OpenBSD Following -current and using snapshots [FAQ Index]

Active OpenBSD development is known as the -current branch. These sources are frequently compiled into releases known as snapshots.

Aggressive changes are sometimes pushed in this branch, and complications can arise when building the latest code or upgrading from a previous point in time. Some of the steps for getting over these hurdles are explained on this page. Make sure you've read and understand how to build the system from source before using -current and the instructions below.

In general, it's far easier to use snapshots, as developers will have gone through much of the trouble for you already.

You should always use a snapshot as the starting point for running -current. This process typically consists of running sysupgrade(8) with the -s flag. Alternatively, download (and verify) the appropriate bsd.rd file from the /snapshots/ directory of your preferred mirror, boot from it, and choose (U)pgrade at the prompt. Any installed packages should then be upgraded after booting into the new system.

Upgrading to -current by compiling your own source code is discouraged for everyone except for experts, as difficult build-time crossing-points can occur often, and no assistance will be provided. In case of failure, use a snapshot to recover.

Most of these changes will have to be performed as root.

2019/11/06 - unwind(8): configuration syntax change

asr has been renamed to stub in unwind.conf(5).

2019/11/15 - rpki-client(8) reuses the named uid/gid

The new _rpki-client user recycles the user and group ids of the "named" daemon user (named, uid/gid 70) which was removed in 2014. If you upgraded your system from all the way back then and never deleted the user and group, delete them and the /var/named directory:
# userdel named
# groupdel named
# rm -rf /var/named  # backup the data if still needed
If you do not delete them before upgrading, sysmerge(8) will fail and will need to be re-run manually after deleting them.

2019/11/27 - unwind(8) no longer uses http to detect captive portals

unwind(8) uses a DNS based heuristic to detect captive portals. Existing captive portal sections must be removed from /etc/unwind.conf.

2019/12/17 - usb(4) and uhid(4) changes

The default permissions of the usb(4) and uhid(4) device nodes have been changed by restricting read-write access to the root user. Run MAKEDEV to update the device nodes manually:
# cd /dev
# sh MAKEDEV all

Access to FIDO/U2F security keys is now provided by the fido(4) driver instead of uhid(4). Programs have to use /dev/fido/N instead of /dev/uhidN for U2F/FIDO.

2019/12/29 - perl updated to 5.30.1

With the update to perl 5.30.1 some files should be removed manually. Packages providing Perl XS modules will fail to work until they are built with the new version. New binary packages should be available (pkg_add -u will update them) or they can be rebuilt from ports.
# rm -rf /usr/libdata/perl5/*/Storable \
       /usr/libdata/perl5/*/ \
       /usr/libdata/perl5/*/auto/arybase \
       /usr/libdata/perl5/B/ \
       /usr/libdata/perl5/Locale/{Codes,Country,Currency,Language,Script}* \
       /usr/libdata/perl5/Math/BigInt/ \
       /usr/libdata/perl5/unicore/To/ \
       /usr/libdata/perl5/unicore/lib/GCB/ \
       /usr/libdata/perl5/unicore/lib/GCB/ \
       /usr/share/man/man3p/B::Debug.3p \
       /usr/share/man/man3p/Locale::{Codes*,Country,Currency,Language,Script}.3p \
       /usr/share/man/man3p/Math::BigInt::CalcEmu.3p \

2020/01/14 - iked(8) automatic IPv6 blocking removed

iked(8) no longer automatically blocks unencrypted outbound IPv6 packets. This feature was intended to avoid accidental leakage, but in practice was found to mostly be a cause of misconfiguration. Instead, if you would like to explicitly block these packets, add the following line to /etc/ipsec.conf (not iked.conf):
flow esp out from ::/0 to ::/0 type deny
and enable loading it with
# rcctl enable ipsec           # to load at boot
# ipsecctl -f /etc/ipsec.conf  # to load immediately
If you previously used iked(8)'s -6 flag to disable this feature, it is no longer needed and should be removed from /etc/rc.conf.local if used.

2020/01/23 - pppac(4) replaces tun(4) in npppd(8)

Support for using tun(4) as an access concentrator with npppd(8) has been removed. This functionality has been moved into a dedicated pppac(4) network interface driver. To migrate to the new driver, replace use of the tun interfaces in npppd.conf(5) with pppac.

2020/01/24 - rebound(8) removed

rebound(8) has been removed. Users are advised to consider alternatives such as unwind(8).

2020/01/24 - [packages] firefox 71.0: pledge configuration change

Previously, disabling pledge was done by modifying an entry in about:config but now it is done using files in /etc/firefox as explained in the pkg-readme file, /usr/local/share/doc/pkg-readmes/firefox. Unveil has been added to firefox to restrict filesystem access by default. To grant access to additional paths or disable unveil, see the pkg-readme file.

2020/02/05 - [packages] PostgreSQL major update

There was a major update to PostgreSQL 12.1. Use pg_upgrade as described in the postgresql-server pkg-readme or do a dump/restore.

2020/02/08 - dig(1), host(1) and nslookup(1) moved to /usr/bin

Old binaries should be deleted and scripts that use the full path to the tools adapted.
# rm -f /usr/sbin/{dig,host,nslookup}

2020/02/11 - [packages] databases/redis updated to 5.0.7

Redis was updated to 5.0.7. Users should have no problem migrating from 4.0 to 5.0. A list of backward incompatible changes is at the end of the detailed release notes. Please note that the database is automatically upgraded on first run and cannot be read by older versions - take a backup first if you are concerned about compatibility.

2020/02/12 - /etc/weekly locate.updatedb TMPDIR

TMPDIR is no longer propagated for locate.updatedb in weekly(8). Custom TMPDIR values for locate.updatedb set in root crontab or /etc/weekly.local should be moved into /etc/locate.rc.

2020/02/13 - man.conf(5) _whatdb directive no longer supported

In man.conf(5), change lines of the form
_whatdb /usr/share/man/whatis.db
to this form:
manpath /usr/share/man
The _whatdb directive has been obsolete since 2015.

2020/02/19 - [packages] jupyter-notebook dropped support for Python 2

Jupyter-notebook has been updated to 6.0.3, which dropped support for Python 2. Existing notebooks should be checked if they work with Python 3. Please note that tools supplied by this package have been renamed, e.g. jupyter-notebook-3 has been renamed to jupyter-notebook.

2020/03/23 - [packages] Retiring Python 2 support in IPython

The IPython port now only supports Python 3.

/usr/local/bin/ipython-3 has been renamed to /usr/local/bin/ipython.

$OpenBSD: current.html,v 1.1033 2020/03/23 08:38:17 edd Exp $