Upgrading OpenWrt on a TL-WR710N
Story is that I have several TP-Link WR710N access points in use, flashed with OpenWrt. The preinstalled (factory) OS is a bit too limiting, resource-intensive and cannot be checked for flaws (or be modified for that matter). Whilst reading the OpenWrt website, I saw they merged with the LEDE project and they are merging their efforts. Hooray for this/these amazing project(s).
Since my installations are a bit stale (and they still work like a charm), it was time to do updates. The project has a fine page about sysupgrade, which describes the process for both the GUI (webinterface) and commandline (preferred). As such I'd like to share the experience, together with some examples.
0 - Check (and modify, if applicable) preserved files
Use these 3 commands to check changed configuration files and/or which files are preserved during upgrades:
opkg list-changed-conffiles ls /lib/upgrade/keep.d/ cat /etc/sysupgrade.conf
I noticed some files that were missing and added them to the /etc/sysupgrade.conf as such:
echo "/etc/config/dhcp" >> /etc/sysupgrade.conf echo "/etc/config/network" >> /etc/sysupgrade.conf echo "/etc/config/wireless" >> /etc/sysupgrade.conf echo "/etc/passwd" >> /etc/sysupgrade.conf echo "/etc/group" >> /etc/sysupgrade.conf echo "/etc/shadow" >> /etc/sysupgrade.conf echo "/etc/sudoers" >> /etc/sysupgrade.conf echo "/home/user/.ssh/authorized_keys" >> /etc/sysupgrade.conf
1 - Take note of custom packages and enable SSH
Note that I know exactly which "custom" packages I've installed previously and don't have to look those up. These are unavailable after an upgrade and need to be reinstalled, take that into account.
Since that means I won't be able to use 'su' or 'sudo' after upgrading, I need to reset my dropbear SSH config back to a 'default' compatible configuration. So edit /etc/config/dropbear and ensure these settings are set:
option PasswordAuth 'on' option RootPasswordAuth 'on' option RootLogin 'on'
2 - Download the new image and upload it
Go to the downloads website on your desktop and get the image to upgrade to. When upgrading, the image with sysupgrade in the filename should be used. For my specific hardware (and version thereof) I used the 'ar71xx/generic/tl-wr710n-v1-squashfs-sysupgrade.bin' file.
After having downloaded it to the desktop, I uploaded it with 'scp' to /tmp on the device.
3 - Perform the upgrade
This was the easiest part and went flawlessly with the "sysupgrade" tool:
root@kiev:~# sysupgrade -v /tmp/openwrt-15.05.1-ar71xx-generic-tl-wr710n-v1-squashfs-sysupgrade.bin Saving config files... etc/config/dhcp etc/config/dropbear etc/config/firewall etc/config/luci etc/config/network etc/config/system etc/config/ubootenv etc/config/uhttpd etc/config/wireless etc/dropbear/dropbear_dss_host_key etc/dropbear/dropbear_rsa_host_key etc/group etc/hosts etc/inittab etc/opkg.conf etc/passwd etc/profile etc/rc.local etc/shadow etc/shells etc/sysctl.conf etc/sysupgrade.conf killall: watchdog: no process killed Sending TERM to remaining processes ... dnsmasq ntpd ubusd askfirst logd netifd odhcpd Sending KILL to remaining processes ... askfirst Switching to ramdisk... Performing system upgrade... Unlocking firmware ... Writing from <stdin> to firmware ... [w]w Appending jffs2 data from /tmp/sysupgrade.tgz to firmware...TRX header not found Error fixing up TRX header Upgrade completed Rebooting system...
4 - Post upgrade actions
Some things need to happen after the upgrade and some are an idiosyncrasy of mine. Since I am a commandline guy, I have no need for the webinterface ( luci ):
opkg remove luci* opkg remove luci* opkg remove luci* opkg remove uhttp* opkg remove uhttp*
Then I update the package lists:
root@kiev:~# opkg update Downloading http://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/packages/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_core Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/base/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_base Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/luci/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_luci Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/packages/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_packages Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/routing/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_routing Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/telephony/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_telephony
And view the packages which are upgradable and upgrade them piece by piece (doing them all at once gave me issues), by copy/pasting these generated lines:
root@kiev:~# opkg list-upgradable | awk '{ print "opkg upgrade " $1 "\\\n" }' | xargs opkg upgrade dnsmasq opkg upgrade libuci opkg upgrade libip4tc opkg upgrade uclient-fetch opkg upgrade libuclient opkg upgrade uci opkg upgrade wpad-mini opkg upgrade dropbear opkg upgrade libip6tc opkg upgrade ppp opkg upgrade libubox opkg upgrade libjson-script opkg upgrade libblobmsg-json opkg upgrade iptables opkg upgrade jshn opkg upgrade libxtables opkg upgrade ip6tables opkg upgrade hostapd-common opkg upgrade ppp-mod-pppoe
Then I install my now missing (custom) packages:
opkg install sudo
Almost there. Restore the SSH configuration back to the default I used previously, by editing /etc/config/dropbear:
option PasswordAuth 'off' option RootPasswordAuth 'off' option RootLogin 'off'
Last but not least, a sync and final reboot and everything should be done.
sync reboot
5 - Errors I experienced
This is a neat error, which checks if your hardware is the correct one for the image you are using. It prevented me from flashing the wrong image (I have a different hardware revision)
root@kiev:~# sysupgrade -v /tmp/lede-17.01.4-ar71xx-generic-tl-wr710n-v2.1-squashfs-sysupgrade.bin Invalid image, hardware ID mismatch, hw:07100001 image:07100002. Image check 'platform_check_image' failed.
I also had an unresponsive SSH session, because of a typo in the SSH configuration. I had to use the failsafe method to restore it, but it saved me the effort of flashing the firmware from scratch. The failsafe method is simple, press (in my case) the hardware reset button, when the LED is flashing (right after a cold boot). Then I set my ethernet to a static IP configuration (192.168.1.2/24) and then still couldn't SSH into the box, reachable at 192.168.1.1. Luckily telnet is also available in failsafe. So I telnetted in, ran mount_root (to change from read-only to read/write) and fixed the SSH configuration. After a reboot, that was it!