OpenBSD Following -current and using snapshots [FAQ Index]


Active OpenBSD development is known as the -current branch. These sources are frequently compiled into releases known as snapshots.

Aggressive changes are sometimes pushed in this branch, and complications can arise when building the latest code or upgrading from a previous point in time. Some of the steps for getting over these hurdles are explained on this page. Make sure you've read and understand how to build the system from source before using -current and the instructions below.

In general, it's far easier to use snapshots, as developers will have gone through much of the trouble for you already.

You should always use a snapshot as the starting point for running -current. This process typically consists of running sysupgrade(8) with the -s flag. Alternatively, download (and verify) the appropriate bsd.rd file from the /snapshots/ directory of your preferred mirror, boot from it, and choose (U)pgrade at the prompt. Any installed packages should then be upgraded after booting into the new system.

Upgrading to -current by compiling your own source code is discouraged for everyone except for experts, as difficult build-time crossing-points can occur often, and no assistance will be provided. In case of failure, use a snapshot to recover.

Most of these changes will have to be performed as root.

2021/05/26 - [packages] FreeRADIUS 3.0.22: no more LEAP

FreeRADIUS removed LEAP in 3.0.22. This was previously in the default configuration, so if you have enabled EAP you are likely to need to update /etc/raddb/mods-available/eap and remove the "leap { ... }" lines.

2021/06/20 (and later) - SNMP security changes

Default security settings in snmpd(8) and snmp(1) have been tightened.

For snmpd(8):

To configure SNMPv3, you will need to add one or more users to the configuration, e.g.:
    user "manager" authkey "XblueQ300ZyAbUIbndmWjfl" auth hmac-sha1 enc aes enckey "tVadj9jxq8rdJ"
If you need to reinstate SNMPv1/v2c, you can add something like this:
    listen on any snmpv1 snmpv2 read
    read-only community U9PeBY1694bcxMnm
    seclevel none
The community name should not be common or easily brute-forced, especially if exposed to the internet.

For the snmp(1) client:

2021/09/15 libdmx removed

The dmx library was removed. To fully remove it from your system :
    rm -f /usr/X11R6/lib/libdmx.*
    rm -f /usr/X11R6/include/X11/extensions/dmxext.h
    rm -f /usr/X11R6/lib/pkgconfig/dmx.pc
    rm -f /usr/X11R6/man/man3/DMX*.3

$OpenBSD: current.html,v 1.1077 2021/09/15 05:49:43 matthieu Exp $