OpenBSD Following -current and using snapshots [FAQ Index]

Active OpenBSD development is known as the -current branch. These sources are frequently compiled into releases known as snapshots.

Aggressive changes are sometimes pushed in this branch, and complications can arise when building the latest code or upgrading from a previous point in time. Some of the steps for getting over these hurdles are explained on this page. Make sure you've read and understand how to build the system from source before using -current and the instructions below.

In general, it's far easier to use snapshots, as developers will have gone through much of the trouble for you already.

You should always use a snapshot as the starting point for running -current. This process typically consists of running sysupgrade(8) with the -s flag. Alternatively, download (and verify) the appropriate bsd.rd file from the /snapshots/ directory of your preferred mirror, boot from it, and choose (U)pgrade at the prompt. Any installed packages should then be upgraded after booting into the new system.

Upgrading to -current by compiling your own source code is discouraged for everyone except for experts, as difficult build-time crossing-points can occur often, and no assistance will be provided. In case of failure, use a snapshot to recover.

Most of these changes will have to be performed as root.

2023/07/11 - [packages] databases/influxdb upgrade to v2.7

The databases/influxdb port was upgraded to a new major version, which has several impacts:

• the influx CLI command is now in a separate influx-cli package, and has a completely different syntax
• authentication is now mandatory via token, and the db is multi-tenant so an organization is also mandatory
• the web interface is now built-in and accessible on port 8086 by default
• the database format needs to be upgraded (cf the upstream documentation):

  # doas -u _influx influxd upgrade
  

• this will:
  • convert the existing /etc/influxdb/influxdb.conf into /var/influxdb/.influxdbv2/config.toml
  • convert the data from /var/influxdb/{data,wal,meta} into /var/influxdb/.influxdbv2/{engine,influxd.bolt,influxd.sqlite}
  • once properly upgraded, the v1 config/files can be safely removed
• during upgrade it asks for l/p/org/default bucket/retention policy, that'll also generate a client config in /var/influxdb/.influxdbv2/configs that's used by doas -u _influx influx command afterwards for setup. The latter also contains a token for the admin
• for new installs, running the following will asks the same questions:

  # doas -u _influx influx setup
  

• telegraf clients need to be updated to use outputs.influxdb_v2 plugin (with org, token and bucket) per the documentation
• no more collectd direct sink in influxdb, collectd now needs to talk to a telegraf with a collectd-enabled sink. An example configuration for telegraf.conf is provided below:

  [[inputs.socket_listener]]
    service_address = "udp://:25826"
    data_format = "collectd"
    collectd_auth_file = "/etc/collectd/collectd.auth"
    collectd_security_level = "encrypt"
    collectd_typesdb = ["/usr/local/share/collectd_types.db"]
    collectd_parse_multivalue = "split"
  [[outputs.influxdb_v2]]
   urls = ["http://influxdb:8086"]
   token = "$DOCKER_INFLUXDB_INIT_ADMIN_TOKEN"
   organization = "$DOCKER_INFLUXDB_INIT_ORG"
   bucket = "$DOCKER_INFLUXDB_INIT_BUCKET"
  

2023/07/26 - pfsync changes

pfsync(4) has been rewritten. In most cases, no change is needed, and the protocol is compatible with the older version, however if you are configuring it with a hostname.pfsync0 entry like up syncdev $interface (where the interface is brought up before configuring it), it must be rearranged so that the interface is configured first:

syncdev $interface
up

2023/09/01 - [packages] sysutils/borgbackup/1.2 update to 1.2.6

A flaw in the cryptographic authentication scheme in borgbackup<1.2.5 allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. borgbackup>=1.2.5 enforces checking the TAM authentication tag of archives at critical places, and now considers archives without TAM as garbage or an attack.

Steps you must take to upgrade a repository are detailed in the documentation.

2023/09/06 - [packages] Tor Browser update to 12.5.3

As of the 12.5 release, torrc has been moved from ~/TorBrowser-Data/torrc to ~/TorBrowser-Data/Tor/torrc. If you wish to preserve your tor configuration (e.g., bridges), please do the following BEFORE starting tor-browser after you upgrade:

  $ mv ~/TorBrowser-Data/torrc ~/TorBrowser-Data/Tor

2023/09/09 - [packages] sysutils/borgbackup/1.1 removal

The 1.1 branch of borgbackup is end-of-life, and has been removed from ports. Upgrading packages using pkg_add -u will result in borgbackup-1.1.18 to be replaced by a release from the 1.2 branch, which at this time is borgbackup-1.2.6.

Before upgrading it is recommended to follow the upgrade notes.