Robert Peichaer(rob...@peichaer.org) on 2017.10.08 09:56:15 +0000: > Up to now, the upgrade procedure from one to the next release meant > that you had to manually download and verify the new ramdisk kernel. > > What about if you just needed to boot into the existing bsd.rd and > it would support downloading and verifying the bsd.rd of the next > release?
Why put this into the installer and not into a script on the system? With this, it takes an extra reboot, just to get bsd.rd. (In my case the number one mistake i make when upgrading is that i sleep through the boot> prompt timeout, so this gives me 2 chances ;)). Also, you would have to type Server directory? [pub/OpenBSD/6.2/amd64] pub/OpenBSD/6.3/amd64 by hand. Could this automatically be the next version? /B. > This diff changes the installer script to support such a scenario. > > 1) Boot the existing bsd.rd and choose (U)pgrade > 2) Enter the "Server directory" of the new release > The installer then offers just the bsd.rd > The on-disk signify key of the new release is used for verify it > 3) Reboot into the new bsd.rd and do the upgrade > > An important assumption for this to work properly is: > > Upgrades are only supported from one release to the release > immediately following it. [1] > > > It would look like this for the 6.2 to 6.3 upgrade situation. > (The version numbers are obviously faked) > > Let's upgrade the sets! > Location of sets? (cd0 disk http or 'done') [http] > HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] > HTTP Server? (hostname, list#, 'done' or '?') [ftp.hostserver.de] > Server directory? [pub/OpenBSD/6.2/amd64] pub/OpenBSD/6.3/amd64 > Unable to get a verified list of distribution sets. > > Select sets by entering a set name, a file name pattern or 'all'. De-select > sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'. > [X] bsd.rd > Set name(s)? (or 'abort' or 'done') [done] > Get/Verify SHA256.sig 100% |**************************| 2152 00:00 > Signature Verified > Get/Verify bsd.rd 100% |**************************| 9565 KB 00:14 > Installing bsd.rd 100% |**************************| 9565 KB 00:00 > Location of sets? (cd0 disk http or 'done') [done] > Making all device nodes...done. > > CONGRATULATIONS! Your OpenBSD upgrade has been successfully completed! > To boot the new system, enter 'reboot' at the command prompt. > > > Here's the diff and below is a more detailed description. > > > Index: install.sub > =================================================================== > RCS file: /cvs/src/distrib/miniroot/install.sub,v > retrieving revision 1.1036 > diff -u -p -p -u -r1.1036 install.sub > --- install.sub 4 Oct 2017 18:19:33 -0000 1.1036 > +++ install.sub 7 Oct 2017 14:02:19 -0000 > @@ -1330,6 +1330,13 @@ sane_install() { > # > select_sets() { > local _avail=$1 _selected=$2 _f _action _col=$COLUMNS > + local _bsd_rd _no_sets=true > + > + [[ $MODE == upgrade ]] && for _f in $_avail; do > + [[ $_f != bsd* ]] && _no_sets=false > + [[ $_f == bsd.rd* ]] && _bsd_rd=$_f > + done > + $_no_sets && UPGRADE_BSDRD=true _avail=$_bsd_rd _selected=$_bsd_rd > > # account for 4 spaces added to the sets list > let COLUMNS=_col-8 > @@ -1517,6 +1524,8 @@ install_files() { > _issue="Cannot fetch SHA256.sig" && break > > # Verify signature file with public keys. > + $UPGRADE_BSDRD && > + PUB_KEY=/mnt/etc/signify/openbsd-$((VERSION + > 1))-base.pub > ! unpriv -f "$_cfile" \ > signify -Vep $PUB_KEY -x "$_cfile.sig" -m "$_cfile" && > _issue="Signature check of SHA256.sig failed" && break > @@ -1576,7 +1585,9 @@ install_files() { > tar -zxphf - -C /mnt > fi > ;; > - *) $_unpriv ftp -D Installing -Vmo - "$_fsrc" >"/mnt/$_f" > + *) $UPGRADE_BSDRD && [[ $_f == bsd.rd* ]] && > + cp /mnt/$_f /mnt/$_f.old.$VERSION > + $_unpriv ftp -D Installing -Vmo - "$_fsrc" >"/mnt/$_f" > ;; > esac > if (($?)); then > @@ -1587,6 +1598,7 @@ install_files() { > fi > else > DEFAULTSETS=$(rmel $_f $DEFAULTSETS) > + $UPGRADE_BSDRD && DEFAULTSETS= > fi > [[ -d $_tmpsrc ]] && rm -f "$_tmpsrc/$_f" > done > @@ -3139,6 +3151,7 @@ PUB_KEY=/etc/signify/openbsd-${VERSION}- > ROOTDEV= > ROOTDISK= > SETDIR="$VNAME/$ARCH" > +UPGRADE_BSDRD=false > V4_DHCPCONF=false > V6_AUTOCONF=false > WLANLIST=/tmp/i/wlanlist > =================================================================== > Stats: --- 1 lines 60 chars > Stats: +++ 14 lines 508 chars > Stats: 13 lines > Stats: 448 chars > > > The installer downloads the new SHA256.sig from the location of the > new release and extracts the list of files. It then prepares the > list for the selection step. At this point all the set files > containing the new release number are skipped, because they don't > match the version of the current (old) bsd.rd leaving only the > kernels. > > Right before the set selection step, the installer looks at the > list of files and if there are only kernels, it assumes to be in > this "upgrade only the bsd.rd" scenario. It then sets the list to > the bsd.rd kernel and sets the global UPGRADE_BSDRD variable to > true. > > UPGRADE_BSDRD is used to slightly change the installer behaviour. > - suppress the "Are you *SURE* your upgrade is complete without ...?" > questions > - use the on-disk signify keys of the new release to verify the files > > The reason for the "Unable to get a verified list of distribution > sets." warning message is, that at this point the old signify key > inside of bsd.rd is used to verify the SHA256.sig file to extract > the file list. This is not fixable, because at this point the > installer is not yet aware of this scenario and only if it is, it > uses the on-disk signify keys of the new release. > > > [1] http://www.openbsd.org/faq/upgrade61.html > > -- > -=[rpe]=- > -- > -=[rpe]=- >
