# Upgrade from 9.1-RELEASE to latest



## heximal (Mar 28, 2017)

Hi.
The major goal is to upgrade my FreeBSD from 9.1-RELEASE to latest version (is that possible at all?)
What I've tried so far and stuck on.
I tried
`freebsd-update fetch
freebsd-update install`
sequence and the last command is giving the output:
`# /usr/sbin/freebsd-update install
Installing updates...install: ///usr/src/contrib/bind9/lib/isc/counter.c: No such file or directory
install: ///usr/src/contrib/bind9/lib/isc/include/isc/counter.h: No such file or directory
install: ///usr/src/contrib/tzdata/leap-seconds.list: No such file or directory
install: ///usr/src/contrib/tzdata/zone1970.tab: No such file or directory
install: ///usr/src/crypto/openssl/ssl/s3_cbc.c: No such file or directory
 done.`
I suspect, I need to get the source code. I tried to do it with subversion, but subversion was not installed too, so I tried to install subversion using `ports` or `pkg`, but still unsuccessfully - the system was giving the error about outdated version of FreeBSD.
Can someone help me? What's my next step?


----------



## SirDice (Mar 28, 2017)

heximal said:


> I suspect, I need to get the source code.


Not strictly needed, you can simply ignore those "errors". 

A better option is to disable updating the source in freebsd-update.conf. Another option is to extract the source archive from the install media to /usr/src.


----------



## heximal (Mar 28, 2017)

OK, I don't quite understand in this case, what is the result of `freebsd-update install`? It says 'Done', what does it mean? Does it meat, fetched updates were applied?


----------



## SirDice (Mar 28, 2017)

heximal said:


> Does it meat, fetched updates were applied?


It means the install is done. So yes, this means the fetched updates have been applied.


----------



## heximal (Mar 28, 2017)

What is my next step then? Can I upgrade to 10.x?
I'm a little bit confusing, uname command says:

`# uname -a
FreeBSD d3355.colo.hc.ru 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4 09:23:10 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64`

Is it ok? Or may be I should reboot the system?


----------



## gkontos (Mar 28, 2017)

You can upgrade to 10.3. If I were you, I would choose to upgrade by building world+kernel. Regarding uname, it will increase only if you compile the kernel. Do keep in mind that after the upgrade you will need to rebuild all ports.


----------



## heximal (Mar 28, 2017)

Is it possible to upgrade to 10.3 without building kernel and world? How can I do this?


----------



## SirDice (Mar 28, 2017)

The patches haven't been activated because you haven't rebooted yet. So your `uname -a` shows old information.



> Is it possible to upgrade to 10.3 without building kernel and world? How can I do this?


Reboot your system first to make sure the updates for 9.1 are working. Then use `freebsd-update -r 10.3-RELEASE upgrade` to download the upgrade patches.


----------



## heximal (Mar 28, 2017)

Looks like there are still some upgrades for 9.1. I've rebooted the system and now uname says
`FreeBSD d3355.colo.hc.ru 9.1-RELEASE-p22 FreeBSD 9.1-RELEASE-p22 #0: Mon Nov  3 18:22:10 UTC 2014     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64`

I try to run `freebsd-update fetch` again and it stays there is RELEASE-p24 patch and `freebsd-update install` says Done, but after reboot `uname` says it's still RELEASE-p22.
Is it ok to jump from 9.1 right to 10.3 without these intermediate updates?


----------



## SirDice (Mar 28, 2017)

heximal said:


> I try to run  freebsd-update fetch again and it stays there is RELEASE-p24 patch and  freebsd-update install says Done, but after reboot  uname says it's still RELEASE-p22.


The last two updates didn't affect the kernel, so that shows a different version. This discrepancy is one of the reasons FreeBSD 10 and higher have the freebsd-version(1) command.



heximal said:


> Is it ok to jump from 9.1 right to 10.3 without these intermediate updates?


You _should_ be able to jump straight to 10.3. But definitely make sure you have backups of your important data as updates/upgrades are always somewhat dangerous.


----------



## heximal (Mar 28, 2017)

gkontos said:


> Do keep in mind that after the upgrade you will need to rebuild all ports.


does it mean that all components built from old ports will stop working? e.g. php? all websites will become unavailable?


----------



## gkontos (Mar 28, 2017)

heximal said:


> does it mean that all components built from old ports will stop working? e.g. php? all websites will become unavailable?


Correct, you will have to rebuild all. As a temporary solution you could install misc/compat9x


----------



## heximal (Mar 28, 2017)

Ugh, the work is done, the system is alive. Fortunately, php and other related modules haven't been affected, so the websites still work.
Thanks, guys.
Sir Dice, you are the knight of FreeBSD!


----------



## heximal (Mar 29, 2017)

gkontos said:


> Correct, you will have to rebuild all. As a temporary solution you could install misc/compat9x


My troubles are not ended completely. I'm trying to rebuild ports but every time I get the error
`"/usr/ports/Mk/bsd.port.mk", line 1180: UNAME_r (10.3-RELEASE-p11) and OSVERSION (901000) do not agree on major version number.`

I did update ports by `portsnap fetch update`
Why OSVERSION stayed unchanged? Can I change it manually?


----------



## SirDice (Mar 29, 2017)

Note that you need to run `freebsd-update install` a total of three(!) times. The first install only updates the kernel, the second install updates the base OS and the third install run cleans up old libraries and executables.


----------



## heximal (Mar 29, 2017)

Shame on me, I didn't read the handbook completely. So, I should run `freebsd-update install` twice again? and no other commands between them? Should I reboot after each `freebsd-update install`?


----------



## SirDice (Mar 29, 2017)

The basic gist is: 

```
freebsd-update -r 10.3-RELEASE upgrade
freebsd-update install
(reboot)
freebsd-update install
(rebuild or reinstall all ports/packages)
freebsd-update install
```


----------



## heximal (Mar 29, 2017)

Ok, thanks, I'll try


----------



## heximal (Apr 3, 2017)

Hello, gentlemen. Thanks for your help, I've finally succeeded to upgrade my FreeBSD.
Just one more question. Looks like I've got my sendmail service a little bit broken. When I'm trying to send a message to gmail addresses, I receive the following message in /var/log/maillog:

```
Apr  3 19:32:29 d3355 sm-mta[27130]: v33GWTJE027128: to=<somewhere@gmail.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=30346, relay=gmail-smtp-in.l.google.com [64.233.162.26], dsn=5.0.0, stat=Service unavailable
```

What might be broken during the installation of system updates?


----------



## SirDice (Apr 3, 2017)

This might be missing:

```
20150614:
        The import of openssl to address the FreeBSD-SA-15:10.openssl
        security advisory includes a change which rejects handshakes
        with DH parameters below 768 bits.  sendmail releases prior
        to 8.15.2 (not yet released), defaulted to a 512 bit
        DH parameter setting for client connections.  To work around
        this interoperability, sendmail can be configured to use a
        2048 bit DH parameter by:                                
                                                                       
        1. Edit /etc/mail/`hostname`.mc                                   
        2. If a setting for confDH_PARAMETERS does not exist or              
           exists and is set to a string beginning with '5',                   
           replace it with '2'.                                                 
        3. If a setting for confDH_PARAMETERS exists and is set to                 
           a file path, create a new file with:                                     
                openssl dhparam -out /path/to/file 2048                               
        4. Rebuild the .cf file:                                                        
                cd /etc/mail/; make; make install                                        
        5. Restart sendmail:                                                             
                cd /etc/mail/; make restart                                               
                                                                                          
        A sendmail patch is coming, at which time this file will be                        
        updated.
```

You should have an warning/error message about dh.param in your maillog somewhere. This usually solves it: `openssl dhparam -out /etc/mail/certs/dh.param 2048`


----------



## heximal (Apr 3, 2017)

Something is still wrong. I tried different options, but still get this error. Here is my .mc file:


```
divert(0)
VERSIONID(`$FreeBSD: release/9.1.0/etc/sendmail/freebsd.mc 223068 2011-06-14 04:33:43Z gshapiro $')
OSTYPE(freebsd6)
DOMAIN(generic)

FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl       your permission.
dnl FEATURE(relay_based_on_MX)

dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/

dnl Uncomment to activate your chosen DNS based blacklist
dnl FEATURE(dnsbl, `dnsbl.example.com')
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " $&{client_addr} " rejected'')

dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')

dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')

dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet')dnl
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')

define(`condDH_PARAMETERS', `/etc/mail/certs/dh.param')dnl
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`genericstable', `hash -o /etc/mail/genericstable')dnl
FEATURE(`delay_checks')dnl
FEATURE(`access_db', `hash -o -T<TMPF> /etc/mail/access')dnl
define(`confSERVER_KEY', `/etc/mail/ssl/private/sendmail.key')dnl
define(`confSERVER_CERT', `/etc/mail/ssl/certs/sendmail.crt')dnl
define(`confLOCAL_MAILER', `dovecot')dnl
define(`confCACERT_PATH', `/etc/mail/ssl/certs/CA')dnl
define(`confCACERT', `/etc/mail/ssl/certs/sendmail.crt')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`ALIAS_FILE', `/etc/mail/aliases')dnl
MAILER(`dovecot')dnl
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)
```

I've added condDH_PARAMETERS manually since it was missed.


----------



## SerLA (Apr 6, 2017)

Hello. I'm trying to upgrade my FreeBSD 9.1-RELEASE-p22 to 11.0, but I have a problem.


```
uname -v
FreeBSD 9.1-RELEASE-p22 #0: Mon Nov  3 18:22:10 UTC 2014     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
```


```
freebsd-update fetch install
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 9.1-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be updated as part of updating to 9.1-RELEASE-p24:
/usr/share/zoneinfo/Africa/Bamako
/usr/share/zoneinfo/Africa/Banjul
/usr/share/zoneinfo/Africa/Conakry
/usr/share/zoneinfo/Africa/Dakar
/usr/share/zoneinfo/Africa/Freetown
/usr/share/zoneinfo/Africa/Lome
/usr/share/zoneinfo/Africa/Nouakchott
/usr/share/zoneinfo/Africa/Ouagadougou
/usr/share/zoneinfo/Africa/Sao_Tome
/usr/share/zoneinfo/Atlantic/St_Helena
/usr/share/zoneinfo/Pacific/Johnston

WARNING: FreeBSD 9.1-RELEASE-p22 HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Thu Jan  1 04:00:00 MSK 2015
will not have been corrected.
```



```
freebsd-update upgrade -r 11.0-RELEASE
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 9.1-RELEASE from update6.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base world/lib32

The following components of FreeBSD do not seem to be installed:
world/doc world/games

Does this look reasonable (y/n)? y
Does this look reasonable (y/n)? y

Fetching metadata signature for 11.0-RELEASE from update6.freebsd.org... done.
Fetching metadata index... done.

The update metadata is correctly signed, but
failed an integrity check.
Cowardly refusing to proceed any further.
```

How do I find out the cause of the error?
Is it possible to upgrade directly to 11.0?


----------



## SirDice (Apr 6, 2017)

SerLA said:


> How do I find out the cause of the error?


Most likely cause is a corrupted download. Try clearing the cache and start fresh: `rm -rf /var/db/freebsd-update/*`



SerLA said:


> Is it possible to upgrade directly to 11.0?


Yes, that should be possible.


----------



## SerLA (Apr 6, 2017)

ok


SirDice said:


> rm -rf /var/db/freebsd-update/*



freebsd-update fetch install
reboot

try again:


```
freebsd-update upgrade -r 11.0-RELEASE
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 9.1-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base world/lib32

The following components of FreeBSD do not seem to be installed:
world/doc world/games

Does this look reasonable (y/n)? y

Fetching metadata signature for 11.0-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.

The update metadata is correctly signed, but
failed an integrity check.
Cowardly refusing to proceed any further.
```


----------



## SirDice (Apr 6, 2017)

```
rm -rf /var/db/freebsd-update/*
freebsd-update upgrade -r 10.3-RELEASE
```

Don't run `freebsd-update fetch install` in between. I'm thinking there's a collision with one of the files from 9.1 and a file from 10.3.


----------



## SerLA (Apr 6, 2017)

SirDice said:


> Most likely cause is a corrupted download. Try clearing the cache and start fresh: `rm -rf /var/db/freebsd-update/*`
> 
> 
> Yes, that should be possible.





SirDice said:


> ```
> rm -rf /var/db/freebsd-update/*
> freebsd-update upgrade -r 10.3-RELEASE
> ```
> ...




```
rm -rf /var/db/freebsd-update/*
freebsd-update upgrade -r 11.0-RELEASE
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching public key from update6.freebsd.org... done.
Fetching metadata signature for 9.1-RELEASE from update6.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base world/lib32

The following components of FreeBSD do not seem to be installed:
world/doc world/games

Does this look reasonable (y/n)? y

Fetching metadata signature for 11.0-RELEASE from update6.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.

The update metadata is correctly signed, but
failed an integrity check.
Cowardly refusing to proceed any further.
```
 

Where can I see more details of the upgrade process?


----------



## SirDice (Apr 6, 2017)

SerLA said:


> Where can I see more details of the upgrade process?


You can have a look at the code, freebsd-update(8) is a shell script.

Have you tried adding an intermediate step? You should be able to upgrade directly to 11.0 but it may be better to try to upgrade to 10.3 first.


----------



## SerLA (Apr 6, 2017)

SirDice said:


> You can have a look at the code, freebsd-update(8) is a shell script.
> 
> Have you tried adding an intermediate step? You should be able to upgrade directly to 11.0 but it may be better to try to upgrade to 10.3 first.



Upgrade from 9.1 to 10.3 is performed correctly.
I'm interested in the ability to upgrade from 9.1 to 11.0 directly.


----------



## gkontos (Apr 6, 2017)

SerLA said:


> Upgrade from 9.1 to 10.3 is performed correctly.
> I'm interested in the ability to upgrade from 9.1 to 11.0 directly.



According to this errata, it is not possible. So, you would have to go to 9.3 first or 10.3 like you did.


----------

