OpenWrt now has a feature called Attended Sysupgrade that removes the friction required to do a sysupgrade. Previously, we needed to take note of the user installed packages on a system so they could be manually re-installed after the sysupgrade, but now the ASU backend dynamically builds an image with our custom packages pre-installed.
This makes it even more convenient to stay up-to-date on security fixes and features in OpenWrt.
Install Attended Upgrade
Use opkg to install Attended Upgrade for the CLI and luci.
opkg update # attended sysupgrade for CLI/luci opkg upgrade auc luci-app-attendedsysupgrade
Run Attended Sysupgrade
Attended Sysupgrade can be run from Luci, but in this article we will run from the CLI. In the example below we can see that we are currently running 22.03.1, and 22.03.2 has been identified as available.
# auc auc/0.3.1-1 Server: https://sysupgrade.openwrt.org Running: 22.03.1 r19777-2853b6d652 on mvebu/cortexa9 (linksys,wrt1900acs) Available: 22.03.2 r19803-9a599fee93 Requesting package lists... ... Are you sure you want to continue the upgrade process? [N/y] y Requesting build...... ... image verification succeeded invoking sysupgrade
The -b flag can be used to explicitly request a target version (e.g. auc -b 21.02 or auc -b 22.03.02)
It can take from 2-10 minutes for the backend ASU server to dynamically build and return your custom binary image (pre-installed with your list of custom packages).
Validating sysupgrade
Your ssh client connection will be lost as the sysupgrade is applied. Attempt reconnecting after 60 seconds.
The banner should be updated with the target version.
# cat /etc/banner _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- OpenWrt 22.03.2, r19803-9a599fee93 -----------------------------------------------------
And the luci interface should reflect the new version as well, the bottom of the page will show a “Powered by LuCI openwrt-xx.y.z” message.
REFERENCES
github, Attended sysupgrade server backend
OpenWrt forums, set password from CLI
floatingoctothorpe.uk, using curl with luci
OpenWrt CVE known vulnerabilities in current versions
NOTES
If you get errors about auc reponses, try restarting the rpc service
# run if getting errors responses from auc /etc/init.d/rpcd restart