Sysupgrade overly protective, -F doesn't force

Use case:

Remote router, no connectivity unless the switch is configured properly when it comes up. Transitioning from swconfig to DSA. Backup of "proper" config has been made and is resident at /home/jeff/backup.2022-05-26-dsaconfig.tar

jeff@office:/etc$ sysupgrade -F -f /home/jeff/backup.2022-05-26-dsaconfig.tar /tmp/OpenWrt-2022-05-25_1705-0700-ipq40
Thu May 26 15:19:30 PDT 2022 upgrade: The device is supported, but the config is incompatible to the new image (1.0->1.1). Please upgrade without keeping config (sysupgrade -n).
Thu May 26 15:19:30 PDT 2022 upgrade: Config cannot be migrated from swconfig to DSA
Image check failed but --force given - will update anyway!
Thu May 26 15:19:30 PDT 2022 upgrade: Commencing upgrade. Closing all shell sessions.
Command failed: Not found

Expected that the image would be flashed and that the specified backup file would be used to configure the device.

Result was that "nothing happened", inconsistent with the help for -F and the messages.

Just from a concept, mixing -F and -f sounds like a recipe for disaster. I know that --force is a bit more commonly necessary due to major disruptions like the DSA migration, but just in principle, --force means all bets are off and things like restoring a config tarball simply shouldn't be up for discussion (technically the tarball is written behind the firmware, and then its contents re-inserted into the newly formatted overlay partition upon the next boot - but --force is the big hammer, which might be used in combination with OEM firmware which would break horribly in this situation). sysupgrade should probably more vocally reject this (and other) parameter combination(s), but I don't think it should ever allow it.

There is a less disruptive trick, 'fix' your config (including the ABI marker in /etc/config/system) before invoking sysupgrade (without --force) - if you know exactly what you're doing, it's less risky than --force (worst case would be having to firstboot), but it obviously will 'break' your good config on dual-firmware devices.

1 Like

Did you try what the sysupgrade was asking for: "sysupgrade -n -F -f config.tar ... " ?
I never dared keeping old config values AND mixing them up with values from config.tar .