Sysupgrade to the Rescue

OS Upgrades can be Annoying

How many times have you wanted to upgrade the OS but found that it’s not going to be as simple as you wanted or thought? This is especially true when you are going to a major version upgrade, but sometimes can even impact you on minor version upgrades.

If you haven’t seen this occur, take a look at trying to upgrade a CentOS or RHEL6 system to version 7.X. You will very quickly see something relating to “recommended upgrade procedure is to reinstall from scratch”. There is very little that I find more annoying than that. Why can’t an OS simply upgrade, when it doesn’t require a change if file system or similar? Also, on most systems, once you do upgrade the is a lot of dust left laying around that is no longer used by the system. My only response to this stuff is that the developers are too lazy to come up with a system that actually handles this for you. If you are someone who like me is frustrated at this, take a look at OpenBSD.

Sysupgrade makes it Simple

Below is an upgrade of one of my OpenBSD systems that I copied the process right from the terminal to show how simple it can be when the developers care about making it simpler. OpenBSD has always been pretty simple, in the past a version upgrade was performed using a boot USB stick, but now its even simpler.

Log into the system as root, and execute “sysupgrade -r”

milliways$ doas sysupgrade -r
SHA256.sig   100% |*****************|  2141       00:00
Signature Verified
INSTALL.amd64 100% |************************| 43550       00:00
base66.tgz   100% |*************************|   236 MB    00:22
bsd          100% |*************************| 18250 KB    00:05       100% |*************************| 18336 KB    00:05
bsd.rd       100% |*************************| 10058 KB    00:04
comp66.tgz   100% |*************************| 72109 KB    00:11
game66.tgz   100% |*************************|  2745 KB    00:02
man66.tgz    100% |*************************|  7418 KB    00:03
xbase66.tgz  100% |*************************| 22092 KB    00:06
xfont66.tgz  100% |*************************| 39342 KB    00:08
xserv66.tgz  100% |*************************| 15757 KB    00:05
xshare66.tgz 100% |*************************|  4482 KB    00:02
Verifying sets.
Fetching updated firmware.
Connection to closed.

The system reboots automatically, and then it installs any firmware upgrades necessary. Once it comes back up, simply run the syspatch command which will apply any security or enhancement changes to the new version

Log into the system and run syspatch:
milliways$ doas syspatch 
doas ( password: 
Get/Verify syspatch66-001_bpf.tgz 100% |****| 102 KB     00:00
Installing patch 001_bpf
Get/Verify syspatch66-002_ber.tgz 100% |****| 660 KB     00:00
Installing patch 002_ber
Get/Verify syspatch66-003_bgpd.tgz 100% |***| 181 KB     00:00
Installing patch 003_bgpd
Get/Verify syspatch66-004_net8021... 100% |*| 64839      00:00
Installing patch 004_net80211
Get/Verify syspatch66-005_sysupgr... 100% |*| 3023       00:00
Installing patch 005_sysupgrade
Get/Verify syspatch66-006_ifioctl... 100% |*| 381 KB     00:00
Installing patch 006_ifioctl
Get/Verify syspatch66-007_inteldr... 100% |*| 21468 KB   00:06
Installing patch 007_inteldrm
Get/Verify syspatch66-008_mesa.tgz 100% |***| 5598 KB    00:04
Installing patch 008_mesa
Relinking to create unique kernel... done; 
reboot to load the new kernel
Errata can be reviewed under /var/syspatch

What about Dust?

Dust is always a problem in every OS I’ve seen. Dust being old files that are no longer used by the OS post upgrade, but are not removed as part of the upgrade. Most OS’s don’t even mention it, because.. well space is cheap apparently. They could be an attack vector though if someone had access to a box. OpenBSD also handles this by listing all of the old files that can be manually removed. Every release comes with a page of upgrading instructions that include a section called “Files to Remove”. Simply go there, copy the sections and paste them into a terminal… done.

Normally after removing the cruft, I upgrade the installed packages using

$ doas pkg_add -uiv

Boom Done ….

Reboot and you now have an upgraded system to the latest version… to coin Staples…. That was easy!

Until the next blog, don’t talk about it…

Shut up and Hack!