Up to now, the upgrade procedure from one to the next release meant that you had to manually download and verify the new ramdisk kernel.
What about if you just needed to boot into the existing bsd.rd and it would support downloading and verifying the bsd.rd of the next release? This diff changes the installer script to support such a scenario. 1) Boot the existing bsd.rd and choose (U)pgrade 2) Enter the "Server directory" of the new release The installer then offers just the bsd.rd The on-disk signify key of the new release is used for verify it 3) Reboot into the new bsd.rd and do the upgrade An important assumption for this to work properly is: Upgrades are only supported from one release to the release immediately following it. [1] It would look like this for the 6.2 to 6.3 upgrade situation. (The version numbers are obviously faked) Let's upgrade the sets! Location of sets? (cd0 disk http or 'done') [http] HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] HTTP Server? (hostname, list#, 'done' or '?') [ftp.hostserver.de] Server directory? [pub/OpenBSD/6.2/amd64] pub/OpenBSD/6.3/amd64 Unable to get a verified list of distribution sets. Select sets by entering a set name, a file name pattern or 'all'. De-select sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'. [X] bsd.rd Set name(s)? (or 'abort' or 'done') [done] Get/Verify SHA256.sig 100% |**************************| 2152 00:00 Signature Verified Get/Verify bsd.rd 100% |**************************| 9565 KB 00:14 Installing bsd.rd 100% |**************************| 9565 KB 00:00 Location of sets? (cd0 disk http or 'done') [done] Making all device nodes...done. CONGRATULATIONS! Your OpenBSD upgrade has been successfully completed! To boot the new system, enter 'reboot' at the command prompt. Here's the diff and below is a more detailed description. Index: install.sub =================================================================== RCS file: /cvs/src/distrib/miniroot/install.sub,v retrieving revision 1.1036 diff -u -p -p -u -r1.1036 install.sub --- install.sub 4 Oct 2017 18:19:33 -0000 1.1036 +++ install.sub 7 Oct 2017 14:02:19 -0000 @@ -1330,6 +1330,13 @@ sane_install() { # select_sets() { local _avail=$1 _selected=$2 _f _action _col=$COLUMNS + local _bsd_rd _no_sets=true + + [[ $MODE == upgrade ]] && for _f in $_avail; do + [[ $_f != bsd* ]] && _no_sets=false + [[ $_f == bsd.rd* ]] && _bsd_rd=$_f + done + $_no_sets && UPGRADE_BSDRD=true _avail=$_bsd_rd _selected=$_bsd_rd # account for 4 spaces added to the sets list let COLUMNS=_col-8 @@ -1517,6 +1524,8 @@ install_files() { _issue="Cannot fetch SHA256.sig" && break # Verify signature file with public keys. + $UPGRADE_BSDRD && + PUB_KEY=/mnt/etc/signify/openbsd-$((VERSION + 1))-base.pub ! unpriv -f "$_cfile" \ signify -Vep $PUB_KEY -x "$_cfile.sig" -m "$_cfile" && _issue="Signature check of SHA256.sig failed" && break @@ -1576,7 +1585,9 @@ install_files() { tar -zxphf - -C /mnt fi ;; - *) $_unpriv ftp -D Installing -Vmo - "$_fsrc" >"/mnt/$_f" + *) $UPGRADE_BSDRD && [[ $_f == bsd.rd* ]] && + cp /mnt/$_f /mnt/$_f.old.$VERSION + $_unpriv ftp -D Installing -Vmo - "$_fsrc" >"/mnt/$_f" ;; esac if (($?)); then @@ -1587,6 +1598,7 @@ install_files() { fi else DEFAULTSETS=$(rmel $_f $DEFAULTSETS) + $UPGRADE_BSDRD && DEFAULTSETS= fi [[ -d $_tmpsrc ]] && rm -f "$_tmpsrc/$_f" done @@ -3139,6 +3151,7 @@ PUB_KEY=/etc/signify/openbsd-${VERSION}- ROOTDEV= ROOTDISK= SETDIR="$VNAME/$ARCH" +UPGRADE_BSDRD=false V4_DHCPCONF=false V6_AUTOCONF=false WLANLIST=/tmp/i/wlanlist =================================================================== Stats: --- 1 lines 60 chars Stats: +++ 14 lines 508 chars Stats: 13 lines Stats: 448 chars The installer downloads the new SHA256.sig from the location of the new release and extracts the list of files. It then prepares the list for the selection step. At this point all the set files containing the new release number are skipped, because they don't match the version of the current (old) bsd.rd leaving only the kernels. Right before the set selection step, the installer looks at the list of files and if there are only kernels, it assumes to be in this "upgrade only the bsd.rd" scenario. It then sets the list to the bsd.rd kernel and sets the global UPGRADE_BSDRD variable to true. UPGRADE_BSDRD is used to slightly change the installer behaviour. - suppress the "Are you *SURE* your upgrade is complete without ...?" questions - use the on-disk signify keys of the new release to verify the files The reason for the "Unable to get a verified list of distribution sets." warning message is, that at this point the old signify key inside of bsd.rd is used to verify the SHA256.sig file to extract the file list. This is not fixable, because at this point the installer is not yet aware of this scenario and only if it is, it uses the on-disk signify keys of the new release. [1] http://www.openbsd.org/faq/upgrade61.html -- -=[rpe]=- -- -=[rpe]=-