Updated packages for released firmware


I'm currently experimenting with OpenWrt x86 on an embedded PC using 23.05-rc2 and so far so good. However since installing it a few weeks ago I've noticed that running opkg update and opkg list-upgradable now shows a number of available package updates. I upgraded cURL as a test and noticed that the download URL displayed included 23.05-rc2 in the path.

When it comes to final stable releases of OpenWrt are the packages for that particular release fixed and locked at the versions available at the time of release or can you expect to have updated packages available as the weeks and months go by? I'm just wondering if I go to install a new package a few months after 23.05 is released (to add some new functionality) is there a chance that it could be a newer version than was produced at release time which may cause compatibility problems?

Presumably the only reason I'm seeing updated packages available at the moment is because I'm using an RC build rather than a final one? I've seen the various wiki warnings and forum posts strongly advising against upgrading packages but they don't make it clear under what circumstances updates would actually be made available.

Thanks in advance and please point me to any relevant wiki pages or forum posts if I've missed or misunderstood the content in them on this topic.

Upgrading packages (via the CLI opkg upgrade command or the LuCI Upgrade... button) can result in major problems. It is generally highly discouraged, unless you know what you are doing or if there is specific instruction to do so.

No, even stable releases do show packages that are 'upgradable' as new packages are built over time.

1 Like

Wow that was a quick response, thanks!

Maybe I should have used a better title, I'm thinking more from my later point about adding a new package a couple of months down the line (e.g. something like WireGuard), is it still safe to do so or could some other change in the interim cause problems? Surely you can't expect people to know right at the start the exact set of packages they're going to want in a year's time?

Yes. No problem here. This is one of the big reasons stable releases (including the "RC" series) are important and useful -- packages can be installed at any time.

Compare this against snapshots which are built daily and the package repos are not 'frozen.' This means that the packages available in the repo may no longer be compatible with the installed snapshot (usually kernel version mismatch), and that can happen in as little as 24h after the snapshot image is available for download.

OK so does that mean that I would be safe to upgrade WireGuard in future if a new version of the package for the 23.05 stable release became available, e.g. with important bugfixes that I needed?

Is it really therefore upgrading the core packages which are part of the base image that is strongly discouraged?

Apologies for all the questions, just trying to get my head around the (to me) slightly confusing messaging on this subject.

So there's a bit of stuff to unwrap here... I'll try to explain as best as I can...

  • When you install a stable/RC release, the repos used for the package manager will be pre-populated with the correct repo feeds. This will allow you to install a package immediately or at any time in the future, using the repo feed that corresponds with the version you've installed.
  • The repo feeds will not update when there is a new release of OpenWrt -- it will continue to point to the one that corresponds to your installed version. You should never override this behavior as it will only cause problems (there may be some rare instances to the contrary, but for all practical purposes, leave it alone).
  • This means that newer versions of a given package that target a newer release of OpenWrt will not show up in your feed -- at least insofar as there are lower level depenencies in the OpenWrt version that would not be compatible.
  • There may be package "upgrades" available in the repo feeds over time that do apply to the version of OpenWrt you are using.... generally speaking, upgrading them is not recommended unless there is a bug fix/security patch or feature addition that is needed, but it should usually be okay if it is targeted, but it is not guaranteed. (Do not do the blind 'upgrade all packages' thing or you will increase the risk of problems).

Key core components like the kernel can never be upgraded using the package upgrade process -- it's impossible. For that, you will always use the sysupgrade process (this will upgrade the version of OpenWrt which will include all of the underlying depdndencies required for it to work).

When you upgrade your OpenWrt version using sysupgrade, it will optionally keep your configurations, but it will erase all user-installed packages. You'd re-install the packages after the upgrade is complete. Alternatively, you can use the "Attended Sysupgrade" which will attempt to keep your packages intact (from the user perspective). What ASU actually does is it builds a custom firmware image with all of your packages and then flashes that to your router. This will assemble an image that is self-consistent in terms of the version dependencies. You can also do this manually, too.

Does that help?


AFAIK the releases do receive at least some package updates. All the bugfixes and security fixes should be picked from snapshots for most recent release at least and sometimes just package updates also make it to the release branch as well, as evident from this: https://github.com/openwrt/packages/pulls?q=is%3Apr+in%3Atitle+22.03


The explanations given so far are a bit incomplete. The issue is rather complex.

In nutshell, for a point release like 23.05.0-rc2 :

  • The downloadable firmware image with kernel and core packages doesn't change over time. It has been compiled once and stays there
  • opkg points to dedicated kernel modules repo, so all kmod installations later will also be from the exact same build of 23.05.0-rc2
  • for normal "vanilla" packages, the opkg points to a live download repo that is built daily. So, you may today get a newer version of nano editor than you would have got a month ago. The packages are common for all 23.05 releases. This causes the "upgradable" packages to surface

See how 23.05.5-rc2 downloads lead to fixed target site and a symlink leading to generic live 23.05 packages site...

Those repos are also used by imagebuilder , auc and attendedsysupgrade, meaning that a tailored personal 23.05.0-rc2 sysupgrade image built today may slightly differ from one built a few weeks ago, if some included packages have changed.

Usually that live packages repo is no problem, but there can be problems if certain deep-level packages are updated and ABI versioning changed.

In general, it is usually safer to build a new personal sysupgrade image with coherent package set, than later opkg upgrade individual packages.

But if you build firmware from sources with the full toolchain, the impact is again different, depending on how you checkout the repo

  • checking out a release tag 23.05.0-rc2 leads to to fixed packages in build, not taking the later fixes or upgrades
  • Checking out the 23.05 branch head gives you updated everything, also kernel and core packages.

(Additionally, all sources and packages are branch-specific, so 22.03, 23.05 and main/master have totally different sets.)


Thanks for the detailed responses @psherman and @hnyman, I now understand the situation much more clearly. I think it would maybe be helpful to future OpenWrt users for some of this information to be added to the wiki but unfortunately that's something I don't yet seem to have access to.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.