Upgrades are only supported from one release to the release immediately following.
Read through and understand this process before attempting it. For critical or physically remote machines, test it on an identical, local system first.
/usr
partition has a size of at least 1.1G.
With less space the upgrade may fail and you should consider reinstalling
the system instead.
bsd.rd
.
Download the ramdisk kernel and the cryptographically-signed checksum file
for your architecture.
bsd.rd
SHA256.sig
Verify bsd.rd
and SHA256.sig
using
signify(1):
$ signify -C -p /etc/signify/openbsd-70-base.pub -x SHA256.sig bsd.rd Signature Verified bsd.rd: OK
bsd.rd
, retrieved
in the previous step. Place it in the root of your filesystem and
instruct the boot loader to boot this kernel. Once this kernel is
booted, choose the (U)pgrade
option and follow the prompts.
After upgrading the sets, the system will reboot with the upgraded kernel and run sysmerge(8) during boot. In some cases, configuration files cannot be modified automatically. Run
# sysmergeto check and perform these configuration changes.
Next remove the old files.
Finish up by upgrading the packages using pkg_add -u
.
You may wish to check the errata page for any post-release fixes.
Sometimes, you need to perform an upgrade of a machine for which the normal unattended or interactive upgrade process is not possible.
softdep
mount option in
/etc/fstab
and rebooting before undertaking a manual upgrade.
Having at least 500MB free on /usr
would be recommended.
sd0
is your boot disk:
# installboot sd0
If using the multiprocessor kernel:
# cd /usr/rel # where you put the release files # ln -f /bsd /obsd && cp bsd.mp /nbsd && mv /nbsd /bsd # cp bsd.rd / # cp bsd /bsd.spIf using the single processor kernel:
# cd /usr/rel # where you put the release files # ln -f /bsd /obsd && cp bsd /nbsd && mv /nbsd /bsd # cp bsd.rd bsd.mp / # may give a harmless warning
# sha256 -h /var/db/kernel.SHA256 /bsd
base70.tgz
last, because the new base system,
in particular tar(1),
gzip(1) and
reboot(8),
will not work with the old kernel.
Either untar the needed filesets manually:
# cp /sbin/reboot /sbin/oreboot # tar -C / -xzphf xshare70.tgz # tar -C / -xzphf xserv70.tgz # tar -C / -xzphf xfont70.tgz # tar -C / -xzphf xbase70.tgz # tar -C / -xzphf man70.tgz # tar -C / -xzphf game70.tgz # tar -C / -xzphf comp70.tgz # tar -C / -xzphf base70.tgz # Install last! # /sbin/orebootor, if you use ksh(1), you can do:
# cp /sbin/reboot /sbin/oreboot # for _f in [!b]*70.tgz base70.tgz; do tar -C / -xzphf "$_f" || break; done # /sbin/orebootNote that tar(1) can expand only one archive per invocation, so a simple glob won't work.
/dev
.
Run
MAKEDEV(8):
# cd /dev # ./MAKEDEV all
sd0
is your boot disk:
# installboot sd0
# sysmerge
# fw_update
dmesg -s
)
and correct any failures as necessary.
All the steps following configuration changes
below also apply to manual upgrades.
Finally, remove /sbin/oreboot
and update packages:
pkg_add -u
.
Reboot once more to make sure you use the newest firmware files
and run on your own kernel generated by KARL.
public
and private
have been removed. Communities must now be set explicitly.
seclevel
default changed from none
to enc
.
trap receiver
(for sending traps
to another host) no longer defaults to SNMPv2.
To configure SNMPv3, you will need to add one or more users to the configuration, e.g.:
user "manager" authkey "XblueQ300ZyAbUIbndmWjfl" auth hmac-sha1 enc aes enckey "tVadj9jxq8rdJ"
If you need to reinstate SNMPv1/v2c, you can add something like the
following to snmpd.conf(5)
listen on any snmpv1 snmpv2c read read-only community U9PeBY1694bcxMnm seclevel none
The community name should not be common or easily brute-forced, especially if exposed to the internet.
public
has been removed.
# rm -f /usr/X11R6/lib/libdmx.* \ /usr/X11R6/include/X11/extensions/dmxext.h \ /usr/X11R6/lib/pkgconfig/dmx.pc \ /usr/X11R6/man/man3/DMX*.3
leap { ... }
lines.