ich have a question:
Is it normal that estimated every third to fith day when i check the packages update, i get 16 updates i can update?
The number of the updates is very Often / allways (?) the same or do i somehing wrong (not overwriting the package content or something i can check on in an checkbox...)
Thanks for an answer!
It makes no sense to update packages that frequently. Most the changes are probably minor text changes in LuCI GUI, or something similar.
In general, blindly updating everything possible often may lead you into trouble (as in smaller router the flash space will fill up) and there may be minor incompatibilities.
OpenWrt is essentially designed for old routers with very limited flash size. Typical flow goes:
- flash a firmware and install the possible add-on packages at the same time,
- wait a few weeks/months
- flash a new firmware and install...
Although you can opkg update packages, it usually makes no visible impact, as you would not update the core OpenWrt, but just one of the thousands to upstream packages (nano, collectd, openssl, mbedtls, whatever...) that are used for add-on functionality. When those packages release new versions upstream, those new version are brought to OpenWrt, but quite often there is no visible change to the end-user. (E.g. what does updating nano editor from 4.7 to 4.8 actually offer for you?)
New OpenWRT user here. I hope I can bump this with more questions.
I read in some thread (I can't find it) that updating core packages is ABSOLUTELY NOT RECOMMENDED!
It sounds like you can do it though because I find some other users who have been doing it seemingly without consequences.
I read that you can run out of space. Well, I have about 10MB of space and the total of 20 packages I have listed as "updates" is about 1MB.
I also read that "updating" packages doesn't really "update" them in the core "rom" area but writes them in an additional area, so everything you "update" is really taking a lot more space? Is that correct?
I understand that I might not get anything substantially new by updating something from version 4.6 to 4.7, but if I can do it and the system lets me do it with a simple click... why shouldn't I just to be more current?
I'm also not fully sure how github works, but if these updates are not "safe" or "meant to be used with current/non-snapshot OpenWRT" isn't there a way to put them in a "testing" channel so they don't really show up until OpenWRT is updated? Or is it for ease of testing or something that they show up in "release" effectively?
TL;DR should I just hit that update button on a newer router (Archer C7) with enough space?
NO! Seriously, there is rarely any benefit to performing the
opkg upgrade process, and high risk. Only perform such upgrades if a) you understand the risks and the fact that you may soft-brick your router and have to start over (and in the meantime, you could also have really odd and difficult to troubleshoot problems, minor and/or major) and/or b) you know exactly what you want to upgrade (selectively) and are still willing to take the risk described in (a).
If you update anything that has dependencies on the kernel itself, you are likely to experience major problems.
Just make sure you are up to date with 19.07.2 and be done with it until 19.07.3 and newer come out.
I don't make any recommendations and I speak only from experience from a single installation of OpenWRT on x86_64 with plenty of free disk space.
I have run 17.04 and 18.06 (the latter is security maintained until May) for about two years now with nightly "opkg upgrade"s plus reboot if new packages are found. The router has been rock solid.
It would be very nice if someone explained in technical detail:
If the stable branch is not kept in sync with regards to dependencies between the kernel and packages or between packages -- why is that done?
If I, like most people, don't have time checking the security advisories or go looking for new minor versions of my router very often, how am I supposed to keep it secured without automatically updating it? The recommended fix on the security page always seem to be to run "opkg upgrade" anyway (which I do nightly).
As I understand it, all package changes appear in the stable repositories and by doing the nightly "opkg upgrade" I will run the packages from the latest minor version, even though the login banner has not been updated and still shows an old minor version. Right?
The kernel on the other hand is not a package in OpenWRT and would only be updated upon new firware installation. Right? Most security fixes in the kernel (which are rare) would presumably not break the ABI to drivers unless absolutely necessary?
This is a VERY BAD IDEA and it is not recommended anywhere.
This can cause all sorts of problems -- some major, some minor. If you haven't run into problems yet, consider yourself very lucky. There are no ABI checks in the okpg package manager and you could end up with mismatched low level dependencies (kernel level) which can cause minor or major problems (including soft-bricking your router).
There are numerous threads on the forums of people asking this same question, and even more from people who have messed up their routers using
opkg upgrade. It is never recommended, but if you decide to use this method, be selective with the package upgrades (don't blindly upgrade everything) and know that you may have to start over completely if something goes wrong (which is not unlikely).
The vast majority of security related issues do not constitute major threat vectors for OpenWrt. When major vulnerabilities do arise, they are usually updated fairly quickly in an official maintenance release. If you want to be on the bleeding edge to capture all security and feature updates, run snapshots and update regularly (using the sysupgrade path). Otherwise, wait for the official stable releases.