Customizing Upgrades

OpenBSD lets you use custom file sets and shell scripts during binary upgrades. If you have a lot of machines to upgrade, run these to ensure that your systems are as identical after the upgrade as they were before. I highly recommend automating known changes during an upgrade.

The siteXX.tgz file works for upgrades exactly as for installations. Put the files you want on this system in siteXX.tgz, and the install program should copy those files to the system as it installs the upgraded files. Rather than install.site, however, the upgrade software looks for the script upgrade.site. Any install.site file is ignored during an upgrade, so you can use the same siteXX.tgz for upgrades and for new installations.

I find the upgrade.site script especially useful in conjunction with the OpenBSD Upgrade Guide for that release. The Upgrade Guide includes tasks that must be performed during an upgrade, many of which are very suitable for scripting. For example, the common tasks of deleting files, programs, and libraries removed from the new OpenBSD release are easily added to upgrade.site.

One convenient thing about upgrade.site is that you can copy the script to the target machine before running the upgrade. It doesn’t need to be part of siteXX.tgz. That said, I don’t recommend running pkg_add -u in upgrade.site. While the idea of automatically upgrading all your packages sounds good, remember that you’re running on a limited kernel with a less than completely initialized userland. Have your upgrade.site script add any commands that need to run on a fully multiuser system to /etc/rc.firsttime, so that they run when the system boots the first time.

With the hints in this chapter, you can customize OpenBSD any way you need. And with the information throughout this book, you should know where OpenBSD fits into your network. Remember that they really are out to get you, and you’ll achieve practical paranoia.