Upgrading FreeBSD 7.0 to 7.1

My last post on upgrading FreeBSD was Updating FreeBSD 7.0-BETA2 to 7.0-BETA3.

In this post I'll describe how I migrated a test install of FreeBSD 7.0-RELEASE #0 to FreeBSD 7.0-RELEASE-p7 #0, and then from there to FreeBSD 7.1-RELEASE #0.

Here's what I started with.

neely# uname -a
FreeBSD neely.taosecurity.com 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24
19:59:52 UTC 2008 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

To update to the latest version of 7.0, I ran freebsd-update. First I run without switches to show available options.

neely# freebsd-update
usage: freebsd-update [options] command ... [path]

Options:
-b basedir -- Operate on a system mounted at basedir
(default: /)
-d workdir -- Store working files in workdir
(default: /var/db/freebsd-update/)
-f conffile -- Read configuration options from conffile
(default: /etc/freebsd-update.conf)
-k KEY -- Trust an RSA key with SHA256 hash of KEY
-r release -- Target for upgrade (e.g., 6.2-RELEASE)
-s server -- Server from which to fetch updates
(default: update.FreeBSD.org)
-t address -- Mail output of cron command, if any, to address
(default: root)
Commands:
fetch -- Fetch updates from server
cron -- Sleep rand(3600) seconds, fetch updates, and send an
email if updates were found
upgrade -- Fetch upgrades to FreeBSD version specified via -r option
install -- Install downloaded updates or upgrades
rollback -- Uninstall most recently installed updates

Notice the -s switch. If you decide to pick a specific server, how do you choose? This neat trick gives you options:

$ host -t srv _http._tcp.update.freebsd.org
_http._tcp.update.freebsd.org has SRV record 1 25 80 update2.FreeBSD.org.
_http._tcp.update.freebsd.org has SRV record 1 10 80 update1.FreeBSD.org.

Note results vary depending on what servers are available at any point in time.

Now I start the update process.

neely# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 7.0-RELEASE from update2.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 2 metadata patches.. done.
Applying metadata patches... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 27 patches.....10....20... done.
Applying patches... done.

The following files will be updated as part of updating to 7.0-RELEASE-p9:
/boot/kernel/if_faith.ko
/boot/kernel/if_fwip.ko
/boot/kernel/if_stf.ko
/boot/kernel/ip_mroute.ko
/boot/kernel/ipfw.ko
/boot/kernel/kernel
/boot/kernel/pf.ko
/boot/kernel/random.ko
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/bin/openssl
/usr/include/netinet/tcp.h
/usr/include/netinet6/in6.h
/usr/include/netinet6/nd6.h
/usr/lib/libssl.a
/usr/lib/libssl.so.5
/usr/libexec/ftpd
/usr/libexec/lukemftpd
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-signzone
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/ntpd
/usr/sbin/rndc-confgen

WARNING: FreeBSD 7.0-RELEASE is approaching its End-of-Life date.
It is strongly recommended that you upgrade to a newer
release within the next 2 months.

neely# freebsd-update install
Installing updates... done.
neely# reboot

After I reboot I am running FreeBSD 7.0-RELEASE-p7 #0.

neely# uname -a
FreeBSD neely.taosecurity.com 7.0-RELEASE-p7 FreeBSD 7.0-RELEASE-p7 #0: Sun Dec 21
12:33:45 UTC 2008 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386

For my own reference I see what packages are installed.

neely# pkg_info
cdrtools-2.01_6 CD/CD-R[W] and ISO-9660 image creation and extraction tools
dvd+rw-tools-7.0 DVD burning software

Now I will upgrade to 7.1.

neely# freebsd-update upgrade -r 7.1-RELEASE
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 7.0-RELEASE from update2.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base world/dict world/doc world/games world/info
world/manpages

The following components of FreeBSD do not seem to be installed:
src/base src/bin src/cddl src/compat src/contrib src/crypto src/etc
src/games src/gnu src/include src/krb5 src/lib src/libexec src/release
src/rescue src/sbin src/secure src/share src/sys src/tools src/ubin
src/usbin world/catpages world/proflibs

Does this look reasonable (y/n)? y

Fetching metadata signature for 7.1-RELEASE from update2.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system...done.
Fetching files from 7.0-RELEASE for merging... done.
Preparing to download files...done.
Fetching 10989 patches.....10....20....30....40....50....60....70....80....90....100....110
...edited...
810....6820....6830....6840....6850....6860.. done.
Applying patches... done.
Fetching 4516 files... failed.

That doesn't look good. Maybe the server was loaded? Based on a few searches I decide to start the process again.

neely# freebsd-update upgrade -r 7.1-RELEASE
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 7.0-RELEASE from update2.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base world/dict world/doc world/games world/info
world/manpages

The following components of FreeBSD do not seem to be installed:
src/base src/bin src/cddl src/compat src/contrib src/crypto src/etc
src/games src/gnu src/include src/krb5 src/lib src/libexec src/release
src/rescue src/sbin src/secure src/share src/sys src/tools src/ubin
src/usbin world/catpages world/proflibs

Does this look reasonable (y/n)? y

Fetching metadata signature for 7.1-RELEASE from update2.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system... done.
Fetching files from 7.0-RELEASE for merging... done.
Preparing to download files... done.
Fetching 3312 patches.....10....20....30....40....50....60....70....80....90....
...edited...
2620....2630....2640....2650....2660....2670....2680....2690... done.
Applying patches... done.
Fetching 1433 files...done.
Attempting to automatically merge changes in files... done.

The following changes, which occurred between FreeBSD 7.0-RELEASE and
FreeBSD 7.1-RELEASE have been merged into /etc/group:
--- current version
+++ new version
@@ -1,6 +1,6 @@
-# $FreeBSD: src/etc/group,v 1.35 2007/06/11 18:36:39 ceri Exp $
+# $FreeBSD: src/etc/group,v 1.35.6.1 2008/11/25 02:59:29 kensmith Exp $
#
wheel:*:0:root,richard
daemon:*:1:
kmem:*:2:
sys:*:3:
Does this look reasonable (y/n)? y

The following changes, which occurred between FreeBSD 7.0-RELEASE and
FreeBSD 7.1-RELEASE have been merged into /etc/master.passwd:
--- current version
+++ new version
@@ -1,6 +1,6 @@
-# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
+# $FreeBSD: src/etc/master.passwd,v 1.40.18.1 2008/11/25 02:59:29 kensmith Exp $
#
root:$1$qmgoobYq$tNDy/Y2N8QDJVjFk5E.NB.:0:0::0:0:Charlie &:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
Does this look reasonable (y/n)? y

The following changes, which occurred between FreeBSD 7.0-RELEASE and
FreeBSD 7.1-RELEASE have been merged into /etc/passwd:
--- current version
+++ new version
@@ -1,6 +1,6 @@
-# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
+# $FreeBSD: src/etc/master.passwd,v 1.40.18.1 2008/11/25 02:59:29 kensmith Exp $
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
Does this look reasonable (y/n)? y
The following files will be removed as part of updating to 7.1-RELEASE-p2:
/etc/rc.d/kernel
/usr/include/netgraph/atm/ng_atmpif.h
/usr/sbin/pkg_check
/usr/sbin/pkg_sign
/usr/share/doc/de_DE.ISO8859-1/books/handbook/portsnap.html
...edited...
The following files will be added as part of updating to 7.1-RELEASE-p2:
/boot/gptboot
/boot/kernel/cmx.ko
/boot/kernel/cmx.ko.symbols
...edited...
The following files will be updated as part of updating to 7.1-RELEASE-p2:
/.cshrc
/.profile
/COPYRIGHT
/bin/[
/bin/cat
...edited...
/var/named/etc/namedb/named.root
/var/yp/Makefile.dist

neely# freebsd-update install -r 7.1-RELEASE
Installing updates...
Kernel updates have been installed. Please reboot and run
"/usr/sbin/freebsd-update install" again to finish installing updates.
neely# reboot

After rebooting I run install again.

$ su -
Password:
neely# freebsd-update install
Installing updates...... done.
neely# reboot

$ uname -a
FreeBSD neely.taosecurity.com 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1
14:37:25 UTC 2009 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

All done! If I want to see if any other patches are available I can run fetch again.

$ su -
Password:

neely# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 7.1-RELEASE from update2.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 2 metadata patches.. done.
Applying metadata patches... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 7.1-RELEASE-p2.

Looks like that's it.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.

Comments

Anonymous said…
It may be worth noting that from previous personal experience this process is not entirely fault free.

After updating the system in the usual way and receiving no errors (i.e everything appeared normal) upon reboot the bootloader couldn't find the kernel. The kernel was never created so I attempted to load the previous one but this had also been removed. I searched for the kernel but it was nowhere to be found.

I'm not entirely sure what happend but it was a frustrating few hours and it still puzzles me why a backup of the previous version is not created.

I had to use the installation disk to create the kernel in the appropriate location but this wasn't as straight forward either.

Whilst this problem seems to the be in the minority I've gone back to using CVS and the typical buildworld process.

This was from a 7.1 RC2 to 7.1 when it was first released but when I looked into it has happend since its introduction in a handful of cases.
Unknown said…
I am new to FreeBSD kernel customization, and I have learned that freebsd-update does not deal with CUSTOM kernels.

I had to:

cd /usr/src
make buildkernel KERNCONF=CUSTOM
make installkernel KERNCONF=CUSTOM

after the update to introduce the changes.

Reading Chris's post it looks like it may be a good thing to leave kernel stuff alone for now when binary updating...

Thanks for the post.
Jason Wood said…
Just as an add on, the upgrade seems to require that you recompile your kernel to get to 7.1-RELEASE-p2.

After doing the second "freebsd-udpate install", my system reported the version as "7.1-RELEASE FreeBSD 7.1-RELEASE #0"

I was using GENERIC on my test box, so I performed

[root@freebsd2 ~] make buildkernel KERNCONF=GENERIC
[root@freebsd2 ~] make installkernel KERNCONF=GENERIC

reboot again

After this, uname -a reports the system at 7.1-RELEASE-p2.

[me@freebsd2 ~]$ uname -a
FreeBSD freebsd2.foo.com 7.1-RELEASE-p2 FreeBSD 7.1-RELEASE-p2 #1: Tue Feb 3 17:00:46 MST 2009
Anonymous said…
This comment has been removed by a blog administrator.
Anonymous said…
This comment has been removed by a blog administrator.
Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics