkm.mk /usr/include/sys/lkm.h
	groupdel _lkm

2014/10/30 - [ports] symon package split

The split between subpackages for symon has been adjusted. Depending on which subpackage you installed previously, you may lose the "symux" monitor after a pkg_add -u, if so, just run "pkg_add symux".

2014/10/31 - libressl renamed to libtls

The libressl library has been renamed to libtls to avoid confusion and to make it easier to distinguish between LibreSSL (the project) and libressl (the library). There are several files that should be removed post update:
	rm -f /usr/include/ressl.h
	rm -f /usr/lib/libressl.* /usr/lib/libressl_*
	rm -f /usr/share/man/man3/ressl_*

2014/10/31 - [ports] sendmail port uid/gid change

The uid and gid used by the enqueuer have changed.
	/etc/rc.d/sendmail stop
	groupmod -g 745 _smmsp
	usermod -u 745 -g 745 _smmsp
	chown -R _smmsp:_smmsp /var/spool/clientmqueue
	chgrp _smmsp /usr/local/libexec/sendmail/sendmail
	chmod g+s /usr/local/libexec/sendmail/sendmail
	/etc/rc.d/sendmail start

2014/11/06 - [ports] php version bump

The default version of PHP has been switched to 5.5. After updating to new packages when they are available, you will need to move the configuration across from 5.4. Check for local changes in /etc/php-5.4.ini and apply them to php-5.5.ini, and create new symbolic links for any required extensions in /etc/php-5.5. For the common case where you would like to keep existing extensions you can do this:
	cd /etc/php-5.4
	for i in *; do ln -s ../php-5.5.sample/$i ../php-5.5/; done
pecl-APC does not support newer PHP versions and has been retired; xcache is still available, or you can use the new opcode cache built-in to 5.5:
	ln -s ../php-5.5.sample/opcache.ini /etc/php-5.5

2014/11/17 - /var/tmp becomes a symlink to /tmp

/var/tmp is now a symlink to /tmp. Recommend updating the /etc/daily script (with sysmerge or by hand), since the /tmp purge has been adjusted for vi.recover, and extended to 7 days.
	rm -r /var/tmp
	ln -s /tmp /var/tmp

2014/11/20 - login.conf and crypt changes

Support for creating DES hashed passwords has been removed from most userland utilities. login.conf only supports the blowfish option; this was previously the default for localcipher. Additionally, the ypcipher capability is no longer used; the localcipher cap will be used for both local and YP passwords. These changes should not affect default installations.

2014/11/23 - sparc64 switched to new installboot(8)

The sparc64 architecture has been switched to the new installboot(8) implementation /usr/sbin/installboot. Old installboot files can be removed:
	rm /usr/mdec/installboot /usr/share/man/man8/sparc64/installboot.8

2014/12/03 - rtsol(8) and rtsold(8) removed

Sending of router solicitations was moved to the kernel some time ago. There is no longer a need for rtsol(8):
	rm /etc/rc.d/rtsold /sbin/rtsol /usr/sbin/rtsold
	rm /usr/share/man/man8/rtsol.8 /usr/share/man/man8/rtsold.8

2014/12/09 - [ports] login_duo file location moved

The login_duo port now installs under /usr/local/sbin rather than /usr/local/libexec/auth (which is normally only used for bsd-auth programs). If you use this, update paths in your ForceCommand strings.

2014/12/12 - relayd(8) and httpd(8) changed "ssl" keyword to "tls"

The occurences of the ssl have been changed to tls in relayd.conf(5) and httpd.conf(5). The configuration files have to be updated accordingly.

2014/12/22 - static PIE

Work is progressing to build OpenBSD's static binaries as Position Independent Executables such that they fully benefit from address space randomization. Since many of these static binaries are essential for system recovery, we strongly advise people to upgrade from snapshots. For those who are stubborn enough to upgrade from source, here are some instructions to get yourself over this bump:

Start with building and installing a new kernel and reboot.
Build and install rcrt0.o:

	cd /usr/src/lib/csu
	make obj
	make depend
	make install
Build and install new binutils:
	cd /usr/src/gnu/usr.bin/binutils
	make -f Makefile.bsd-wrapper obj
	make -f Makefile.bsd-wrapper
	make -f Makefile.bsd-wrapper install
Build and install new gcc:
	cd /usr/src/gnu/usr.bin/cc
	make obj
	make depend
	make install
Then proceed with doing a full build. It is essential that you don't install the files in /usr/src/share/mk before completing the steps outlined above!

At this point in time static PIE support is available for amd64, hppa and sparc64. Other architectures will follow soon and will require these same steps.

2014/12/24 - crypt_checkpass changes

The crypt_checkpass function used to verify a user's password no longer supports obsolete DES crypt password hashes. Effectively, this means if a user's passwd hash is DES (not the default), they will be unable to login via password authentication.

2015/01/04 - [ports] gnustep sudoku renamed

Because the ports games/sudoku and x11/gnustep/sudoku used the same package name, the gnustep one had been renamed to gnustep-sudoku. If you have the gnustep version installed (the exact package is currently sudoku-0.7p5), you should delete it before and re-add it after updating installed packages, like this:
	pkg_delete sudoku-0.7p5
	pkg_add -u
	pkg_add gnustep-sudoku

2015/01/08 - [ports] PostgreSQL 9.4.0

Major update to 9.4.0. A dump/restore is required.

2015/01/21 - carp(4) setups now require a "carpdev" argument

carp(4) interfaces no longer look for a compatible parent interface with the same subnet if no "carpdev" argument has been specified with ifconfig(8) or in the corresponding /etc/hostname.carp* file. Such setups are now treated as invalid and should be updated.

2015/01/25 - [ports] wordpress 4.1

The twentytwelve theme from wordpress 4.0.x is no longer included with wordpress 4.1.x. If you are using this theme, back it up before updating:
	cd /var/www/wordpress/wp-content/themes &&
	cp -Rp twentytwelve twentytwelve.bak
and restore it after wordpress update:
	cd /var/www/wordpress/wp-content/themes &&
	mv twentytwelve.bak twentytwelve

$OpenBSD: current.html,v 1.588 2015/01/25 16:16:57 kirby Exp $