OpenWRT: Manage correctly the process to upgrade to the new version!

Article published the ; modified the
3 minute(s) to read

This article has 547 words.
RAW source of the article: MD

Description

OpenWRT has a tool to upgrade the system, named sysupgrade. You can invoque on the Luci’s web admin, since the menu “System” > “Flash firmware”.

The main problem is - by default - sysupgrade will remove all traces of custom configuration; unless you take a few useful precautions first!

This article explain the process, only into CLI mode!
(faster, and fully functional)

Process

The first action is install the tool curl, because the native wget does not support TLS.

# opkg install curl

opkgscript.sh

1/ Next, we fetch this usefull shell script: opkgscript.sh

$ curl -O https://raw.githubusercontent.com/richb-hanover/OpenWrtScripts/master/opkgscript.sh

Put the +x needed rights:
# chmod 0700 opkgscript.sh

Tip

2/ backup the list of installed packages; to re-install esay them after the sysupgrade process:

# ./opkgscript.sh -v write

This script write the list into file /etc/config/opkg.installed.

Download firmware

Let’s retrieve the new firmware version (e.g. the v19.07.4, and, for the Ubiquiti EdgeRouter X) :

$ curl -O https://downloads.openwrt.org/releases/19.07.4/targets/ramips/mt7621/{openwrt-19.07.4-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin,sha256sums}

And, we check the checksum:
$ sha256sum -c sha256sums 2> /dev/null | grep OK

Backup configuration

The next step check the backup configuration:

# sysupgrade -l

If necessary, you can edit the file /etc/sysupgrade.conf to add some folders/files; for instance, in the case where a user has been added to the **sudo** group , you need to add those:

  • /etc/sudoers
  • /etc/sudoers.d/

Check again; and, backup the configuration:

# sysupgrade -b /tmp/backup-${HOSTNAME}-$(date +%F).tar.gz

And, after, it is necessary to retrieve this backup:
$ scp root@openwrt:/tmp/backup*.tar.gz $(pwd)
(where ‘openwrt’ is the adresse IP about your router)

Final checks

Let’s make sure of the memory and disk space with the commands free and df.

Now, delete all is now useless:

  • package list files:
    # rm -r /tmp/opkg-lists/
  • caches:
    # sync && echo 3 > /proc/sys/vm/drop_caches
  • And if necessary, removal of the following wifi drivers:
    # rm /etc/modules.d/*{80211,ath9k,b43}*

Upgrade system

Now, it’s time to upgrade the system:

# sysupgrade -v openwrt-19.07.4-*-sysupgrade.bin

Example, for the Ubiquiti EdgeRouter X:
suspgrade -v openwrt-19.07.4-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin

Code: ash

Saving config files...
etc/config/dhcp
etc/config/dhcp-opkg
etc/config/dropbear
etc/config/firewall
etc/config/firewall-opkg
etc/config/https-dns-proxy
etc/config/https-dns-proxy-opkg
etc/config/luci
etc/config/luci-opkg
etc/config/network
etc/config/ntpclient
etc/config/opkg.installed
etc/config/rpcd
etc/config/system
etc/config/ucitrack
etc/config/ucitrack-opkg
etc/config/uhttpd
etc/dropbear/authorized_keys
etc/dropbear/dropbear_rsa_host_key
etc/group
etc/hosts
etc/inittab
etc/luci-uploads/.placeholder
etc/opkg/keys/0b26f36ae0f4106d
etc/opkg/keys/1035ac73cc4e59e3
etc/opkg/keys/5151f69420c3f508
etc/opkg/keys/72a57f2191b211e0
etc/opkg/keys/792d9d9b39f180dc
etc/opkg/keys/9ef4694208102c43
etc/opkg/keys/b2d571e0880ff617
etc/opkg/keys/b5043e70f9a75cde
etc/opkg/keys/c10b9afab19ee428
etc/opkg/keys/dace9d4df16896bf
etc/opkg/keys/dd6de0d06bbd3d85
etc/opkg/keys/f94b9dd6febac963
etc/passwd
etc/profile
etc/profile.d/opkg.sh
etc/rc.local
etc/shadow
etc/shells
etc/sysctl.conf
etc/uhttpd.crt
etc/uhttpd.key
etc/uhttpd.key
etc/uhttpd.crt
Commencing upgrade. Closing all shell sessions.
Tip

At this moment, your SSH session close, and the router reboot!

Warning

Upgrade packages

# opkg update && opkg list-upgradable

Restore “user profil”

After repeating the step about curl and the script opkgscript.sh, we run the script to reinstall all packages previously intalled by you:

# ./opkgscript.sh -v install

And, after… the last but not the least: reboot!


Ultimates Checks

Check your configuration:

  • your various network interfaces are always present and operational?
  • your firewall configuration is correct?
  • your different services run correctly? Have you a IPv6 tunnel, OpenVPN, or others services, usually, accessed by the menu “Services”?

Voilà…