DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th June 2015
Valus Valus is offline
Port Guard
 
Join Date: Feb 2015
Location: EU
Posts: 22
Default How often upgrade current?

Hi,
I would like to ask how often should I upgrade current. I have this kernel on my virtual web, mail server:
Code:
OpenBSD 5.7-current (GENERIC) #909: Sat May  2 09:13:13 MDT 2015
    deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 520081408 (495MB)
avail mem = 500568064 (477MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x1ffffec0 (10 entries)
bios0: vendor Seabios version "0.5.1" date 01/01/2007
bios0: Red Hat KVM
Thanks
Valus
Reply With Quote
  #2   (View Single Post)  
Old 24th June 2015
TronDD TronDD is offline
Spam Deminer
 
Join Date: Sep 2014
Posts: 304
Default

As often as you'd like. It's usually pretty stable but you might run into times when something is out of sync or not working correctly. Something low-risk can take that chance more often.

I update my laptop every few weeks or when something interesting gets checked in or an errata gets released. I update my remote server less often as it'd be a lot harder to recover from a failed install.
Reply With Quote
  #3   (View Single Post)  
Old 24th June 2015
Valus Valus is offline
Port Guard
 
Join Date: Feb 2015
Location: EU
Posts: 22
Default

Quote:
Originally Posted by TronDD View Post
As often as you'd like. It's usually pretty stable but you might run into times when something is out of sync or not working correctly. Something low-risk can take that chance more often.

I update my laptop every few weeks or when something interesting gets checked in or an errata gets released. I update my remote server less often as it'd be a lot harder to recover from a failed install.
Thanks for the answer. I thought mainly server running H24,because it is more critical than laptop. I think that upgrading current of the same version (ex. 5.7) should be possible every time this version is current, for example I did upgrade after release 5.7 and I should be able to upgrade without problem 5.7 current before 5.8 release. Am I wrong?
Reply With Quote
  #4   (View Single Post)  
Old 24th June 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Users of -current should subscribe to the Email change logs for the OS and for ports.

Any changes to the system or for installed ports (including run dependencies) that impact reliability, availability, or security will indicate an update is required. Relatively frequent upgrades are recommended, because it is not always clear when a change to the OS or a port affects RAS. It appears to me that most -current users who use it on workstations update at least once or twice each month.

---

I used to run -current everywhere, but no longer. Now, I only use -current on workstations and lab machines. I run -stable on all production servers. Unlike -current, patches to the OS or ports that are tagged for the -stable branch always address reliability / availability / security issues.
Reply With Quote
  #5   (View Single Post)  
Old 24th June 2015
Valus Valus is offline
Port Guard
 
Join Date: Feb 2015
Location: EU
Posts: 22
Default

Quote:
Originally Posted by jggimi View Post
Users of -current should subscribe to the Email change logs for the OS and for ports.

Any changes to the system or for installed ports (including run dependencies) that impact reliability, availability, or security will indicate an update is required. Relatively frequent upgrades are recommended, because it is not always clear when a change to the OS or a port affects RAS. It appears to me that most -current users who use it on workstations update at least once or twice each month.

---

I used to run -current everywhere, but no longer. Now, I only use -current on workstations and lab machines. I run -stable on all production servers. Unlike -current, patches to the OS or ports that are tagged for the -stable branch always address reliability / availability / security issues.
Thanks for the explanation. I read about stable http://www.openbsd.org/stable.html , but it seems to me complicated to compile, so I stay with current and will upgrade current at least once a month. Where I can subscribe to the Email change logs for the OS and for ports? Thanks.
Reply With Quote
  #6   (View Single Post)  
Old 24th June 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by jggimi View Post
Users of -current should subscribe to the Email change logs for the OS and for ports.
To underscore this latter point, changes to the ports tree will be done at -current first. Some ports will receive multiple updates in a development cycle while some may get one, & others will get none.

Personally, I read source-changes@ & ports-changes@ very carefully. When an application I regularly use is updated, I may upgrade my systems. When something of interest is updated in the base system, I have to gauge whether this is the first of many check-in's related to the issue, or whether everything is now in CVS. Discussions on tech@ & to a lesser extend misc@ will help answer that question.

Having said this, because -current is where all active development occurs, one has to have a specific reason for running code which may be volatile & may not be fully vetted. This is also covered in Section 5.1 of the FAQ.
  • If a new/upgraded feature is only in -current, this may be a reason to use -current.
  • If a newer version of an application is needed, this may be a reason to use -current.
  • If you are tracking down a bug, it is imperative to test on -current before engaging the project developers.
If an honest answer cannot be given to these questions, one should more likely run -release or -stable.

Using -current will mean at some point that mismatched libraries, missing code, & other vagaries will be seen. If this is not something you can deal with, don't run -current.
Reply With Quote
  #7   (View Single Post)  
Old 24th June 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by Valus View Post
Where I can subscribe to the Email change logs for the OS and for ports?
http://www.openbsd.org/mail.html
Reply With Quote
  #8   (View Single Post)  
Old 24th June 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Yes, managing -current can seem easier*, if you are upgrading from snapshot to snapshot and using snapshot packages. But there are risks to doing so, since -current is the development branch. As TronDD noted above, it is possible that backup/recovery requirements or other risk mitigations needed for -current on remote systems might outweigh the benefits of having it deployed remotely.

See the source-changes and ports-changes lists on the Mailing Lists page of the Project website. Daily and weekly digest subscriptions, of instant notification of each patch committed are available.

* The Project does not have the resources to build -stable releases or packages, leaving the building of these to the user community. The company M:Tier offers binary builds of -stable releases and packges as a public service to the OpenBSD community. https://stable.mtier.org/
Reply With Quote
  #9   (View Single Post)  
Old 24th June 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by Valus View Post
I read about stable http://www.openbsd.org/stable.html , but it seems to me complicated to compile...
You may want to consider using M:Tier which delivers binary patches.

I do not use M:Tier, so I cannot comment further on its voracity, however, some of the project developers also are affiliated with M:Tier. Some members to this site use M:Tier, & may comment further on its use.
Reply With Quote
Old 24th June 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Today, ocicat and I have been posting similar information, as we are writing comments simultaneously.

Neither of us use M:Tier's services, but we think they should be investigated if building the system from source per FAQ 5 or release(8) seems confusing, complicated, or difficult.

FAQ 15 doesn't provide step-by-step instructions for comparing interlocking run dependencies in the ports tree against the installed package database, and the building the resulting required package set. This may be another reason to investigate M:Tier's services.

Generally, -current users should have the knowledge and skills needed to manage the development branch beyond installation and upgrade. In those instances where the admin doesn't have this but -current is an operational requirement, the astute admin takes steps to mitigate risk. This might be backup and disaster recovery procedures, commercial support agreements, or the admin taking steps to obtain required knowledge and skill through education and training. Or a combination of these.
Reply With Quote
Old 24th June 2015
Valus Valus is offline
Port Guard
 
Join Date: Feb 2015
Location: EU
Posts: 22
Default

Thanks ocicat and jggimi for extensive explanation. I started to use current because I needed feature which was not in release 5.6. I have to consider the risks and effort. I thought about installing another virtual server with release and I will have backup server if upgrade of this current fails, but this is another topic. Of course I do backup of important data regularly. In case of problem I have to reinstall server. I did not know about M:Tier maybe I will use it. Thanks.

Last edited by Valus; 24th June 2015 at 03:20 PM.
Reply With Quote
Old 24th June 2015
ibara ibara is offline
OpenBSD language porter
 
Join Date: Jan 2014
Posts: 783
Default

I use M:Tier on computers that are for family members. It's great, and my mother even learned how to update her laptop herself with their update script.
All I have to do is spend the 5 minutes updating each release once every 6 months.
Reply With Quote
Old 24th June 2015
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

The BSD way is to separate the base system (/usr) from user added code (/usr/local). For both OpenBSD and FreeBSD this evolved into two separate code groups each with its mechanism of updating.

M:tier is flexible so that both base and/or userland can be updated. For my main system, I uses OpenBSD patches I apply myself and M:tier for package updates.

It is even possible to make an M:tier menu entry, requiring root confirmation, into a DE/WM. I incorporated this into the latest iteration of a SimpleDE for OpenBSD

Last edited by shep; 24th June 2015 at 07:53 PM. Reason: clarify
Reply With Quote
Old 24th June 2015
hitest's Avatar
hitest hitest is offline
Real Name: George Nielsen
VPN Cryptographer
 
Join Date: Sep 2008
Location: B.C., Canada
Posts: 373
Default

Quote:
Originally Posted by ocicat View Post

I do not use M:Tier, so I cannot comment further on its voracity, however, some of the project developers also are affiliated with M:Tier. Some members to this site use M:Tier, & may comment further on its use.
In the recent past I only used errata to update my -release box. I now use M:Tier to patch my 5.7 box. I have found the openup utility to be reliable and trustworthy. The openup utility also has an added advantage in that it provides binary updates to programs that the errata doesn't. I was skeptical initially of M:Tier, but, it is now something I regularly use. It is something to look at if you find it difficult to use the errata.

P.S. You will need to have your source files installed for openup to work.
__________________
hitest

Last edited by hitest; 24th June 2015 at 06:35 PM. Reason: addition
Reply With Quote
Old 25th June 2015
Valus Valus is offline
Port Guard
 
Join Date: Feb 2015
Location: EU
Posts: 22
Default

Thank you all for your experience with M:Tier. I am considering to reinstall 5.7 release and update to stable with M:Tier. Thanks hitest for the remark
P.S. You will need to have your source files installed for openup to work.
Reply With Quote
Old 27th June 2015
hitest's Avatar
hitest hitest is offline
Real Name: George Nielsen
VPN Cryptographer
 
Join Date: Sep 2008
Location: B.C., Canada
Posts: 373
Default

Quote:
Originally Posted by Valus View Post
Thank you all for your experience with M:Tier. I am considering to reinstall 5.7 release and update to stable with M:Tier. Thanks hitest for the remark
P.S. You will need to have your source files installed for openup to work.
You're welcome! The source files you will need to have are src.tar.gz and sys.tar.gz. They will be installed to /usr/src.
Also you will need to install xenocara.tar.gz to /usr.
__________________
hitest
Reply With Quote
Old 27th June 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by hitest View Post
The source files you will need to have are src.tar.gz and sys.tar.gz.
...
Also you will need to install xenocara.tar.gz to /usr.
Preloading is also discussed in Section 5.3.3 of the FAQ.
Reply With Quote
Old 27th June 2015
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

Quote:
Originally Posted by hitest View Post

P.S. You will need to have your source files installed for openup to work.
I do not believe this is entirely accurate for amd64 and i386 systems. M:tier package updates can be accessed by adding their repository to PKG_PATH. I have an old Via C3 based system that running an upto date 5.7 with binpatches/pkg updates, via openup, that I never installed src.tar.gz, sys.tar.gz and xenocara.tar.gz

The binary updates can also be added manually as described on the M:tier website.

Quote:
Installing binpatches

Since binpatches will update parts of the base system, you have to manually install them for now. When an update is available for a binpatch you will be able to update it with pkg_add -u like a regular package.

Installing a binpatch works just like a regular package. So for example:

pkg_add binpatch57-amd64-openssl-1.0.tgz
M:tier also has a utility that automates patch downloading, application and compilation. Although I have not used this utility, I suspect it requires the source tree.
Quote:
BINPATCH-NG
Binpatch-NG is a framework for creating binary patches for OpenBSD on all platforms in a semi-automatic way. It can automatically download the source patches published by OpenBSD, apply them, build them, and package the result into binary patches which can be installed (and uninstalled) using the OpenBSD pkg_* tools, pkg_add(1) and pkg_delete(1).

We also provide binpatches ready for use which include the latest OpenBSD errata for OpenBSD/amd64 and OpenBSD/i386.

Last edited by shep; 27th June 2015 at 10:16 PM.
Reply With Quote
Old 28th June 2015
hitest's Avatar
hitest hitest is offline
Real Name: George Nielsen
VPN Cryptographer
 
Join Date: Sep 2008
Location: B.C., Canada
Posts: 373
Default

shep,

Thanks for the correction. Old habit from when I used errata only to update my box.
__________________
hitest
Reply With Quote
Old 17th July 2015
betweendayandnight betweendayandnight is offline
friendly
 
Join Date: Jul 2015
Posts: 67
Default

Quote:
Originally Posted by jggimi View Post
Users of -current should subscribe to the Email change logs for the OS and for ports.
Quote:
Originally Posted by jggimi View Post
It appears to me that most -current users who use it on workstations update at least once or twice each month.
Quote:
Originally Posted by jggimi View Post
I used to run -current everywhere, but no longer. Now, I only use -current on workstations and lab machines.
Hi jggimi,

I hope you can clarify a point for me: ISOs, packages and ports of -current version are found in http://ftp.openbsd.org/pub/OpenBSD/snapshots/ ??
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
upgrade current kerasi OpenBSD Installation and Upgrading 7 11th January 2015 06:24 AM
Keyboard layout lost after upgrade to -current sepuku OpenBSD General 28 23rd September 2011 08:37 PM
6.1 RC upgrade climby FreeBSD Installation and Upgrading 2 30th September 2010 12:51 PM
OpenBSD4.5 current to current... valorisa OpenBSD Installation and Upgrading 7 6th June 2009 09:26 AM


All times are GMT. The time now is 08:37 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick