Contributed by mk/reverse on from the new and improved dept.
Robert Nagy writes on announce@:
Due to the release of OpenBSD 3.6, the 3.4-STABLE branch will be out of regular maintainance starting today. There will be NO MORE fixes commited to this branch nor new patches.
It's release time once again and this means leaving old releases to die. Upgrade appropriately.
(Comments are closed)
By mirabile (213.196.255.77) on http://mirbsd.de/
in fact committed yesterday (depending on the time zone),
the httpd mod_ssl fix.
Comments
By Brad (216.138.200.42) brad at comstyle dot com on
BTW, the 3.4 EOL announcement was sent out prematurely.
By Anonymous Coward (62.65.145.30) on
O the burials of me past and present,
O me while I stride ahead, material, visible, imperious as ever;
O me, what I was for years, now dead, (I lament not, I am content;)
O to disengage myself from those corpses of me, which I turn and look at where I cast them,
To pass on, (O living! always living!) and leave the corpses behind.
-- Walt Whitman, Leaves of Grass
Comments
By Anonymous Coward (67.71.76.239) on
Comments
By knomevol (198.231.23.240) on
im·pe·ri·ous (m-pîr-s)
adj.
1. Arrogantly domineering or overbearing. See Synonyms at dictatorial.
2. Urgent; pressing.
3. Obsolete. Regal; imperial.
By Anonymous Coward (65.198.20.164) on
Comments
By SiLiZiUMM (69.70.55.247) on
Comments
By mirabile (212.185.103.56) on http://mirbsd.de/
but you ought to wipe all installed packages first, and rebuild
them completely.
If you don't want to pkg_delete -f *, and don't worry about
all the config files etc., just do a
sudo rm -rf /var/db/pkg /usr/local
before rebooting in order to upgrade.
(Before, not after.)
Merging /etc will not be more difficult than upgrading one
release at a time, just a bit more time-consuming, but not
too much I think.
By Anonymous Coward (129.195.0.148) on
By Anonymous Coward (64.37.210.10) on
Backup ALL files I had modified in /etc and subdirectories (this basically boiled down to fstab, rc.conf.local, sysctl.conf, rc.local, my various hostname.* files, daily.local, pf.conf, /etc/mail/*, /etc/ppp/ppp.conf, /etc/ppp.linkup and a few others)
Get a list of installed ports and back that up (pkg_info -v > pkg_info)
Get a copy of the root crontab file and back that up (crontab -l > crontab)
Backup my slightly modified sendmail.mc file (located in /usr/share/sendmail/cf)
When I say "backup" above, I mean I used scp to copy all of these files to another OBSD machine running on my network.
I then copied bsd.rd from the 3.6 CD to / on my 3.4 box, and rebooted it using boot bsd.rd at the boot> prompt.
I then did a complete new install of 3.6.
After first reboot, I copied my backup copy of my fstab over (no changes to disklabel during the install) rebooted, and then began to manually synch my backup files with the ones provided by the OBSD 3.6 install. Since the number of files in /etc that I modify is small, it's quite workable.
I synced my modified sendmail.cf with the latest openbsd-localhost.mc, used m4 to generate a new custom sendmail.cf and copied that into place in /etc/mail. The I updated aliases and ran newaliases. I did a pkg_add for the appropriate packages that I had previously installed on the 3.4 firewall, based on the pkg_info file I had generated earlier. I then modified root's crontab to match the crontab file I generated earlier.
I then rebooted, and I was up and running on 3.6.
About the biggest change was I was able to remove a call to rdate from my crontab, and switched over to using the new ntpd by adding ntp_flags="" to my rc.local.conf file.
The whole process was in the neighborhood of 3 hours and I wasn't hurrying. If I was in a hurry, I probably could have done it in half that. It was the smoothest upgrade of a firewall on OpenBSD I've ever done. Granted it wasn't an "upgrade" in the sense the OpenBSD installer uses it, but I've always chosen complete reinstalls as opposed to Upgrades. Just a personal preference.
The only caveat here is that this method of upgrade does not preserve the ssh host keys of the firewall. For me, this is completely not a big deal. In your case you may want to preserve the contents of /etc/ssh and copy in the appropriate ssh_host_* keys after the first reboot.
Happy 3.6ing!!!
Comments
By Anonymous Coward (65.198.20.164) on
By Anonymous Coward (67.71.76.239) on
By Chas (147.154.235.53) on
BSD maintainers love to complain about lack of equipment and funds, but force users into the position of at least yearly upgrades.
How much might Theo & Co. collect if they picked a release and promised to support it for 5 years for a fee?
You'll never know until you try.
Comments
By Otto Moerbeek (213.84.84.111) otto@drijf.net on http://www.drijf.net
Nothing is stopping you from setting up such a business if you think it is worth the trouble,
By Anonymous Coward (67.71.76.239) on
By Anonymous Coward (203.45.41.88) on
By Anonymous Coward (64.223.49.141) on
I don't have any services on the internet side. (not even sshd)
Since I run qmail, it would be a royal pain in the arse to upgrade.
Comments
By Nick Holland (68.43.115.33) nick@holland-consulting.net on http://www.openbsd.org/faq/
1) Is there a known security reason to upgrade from 3.3? No.
2) Could there be one tomorrow? Yes.
3) Could 3.4/3.5/3.6's cool stuff save your butt if there was an issue? very possibly.
Upgrading from 3.3 to later is a non-trivial process due to the a.out to ELF conversion. Now, ask yourself this: When would you prefer to do a "non-trivial upgrade" -- At your leasure, when you can schedule downtime, or when there is an exploit out in the wild and the upgrade has to be done RIGHT NOW?
If the machine is critical, you have a warm spare ready to swap in (RIGHT?). If the machine is non-critical, you can afford the down time. Your call. :)