OpenWrt: sysupgrade using Attended Sysupgrade

OpenWrt now has a feature called Attended Sysupgrade that removes the friction required to do a sysupgrade.  Previously, we needed to take note of the user installed packages on a system so they could be manually re-installed after the sysupgrade, but now the ASU backend dynamically builds an image with our custom packages pre-installed.

This makes it even more convenient to stay up-to-date on security fixes and features in OpenWrt.

Install Attended Upgrade

Use opkg to install Attended Upgrade for the CLI and luci.

opkg update

# attended sysupgrade for CLI/luci
opkg upgrade auc luci-app-attendedsysupgrade

Run Attended Sysupgrade

Attended Sysupgrade can be run from Luci, but in this article we will run from the CLI.  In the example below we can see that we are currently running 22.03.1, and 22.03.2 has been identified as available.

# auc
auc/0.3.1-1
Server: https://sysupgrade.openwrt.org
Running: 22.03.1 r19777-2853b6d652 on mvebu/cortexa9 (linksys,wrt1900acs)
Available: 22.03.2 r19803-9a599fee93
Requesting package lists...
...
Are you sure you want to continue the upgrade process? [N/y] y
Requesting build......
...
image verification succeeded
invoking sysupgrade

The -b flag can be used to explicitly request a target version (e.g. auc -b 21.02 or auc -b 22.03.02)

It can take from 2-10 minutes for the backend ASU server to dynamically build and return your custom binary image (pre-installed with your list of custom packages).

Validating sysupgrade

Your ssh client connection will be lost as the sysupgrade is applied.  Attempt reconnecting after 60 seconds.

The banner should be updated with the target version.

# cat /etc/banner
  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.2, r19803-9a599fee93
 -----------------------------------------------------

And the luci interface should reflect the new version as well, the bottom of the page will show a “Powered by LuCI openwrt-xx.y.z” message.

 

REFERENCES

OpenWrt, Attended Sysupgrade

github, Attended sysupgrade server backend

OpenWrt forums, set password from CLI

floatingoctothorpe.uk, using curl with luci

OpenWrt CVE known vulnerabilities in current versions

NOTES

If you get errors about auc reponses, try restarting the rpc service

# run if getting errors responses from auc
/etc/init.d/rpcd restart