Upgrading OpenWrt on a TL-WR710N

Story is that I have several TP-Link WR710N access points in use, flashed with OpenWrt. The preinstalled (factory) OS is a bit too limiting, resource-intensive and cannot be checked for flaws (or be modified for that matter). Whilst reading the OpenWrt website, I saw they merged with the LEDE project and they are merging their efforts. Hooray for this/these amazing project(s).

Since my installations are a bit stale (and they still work like a charm), it was time to do updates. The project has a fine page about sysupgrade, which describes the process for both the GUI (webinterface) and commandline (preferred). As such I'd like to share the experience, together with some examples.

0 - Check (and modify, if applicable) preserved files

Use these 3 commands to check changed configuration files and/or which files are preserved during upgrades:

opkg list-changed-conffiles
ls /lib/upgrade/keep.d/
cat /etc/sysupgrade.conf

I noticed some files that were missing and added them to the /etc/sysupgrade.conf as such:

echo "/etc/config/dhcp" >> /etc/sysupgrade.conf
echo "/etc/config/network" >> /etc/sysupgrade.conf
echo "/etc/config/wireless" >> /etc/sysupgrade.conf
echo "/etc/passwd" >> /etc/sysupgrade.conf
echo "/etc/group" >> /etc/sysupgrade.conf
echo "/etc/shadow" >> /etc/sysupgrade.conf
echo "/etc/sudoers" >> /etc/sysupgrade.conf
echo "/home/user/.ssh/authorized_keys" >> /etc/sysupgrade.conf

1 - Take note of custom packages and enable SSH

Note that I know exactly which "custom" packages I've installed previously and don't have to look those up. These are unavailable after an upgrade and need to be reinstalled, take that into account.

Since that means I won't be able to use 'su' or 'sudo' after upgrading, I need to reset my dropbear SSH config back to a 'default' compatible configuration. So edit /etc/config/dropbear and ensure these settings are set:

option PasswordAuth         'on'
option RootPasswordAuth     'on'
option RootLogin            'on'

2 - Download the new image and upload it

Go to the downloads website on your desktop and get the image to upgrade to. When upgrading, the image with sysupgrade in the filename should be used. For my specific hardware (and version thereof) I used the 'ar71xx/generic/tl-wr710n-v1-squashfs-sysupgrade.bin' file.

After having downloaded it to the desktop, I uploaded it with 'scp' to /tmp on the device.

3 - Perform the upgrade

This was the easiest part and went flawlessly with the "sysupgrade" tool:

root@kiev:~# sysupgrade -v /tmp/openwrt-15.05.1-ar71xx-generic-tl-wr710n-v1-squashfs-sysupgrade.bin
Saving config files...
etc/config/dhcp
etc/config/dropbear
etc/config/firewall
etc/config/luci
etc/config/network
etc/config/system
etc/config/ubootenv
etc/config/uhttpd
etc/config/wireless
etc/dropbear/dropbear_dss_host_key
etc/dropbear/dropbear_rsa_host_key
etc/group
etc/hosts
etc/inittab
etc/opkg.conf
etc/passwd
etc/profile
etc/rc.local
etc/shadow
etc/shells
etc/sysctl.conf
etc/sysupgrade.conf
killall: watchdog: no process killed
Sending TERM to remaining processes ... dnsmasq ntpd ubusd askfirst logd netifd odhcpd
Sending KILL to remaining processes ... askfirst
Switching to ramdisk...
Performing system upgrade...
Unlocking firmware ...

Writing from <stdin> to firmware ...  [w]w

Appending jffs2 data from /tmp/sysupgrade.tgz to firmware...TRX header not found
Error fixing up TRX header

Upgrade completed
Rebooting system...

4 - Post upgrade actions

Some things need to happen after the upgrade and some are an idiosyncrasy of mine. Since I am a commandline guy, I have no need for the webinterface ( luci ):

opkg remove luci*
opkg remove luci*
opkg remove luci*
opkg remove uhttp*
opkg remove uhttp*

Then I update the package lists:

root@kiev:~# opkg update
Downloading http://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_core
Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_base
Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_luci
Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_packages
Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_routing
Downloading http://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_telephony

And view the packages which are upgradable and upgrade them piece by piece (doing them all at once gave me issues), by copy/pasting these generated lines:

root@kiev:~# opkg list-upgradable | awk '{ print "opkg upgrade " $1  "\\\n"  }' | xargs
opkg upgrade dnsmasq
 opkg upgrade libuci
 opkg upgrade libip4tc
 opkg upgrade uclient-fetch
 opkg upgrade libuclient
 opkg upgrade uci
 opkg upgrade wpad-mini
 opkg upgrade dropbear
 opkg upgrade libip6tc
 opkg upgrade ppp
 opkg upgrade libubox
 opkg upgrade libjson-script
 opkg upgrade libblobmsg-json
 opkg upgrade iptables
 opkg upgrade jshn
 opkg upgrade libxtables
 opkg upgrade ip6tables
 opkg upgrade hostapd-common
 opkg upgrade ppp-mod-pppoe

Then I install my now missing (custom) packages:

opkg install sudo

Almost there. Restore the SSH configuration back to the default I used previously, by editing /etc/config/dropbear:

option PasswordAuth         'off'
option RootPasswordAuth     'off'
option RootLogin            'off'

Last but not least, a sync and final reboot and everything should be done.

sync
reboot

5 - Errors I experienced

This is a neat error, which checks if your hardware is the correct one for the image you are using. It prevented me from flashing the wrong image (I have a different hardware revision)

root@kiev:~# sysupgrade -v /tmp/lede-17.01.4-ar71xx-generic-tl-wr710n-v2.1-squashfs-sysupgrade.bin
Invalid image, hardware ID mismatch, hw:07100001 image:07100002.
Image check 'platform_check_image' failed.

I also had an unresponsive SSH session, because of a typo in the SSH configuration. I had to use the failsafe method to restore it, but it saved me the effort of flashing the firmware from scratch. The failsafe method is simple, press (in my case) the hardware reset button, when the LED is flashing (right after a cold boot). Then I set my ethernet to a static IP configuration (192.168.1.2/24) and then still couldn't SSH into the box, reachable at 192.168.1.1. Luckily telnet is also available in failsafe. So I telnetted in, ran mount_root (to change from read-only to read/write) and fixed the SSH configuration. After a reboot, that was it!