DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th October 2017
mefisto mefisto is offline
Shell Scout
 
Join Date: Sep 2017
Posts: 97
Default OpenBSD 6.1 to 6.2

Greetings all,

as noted in my first thread, I had installed OpenBSD 6.1 as an experiment along with Windows 7 and I am so pleased with it, that I would like to continue using it. Since version 6.2 is out I though that I would upgrade my installation by (a) encrypting the OpenBSD partition and (b) install or upgrade to version 6.2.

Regarding (a) reviewing FAQ # 14, I understand that encryption must happen before the operating system is installed and it is possible to encrypt only a partition. Since my OpenBSD is installed on fourth fdisk(8) partition containing the disklabel(8) partitions, I have been reading the man page for the bioctl(8) command, but cannot figure out how to specify the fourth fdisk(8) partition to be ecrypted. Any help?

Regarding (b) since I have done a lot of customization via /etc, do I have to (1) upgrade 6.1 to 6.2, (2) copy /etc of the upgraded system, (3) encrypt the partition, (4) install 6.2, and (5) rewrite /etc with the copied /etc? Or is there a better/easier way?

Kindest regards,

M
Reply With Quote
  #2   (View Single Post)  
Old 12th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Upgrading with FDE was just discussed yesterday on this forum:

http://daemonforums.org/showthread.php?t=10421

As noted in that thread, and in the OpenBSD upgrade guide, you can boot the new RAMDISK kernel from your existing system.

http://www.openbsd.org/faq/upgrade62.html
Reply With Quote
  #3   (View Single Post)  
Old 12th October 2017
mefisto mefisto is offline
Shell Scout
 
Join Date: Sep 2017
Posts: 97
Default

Hi jggimi,

I am not following your answer.

The referred to thread has a 6.1 version already installed on fully encrypted disk. I am asking how to encrypt only a partition.

Furthermore, I am not asking how to perform the upgrade, but how to preserve my /etc after install/upgrade of 6.2 on the encrypted partition.

Thus, I am not sure how is the referred to thread relevant.

Kindest regards,

M
Reply With Quote
  #4   (View Single Post)  
Old 12th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

My apologies, I misread your post.

Converting an OpenBSD system from plaintext storage to FDE (when multibooting, the "F" is the OpenBSD MBR/GPT partition) can be done without reinstalling, but it will require using dump(8), the RAMDISK Kernel, biosboot(8), disklabel(8), newfs(8), restore(8), and installboot(8). It will likely be easier, if FDE is your goal, just to do a reinstall.

When reinstalling, you would start with the shell as described in the FAQ. But as you have an existing disklabel, you would run disklabel(8) in interactive mode, -E, and then use the "z" command to zero out the existing partition table. After that, follow the FAQ. The "z" command does not revise disk parameters, so the sector range of your MBR/GPT partition should still be in force.

Backing up your /etc directory is a good idea, you can create a tarball of /etc for backup, and move it it to a storage device or over the network to another system. After reinstalling, just restore before you upgrade. Then, on first boot after upgrading, sysmerge(8) will be executed to merge /etc files from old to new, and any that require you to run sysmerge() manually to help it make decisions will be identified on your console and in /var/log/messages.
Reply With Quote
  #5   (View Single Post)  
Old 13th October 2017
mefisto mefisto is offline
Shell Scout
 
Join Date: Sep 2017
Posts: 97
Default

Hi jggimi,

please, no need to apologize, you have been extremely helpful in answering my and other newbies' questions.

Thank you for the succinct answer below, the only thing that I do not understand is the form of the bioctl(8) command. Even considering, that, as you wrote, the "z" switch preserves the fdisk(8) partition, it seems to me that the
Code:
# bioctl -c C -l /dev/sd0a softraid0
is not correct because it may be ambiguous, e.g., if a person runs two different OpenBSD versions. But I cannot discern from the man page how to specify an fdisk(8) partition to encrypt.

Kindest regards,

M
Reply With Quote
  #6   (View Single Post)  
Old 13th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

This may help. I created a little 10G "drive" using vnconfig(8), just to show how to set up an FDE environment when multibooting.

I created an MBR, and set the OpenBSD partition to begin about half way, so it is 5G in size. This simulates a multiboot system, where only part of the disk is being used for OpenBSD. Below, you can see the MBR partition in both sectors and in GB.
Code:
# fdisk -e vnd0
Enter 'help' for information
fdisk: 1> p
Disk: vnd0      geometry: 209715/1/100 [20971520 Sectors]
Offset: 0       Signature: 0xAA55
            Starting         Ending         LBA Info:
 #: id      C   H   S -      C   H   S [       start:        size ]
-------------------------------------------------------------------------------
 0: 00      0   0   0 -      0   0   0 [           0:           0 ] unused      
 1: 00      0   0   0 -      0   0   0 [           0:           0 ] unused      
 2: 00      0   0   0 -      0   0   0 [           0:           0 ] unused      
*3: A6 104857   0   1 - 209714   0  20 [    10485700:    10485720 ] OpenBSD     
fdisk: 1> p g
Disk: vnd0      geometry: 209715/1/100 [20971520 Sectors]
Offset: 0       Signature: 0xAA55
            Starting         Ending         LBA Info:
 #: id      C   H   S -      C   H   S [       start:        size ]
-------------------------------------------------------------------------------
 0: 00      0   0   0 -      0   0   0 [           0:           0G] unused      
 1: 00      0   0   0 -      0   0   0 [           0:           0G] unused      
 2: 00      0   0   0 -      0   0   0 [           0:           0G] unused      
*3: A6 104857   0   1 - 209714   0  20 [    10485700:           5G] OpenBSD     
fdisk: 1>
Then, I created a disklabel with several partitions, to simulate having an existing system.
Code:
disklabel -p g vnd0
# /dev/rvnd0c:
type: vnd
disk: vnd device
label: fictitious
duid: ed6d7ca984c23716
flags:
bytes/sector: 512
sectors/track: 100
tracks/cylinder: 1
sectors/cylinder: 100
cylinders: 209715
total sectors: 20971520 # total bytes: 10.0G
boundstart: 10485700
boundend: 20971420
drivedata: 0 

16 partitions:
#                size           offset  fstype [fsize bsize   cpg]
  a:             1.0G         10485700  4.2BSD   2048 16384     1 
  b:             1.0G         12582880    swap                    
  c:            10.0G                0  unused                    
  d:             1.0G         14680000  4.2BSD   2048 16384     1 
  e:             1.0G         16777184  4.2BSD   2048 16384     1 
  f:             1.0G         18874272  4.2BSD   2048 16384     1
So far, what I have simulates your existing system. To "reinstall" as FDE, I can back up data (such as what may be in /root, /etc, /home, and /var) and my list of manually installed packages with $ pkg_info -qm and now I am ready to "reinstall" in my little test system. In reality, I would reboot with the RAMDISK kernel (bsd.rd) and use its shell, but I'm just replicating the disk management components of a reinstall.
  1. I'll use the disklabel(8) "z" command to delete all of the partitions I'd previously had on the drive. Notice that after "z", there are no disklabel partitions other than the partition representing the whole drive, but that the disklabel() program still knows the "OpenBSD area" defined by the MBR partition.
    Code:
    # disklabel -E vnd0
    Label editor (enter '?' for help at any prompt)
    > p
    OpenBSD area: 10485700-20971420; size: 10485720; free: 28
    #                size           offset  fstype [fsize bsize   cpg]
      a:          2097180         10485700  4.2BSD   2048 16384     1 
      b:          2097120         12582880    swap                    
      c:         20971520                0  unused                    
      d:          2097184         14680000  4.2BSD   2048 16384     1 
      e:          2097088         16777184  4.2BSD   2048 16384     1 
      f:          2097120         18874272  4.2BSD   2048 16384     1 
    > z
    > p
    OpenBSD area: 10485700-20971420; size: 10485720; free: 10485720
    #                size           offset  fstype [fsize bsize   cpg]
      c:         20971520                0  unused
  2. Now, I'll create a single "a" disklabel partition, of type RAID. Note that the starting sector offset is at the beginning of the OpenBSD area, based on the MBR partition. The "w" command writes the revised disklabel, so when I quit with "q" there are no additional changes to be saved.
    Code:
    > a a
    offset: [10485700] 
    size: [10485720] 
    FS type: [4.2BSD] raid
    > p
    OpenBSD area: 10485700-20971420; size: 10485720; free: 0
    #                size           offset  fstype [fsize bsize   cpg]
      a:         10485720         10485700    RAID                    
      c:         20971520                0  unused                    
    > w
    > q
    No label changes.
  3. Now, I can run bioctl, to create a new pseudo sd(4) device. In this case, the backing device and partition is vnd0a, but in your case you would use the real drive number. I have several sd() devices already, so the new device created is sd3 here.
    Code:
    # bioctl -c C -l /dev/vnd0a softraid0
    New passphrase: 
    Re-type passphrase: 
    softraid0: CRYPTO volume attached as sd3
  4. Now, in your RAMDISK kernel shell you would run MAKEDEV(8) to add your device nodes for your newly attached pseudo drive, then run the install script. Then use pkg_add(1) to reinstall your packages, then restore your backups. Here, I have a new 5G sd() device I can now slice up with new partitions.

Last edited by jggimi; 13th October 2017 at 01:03 PM. Reason: one miniscule typo, but I'm pedantic
Reply With Quote
  #7   (View Single Post)  
Old 13th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Correction: MAKEDEV(8) isn't needed, the install script will find the device and run MAKEDEV for you. So Step 4 should just say, "Now you can see how this aligns with the FAQ."

Last edited by jggimi; 13th October 2017 at 01:33 PM. Reason: clarity and a typo.
Reply With Quote
  #8   (View Single Post)  
Old 13th October 2017
mefisto mefisto is offline
Shell Scout
 
Join Date: Sep 2017
Posts: 97
Default

Hi jggimi,

I do not care what others say, you are just awesome.

I especially appreciate you taking the time for the detailed write up, it clarifies my confusion regarding how the disklabel(8) with the "z" switch and the subsequent
Code:
# bioctl -c C -l /dev/sd0a softraid0
command works.

I wonder if you should not post it to the HOW-TO section, since the FAQ #14 is not descriptive in explaining how to apply the encryption to less that a full disk, and searching did not really help.

Again, thank you very much.

Kindest regards,

M
Reply With Quote
  #9   (View Single Post)  
Old 13th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

You're welcome!

All you need to remember is that storage systems have layers.

Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:16 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick