Remote OpenBSD/i386 upgrades from 3.3 and before

OpenBSD v3.3 was the last release of OpenBSD/i386 using the a.out executable file format. Starting with v3.4, as part of a number of security improvements, there was a conversion to the more modern and more flexible "ELF" format.

Unfortunately, the two formats are not directly compatible. This causes large problems when attempting to upgrade by remote. Most can be overcome with some work, but one is a show stopper: the fact that the 3.3 and before boot loader is unable to load the new kernel, and the 3.3 and before installboot is unable to install the new boot loader that could load the newer kernel.

For OpenBSD 3.4 and 3.5, a special kernel was made available, bsd.rd-a.out, which would help you over that barrier. However, this only helps if you have access to the console on the system -- if your machine is at another location, you won't be able to run the bsd.rd-a.out kernel.

Fortunately for us, OpenBSD developer Dale Rahn had a large number of machines he needed to remotely upgrade from 3.3 to ELF-compatible systems. Physically getting to each machine was almost out of the question, so he wrote bsdaoutcopy.c, (local copy), a <5k source file that converts an ELF kernel into an a.out-format file which can be successfully loaded by an a.out-compatible boot loader. This solves the "show-stopper", so a remote upgrade is now possible.


That doesn't mean it is trivial. This is a really scary process, if you make an error, you will end up with a broken system, and need to make an emergency trip out to the system you were trying to upgrade. However, it can work. This document will not be a step-by-step guide, but rather a list of tasks you will have to perform. If you don't understand this process, you have some work to do before attempting a remote upgrade this way.

Since the ELF transition took place back on version 3.4, and as I write this, 3.7 was just released, I am going to presume any machine you are updating this way is waaay out of date. Rather than trying to update in the more traditional way, I'm going to assume you are doing mostly a remote wipe/reload. We won't actually be wiping the drive or removing absolutely all old files, but we will be reconfiguring the machine from scratch.

You need to practice this process locally before attempting it on your not immediately accessible machine. What follows here is the process I used twice, once completely successful, once where I forgot to set the root password, but after going to the machine and giving root a PW, all was well, that was the only obvious error. However, this process is not tested as well as my FAQ articles, I do not wish to spend much more time on this. Most of all:

This process is not endorsed or supported by the OpenBSD project. Do not expect support of this process from OpenBSD, Dale, or me.

If you find a flaw or an obviously correct improvement in this process, let me know, but I will not be responsible for whatever happens to your machine, your hair or your job for following this process. You are completely on your own. You have been warned.

The Issues

Tasks to be performed

At this point, you now have a successful upgrade semi-completed. You still have to reinstall and configure any apps you wish to run on the system, but at this point, it is the same as any other remote upgrade. Future upgrades can be done completely normally (unless there are other flag days like the a.out -> ELF conversion, of course).

Holland Consulting home page
Contact Holland Consulting

since Jun 11, 2005

Copyright 2005, Nick Holland, Holland Consulting.

Permission granted to use, distribute and modify as per a standard two-term BSD license. Short version: Do what you want with it, but acknowledge that I wrote it, not you, not someone else, and don't come running to me if something goes horribly wrong.

$Id: aout-up.html,v 1.5 2005/07/02 03:09:02 nick Exp $