Upgrading OpenBSD



Upgrading OpenBSD has always been relatively simple but it used to involve some manual steps. Since OpenBSD 6.6 a tool is included in the OpenBSD distribution to allow an automated and hands-off upgrade procedure. The tool is called sysupgrade and allows you to upgrade the system to either the next OpenBSD release or a new snapshot. Sysupgrade has also been backported to 6.5 and is available for installation via syspatch.

Using sysupgrade

Sysupgrade works by downloading the necessary files to /home/_sysupgrade. Next, it will verify the files with the signify tool and then copy the bsd.rd ramdisk kernel to /bsd.upgrade. Once the files are in place, the system will reboot and the bootloader will automatically boot the upgrade kernel bsd.upgrade. The system will then attempt an upgrade using the files in /home/_sysupgrade. If the process fails, the old kernel will be booted the next time the system starts.

Usage of sysupgrade is simple:

sysupgrade

The tool has only a few options:

 -f      Force an already applied upgrade.  The default is to upgrade to
         latest snapshot only if available.  This option has no effect on
         releases.

 -k      Keep the files in /home/_sysupgrade.  By default they will be
         deleted after the upgrade.

 -n      Fetch and verify the files and create /bsd.upgrade but do not
         reboot.

 -r      Upgrade to the next release.  This is the default if the system
         is currently running a release.

 -s      Upgrade to a snapshot.  This is the default if the system is
         currently running a snapshot.

Once the system has been rebooted, you should run the following commands:

syspatch

pkg_add -Uu

sysmerge -d

Manual upgrade

Manually upgrading a running OpenBSD system involves replicating the steps sysupgrade has automated. The steps below assume the OpenBSD version you’re currently running is 6.4.

  • First, a new 6.5 kernel needs to be downloaded and verified. This will provide a working environment later on in the process.

ftp -V https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/{bsd.rd,SHA256,SHA256.sig}

bsd.rd       100% |*****************************************************************************|  9984 KB    00:02
SHA256       100% |*****************************************************************************|  1989       00:00
SHA256.sig   100% |*****************************************************************************|  2141       00:00

signify -Cp /etc/signify/openbsd-65-base.pub -x SHA256.sig bsd.rd

Signature Verified
bsd.rd: OK
  • Next, the upgrade kernel needs to be copied to the root partition in order for it to be loaded easily by the bootloader.

cp bsd.rd /

  • Next, we need to reboot and enter the name of the upgrade kernel (bsd.rd) when prompted.

    Using drive 0, partition 3.
    Loading......
    probing: pc0 mem[639K 1022M a20=on]
    disk: hd0+
    >> OpenBSD/amd64 BOOT 3.41
    boot> bsd.rd
    

The above example boots the kernel named bsd.rd from the first recognized hard disk.

It’s possible to load the kernel from another disk and/or partition by using the following command, or a variation on it.

Using drive 0, partition 3.
Loading......
probing: pc0 mem[639K 1022M a20=on]
disk: hd0+
>> OpenBSD/amd64 BOOT 3.41
boot> boot hd1c:/bsd.rd

The example above will boot the kernel from the third partition on the second recognized hard drive.

Terminal type? [vt220]

Which disk is the root disk? (‘?’ for details) [sd0]

Force checking of clean non-root filesystems? [no]

Location of sets? (disk http or ‘done’) [http]

HTTP proxy URL? (e.g. ‘http://proxy:8080', or ‘none’) [none]

HTTP Server? (hostname, list#, ‘done’ or ‘?’) [cdn.openbsd.org]

Server directory? [pub/OpenBSD/6.5/amd64]

Select sets by entering a set name, a file name pattern or ‘all’. De-select sets by prepending a ‘-’, e.g.: ‘-game*’. Selected sets are labelled ‘[X]‘.

[X] bsd           [X] comp65.tgz    [X] xbase65.tgz   [X] xserv65.tgz
[X] bsd.rd        [X] man65.tgz     [X] xshare65.tgz
[X] base65.tgz    [X] game65.tgz    [X] xfont65.tgz

Set name(s)? (or ‘abort’ or ‘done’) [done]

Location of sets? (disk http or ‘done’) [done]

CONGRATULATIONS! Your OpenBSD upgrade has been successfully completed!

Exit to (S)hell, (H)alt or (R)eboot? [reboot]

Once the system has been rebooted, you should run the following commands:

syspatch

pkg_add -Uu

sysmerge -d