> Up to now, the upgrade procedure from one to the next release meant > that you had to manually download and verify the new ramdisk kernel.
Well you already could follow that procedure. That's what I've been doing. The risk is that it also updates your bsd kernels, not just bsd.rd in case you run into a problem and change your mind. Your diff makes it explicit that it should only upgrade bsd.rd, so that the subsequent upgrade procedure can occur. > What about if you just needed to boot into the existing bsd.rd and > it would support downloading and verifying the bsd.rd of the next > release? > > This diff changes the installer script to support such a scenario. > > 1) Boot the existing bsd.rd and choose (U)pgrade > 2) Enter the "Server directory" of the new release > The installer then offers just the bsd.rd > The on-disk signify key of the new release is used for verify it > 3) Reboot into the new bsd.rd and do the upgrade > > > An important assumption for this to work properly is: > > Upgrades are only supported from one release to the release > immediately following it. [1] > > > It would look like this for the 6.2 to 6.3 upgrade situation. > (The version numbers are obviously faked) > > Let's upgrade the sets! > Location of sets? (cd0 disk http or 'done') [http] > HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] > HTTP Server? (hostname, list#, 'done' or '?') [ftp.hostserver.de] > Server directory? [pub/OpenBSD/6.2/amd64] pub/OpenBSD/6.3/amd64 > Unable to get a verified list of distribution sets. > > Select sets by entering a set name, a file name pattern or 'all'. De-select > sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'. > [X] bsd.rd > Set name(s)? (or 'abort' or 'done') [done] > Get/Verify SHA256.sig 100% |**************************| 2152 00:00 > Signature Verified > Get/Verify bsd.rd 100% |**************************| 9565 KB 00:14 > Installing bsd.rd 100% |**************************| 9565 KB 00:00 > Location of sets? (cd0 disk http or 'done') [done] > Making all device nodes...done. > > CONGRATULATIONS! Your OpenBSD upgrade has been successfully completed! > To boot the new system, enter 'reboot' at the command prompt. > > > Here's the diff and below is a more detailed description. > > > Index: install.sub > =================================================================== > RCS file: /cvs/src/distrib/miniroot/install.sub,v > retrieving revision 1.1036 > diff -u -p -p -u -r1.1036 install.sub > --- install.sub 4 Oct 2017 18:19:33 -0000 1.1036 > +++ install.sub 7 Oct 2017 14:02:19 -0000 > @@ -1330,6 +1330,13 @@ sane_install() { > # > select_sets() { > local _avail=$1 _selected=$2 _f _action _col=$COLUMNS > + local _bsd_rd _no_sets=true > + > + [[ $MODE == upgrade ]] && for _f in $_avail; do > + [[ $_f != bsd* ]] && _no_sets=false > + [[ $_f == bsd.rd* ]] && _bsd_rd=$_f > + done > + $_no_sets && UPGRADE_BSDRD=true _avail=$_bsd_rd _selected=$_bsd_rd > > # account for 4 spaces added to the sets list > let COLUMNS=_col-8 > @@ -1517,6 +1524,8 @@ install_files() { > _issue="Cannot fetch SHA256.sig" && break > > # Verify signature file with public keys. > + $UPGRADE_BSDRD && > + PUB_KEY=/mnt/etc/signify/openbsd-$((VERSION + > 1))-base.pub > ! unpriv -f "$_cfile" \ > signify -Vep $PUB_KEY -x "$_cfile.sig" -m "$_cfile" && > _issue="Signature check of SHA256.sig failed" && break > @@ -1576,7 +1585,9 @@ install_files() { > tar -zxphf - -C /mnt > fi > ;; > - *) $_unpriv ftp -D Installing -Vmo - "$_fsrc" >"/mnt/$_f" > + *) $UPGRADE_BSDRD && [[ $_f == bsd.rd* ]] && > + cp /mnt/$_f /mnt/$_f.old.$VERSION > + $_unpriv ftp -D Installing -Vmo - "$_fsrc" >"/mnt/$_f" > ;; > esac > if (($?)); then > @@ -1587,6 +1598,7 @@ install_files() { > fi > else > DEFAULTSETS=$(rmel $_f $DEFAULTSETS) > + $UPGRADE_BSDRD && DEFAULTSETS= > fi > [[ -d $_tmpsrc ]] && rm -f "$_tmpsrc/$_f" > done > @@ -3139,6 +3151,7 @@ PUB_KEY=/etc/signify/openbsd-${VERSION}- > ROOTDEV= > ROOTDISK= > SETDIR="$VNAME/$ARCH" > +UPGRADE_BSDRD=false > V4_DHCPCONF=false > V6_AUTOCONF=false > WLANLIST=/tmp/i/wlanlist > =================================================================== > Stats: --- 1 lines 60 chars > Stats: +++ 14 lines 508 chars > Stats: 13 lines > Stats: 448 chars > > > The installer downloads the new SHA256.sig from the location of the > new release and extracts the list of files. It then prepares the > list for the selection step. At this point all the set files > containing the new release number are skipped, because they don't > match the version of the current (old) bsd.rd leaving only the > kernels. > > Right before the set selection step, the installer looks at the > list of files and if there are only kernels, it assumes to be in > this "upgrade only the bsd.rd" scenario. It then sets the list to > the bsd.rd kernel and sets the global UPGRADE_BSDRD variable to > true. > > UPGRADE_BSDRD is used to slightly change the installer behaviour. > - suppress the "Are you *SURE* your upgrade is complete without ...?" > questions > - use the on-disk signify keys of the new release to verify the files > > The reason for the "Unable to get a verified list of distribution > sets." warning message is, that at this point the old signify key > inside of bsd.rd is used to verify the SHA256.sig file to extract > the file list. This is not fixable, because at this point the > installer is not yet aware of this scenario and only if it is, it > uses the on-disk signify keys of the new release. > > > [1] http://www.openbsd.org/faq/upgrade61.html > > -- > -=[rpe]=- > -- > -=[rpe]=- >
