Upgrade from 9.1-RELEASE to latest

heximal

Member

Reaction score: 3
Messages: 67

Hi.
The major goal is to upgrade my FreeBSD from 9.1-RELEASE to latest version (is that possible at all?)
What I've tried so far and stuck on.
I tried
freebsd-update fetch
freebsd-update install

sequence and the last command is giving the output:
# /usr/sbin/freebsd-update install
Installing updates...install: ///usr/src/contrib/bind9/lib/isc/counter.c: No such file or directory
install: ///usr/src/contrib/bind9/lib/isc/include/isc/counter.h: No such file or directory
install: ///usr/src/contrib/tzdata/leap-seconds.list: No such file or directory
install: ///usr/src/contrib/tzdata/zone1970.tab: No such file or directory
install: ///usr/src/crypto/openssl/ssl/s3_cbc.c: No such file or directory
done.

I suspect, I need to get the source code. I tried to do it with subversion, but subversion was not installed too, so I tried to install subversion using ports or pkg, but still unsuccessfully - the system was giving the error about outdated version of FreeBSD.
Can someone help me? What's my next step?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,266
Messages: 38,773

I suspect, I need to get the source code.
Not strictly needed, you can simply ignore those "errors".

A better option is to disable updating the source in freebsd-update.conf. Another option is to extract the source archive from the install media to /usr/src.
 
OP
heximal

heximal

Member

Reaction score: 3
Messages: 67

OK, I don't quite understand in this case, what is the result of freebsd-update install? It says 'Done', what does it mean? Does it meat, fetched updates were applied?
 
OP
heximal

heximal

Member

Reaction score: 3
Messages: 67

What is my next step then? Can I upgrade to 10.x?
I'm a little bit confusing, uname command says:

# uname -a
FreeBSD d3355.colo.hc.ru 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64


Is it ok? Or may be I should reboot the system?
 

gkontos

Daemon

Reaction score: 488
Messages: 2,160

You can upgrade to 10.3. If I were you, I would choose to upgrade by building world+kernel. Regarding uname, it will increase only if you compile the kernel. Do keep in mind that after the upgrade you will need to rebuild all ports.
 
OP
heximal

heximal

Member

Reaction score: 3
Messages: 67

Is it possible to upgrade to 10.3 without building kernel and world? How can I do this?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,266
Messages: 38,773

The patches haven't been activated because you haven't rebooted yet. So your uname -a shows old information.

Is it possible to upgrade to 10.3 without building kernel and world? How can I do this?
Reboot your system first to make sure the updates for 9.1 are working. Then use freebsd-update -r 10.3-RELEASE upgrade to download the upgrade patches.
 
OP
heximal

heximal

Member

Reaction score: 3
Messages: 67

Looks like there are still some upgrades for 9.1. I've rebooted the system and now uname says
FreeBSD d3355.colo.hc.ru 9.1-RELEASE-p22 FreeBSD 9.1-RELEASE-p22 #0: Mon Nov 3 18:22:10 UTC 2014 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64

I try to run freebsd-update fetch again and it stays there is RELEASE-p24 patch and freebsd-update install says Done, but after reboot uname says it's still RELEASE-p22.
Is it ok to jump from 9.1 right to 10.3 without these intermediate updates?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,266
Messages: 38,773

I try to run freebsd-update fetch again and it stays there is RELEASE-p24 patch and freebsd-update install says Done, but after reboot uname says it's still RELEASE-p22.
The last two updates didn't affect the kernel, so that shows a different version. This discrepancy is one of the reasons FreeBSD 10 and higher have the freebsd-version(1) command.

Is it ok to jump from 9.1 right to 10.3 without these intermediate updates?
You should be able to jump straight to 10.3. But definitely make sure you have backups of your important data as updates/upgrades are always somewhat dangerous.
 
OP
heximal

heximal

Member

Reaction score: 3
Messages: 67

Do keep in mind that after the upgrade you will need to rebuild all ports.
does it mean that all components built from old ports will stop working? e.g. php? all websites will become unavailable?
 
OP
heximal

heximal

Member

Reaction score: 3
Messages: 67

Ugh, the work is done, the system is alive. Fortunately, php and other related modules haven't been affected, so the websites still work.
Thanks, guys.
Sir Dice, you are the knight of FreeBSD!
 
OP
heximal

heximal

Member

Reaction score: 3
Messages: 67

Correct, you will have to rebuild all. As a temporary solution you could install misc/compat9x
My troubles are not ended completely. I'm trying to rebuild ports but every time I get the error
"/usr/ports/Mk/bsd.port.mk", line 1180: UNAME_r (10.3-RELEASE-p11) and OSVERSION (901000) do not agree on major version number.

I did update ports by portsnap fetch update
Why OSVERSION stayed unchanged? Can I change it manually?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,266
Messages: 38,773

Note that you need to run freebsd-update install a total of three(!) times. The first install only updates the kernel, the second install updates the base OS and the third install run cleans up old libraries and executables.
 
OP
heximal

heximal

Member

Reaction score: 3
Messages: 67

Shame on me, I didn't read the handbook completely. So, I should run freebsd-update install twice again? and no other commands between them? Should I reboot after each freebsd-update install?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,266
Messages: 38,773

The basic gist is:
Code:
freebsd-update -r 10.3-RELEASE upgrade
freebsd-update install
(reboot)
freebsd-update install
(rebuild or reinstall all ports/packages)
freebsd-update install
 
OP
heximal

heximal

Member

Reaction score: 3
Messages: 67

Hello, gentlemen. Thanks for your help, I've finally succeeded to upgrade my FreeBSD.
Just one more question. Looks like I've got my sendmail service a little bit broken. When I'm trying to send a message to gmail addresses, I receive the following message in /var/log/maillog:
Code:
Apr  3 19:32:29 d3355 sm-mta[27130]: v33GWTJE027128: to=<somewhere@gmail.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=30346, relay=gmail-smtp-in.l.google.com [64.233.162.26], dsn=5.0.0, stat=Service unavailable

What might be broken during the installation of system updates?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,266
Messages: 38,773

This might be missing:
Code:
20150614:
        The import of openssl to address the FreeBSD-SA-15:10.openssl
        security advisory includes a change which rejects handshakes
        with DH parameters below 768 bits.  sendmail releases prior
        to 8.15.2 (not yet released), defaulted to a 512 bit
        DH parameter setting for client connections.  To work around
        this interoperability, sendmail can be configured to use a
        2048 bit DH parameter by:                                
                                                                       
        1. Edit /etc/mail/`hostname`.mc                                   
        2. If a setting for confDH_PARAMETERS does not exist or              
           exists and is set to a string beginning with '5',                   
           replace it with '2'.                                                 
        3. If a setting for confDH_PARAMETERS exists and is set to                 
           a file path, create a new file with:                                     
                openssl dhparam -out /path/to/file 2048                               
        4. Rebuild the .cf file:                                                        
                cd /etc/mail/; make; make install                                        
        5. Restart sendmail:                                                             
                cd /etc/mail/; make restart                                               
                                                                                          
        A sendmail patch is coming, at which time this file will be                        
        updated.

You should have an warning/error message about dh.param in your maillog somewhere. This usually solves it: openssl dhparam -out /etc/mail/certs/dh.param 2048
 
OP
heximal

heximal

Member

Reaction score: 3
Messages: 67

Something is still wrong. I tried different options, but still get this error. Here is my .mc file:

Code:
divert(0)
VERSIONID(`$FreeBSD: release/9.1.0/etc/sendmail/freebsd.mc 223068 2011-06-14 04:33:43Z gshapiro $')
OSTYPE(freebsd6)
DOMAIN(generic)

FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl       your permission.
dnl FEATURE(relay_based_on_MX)

dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/

dnl Uncomment to activate your chosen DNS based blacklist
dnl FEATURE(dnsbl, `dnsbl.example.com')
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " $&{client_addr} " rejected'')

dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')

dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')

dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet')dnl
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')

define(`condDH_PARAMETERS', `/etc/mail/certs/dh.param')dnl
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`genericstable', `hash -o /etc/mail/genericstable')dnl
FEATURE(`delay_checks')dnl
FEATURE(`access_db', `hash -o -T<TMPF> /etc/mail/access')dnl
define(`confSERVER_KEY', `/etc/mail/ssl/private/sendmail.key')dnl
define(`confSERVER_CERT', `/etc/mail/ssl/certs/sendmail.crt')dnl
define(`confLOCAL_MAILER', `dovecot')dnl
define(`confCACERT_PATH', `/etc/mail/ssl/certs/CA')dnl
define(`confCACERT', `/etc/mail/ssl/certs/sendmail.crt')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`ALIAS_FILE', `/etc/mail/aliases')dnl
MAILER(`dovecot')dnl
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)

I've added condDH_PARAMETERS manually since it was missed.
 

SerLA

New Member


Messages: 4

Hello. I'm trying to upgrade my FreeBSD 9.1-RELEASE-p22 to 11.0, but I have a problem.

Code:
uname -v
FreeBSD 9.1-RELEASE-p22 #0: Mon Nov  3 18:22:10 UTC 2014     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC

Code:
freebsd-update fetch install
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 9.1-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be updated as part of updating to 9.1-RELEASE-p24:
/usr/share/zoneinfo/Africa/Bamako
/usr/share/zoneinfo/Africa/Banjul
/usr/share/zoneinfo/Africa/Conakry
/usr/share/zoneinfo/Africa/Dakar
/usr/share/zoneinfo/Africa/Freetown
/usr/share/zoneinfo/Africa/Lome
/usr/share/zoneinfo/Africa/Nouakchott
/usr/share/zoneinfo/Africa/Ouagadougou
/usr/share/zoneinfo/Africa/Sao_Tome
/usr/share/zoneinfo/Atlantic/St_Helena
/usr/share/zoneinfo/Pacific/Johnston

WARNING: FreeBSD 9.1-RELEASE-p22 HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Thu Jan  1 04:00:00 MSK 2015
will not have been corrected.


Code:
 freebsd-update upgrade -r 11.0-RELEASE
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 9.1-RELEASE from update6.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base world/lib32

The following components of FreeBSD do not seem to be installed:
world/doc world/games

Does this look reasonable (y/n)? y
Does this look reasonable (y/n)? y

Fetching metadata signature for 11.0-RELEASE from update6.freebsd.org... done.
Fetching metadata index... done.

The update metadata is correctly signed, but
failed an integrity check.
Cowardly refusing to proceed any further.

How do I find out the cause of the error?
Is it possible to upgrade directly to 11.0?
 

SerLA

New Member


Messages: 4

ok
rm -rf /var/db/freebsd-update/*

freebsd-update fetch install
reboot

try again:

Code:
freebsd-update upgrade -r 11.0-RELEASE
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 9.1-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base world/lib32

The following components of FreeBSD do not seem to be installed:
world/doc world/games

Does this look reasonable (y/n)? y

Fetching metadata signature for 11.0-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.

The update metadata is correctly signed, but
failed an integrity check.
Cowardly refusing to proceed any further.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,266
Messages: 38,773

Code:
rm -rf /var/db/freebsd-update/*
freebsd-update upgrade -r 10.3-RELEASE

Don't run freebsd-update fetch install in between. I'm thinking there's a collision with one of the files from 9.1 and a file from 10.3.
 
Top