Remove default sets answer

The autoinstall(8) response file contains only non-defaults, except for
Set name(s)? (or 'abort' or 'done') [done] done
which is the hardcoded default since 2009.

Added in 2019 r1.23 "Let sysupgrade(8) create auto_upgrade.conf file [...]"
with all others, remove the exception.

OK florian

Add a new option which allows to set an alternative base-directory to
download the installation files to. This is helpful if the default
base-directory /home isn't available for writing, i.e. when using auto
mounted home directories.

Discussed with and input received from
florian@, jmc@, sthen@, schwarze@, and ajacoutot@.

OK florian@, jmc@, sthen@

When running sysupgrade on -stable move to the next release, not
-current.
Found the hard way by & OK sthen

Pick correct firmware directory. Read the target kernel version and use
the release directory for everything except -current.

OK afresh1@

It's fw_update's job to say what went wrong.
input jca
OK kmos sthen deraadt kn

ug_err() was renamed to err() in r1.41. A new ug_err call was added in
r1.42 by accident (that diff was written before the renaming was done).

From Mikolaj Kucharski

Specify version with fw_update(1)

sysupgrade(8) calls fw_update(1) without specifying a path, so
running on pre-6.8 snapshot and upgrading to 6.8 release with "-r"
will update firmware packages to snapshots.

Spotted by sthen
OK sthen
"looks good" deraadt

Fail on invalid installurl

Validate the URL's protocol identifier to avoid passing bogus arguments to
ftp(1) which otherwise might drop into the "ftp> " prompt instead of causing
sysupgrade(8) to exit non-zero.

Code taken from syspatch(8) as advised by ajacoutot.

Feedback jca
Feedback OK naddy

Print usage to stderr, print error messages in errx(3) fashion

While here, rename sg_err()/ug_err() to just err() and sync code between
syspatch(8) and sysupgrade(8).

Feedback OK naddy

Use SETSDIR consistently.
From Alex Holst, thanks!
OK kn

Our old ksh(1) bug where eval()uating a || compound list would terminate the
shell has been fixed by benno@; remove workaround.

ok naddy@

We are no longer using the "keep" file as a flag.
Pointed out by Martin Vahlensieck, thanks!

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@

Simplify sets directory check and creation (/home/_syspatch).
It can now be a symlink.

ok naddy@ solene@ kn@

revert previous, has not been thought through

Show the build date of the (about to be) fetched snapshot / release.
OK phessler, pamela, jung, benno

use the default URL when running fw_update, we can't guarantee that pkg_add will
be able to cope with packages from the next OpenBSD release - firmware packages
are occasionally updated on the release branch post-release.

this should handle most situations - the corner-case is an old snapshot upgrading
to a new snapshot across some types of pkg_add change, but as fw_update is usually
not mandatory this is usually good enough.

ok beck deraadt

print the URL when sysupgrade fetches new sets, allowing time for a quick ^C
if it's going to the wrong place/dir. ok deraadt@

Opportunisticly run fw_update before rebooting to run the upgrade.

Warn if it fails, but allow the upgrade to continue for now.

discussed with many, refinements by naddy@ sthen@

"commit something" deraadt@

Our version numbers go
m.n-beta -> m.n
not
m.n-beta -> m.n + 0.1
Handle this correctly for the -r case to stick to a release after
beta.
OK sthen

use ftp -N option; ok jca

Tweak and sync comment.

Determine the OS version in a way that won't break after 9.9.
Do it the same way in all three copies of the code.

Based on a patch from Chris Waddey.
with & ok ajacoutot

unpriv(): propagate error code to the caller instead of failing hard.
This will allow reacting on failure.

ok florian@

branches: 1.25.2; 1.25.4;
Add where missing and harmonize PATH to be _PATH_DEFPATH (without local nor
X11R6).
Suggested by tb@

ok deraadt@ tb@ millert@

Let sysupgrade(8) handle cleanup of downloaded sets by filling in
/etc/rc.firsttime in preparation of moving the functionality out of
install.sub.
OK deraadt

Let sysupgrade(8) create auto_upgrade.conf file in preparation of
moving the functionality out of install.sub.
OK deraadt

Try harder to have a complete /bsd.upgrade on disk.
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen

Revert my recent sysupgrade changes; it broke unattended upgrades for
espie@. Need to look deeper.

Use the same heuristic as the installer to find a proper prefetch area for the
sets instead of hardcoding /home. This leads the way to a knob for manually
choosing a sets directory if we want that.

Create /auto_upgrade.conf that will get picked up by the installer for the
unattended upgrade mode.

Similar inputs from naddy@ and kn@
ok florian@ kmos@ kn@

tweak verbosity; ok ccardenas@

Add a -k flag to keep the files in /home/_sysupgrade, since they
will be deleted after the upgrade by default. ok kn@

sysupgrade already verifies all sets, so eliminate redundant
verification by the installer:

Verification is triggered by the presence of SHA256.sig.
In sysupgrade, remove SHA256.sig once the signature has been verified.
Compare SHA256 against a stored copy from the previous install/upgrade.

In the installer, stash away a copy of SHA256 and move that code
into install_files() where the sets are actually processed.
Confirm in the response file that we want to proceed without
verifying the sets.

ok florian@ tj@

It is not an error condition if no new snapshot is available.
ok jasper@ florian@

oops, fix unpriv() argument handling; from install.sub

* For "unpriv -f file", chown file back to root once the command finishes,
like install.sub does.
* Only verify the signature once.
* Only checksum the newly downloaded files.

ok florian@

Require root to run (still allow access to usage).

ok naddy@ florian@

Rename -c to -s since the correct term is snapshot, not current. Also
implement -r for symetry reasons to force an upgrade to the next
release.
suggested by & OK deraadt, OK benno, kmos

typo in previous

sysupgrade gains -n for no-reboot option. Accidentally duplicated benno's diff, who
graciously OK'd mine. Improvement from naddy; polishing and OKs from kn and ingo.

Only fetch and upgrade if a new snapshot is available.
Based on a diff by Marco Bonetti (sid77 AT slackware.it).

discussed with deraadt@, OK kn

Install upgrade kernel with ln -f, as per kernel build. ok florian@

Quiet down signify, seeing all the OKs scroll by is not helping.

Fix default MIRROR.

ok florian@

do not re-verify the signature for each file when checking the old files,
sha256 is enough; ok florian@

Use a different approach to determine the appropriate signing key:
Read the first line "untrusted comment ..." from SHA256.sig. Use the
key named there if it corresponds to the current or next OS version.

check owner and permission of download directory

don't be overly specific in set selection and don't use an undefined
variable

Add sysupgrade(8) a tool to upgrade OpenBSD to the next release or a
new snapshot.
Cargo culted from bits and pieces of a script originally posted
by naddy@ to misc, install.sub and syspatch(8)
with & OK deraadt

Add a new option which allows to set an alternative base-directory to
download the installation files to. This is helpful if the default
base-directory /home isn't available for writing, i.e. when using auto
mounted home directories.

Discussed with and input received from
florian@, jmc@, sthen@, schwarze@, and ajacoutot@.

OK florian@, jmc@, sthen@

When running sysupgrade on -stable move to the next release, not
-current.
Found the hard way by & OK sthen

Pick correct firmware directory. Read the target kernel version and use
the release directory for everything except -current.

OK afresh1@

It's fw_update's job to say what went wrong.
input jca
OK kmos sthen deraadt kn

ug_err() was renamed to err() in r1.41. A new ug_err call was added in
r1.42 by accident (that diff was written before the renaming was done).

From Mikolaj Kucharski

Specify version with fw_update(1)

sysupgrade(8) calls fw_update(1) without specifying a path, so
running on pre-6.8 snapshot and upgrading to 6.8 release with "-r"
will update firmware packages to snapshots.

Spotted by sthen
OK sthen
"looks good" deraadt

Fail on invalid installurl

Validate the URL's protocol identifier to avoid passing bogus arguments to
ftp(1) which otherwise might drop into the "ftp> " prompt instead of causing
sysupgrade(8) to exit non-zero.

Code taken from syspatch(8) as advised by ajacoutot.

Feedback jca
Feedback OK naddy

Print usage to stderr, print error messages in errx(3) fashion

While here, rename sg_err()/ug_err() to just err() and sync code between
syspatch(8) and sysupgrade(8).

Feedback OK naddy

Use SETSDIR consistently.
From Alex Holst, thanks!
OK kn

Our old ksh(1) bug where eval()uating a || compound list would terminate the
shell has been fixed by benno@; remove workaround.

ok naddy@

We are no longer using the "keep" file as a flag.
Pointed out by Martin Vahlensieck, thanks!

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@

Simplify sets directory check and creation (/home/_syspatch).
It can now be a symlink.

ok naddy@ solene@ kn@

revert previous, has not been thought through

Show the build date of the (about to be) fetched snapshot / release.
OK phessler, pamela, jung, benno

use the default URL when running fw_update, we can't guarantee that pkg_add will
be able to cope with packages from the next OpenBSD release - firmware packages
are occasionally updated on the release branch post-release.

this should handle most situations - the corner-case is an old snapshot upgrading
to a new snapshot across some types of pkg_add change, but as fw_update is usually
not mandatory this is usually good enough.

ok beck deraadt

print the URL when sysupgrade fetches new sets, allowing time for a quick ^C
if it's going to the wrong place/dir. ok deraadt@

Opportunisticly run fw_update before rebooting to run the upgrade.

Warn if it fails, but allow the upgrade to continue for now.

discussed with many, refinements by naddy@ sthen@

"commit something" deraadt@

Our version numbers go
m.n-beta -> m.n
not
m.n-beta -> m.n + 0.1
Handle this correctly for the -r case to stick to a release after
beta.
OK sthen

use ftp -N option; ok jca

Tweak and sync comment.

Determine the OS version in a way that won't break after 9.9.
Do it the same way in all three copies of the code.

Based on a patch from Chris Waddey.
with & ok ajacoutot

unpriv(): propagate error code to the caller instead of failing hard.
This will allow reacting on failure.

ok florian@

branches: 1.25.2; 1.25.4;
Add where missing and harmonize PATH to be _PATH_DEFPATH (without local nor
X11R6).
Suggested by tb@

ok deraadt@ tb@ millert@

Let sysupgrade(8) handle cleanup of downloaded sets by filling in
/etc/rc.firsttime in preparation of moving the functionality out of
install.sub.
OK deraadt

Let sysupgrade(8) create auto_upgrade.conf file in preparation of
moving the functionality out of install.sub.
OK deraadt

Try harder to have a complete /bsd.upgrade on disk.
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen

Revert my recent sysupgrade changes; it broke unattended upgrades for
espie@. Need to look deeper.

Use the same heuristic as the installer to find a proper prefetch area for the
sets instead of hardcoding /home. This leads the way to a knob for manually
choosing a sets directory if we want that.

Create /auto_upgrade.conf that will get picked up by the installer for the
unattended upgrade mode.

Similar inputs from naddy@ and kn@
ok florian@ kmos@ kn@

tweak verbosity; ok ccardenas@

Add a -k flag to keep the files in /home/_sysupgrade, since they
will be deleted after the upgrade by default. ok kn@

sysupgrade already verifies all sets, so eliminate redundant
verification by the installer:

Verification is triggered by the presence of SHA256.sig.
In sysupgrade, remove SHA256.sig once the signature has been verified.
Compare SHA256 against a stored copy from the previous install/upgrade.

In the installer, stash away a copy of SHA256 and move that code
into install_files() where the sets are actually processed.
Confirm in the response file that we want to proceed without
verifying the sets.

ok florian@ tj@

It is not an error condition if no new snapshot is available.
ok jasper@ florian@

oops, fix unpriv() argument handling; from install.sub

* For "unpriv -f file", chown file back to root once the command finishes,
like install.sub does.
* Only verify the signature once.
* Only checksum the newly downloaded files.

ok florian@

Require root to run (still allow access to usage).

ok naddy@ florian@

Rename -c to -s since the correct term is snapshot, not current. Also
implement -r for symetry reasons to force an upgrade to the next
release.
suggested by & OK deraadt, OK benno, kmos

typo in previous

sysupgrade gains -n for no-reboot option. Accidentally duplicated benno's diff, who
graciously OK'd mine. Improvement from naddy; polishing and OKs from kn and ingo.

Only fetch and upgrade if a new snapshot is available.
Based on a diff by Marco Bonetti (sid77 AT slackware.it).

discussed with deraadt@, OK kn

Install upgrade kernel with ln -f, as per kernel build. ok florian@

Quiet down signify, seeing all the OKs scroll by is not helping.

Fix default MIRROR.

ok florian@

do not re-verify the signature for each file when checking the old files,
sha256 is enough; ok florian@

Use a different approach to determine the appropriate signing key:
Read the first line "untrusted comment ..." from SHA256.sig. Use the
key named there if it corresponds to the current or next OS version.

check owner and permission of download directory

don't be overly specific in set selection and don't use an undefined
variable

Add sysupgrade(8) a tool to upgrade OpenBSD to the next release or a
new snapshot.
Cargo culted from bits and pieces of a script originally posted
by naddy@ to misc, install.sub and syspatch(8)
with & OK deraadt

When running sysupgrade on -stable move to the next release, not
-current.
Found the hard way by & OK sthen

Pick correct firmware directory. Read the target kernel version and use
the release directory for everything except -current.

OK afresh1@

It's fw_update's job to say what went wrong.
input jca
OK kmos sthen deraadt kn

ug_err() was renamed to err() in r1.41. A new ug_err call was added in
r1.42 by accident (that diff was written before the renaming was done).

From Mikolaj Kucharski

Specify version with fw_update(1)

sysupgrade(8) calls fw_update(1) without specifying a path, so
running on pre-6.8 snapshot and upgrading to 6.8 release with "-r"
will update firmware packages to snapshots.

Spotted by sthen
OK sthen
"looks good" deraadt

Fail on invalid installurl

Validate the URL's protocol identifier to avoid passing bogus arguments to
ftp(1) which otherwise might drop into the "ftp> " prompt instead of causing
sysupgrade(8) to exit non-zero.

Code taken from syspatch(8) as advised by ajacoutot.

Feedback jca
Feedback OK naddy

Print usage to stderr, print error messages in errx(3) fashion

While here, rename sg_err()/ug_err() to just err() and sync code between
syspatch(8) and sysupgrade(8).

Feedback OK naddy

Use SETSDIR consistently.
From Alex Holst, thanks!
OK kn

Our old ksh(1) bug where eval()uating a || compound list would terminate the
shell has been fixed by benno@; remove workaround.

ok naddy@

We are no longer using the "keep" file as a flag.
Pointed out by Martin Vahlensieck, thanks!

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@

Simplify sets directory check and creation (/home/_syspatch).
It can now be a symlink.

ok naddy@ solene@ kn@

revert previous, has not been thought through

Show the build date of the (about to be) fetched snapshot / release.
OK phessler, pamela, jung, benno

use the default URL when running fw_update, we can't guarantee that pkg_add will
be able to cope with packages from the next OpenBSD release - firmware packages
are occasionally updated on the release branch post-release.

this should handle most situations - the corner-case is an old snapshot upgrading
to a new snapshot across some types of pkg_add change, but as fw_update is usually
not mandatory this is usually good enough.

ok beck deraadt

print the URL when sysupgrade fetches new sets, allowing time for a quick ^C
if it's going to the wrong place/dir. ok deraadt@

Opportunisticly run fw_update before rebooting to run the upgrade.

Warn if it fails, but allow the upgrade to continue for now.

discussed with many, refinements by naddy@ sthen@

"commit something" deraadt@

Our version numbers go
m.n-beta -> m.n
not
m.n-beta -> m.n + 0.1
Handle this correctly for the -r case to stick to a release after
beta.
OK sthen

use ftp -N option; ok jca

Tweak and sync comment.

Determine the OS version in a way that won't break after 9.9.
Do it the same way in all three copies of the code.

Based on a patch from Chris Waddey.
with & ok ajacoutot

unpriv(): propagate error code to the caller instead of failing hard.
This will allow reacting on failure.

ok florian@

branches: 1.25.2; 1.25.4;
Add where missing and harmonize PATH to be _PATH_DEFPATH (without local nor
X11R6).
Suggested by tb@

ok deraadt@ tb@ millert@

Let sysupgrade(8) handle cleanup of downloaded sets by filling in
/etc/rc.firsttime in preparation of moving the functionality out of
install.sub.
OK deraadt

Let sysupgrade(8) create auto_upgrade.conf file in preparation of
moving the functionality out of install.sub.
OK deraadt

Try harder to have a complete /bsd.upgrade on disk.
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen

Revert my recent sysupgrade changes; it broke unattended upgrades for
espie@. Need to look deeper.

Use the same heuristic as the installer to find a proper prefetch area for the
sets instead of hardcoding /home. This leads the way to a knob for manually
choosing a sets directory if we want that.

Create /auto_upgrade.conf that will get picked up by the installer for the
unattended upgrade mode.

Similar inputs from naddy@ and kn@
ok florian@ kmos@ kn@

tweak verbosity; ok ccardenas@

Add a -k flag to keep the files in /home/_sysupgrade, since they
will be deleted after the upgrade by default. ok kn@

sysupgrade already verifies all sets, so eliminate redundant
verification by the installer:

Verification is triggered by the presence of SHA256.sig.
In sysupgrade, remove SHA256.sig once the signature has been verified.
Compare SHA256 against a stored copy from the previous install/upgrade.

In the installer, stash away a copy of SHA256 and move that code
into install_files() where the sets are actually processed.
Confirm in the response file that we want to proceed without
verifying the sets.

ok florian@ tj@

It is not an error condition if no new snapshot is available.
ok jasper@ florian@

oops, fix unpriv() argument handling; from install.sub

* For "unpriv -f file", chown file back to root once the command finishes,
like install.sub does.
* Only verify the signature once.
* Only checksum the newly downloaded files.

ok florian@

Require root to run (still allow access to usage).

ok naddy@ florian@

Rename -c to -s since the correct term is snapshot, not current. Also
implement -r for symetry reasons to force an upgrade to the next
release.
suggested by & OK deraadt, OK benno, kmos

typo in previous

sysupgrade gains -n for no-reboot option. Accidentally duplicated benno's diff, who
graciously OK'd mine. Improvement from naddy; polishing and OKs from kn and ingo.

Only fetch and upgrade if a new snapshot is available.
Based on a diff by Marco Bonetti (sid77 AT slackware.it).

discussed with deraadt@, OK kn

Install upgrade kernel with ln -f, as per kernel build. ok florian@

Quiet down signify, seeing all the OKs scroll by is not helping.

Fix default MIRROR.

ok florian@

do not re-verify the signature for each file when checking the old files,
sha256 is enough; ok florian@

Use a different approach to determine the appropriate signing key:
Read the first line "untrusted comment ..." from SHA256.sig. Use the
key named there if it corresponds to the current or next OS version.

check owner and permission of download directory

don't be overly specific in set selection and don't use an undefined
variable

Add sysupgrade(8) a tool to upgrade OpenBSD to the next release or a
new snapshot.
Cargo culted from bits and pieces of a script originally posted
by naddy@ to misc, install.sub and syspatch(8)
with & OK deraadt

Pick correct firmware directory. Read the target kernel version and use
the release directory for everything except -current.

OK afresh1@

It's fw_update's job to say what went wrong.
input jca
OK kmos sthen deraadt kn

ug_err() was renamed to err() in r1.41. A new ug_err call was added in
r1.42 by accident (that diff was written before the renaming was done).

From Mikolaj Kucharski

Specify version with fw_update(1)

sysupgrade(8) calls fw_update(1) without specifying a path, so
running on pre-6.8 snapshot and upgrading to 6.8 release with "-r"
will update firmware packages to snapshots.

Spotted by sthen
OK sthen
"looks good" deraadt

Fail on invalid installurl

Validate the URL's protocol identifier to avoid passing bogus arguments to
ftp(1) which otherwise might drop into the "ftp> " prompt instead of causing
sysupgrade(8) to exit non-zero.

Code taken from syspatch(8) as advised by ajacoutot.

Feedback jca
Feedback OK naddy

Print usage to stderr, print error messages in errx(3) fashion

While here, rename sg_err()/ug_err() to just err() and sync code between
syspatch(8) and sysupgrade(8).

Feedback OK naddy

Use SETSDIR consistently.
From Alex Holst, thanks!
OK kn

Our old ksh(1) bug where eval()uating a || compound list would terminate the
shell has been fixed by benno@; remove workaround.

ok naddy@

We are no longer using the "keep" file as a flag.
Pointed out by Martin Vahlensieck, thanks!

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@

Simplify sets directory check and creation (/home/_syspatch).
It can now be a symlink.

ok naddy@ solene@ kn@

revert previous, has not been thought through

Show the build date of the (about to be) fetched snapshot / release.
OK phessler, pamela, jung, benno

use the default URL when running fw_update, we can't guarantee that pkg_add will
be able to cope with packages from the next OpenBSD release - firmware packages
are occasionally updated on the release branch post-release.

this should handle most situations - the corner-case is an old snapshot upgrading
to a new snapshot across some types of pkg_add change, but as fw_update is usually
not mandatory this is usually good enough.

ok beck deraadt

print the URL when sysupgrade fetches new sets, allowing time for a quick ^C
if it's going to the wrong place/dir. ok deraadt@

Opportunisticly run fw_update before rebooting to run the upgrade.

Warn if it fails, but allow the upgrade to continue for now.

discussed with many, refinements by naddy@ sthen@

"commit something" deraadt@

Our version numbers go
m.n-beta -> m.n
not
m.n-beta -> m.n + 0.1
Handle this correctly for the -r case to stick to a release after
beta.
OK sthen

use ftp -N option; ok jca

Tweak and sync comment.

Determine the OS version in a way that won't break after 9.9.
Do it the same way in all three copies of the code.

Based on a patch from Chris Waddey.
with & ok ajacoutot

unpriv(): propagate error code to the caller instead of failing hard.
This will allow reacting on failure.

ok florian@

branches: 1.25.2; 1.25.4;
Add where missing and harmonize PATH to be _PATH_DEFPATH (without local nor
X11R6).
Suggested by tb@

ok deraadt@ tb@ millert@

Let sysupgrade(8) handle cleanup of downloaded sets by filling in
/etc/rc.firsttime in preparation of moving the functionality out of
install.sub.
OK deraadt

Let sysupgrade(8) create auto_upgrade.conf file in preparation of
moving the functionality out of install.sub.
OK deraadt

Try harder to have a complete /bsd.upgrade on disk.
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen

Revert my recent sysupgrade changes; it broke unattended upgrades for
espie@. Need to look deeper.

Use the same heuristic as the installer to find a proper prefetch area for the
sets instead of hardcoding /home. This leads the way to a knob for manually
choosing a sets directory if we want that.

Create /auto_upgrade.conf that will get picked up by the installer for the
unattended upgrade mode.

Similar inputs from naddy@ and kn@
ok florian@ kmos@ kn@

tweak verbosity; ok ccardenas@

Add a -k flag to keep the files in /home/_sysupgrade, since they
will be deleted after the upgrade by default. ok kn@

sysupgrade already verifies all sets, so eliminate redundant
verification by the installer:

Verification is triggered by the presence of SHA256.sig.
In sysupgrade, remove SHA256.sig once the signature has been verified.
Compare SHA256 against a stored copy from the previous install/upgrade.

In the installer, stash away a copy of SHA256 and move that code
into install_files() where the sets are actually processed.
Confirm in the response file that we want to proceed without
verifying the sets.

ok florian@ tj@

It is not an error condition if no new snapshot is available.
ok jasper@ florian@

oops, fix unpriv() argument handling; from install.sub

* For "unpriv -f file", chown file back to root once the command finishes,
like install.sub does.
* Only verify the signature once.
* Only checksum the newly downloaded files.

ok florian@

Require root to run (still allow access to usage).

ok naddy@ florian@

Rename -c to -s since the correct term is snapshot, not current. Also
implement -r for symetry reasons to force an upgrade to the next
release.
suggested by & OK deraadt, OK benno, kmos

typo in previous

sysupgrade gains -n for no-reboot option. Accidentally duplicated benno's diff, who
graciously OK'd mine. Improvement from naddy; polishing and OKs from kn and ingo.

Only fetch and upgrade if a new snapshot is available.
Based on a diff by Marco Bonetti (sid77 AT slackware.it).

discussed with deraadt@, OK kn

Install upgrade kernel with ln -f, as per kernel build. ok florian@

Quiet down signify, seeing all the OKs scroll by is not helping.

Fix default MIRROR.

ok florian@

do not re-verify the signature for each file when checking the old files,
sha256 is enough; ok florian@

Use a different approach to determine the appropriate signing key:
Read the first line "untrusted comment ..." from SHA256.sig. Use the
key named there if it corresponds to the current or next OS version.

check owner and permission of download directory

don't be overly specific in set selection and don't use an undefined
variable

Add sysupgrade(8) a tool to upgrade OpenBSD to the next release or a
new snapshot.
Cargo culted from bits and pieces of a script originally posted
by naddy@ to misc, install.sub and syspatch(8)
with & OK deraadt

It's fw_update's job to say what went wrong.
input jca
OK kmos sthen deraadt kn

ug_err() was renamed to err() in r1.41. A new ug_err call was added in
r1.42 by accident (that diff was written before the renaming was done).

From Mikolaj Kucharski

Specify version with fw_update(1)

sysupgrade(8) calls fw_update(1) without specifying a path, so
running on pre-6.8 snapshot and upgrading to 6.8 release with "-r"
will update firmware packages to snapshots.

Spotted by sthen
OK sthen
"looks good" deraadt

Fail on invalid installurl

Validate the URL's protocol identifier to avoid passing bogus arguments to
ftp(1) which otherwise might drop into the "ftp> " prompt instead of causing
sysupgrade(8) to exit non-zero.

Code taken from syspatch(8) as advised by ajacoutot.

Feedback jca
Feedback OK naddy

Print usage to stderr, print error messages in errx(3) fashion

While here, rename sg_err()/ug_err() to just err() and sync code between
syspatch(8) and sysupgrade(8).

Feedback OK naddy

Use SETSDIR consistently.
From Alex Holst, thanks!
OK kn

Our old ksh(1) bug where eval()uating a || compound list would terminate the
shell has been fixed by benno@; remove workaround.

ok naddy@

We are no longer using the "keep" file as a flag.
Pointed out by Martin Vahlensieck, thanks!

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@

Simplify sets directory check and creation (/home/_syspatch).
It can now be a symlink.

ok naddy@ solene@ kn@

revert previous, has not been thought through

Show the build date of the (about to be) fetched snapshot / release.
OK phessler, pamela, jung, benno

use the default URL when running fw_update, we can't guarantee that pkg_add will
be able to cope with packages from the next OpenBSD release - firmware packages
are occasionally updated on the release branch post-release.

this should handle most situations - the corner-case is an old snapshot upgrading
to a new snapshot across some types of pkg_add change, but as fw_update is usually
not mandatory this is usually good enough.

ok beck deraadt

print the URL when sysupgrade fetches new sets, allowing time for a quick ^C
if it's going to the wrong place/dir. ok deraadt@

Opportunisticly run fw_update before rebooting to run the upgrade.

Warn if it fails, but allow the upgrade to continue for now.

discussed with many, refinements by naddy@ sthen@

"commit something" deraadt@

Our version numbers go
m.n-beta -> m.n
not
m.n-beta -> m.n + 0.1
Handle this correctly for the -r case to stick to a release after
beta.
OK sthen

use ftp -N option; ok jca

Tweak and sync comment.

Determine the OS version in a way that won't break after 9.9.
Do it the same way in all three copies of the code.

Based on a patch from Chris Waddey.
with & ok ajacoutot

unpriv(): propagate error code to the caller instead of failing hard.
This will allow reacting on failure.

ok florian@

branches: 1.25.2; 1.25.4;
Add where missing and harmonize PATH to be _PATH_DEFPATH (without local nor
X11R6).
Suggested by tb@

ok deraadt@ tb@ millert@

Let sysupgrade(8) handle cleanup of downloaded sets by filling in
/etc/rc.firsttime in preparation of moving the functionality out of
install.sub.
OK deraadt

Let sysupgrade(8) create auto_upgrade.conf file in preparation of
moving the functionality out of install.sub.
OK deraadt

Try harder to have a complete /bsd.upgrade on disk.
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen

Revert my recent sysupgrade changes; it broke unattended upgrades for
espie@. Need to look deeper.

Use the same heuristic as the installer to find a proper prefetch area for the
sets instead of hardcoding /home. This leads the way to a knob for manually
choosing a sets directory if we want that.

Create /auto_upgrade.conf that will get picked up by the installer for the
unattended upgrade mode.

Similar inputs from naddy@ and kn@
ok florian@ kmos@ kn@

tweak verbosity; ok ccardenas@

Add a -k flag to keep the files in /home/_sysupgrade, since they
will be deleted after the upgrade by default. ok kn@

sysupgrade already verifies all sets, so eliminate redundant
verification by the installer:

Verification is triggered by the presence of SHA256.sig.
In sysupgrade, remove SHA256.sig once the signature has been verified.
Compare SHA256 against a stored copy from the previous install/upgrade.

In the installer, stash away a copy of SHA256 and move that code
into install_files() where the sets are actually processed.
Confirm in the response file that we want to proceed without
verifying the sets.

ok florian@ tj@

It is not an error condition if no new snapshot is available.
ok jasper@ florian@

oops, fix unpriv() argument handling; from install.sub

* For "unpriv -f file", chown file back to root once the command finishes,
like install.sub does.
* Only verify the signature once.
* Only checksum the newly downloaded files.

ok florian@

Require root to run (still allow access to usage).

ok naddy@ florian@

Rename -c to -s since the correct term is snapshot, not current. Also
implement -r for symetry reasons to force an upgrade to the next
release.
suggested by & OK deraadt, OK benno, kmos

typo in previous

sysupgrade gains -n for no-reboot option. Accidentally duplicated benno's diff, who
graciously OK'd mine. Improvement from naddy; polishing and OKs from kn and ingo.

Only fetch and upgrade if a new snapshot is available.
Based on a diff by Marco Bonetti (sid77 AT slackware.it).

discussed with deraadt@, OK kn

Install upgrade kernel with ln -f, as per kernel build. ok florian@

Quiet down signify, seeing all the OKs scroll by is not helping.

Fix default MIRROR.

ok florian@

do not re-verify the signature for each file when checking the old files,
sha256 is enough; ok florian@

Use a different approach to determine the appropriate signing key:
Read the first line "untrusted comment ..." from SHA256.sig. Use the
key named there if it corresponds to the current or next OS version.

check owner and permission of download directory

don't be overly specific in set selection and don't use an undefined
variable

Add sysupgrade(8) a tool to upgrade OpenBSD to the next release or a
new snapshot.
Cargo culted from bits and pieces of a script originally posted
by naddy@ to misc, install.sub and syspatch(8)
with & OK deraadt

ug_err() was renamed to err() in r1.41. A new ug_err call was added in
r1.42 by accident (that diff was written before the renaming was done).

From Mikolaj Kucharski

Specify version with fw_update(1)

sysupgrade(8) calls fw_update(1) without specifying a path, so
running on pre-6.8 snapshot and upgrading to 6.8 release with "-r"
will update firmware packages to snapshots.

Spotted by sthen
OK sthen
"looks good" deraadt

Fail on invalid installurl

Validate the URL's protocol identifier to avoid passing bogus arguments to
ftp(1) which otherwise might drop into the "ftp> " prompt instead of causing
sysupgrade(8) to exit non-zero.

Code taken from syspatch(8) as advised by ajacoutot.

Feedback jca
Feedback OK naddy

Print usage to stderr, print error messages in errx(3) fashion

While here, rename sg_err()/ug_err() to just err() and sync code between
syspatch(8) and sysupgrade(8).

Feedback OK naddy

Use SETSDIR consistently.
From Alex Holst, thanks!
OK kn

Our old ksh(1) bug where eval()uating a || compound list would terminate the
shell has been fixed by benno@; remove workaround.

ok naddy@

We are no longer using the "keep" file as a flag.
Pointed out by Martin Vahlensieck, thanks!

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@

Simplify sets directory check and creation (/home/_syspatch).
It can now be a symlink.

ok naddy@ solene@ kn@

revert previous, has not been thought through

Show the build date of the (about to be) fetched snapshot / release.
OK phessler, pamela, jung, benno

use the default URL when running fw_update, we can't guarantee that pkg_add will
be able to cope with packages from the next OpenBSD release - firmware packages
are occasionally updated on the release branch post-release.

this should handle most situations - the corner-case is an old snapshot upgrading
to a new snapshot across some types of pkg_add change, but as fw_update is usually
not mandatory this is usually good enough.

ok beck deraadt

print the URL when sysupgrade fetches new sets, allowing time for a quick ^C
if it's going to the wrong place/dir. ok deraadt@

Opportunisticly run fw_update before rebooting to run the upgrade.

Warn if it fails, but allow the upgrade to continue for now.

discussed with many, refinements by naddy@ sthen@

"commit something" deraadt@

Our version numbers go
m.n-beta -> m.n
not
m.n-beta -> m.n + 0.1
Handle this correctly for the -r case to stick to a release after
beta.
OK sthen

use ftp -N option; ok jca

Tweak and sync comment.

Determine the OS version in a way that won't break after 9.9.
Do it the same way in all three copies of the code.

Based on a patch from Chris Waddey.
with & ok ajacoutot

unpriv(): propagate error code to the caller instead of failing hard.
This will allow reacting on failure.

ok florian@

branches: 1.25.2; 1.25.4;
Add where missing and harmonize PATH to be _PATH_DEFPATH (without local nor
X11R6).
Suggested by tb@

ok deraadt@ tb@ millert@

Let sysupgrade(8) handle cleanup of downloaded sets by filling in
/etc/rc.firsttime in preparation of moving the functionality out of
install.sub.
OK deraadt

Let sysupgrade(8) create auto_upgrade.conf file in preparation of
moving the functionality out of install.sub.
OK deraadt

Try harder to have a complete /bsd.upgrade on disk.
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen

Revert my recent sysupgrade changes; it broke unattended upgrades for
espie@. Need to look deeper.

Use the same heuristic as the installer to find a proper prefetch area for the
sets instead of hardcoding /home. This leads the way to a knob for manually
choosing a sets directory if we want that.

Create /auto_upgrade.conf that will get picked up by the installer for the
unattended upgrade mode.

Similar inputs from naddy@ and kn@
ok florian@ kmos@ kn@

tweak verbosity; ok ccardenas@

Add a -k flag to keep the files in /home/_sysupgrade, since they
will be deleted after the upgrade by default. ok kn@

sysupgrade already verifies all sets, so eliminate redundant
verification by the installer:

Verification is triggered by the presence of SHA256.sig.
In sysupgrade, remove SHA256.sig once the signature has been verified.
Compare SHA256 against a stored copy from the previous install/upgrade.

In the installer, stash away a copy of SHA256 and move that code
into install_files() where the sets are actually processed.
Confirm in the response file that we want to proceed without
verifying the sets.

ok florian@ tj@

It is not an error condition if no new snapshot is available.
ok jasper@ florian@

oops, fix unpriv() argument handling; from install.sub

* For "unpriv -f file", chown file back to root once the command finishes,
like install.sub does.
* Only verify the signature once.
* Only checksum the newly downloaded files.

ok florian@

Require root to run (still allow access to usage).

ok naddy@ florian@

Rename -c to -s since the correct term is snapshot, not current. Also
implement -r for symetry reasons to force an upgrade to the next
release.
suggested by & OK deraadt, OK benno, kmos

typo in previous

sysupgrade gains -n for no-reboot option. Accidentally duplicated benno's diff, who
graciously OK'd mine. Improvement from naddy; polishing and OKs from kn and ingo.

Only fetch and upgrade if a new snapshot is available.
Based on a diff by Marco Bonetti (sid77 AT slackware.it).

discussed with deraadt@, OK kn

Install upgrade kernel with ln -f, as per kernel build. ok florian@

Quiet down signify, seeing all the OKs scroll by is not helping.

Fix default MIRROR.

ok florian@

do not re-verify the signature for each file when checking the old files,
sha256 is enough; ok florian@

Use a different approach to determine the appropriate signing key:
Read the first line "untrusted comment ..." from SHA256.sig. Use the
key named there if it corresponds to the current or next OS version.

check owner and permission of download directory

don't be overly specific in set selection and don't use an undefined
variable

Add sysupgrade(8) a tool to upgrade OpenBSD to the next release or a
new snapshot.
Cargo culted from bits and pieces of a script originally posted
by naddy@ to misc, install.sub and syspatch(8)
with & OK deraadt

Fail on invalid installurl

Validate the URL's protocol identifier to avoid passing bogus arguments to
ftp(1) which otherwise might drop into the "ftp> " prompt instead of causing
sysupgrade(8) to exit non-zero.

Code taken from syspatch(8) as advised by ajacoutot.

Feedback jca
Feedback OK naddy

Print usage to stderr, print error messages in errx(3) fashion

While here, rename sg_err()/ug_err() to just err() and sync code between
syspatch(8) and sysupgrade(8).

Feedback OK naddy

Use SETSDIR consistently.
From Alex Holst, thanks!
OK kn

Our old ksh(1) bug where eval()uating a || compound list would terminate the
shell has been fixed by benno@; remove workaround.

ok naddy@

We are no longer using the "keep" file as a flag.
Pointed out by Martin Vahlensieck, thanks!

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@

Simplify sets directory check and creation (/home/_syspatch).
It can now be a symlink.

ok naddy@ solene@ kn@

revert previous, has not been thought through

Show the build date of the (about to be) fetched snapshot / release.
OK phessler, pamela, jung, benno

use the default URL when running fw_update, we can't guarantee that pkg_add will
be able to cope with packages from the next OpenBSD release - firmware packages
are occasionally updated on the release branch post-release.

this should handle most situations - the corner-case is an old snapshot upgrading
to a new snapshot across some types of pkg_add change, but as fw_update is usually
not mandatory this is usually good enough.

ok beck deraadt

print the URL when sysupgrade fetches new sets, allowing time for a quick ^C
if it's going to the wrong place/dir. ok deraadt@

Opportunisticly run fw_update before rebooting to run the upgrade.

Warn if it fails, but allow the upgrade to continue for now.

discussed with many, refinements by naddy@ sthen@

"commit something" deraadt@

Our version numbers go
m.n-beta -> m.n
not
m.n-beta -> m.n + 0.1
Handle this correctly for the -r case to stick to a release after
beta.
OK sthen

use ftp -N option; ok jca

Tweak and sync comment.

Determine the OS version in a way that won't break after 9.9.
Do it the same way in all three copies of the code.

Based on a patch from Chris Waddey.
with & ok ajacoutot

unpriv(): propagate error code to the caller instead of failing hard.
This will allow reacting on failure.

ok florian@

branches: 1.25.2; 1.25.4;
Add where missing and harmonize PATH to be _PATH_DEFPATH (without local nor
X11R6).
Suggested by tb@

ok deraadt@ tb@ millert@

Let sysupgrade(8) handle cleanup of downloaded sets by filling in
/etc/rc.firsttime in preparation of moving the functionality out of
install.sub.
OK deraadt

Let sysupgrade(8) create auto_upgrade.conf file in preparation of
moving the functionality out of install.sub.
OK deraadt

Try harder to have a complete /bsd.upgrade on disk.
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen

Revert my recent sysupgrade changes; it broke unattended upgrades for
espie@. Need to look deeper.

Use the same heuristic as the installer to find a proper prefetch area for the
sets instead of hardcoding /home. This leads the way to a knob for manually
choosing a sets directory if we want that.

Create /auto_upgrade.conf that will get picked up by the installer for the
unattended upgrade mode.

Similar inputs from naddy@ and kn@
ok florian@ kmos@ kn@

tweak verbosity; ok ccardenas@

Add a -k flag to keep the files in /home/_sysupgrade, since they
will be deleted after the upgrade by default. ok kn@

sysupgrade already verifies all sets, so eliminate redundant
verification by the installer:

Verification is triggered by the presence of SHA256.sig.
In sysupgrade, remove SHA256.sig once the signature has been verified.
Compare SHA256 against a stored copy from the previous install/upgrade.

In the installer, stash away a copy of SHA256 and move that code
into install_files() where the sets are actually processed.
Confirm in the response file that we want to proceed without
verifying the sets.

ok florian@ tj@

It is not an error condition if no new snapshot is available.
ok jasper@ florian@

oops, fix unpriv() argument handling; from install.sub

* For "unpriv -f file", chown file back to root once the command finishes,
like install.sub does.
* Only verify the signature once.
* Only checksum the newly downloaded files.

ok florian@

Require root to run (still allow access to usage).

ok naddy@ florian@

Rename -c to -s since the correct term is snapshot, not current. Also
implement -r for symetry reasons to force an upgrade to the next
release.
suggested by & OK deraadt, OK benno, kmos

typo in previous

sysupgrade gains -n for no-reboot option. Accidentally duplicated benno's diff, who
graciously OK'd mine. Improvement from naddy; polishing and OKs from kn and ingo.

Only fetch and upgrade if a new snapshot is available.
Based on a diff by Marco Bonetti (sid77 AT slackware.it).

discussed with deraadt@, OK kn

Install upgrade kernel with ln -f, as per kernel build. ok florian@

Quiet down signify, seeing all the OKs scroll by is not helping.

Fix default MIRROR.

ok florian@

do not re-verify the signature for each file when checking the old files,
sha256 is enough; ok florian@

Use a different approach to determine the appropriate signing key:
Read the first line "untrusted comment ..." from SHA256.sig. Use the
key named there if it corresponds to the current or next OS version.

check owner and permission of download directory

don't be overly specific in set selection and don't use an undefined
variable

Add sysupgrade(8) a tool to upgrade OpenBSD to the next release or a
new snapshot.
Cargo culted from bits and pieces of a script originally posted
by naddy@ to misc, install.sub and syspatch(8)
with & OK deraadt

Use SETSDIR consistently.
From Alex Holst, thanks!
OK kn

Our old ksh(1) bug where eval()uating a || compound list would terminate the
shell has been fixed by benno@; remove workaround.

ok naddy@

We are no longer using the "keep" file as a flag.
Pointed out by Martin Vahlensieck, thanks!

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@

Simplify sets directory check and creation (/home/_syspatch).
It can now be a symlink.

ok naddy@ solene@ kn@

revert previous, has not been thought through

Show the build date of the (about to be) fetched snapshot / release.
OK phessler, pamela, jung, benno

use the default URL when running fw_update, we can't guarantee that pkg_add will
be able to cope with packages from the next OpenBSD release - firmware packages
are occasionally updated on the release branch post-release.

this should handle most situations - the corner-case is an old snapshot upgrading
to a new snapshot across some types of pkg_add change, but as fw_update is usually
not mandatory this is usually good enough.

ok beck deraadt

print the URL when sysupgrade fetches new sets, allowing time for a quick ^C
if it's going to the wrong place/dir. ok deraadt@

Opportunisticly run fw_update before rebooting to run the upgrade.

Warn if it fails, but allow the upgrade to continue for now.

discussed with many, refinements by naddy@ sthen@

"commit something" deraadt@

Our version numbers go
m.n-beta -> m.n
not
m.n-beta -> m.n + 0.1
Handle this correctly for the -r case to stick to a release after
beta.
OK sthen

use ftp -N option; ok jca

Tweak and sync comment.

Determine the OS version in a way that won't break after 9.9.
Do it the same way in all three copies of the code.

Based on a patch from Chris Waddey.
with & ok ajacoutot

unpriv(): propagate error code to the caller instead of failing hard.
This will allow reacting on failure.

ok florian@

branches: 1.25.2; 1.25.4;
Add where missing and harmonize PATH to be _PATH_DEFPATH (without local nor
X11R6).
Suggested by tb@

ok deraadt@ tb@ millert@

Let sysupgrade(8) handle cleanup of downloaded sets by filling in
/etc/rc.firsttime in preparation of moving the functionality out of
install.sub.
OK deraadt

Let sysupgrade(8) create auto_upgrade.conf file in preparation of
moving the functionality out of install.sub.
OK deraadt

Try harder to have a complete /bsd.upgrade on disk.
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen

Revert my recent sysupgrade changes; it broke unattended upgrades for
espie@. Need to look deeper.

Use the same heuristic as the installer to find a proper prefetch area for the
sets instead of hardcoding /home. This leads the way to a knob for manually
choosing a sets directory if we want that.

Create /auto_upgrade.conf that will get picked up by the installer for the
unattended upgrade mode.

Similar inputs from naddy@ and kn@
ok florian@ kmos@ kn@

tweak verbosity; ok ccardenas@

Add a -k flag to keep the files in /home/_sysupgrade, since they
will be deleted after the upgrade by default. ok kn@

sysupgrade already verifies all sets, so eliminate redundant
verification by the installer:

Verification is triggered by the presence of SHA256.sig.
In sysupgrade, remove SHA256.sig once the signature has been verified.
Compare SHA256 against a stored copy from the previous install/upgrade.

In the installer, stash away a copy of SHA256 and move that code
into install_files() where the sets are actually processed.
Confirm in the response file that we want to proceed without
verifying the sets.

ok florian@ tj@

It is not an error condition if no new snapshot is available.
ok jasper@ florian@

oops, fix unpriv() argument handling; from install.sub

* For "unpriv -f file", chown file back to root once the command finishes,
like install.sub does.
* Only verify the signature once.
* Only checksum the newly downloaded files.

ok florian@

Require root to run (still allow access to usage).

ok naddy@ florian@

Rename -c to -s since the correct term is snapshot, not current. Also
implement -r for symetry reasons to force an upgrade to the next
release.
suggested by & OK deraadt, OK benno, kmos

typo in previous

sysupgrade gains -n for no-reboot option. Accidentally duplicated benno's diff, who
graciously OK'd mine. Improvement from naddy; polishing and OKs from kn and ingo.

Only fetch and upgrade if a new snapshot is available.
Based on a diff by Marco Bonetti (sid77 AT slackware.it).

discussed with deraadt@, OK kn

Install upgrade kernel with ln -f, as per kernel build. ok florian@

Quiet down signify, seeing all the OKs scroll by is not helping.

Fix default MIRROR.

ok florian@

do not re-verify the signature for each file when checking the old files,
sha256 is enough; ok florian@

Use a different approach to determine the appropriate signing key:
Read the first line "untrusted comment ..." from SHA256.sig. Use the
key named there if it corresponds to the current or next OS version.

check owner and permission of download directory

don't be overly specific in set selection and don't use an undefined
variable

Add sysupgrade(8) a tool to upgrade OpenBSD to the next release or a
new snapshot.
Cargo culted from bits and pieces of a script originally posted
by naddy@ to misc, install.sub and syspatch(8)
with & OK deraadt

Our old ksh(1) bug where eval()uating a || compound list would terminate the
shell has been fixed by benno@; remove workaround.

ok naddy@

We are no longer using the "keep" file as a flag.
Pointed out by Martin Vahlensieck, thanks!

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@

Simplify sets directory check and creation (/home/_syspatch).
It can now be a symlink.

ok naddy@ solene@ kn@

revert previous, has not been thought through

Show the build date of the (about to be) fetched snapshot / release.
OK phessler, pamela, jung, benno

use the default URL when running fw_update, we can't guarantee that pkg_add will
be able to cope with packages from the next OpenBSD release - firmware packages
are occasionally updated on the release branch post-release.

this should handle most situations - the corner-case is an old snapshot upgrading
to a new snapshot across some types of pkg_add change, but as fw_update is usually
not mandatory this is usually good enough.

ok beck deraadt

print the URL when sysupgrade fetches new sets, allowing time for a quick ^C
if it's going to the wrong place/dir. ok deraadt@

Opportunisticly run fw_update before rebooting to run the upgrade.

Warn if it fails, but allow the upgrade to continue for now.

discussed with many, refinements by naddy@ sthen@

"commit something" deraadt@

Our version numbers go
m.n-beta -> m.n
not
m.n-beta -> m.n + 0.1
Handle this correctly for the -r case to stick to a release after
beta.
OK sthen

use ftp -N option; ok jca

Tweak and sync comment.

Determine the OS version in a way that won't break after 9.9.
Do it the same way in all three copies of the code.

Based on a patch from Chris Waddey.
with & ok ajacoutot

unpriv(): propagate error code to the caller instead of failing hard.
This will allow reacting on failure.

ok florian@

branches: 1.25.2; 1.25.4;
Add where missing and harmonize PATH to be _PATH_DEFPATH (without local nor
X11R6).
Suggested by tb@

ok deraadt@ tb@ millert@

Let sysupgrade(8) handle cleanup of downloaded sets by filling in
/etc/rc.firsttime in preparation of moving the functionality out of
install.sub.
OK deraadt

Let sysupgrade(8) create auto_upgrade.conf file in preparation of
moving the functionality out of install.sub.
OK deraadt

Try harder to have a complete /bsd.upgrade on disk.
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen

Revert my recent sysupgrade changes; it broke unattended upgrades for
espie@. Need to look deeper.

Use the same heuristic as the installer to find a proper prefetch area for the
sets instead of hardcoding /home. This leads the way to a knob for manually
choosing a sets directory if we want that.

Create /auto_upgrade.conf that will get picked up by the installer for the
unattended upgrade mode.

Similar inputs from naddy@ and kn@
ok florian@ kmos@ kn@

tweak verbosity; ok ccardenas@

Add a -k flag to keep the files in /home/_sysupgrade, since they
will be deleted after the upgrade by default. ok kn@

sysupgrade already verifies all sets, so eliminate redundant
verification by the installer:

Verification is triggered by the presence of SHA256.sig.
In sysupgrade, remove SHA256.sig once the signature has been verified.
Compare SHA256 against a stored copy from the previous install/upgrade.

In the installer, stash away a copy of SHA256 and move that code
into install_files() where the sets are actually processed.
Confirm in the response file that we want to proceed without
verifying the sets.

ok florian@ tj@

It is not an error condition if no new snapshot is available.
ok jasper@ florian@

oops, fix unpriv() argument handling; from install.sub

* For "unpriv -f file", chown file back to root once the command finishes,
like install.sub does.
* Only verify the signature once.
* Only checksum the newly downloaded files.

ok florian@

Require root to run (still allow access to usage).

ok naddy@ florian@

Rename -c to -s since the correct term is snapshot, not current. Also
implement -r for symetry reasons to force an upgrade to the next
release.
suggested by & OK deraadt, OK benno, kmos

typo in previous

sysupgrade gains -n for no-reboot option. Accidentally duplicated benno's diff, who
graciously OK'd mine. Improvement from naddy; polishing and OKs from kn and ingo.

Only fetch and upgrade if a new snapshot is available.
Based on a diff by Marco Bonetti (sid77 AT slackware.it).

discussed with deraadt@, OK kn

Install upgrade kernel with ln -f, as per kernel build. ok florian@

Quiet down signify, seeing all the OKs scroll by is not helping.

Fix default MIRROR.

ok florian@

do not re-verify the signature for each file when checking the old files,
sha256 is enough; ok florian@

Use a different approach to determine the appropriate signing key:
Read the first line "untrusted comment ..." from SHA256.sig. Use the
key named there if it corresponds to the current or next OS version.

check owner and permission of download directory

don't be overly specific in set selection and don't use an undefined
variable

Add sysupgrade(8) a tool to upgrade OpenBSD to the next release or a
new snapshot.
Cargo culted from bits and pieces of a script originally posted
by naddy@ to misc, install.sub and syspatch(8)
with & OK deraadt

We are no longer using the "keep" file as a flag.
Pointed out by Martin Vahlensieck, thanks!

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@

Simplify sets directory check and creation (/home/_syspatch).
It can now be a symlink.

ok naddy@ solene@ kn@

revert previous, has not been thought through

Show the build date of the (about to be) fetched snapshot / release.
OK phessler, pamela, jung, benno

use the default URL when running fw_update, we can't guarantee that pkg_add will
be able to cope with packages from the next OpenBSD release - firmware packages
are occasionally updated on the release branch post-release.

this should handle most situations - the corner-case is an old snapshot upgrading
to a new snapshot across some types of pkg_add change, but as fw_update is usually
not mandatory this is usually good enough.

ok beck deraadt

print the URL when sysupgrade fetches new sets, allowing time for a quick ^C
if it's going to the wrong place/dir. ok deraadt@

Opportunisticly run fw_update before rebooting to run the upgrade.

Warn if it fails, but allow the upgrade to continue for now.

discussed with many, refinements by naddy@ sthen@

"commit something" deraadt@

Our version numbers go
m.n-beta -> m.n
not
m.n-beta -> m.n + 0.1
Handle this correctly for the -r case to stick to a release after
beta.
OK sthen

use ftp -N option; ok jca

Tweak and sync comment.

Determine the OS version in a way that won't break after 9.9.
Do it the same way in all three copies of the code.

Based on a patch from Chris Waddey.
with & ok ajacoutot

unpriv(): propagate error code to the caller instead of failing hard.
This will allow reacting on failure.

ok florian@

branches: 1.25.2; 1.25.4;
Add where missing and harmonize PATH to be _PATH_DEFPATH (without local nor
X11R6).
Suggested by tb@

ok deraadt@ tb@ millert@

Let sysupgrade(8) handle cleanup of downloaded sets by filling in
/etc/rc.firsttime in preparation of moving the functionality out of
install.sub.
OK deraadt

Let sysupgrade(8) create auto_upgrade.conf file in preparation of
moving the functionality out of install.sub.
OK deraadt

Try harder to have a complete /bsd.upgrade on disk.
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen

Revert my recent sysupgrade changes; it broke unattended upgrades for
espie@. Need to look deeper.

Use the same heuristic as the installer to find a proper prefetch area for the
sets instead of hardcoding /home. This leads the way to a knob for manually
choosing a sets directory if we want that.

Create /auto_upgrade.conf that will get picked up by the installer for the
unattended upgrade mode.

Similar inputs from naddy@ and kn@
ok florian@ kmos@ kn@

tweak verbosity; ok ccardenas@

Add a -k flag to keep the files in /home/_sysupgrade, since they
will be deleted after the upgrade by default. ok kn@

sysupgrade already verifies all sets, so eliminate redundant
verification by the installer:

Verification is triggered by the presence of SHA256.sig.
In sysupgrade, remove SHA256.sig once the signature has been verified.
Compare SHA256 against a stored copy from the previous install/upgrade.

In the installer, stash away a copy of SHA256 and move that code
into install_files() where the sets are actually processed.
Confirm in the response file that we want to proceed without
verifying the sets.

ok florian@ tj@

It is not an error condition if no new snapshot is available.
ok jasper@ florian@

oops, fix unpriv() argument handling; from install.sub

* For "unpriv -f file", chown file back to root once the command finishes,
like install.sub does.
* Only verify the signature once.
* Only checksum the newly downloaded files.

ok florian@

Require root to run (still allow access to usage).

ok naddy@ florian@

Rename -c to -s since the correct term is snapshot, not current. Also
implement -r for symetry reasons to force an upgrade to the next
release.
suggested by & OK deraadt, OK benno, kmos

typo in previous

sysupgrade gains -n for no-reboot option. Accidentally duplicated benno's diff, who
graciously OK'd mine. Improvement from naddy; polishing and OKs from kn and ingo.

Only fetch and upgrade if a new snapshot is available.
Based on a diff by Marco Bonetti (sid77 AT slackware.it).

discussed with deraadt@, OK kn

Install upgrade kernel with ln -f, as per kernel build. ok florian@

Quiet down signify, seeing all the OKs scroll by is not helping.

Fix default MIRROR.

ok florian@

do not re-verify the signature for each file when checking the old files,
sha256 is enough; ok florian@

Use a different approach to determine the appropriate signing key:
Read the first line "untrusted comment ..." from SHA256.sig. Use the
key named there if it corresponds to the current or next OS version.

check owner and permission of download directory

don't be overly specific in set selection and don't use an undefined
variable

Add sysupgrade(8) a tool to upgrade OpenBSD to the next release or a
new snapshot.
Cargo culted from bits and pieces of a script originally posted
by naddy@ to misc, install.sub and syspatch(8)
with & OK deraadt

Log the old kernel version before doing the upgrade. Makes it easier
to figure out what version you were tunning before the upgrade when
you hit a bug/problem after the upgrade.
ok sthen@