Upgrade OpenBSD | Websteading with OpenBSD

2023-01-14

WIP!

Most of this site is incomplete, and the current state is available as an open draft. Most of the text here is likely incomplete, misinformed, or just plain wrong. I'm looking for feedback on my website, so that I can:

Fill in what I'm missing
Take out what's unnecessary
Figure out my target audience
Find the right way to structure the site
Filter out any errors

To anyone who wants to send me feedback, thank you, and shoot me an email!

OpenBSD’s upgrades are supported from one release to the immediate following release. The team publishes upgrade guides on the website since 3.6, so the TL;DR of this article should be: Read the FAQ. We can follow the 7.0 to 7.1 guide as an example.

In short: Check you have >=1.1G of free space for /usr, and then run sysupgrade, sysmerge, and then pkg_add -u

Before Upgrading

The upgrade guide requires us to check that /usr has at least 1.1G of disk space before upgrading. This can be done easily through df:

$ df -h /usr

It should give a response similar to this:

Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a     47.5G    1.8G   43.3G     4%    /

Here, /usr lives on the root filesystem, and has more than enough disk space to continue.

The guide then recommends to review the configuration and package changes before installing. Since I don’t use the sndio or xterm on my servers, I’ll carry on upgrading.

Unattended Upgrading

The guide lists three upgrade methods:

Unattended upgrading downloads and installs all release sets, and are done through sysupgrade(8)
Managed/Interactive upgrading requires downloading all the sets manually and setting up an install kernel to upgrade the system.
Manual upgrading has us, the sysadmin, upgrade the system by ourselves.

I have no reason to make special changes to the process, so I’ll choose unattended upgrading:

$ doas sysupgrade

The system restarts the system to install all sets, and I come back to it a few minutes later.

Merging system config files through sysmerge

After upgrading the system, some config files remained that need to be merged, but aren’t yet because I touched them since last release. The sysmerge(8) utility exists to give the sysadmin the final say how the new release changes these files. The process is as follows:

For each file, show a diff between the current (installed) file and the new (release) file.
Let the menu choose between installing the new file, forgetting about it, merging them both, or saving for later.
One the file is dealt with, move on to the next.

There are some files that I have taken complete ownership of (/etc/pf.conf, /etc/mail/smtpd.conf) that has no trace of the default settings, so I choose to delete the temporary file here. On files which I have changed, but are mostly default (for example /etc/changelist, where I added third-party config files, but all other settings are provided by the release), things get interesting. For now, I chose to merge the files together, and I get a patch-by-patch option where I’m able to choose between a part of the old file (left), and the new file (right).

I finished up by upgrading all packages:

$ doas pkg_add -u

And that’s it!

Installing patches

The OpenBSD project publishes various errata in the form of patches to treat reliability and security issues discovered in the current release. The syspatch tool fetches, installs, and reverts these patches against your system.

To list all the patches available for your system:

$ doas syspatch -c

To download and install all patches:

$ doas syspatch

The system may ask you to reboot the system after installation to load the new kernel.

In case the patch created a new issue on your machine, the tool creates rollback archives that you can revert to:

$ doas syspatch -r # revert the latest patch
$ doas syspatch -R # revert ALL patches