OpenBSD Upgrade Guide: 5.5 to 5.6


[FAQ Index] | [5.4 -> 5.5] | [5.6 -> 5.7]

Note: Upgrades are only supported from one release to the release immediately following it. Do not skip releases. If you got lucky skipping releases in the past, you may not this time.

It is highly recommended that you read through and fully understand this process before attempting it. If you are doing it on a critical or physically remote machine, it is recommended that you test this process on an identical, local system to verify its success before attempting on a critical or remote computer.

Table of Contents:


Before upgrading: things to think about and be aware of

This is not a complete list of the changes that took place between 5.5 and 5.6, but rather some of the important things that will impact users in the upgrade process. For a more complete list of changes, see plus56.html and the CVS change logs.


The upgrade process

Upgrading by install kernel

If you have access to the system's console, the easiest and safest way to upgrade is to boot from the install kernel by boot media or bsd.rd and follow the upgrade steps, which are very similar to the install process.

Afterwards, complete the upgrade by following the final steps as detailed below.

One easy way to boot from the install kernel is to place the 5.6 version of bsd.rd in the root of your boot drive, then instruct the boot loader to boot using this new bsd.rd file. On amd64 and i386, you do this by entering "boot bsd.rd" at the initial boot> prompt.

Upgrading without install kernel

This is NOT the recommended process. Use the install kernel method if at all possible!

Sometimes, one needs to do an upgrade of a machine when one can't easily use the normal upgrade process. The most common case is when the machine is in a remote location and you don't have easy access to the system console. One can usually do this by carefully following this process:


Final steps

Whether you upgrade by using an install kernel and doing a formal "upgrade" process, or do a "in-place" binary upgrade, you need to do a few final steps to complete the upgrade.

1. Merging changed files via sysmerge(8)

The sysmerge(8) utility will compare the files that are actually on your system with those that would be installed in a fresh install, and assist you in merging the changes into your system. There are no assumptions made about what is actually on your system, so you can use sysmerge(8) to move between more arbitrary points in the development process, such as from an earlier 5.5-current to 5.6-release or from one -current to a later one. Sysmerge(8) compares the current files on your system with the files that would have been installed with a new install, and what would have been there from the last run of sysmerge. Usually, it can figure out what to do to update your files. If it has difficulty, it will give you the option of keeping the old file, installing the new file, or assisting you in the manual merging of the old and new files, using sdiff.

Please read the sysmerge(8) manual page before using it on your system. You are also advised to read the diff(1), sdiff(1) and even review more(1) manual pages before continuing. A wide terminal window (i.e., significantly more than 80 characters), if available, will make sdiff(1) easier to use.

Assuming the SHA256.sig, etc56.tgz and xetc56.tgz files exists in your ${RELEASEPATH} (which can be an http:// URL!), run it with:

sysmerge -s ${RELEASEPATH}/etc56.tgz -x ${RELEASEPATH}/xetc56.tgz
(if you don't have SHA256.sig available, use the -S option to skip the signature check) For the files sysmerge(8) can't resolve on its own, it will show you a unified diff(1), run through your favorite $PAGER (i.e., more(1)) and ask you if you wish to:
  Use 'd' to delete the temporary ./var/www/htdocs/index.html
  Use 'i' to install the temporary ./var/www/htdocs/index.html
  Use 'm' to merge the temporary and installed versions
  Use 'v' to view the diff results again

  Default is to leave the temporary file to deal with by hand

If you wish to retain your existing file, delete the temporary file. If you wish to replace your existing file with the new version, install the temporary file. If you wish to merge the two together, choosing 'm' will put you into sdiff(1), where you can manually merge the file. The default is to come back and deal with the file later, manually.

Sysmerge(8) saves all your replaced files into a temporary directory, similar to /var/tmp/sysmerge.24959/backups, so if you accidentally clobber something that was probably not such a good idea, you have a chance to recover it. Note that daily(8) cleans old files from this directory, but it will survive a reboot.

2. Files to delete and move

Some files should be deleted from your system, and others must be moved or updated. Note that some of these may not exist on all systems; that's ok. The list of commands to run is broken up into modest size blocks; some slower hardware will have trouble keeping up with one large copy/paste.

rm -f /usr/sbin/spray
rm -f /usr/libexec/rpc.sprayd
rm -f /usr/share/man/man8/{,rpc.}spray{,d}.8
rm -rf /usr/lib/apache
rm -rf /usr/share/doc/html/httpd
rm -f /usr/bin/{dbmmanage,htdigest}
rm -f /usr/sbin/{apachectl,apxs,logresolve,rotatelogs,suexec}
rm -f /usr/share/man/man1/{dbmmanage.1,htdigest.1}
rm -f /usr/share/man/man8/{apachectl.8,apxs.8,logresolve.8}
rm -f /usr/share/man/man8/{rotatelogs.8,suexec.8}
rm -f /usr/include/sys/agpio.h
rm -f /etc/ppp/ppp.{conf,linkdown,linkup,secret}.sample
rm -f /usr/sbin/ppp /usr/share/man/man8/ppp.8
rm -f /usr/sbin/pppctl /usr/share/man/man8/pppctl.8
rm -f /usr/sbin/pppoe /usr/share/man/man8/pppoe.8

rm -f /bin/rcp /usr/share/man/man1/rcp.1
rm -f /usr/lib/librt{,_p}.a
rm -f /usr/include/bm.h
rm -f /usr/include/md4.h
rm -f /usr/lib/libwrap{,_p}.*
rm -f /usr/libexec/tcpd
rm -f /usr/include/tcpd.h
rm -f /usr/sbin/tcpd{chk,match}
rm -f /usr/share/man/man3/hosts_access.3
rm -f /usr/share/man/man5/hosts.{allow,deny}.5
rm -f /usr/share/man/man5/hosts_{access,options}.5
rm -f /usr/share/man/man8/tcpd{,chk,match}.8
rm -f /etc/hosts.{allow,deny}
rm -f /bin/rmail
rm -f /usr/share/man/man8/rmail.8

rm -f /usr/libexec/uucpd
rm -f /usr/share/man/man8/uucpd.8
rm -rf /usr/include/altq
rm -rf /etc/kerberosV/
rm -f /etc/rc.d/{kadmind,kdc,kpasswdd,ipropd_master,ipropd_slave}
rm -f /usr/bin/asn1_compile
rm -f /usr/bin/compile_et
rm -f /usr/bin/kcc
rm -f /usr/bin/kdestroy
rm -f /usr/bin/kf
rm -f /usr/bin/kgetcred
rm -f /usr/bin/kinit
rm -f /usr/bin/klist
rm -f /usr/bin/krb5-config
rm -f /usr/bin/slc

rm -f /usr/bin/string2key
rm -f /usr/bin/verify_krb5_conf
rm -rf /usr/include/kerberosV/
rm -f /usr/lib/libasn1{,_p}.*
rm -f /usr/lib/libcom_err{,_p}.*
rm -f /usr/lib/libgssapi{,_p}.*
rm -f /usr/lib/libhdb{,_p}.*
rm -f /usr/lib/libheimbase{,_p}.*
rm -f /usr/lib/libkadm5clnt{,_p}.*
rm -f /usr/lib/libkadm5srv{,_p}.*
rm -f /usr/lib/libkafs{,_p}.*
rm -f /usr/lib/libkdc{,_p}.*
rm -f /usr/lib/libkrb5{,_p}.*
rm -f /usr/lib/libroken{,_p}.*
rm -f /usr/lib/libwind{,_p}.*

rm -rf /usr/libdata/perl5/site_perl/*-openbsd/kerberosV/
rm -f /usr/libexec/auth/login_krb5{,-or-pwd}
rm -f /usr/libexec/hprop{,d}
rm -f /usr/libexec/ipropd-{master,slave}
rm -f /usr/libexec/kadmind
rm -f /usr/libexec/kdc
rm -f /usr/libexec/kfd
rm -f /usr/libexec/kpasswdd
rm -f /usr/sbin/iprop-log
rm -f /usr/sbin/kadmin
rm -f /usr/sbin/kimpersonate
rm -f /usr/sbin/kstash
rm -f /usr/sbin/ktutil
rm -f /usr/share/info/heimdal.info
rm -f /usr/share/man/man1/kdestroy.1

rm -f /usr/share/man/man1/kf.1
rm -f /usr/share/man/man1/kgetcred.1
rm -f /usr/share/man/man1/kinit.1
rm -f /usr/share/man/man1/klist.1
rm -f /usr/share/man/man1/krb5-config.1
rm -f /usr/share/man/man1/kswitch.1
rm -f /usr/share/man/man3/ecalloc.3
rm -f /usr/share/man/man3/getarg.3
rm -f /usr/share/man/man3/{gss,krb5,krb}_*.3
rm -f /usr/share/man/man3/gssapi.3
rm -f /usr/share/man/man3/gsskrb5_extract_authz_data_from_sec_context.3
rm -f /usr/share/man/man3/gsskrb5_register_acceptor_identity.3
rm -f /usr/share/man/man3/k_afs_cell_of_file.3
rm -f /usr/share/man/man3/k_hasafs.3
rm -f /usr/share/man/man3/k_hasafs_recheck.3

rm -f /usr/share/man/man3/k_pioctl.3
rm -f /usr/share/man/man3/k_setpag.3
rm -f /usr/share/man/man3/k_unlog.3
rm -f /usr/share/man/man3/kadm5_pwcheck.3
rm -f /usr/share/man/man3/kafs*.3
rm -f /usr/share/man/man3/krb524_*.3
rm -f /usr/share/man/man3/parse_time.3
rm -f /usr/share/man/man3/rtbl.3
rm -f /usr/share/man/man5/krb5.conf.5
rm -f /usr/share/man/man5/mech.5
rm -f /usr/share/man/man8/hprop{,d}.8
rm -f /usr/share/man/man8/iprop{,-log}.8
rm -f /usr/share/man/man8/ipropd-{master,slave}.8
rm -f /usr/share/man/man8/kadmin{,d}.8
rm -f /usr/share/man/man8/kdc.8

rm -f /usr/share/man/man8/kerberos.8
rm -f /usr/share/man/man8/kfd.8
rm -f /usr/share/man/man8/kimpersonate.8
rm -f /usr/share/man/man8/kpasswdd.8
rm -f /usr/share/man/man8/kstash.8
rm -f /usr/share/man/man8/ktutil.8
rm -f /usr/share/man/man8/login_krb5{,-or-pwd}.8
rm -f /usr/share/man/man8/string2key.8
rm -f /usr/share/man/man8/verify_krb5_conf.8
rm -f /usr/bin/lynx
rm -f /usr/share/man/man1/lynx.1
rm -rf /usr/share/doc/html/lynx_help
rm -f /etc/lynx.cfg

rm -f /usr/bin/{rsh,ruptime,rwho}
rm -f /usr/sbin/rwhod
rm -f /etc/rc.d/rwhod
rm -f /usr/libexec/rshd
rm -f /usr/share/man/man1/{rwho,ruptime,rsh}.1
rm -f /usr/share/man/man8/{rwhod,rshd}.8
rm -rf /var/rwho

chown -R _smtpq /var/spool/smtpd/{corrupt,incoming,purge,queue,temporary}
The following files are associated with httpd(8) and can be deleted in some cases, but may have been replaced with user content or configuration. Warning: On systems which currently or have previously used any http daemon, care must be taken and files analyzed case by case to avoid accidental deletion of user content or important configuration files. In particular, users moving to package apache-httpd-openbsd will want to keep many of these files.
rm -rf /var/www/icons
rmdir /var/www/conf/{modules,modules.sample}
rmdir /var/www/users
rm -f /var/www/cgi-bin/{printenv,test-cgi}
rm -f /var/www/conf/{httpd.conf,magic,mime.types}
rm -f /var/www/htdocs/{apache_pb.gif,blowfish.jpg,bsd_small.gif,index.html}
rm -f /var/www/htdocs/{lock.gif,logo23.jpg,logo24.jpg,mod_ssl_sb.gif}
rm -f /var/www/htdocs/{openbsd_pb.gif,openbsdpower.gif,openssl_ics.gif}
rm -f /var/www/htdocs/smalltitle.gif
Sendmail is now deprecated in the base OS, and will move to packages in 5.7. The standard MTA is now smtpd(8). To switch to smtpd, make sure that no important mail is waiting in Sendmail's queue, remove the sendmail crontab entry from root's crontab, edit /etc/mailer.conf to make sure only smtpd is run, and run newaliases.

3. Upgrading packages

If you installed any packages on your system, you should upgrade them after completing the upgrade of the base system. Be aware, however, many packages will require further setup before and/or after upgrading the package. Check with the application's upgrade guide for details.

The following packages are known to have significant upgrade issues that will impact users. The fact that a package is not on this list doesn't mean it will have a trivial upgrade. You must do some homework on the applications YOU use.

The package tools support in-place updating using pkg_add -u. For instance, to update all your packages, make sure PKG_PATH is pointing to the 5.6 packages directory on your CD or nearest FTP mirror, and use something like

pkg_add -u
where the -u indicates update mode; pkg_add will prompt you for input when it encounters some ambiguity. Read the pkg_add(1) manual page and the package management chapter of the FAQ for more information.

[FAQ Index] | [5.4 -> 5.5] | [5.6 -> 5.7]


$OpenBSD: upgrade56.html,v 1.28 2019/05/28 01:53:11 bentley Exp $