You might find this useful: Single command to update packages & remove "-opkg's"

I managed to bundle about five commands I used to run to keep my packages up to date, and not have those pesky "-opkg" config files left over in /etc/config that I had to manually remove, into a single big one!

(for those who don't know, -opkg config files are conflicts from updating, containing basically empty configurations, perfectly safe to remove as OpenWrt doesn't use them anyway)

I have ran this twice already in the last few weeks, so far everything is working fine. Make sure you have enough free memory as it's a large command.

Here it is:

opkg update && opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade && find /etc/config -name "*-opkg" -type f -print0 | xargs -0 /bin/rm -f

This is a very dangerous thing to do and will cause router instability over time...


Why is it dangerous? Take a closer look at what this command does.

I never had a single issue with updating packages, including the luci-apps which always improve.

I know exactly what it does, but OpenWrt package system is not designed to update individual packages unless it is a one-off emergency security update or something like that. Some packages can never be updated this way so you will eventually end up with mismatched packages.
Search the forum for this.

1 Like

1 Like

Please provide an exact link to the post that mentions that issue.

19.07 even lets you update packages from the web interface, the "Updates" tab, nothing like an emergency or mismatch or whatever you're saying here.

The only thing I ever saw on this forum about this subject was how to update all packages, which is where I got the middle command from. I ran it weekly for 3 years already. Not once did any package screw up.

@tmomas I saw it now. Let me tell you, on at least few occasions even upgrading some core packages like pppoe, and apps like adblock, sqm and openvpn, fixed many bugs even in stable builds of OpenWRT. And again, I never had unsaftisfied dependencies or the thing.

Sorry to tell you all but this is negative advertising, OpenWrt is a very well put together distro.

Maybe that disclaimer is for old versions!

No, it's not.

You may be convinced of your findings, based on a couple of days of anecdotal evidence, but its will self-destruct sooner or later. Feel free to be your own guinea pig, just don't recommend it as the holy grail, because your approach will fail - there's plenty of practical experience in this regard (and knowledge about the theoretical background, read up on ABI versioning and lack of SONAME bumps or strict symbol versioning - and that's only part of the story). OpenWrt is built on the expectation that all packages and their dependencies are consistent, something that fails to apply over upgrades.

If you're looking for in-place upgrades, look elsewhere - full blown general purpose distributions (Debian, Fedora, OpenSuSE, Ubuntu, …) are better at this, but they also have the luxury of having more storage (for parallel installations of multiple library SONAMEs, kernel version, etc.) at their disposal, than most common OpenWrt targets can ever dream of.


If you want to stay up to date and not build the firmware, use the image builder. It takes me three minutes to whip up a new mage file with all the packages included and no dependency issues.

1 Like

Pure luck.
There are reports of other users running into deep shit doing so.
A generalized "it is safe to blindly upgrade all packages" is generally not advisable.

1 Like

I wouldn't trust the image builder anymore. The only problem I ever had was with a snapshot build bricking the router and corrupting it's wifi calibration UBI partition (which, at that time I didn't had backed up, now I do). After unbricking it I had no wifi. I sold it for next to nothing and got another AC58U. Now, I don't know exactly if the image builder is exactly the same as a snapshot, is it? You can point the image builder to only build stable releases? I'd use that, honestly.

@tmomas Understood. You can edit the thread if you desire. I still think that this sort of issue is only with routers needing custom workarounds or special builds, but still, I got your point, This may be not 100% universal from your point of view.

@slh Same as above, and as my Linux experience is not extremely widespread (I'll read about ABI versioning&SONAME, are those meant to be dev's mistakes?) I cannot argue about package dependencies or the difficulty managing them in other general purpose distros. I do consider OpenWrt to be extremely simple and rock solid though. And of course I wasn't meant to push my findings to everyone, it's never okay to do this.

It's just that I know many people on lots of routers, who update all the packages without any issue, and I simplified that process, and now I wanted to share this finding with others. Thanks for the answer.

No, not mistakes, but rather an evolution of an API.

OpenWrt Image Builder

It will take some effort to get this going, but in the end you will always have a consistent firmware image. You can build either snapshot or any stable build: you just need to download a correct image builder file and always re-download it for the next build.

1 Like

Yes, but due to practical limitations of hardware, it has to rely on user's wisdom when it comes to the version consistency of the packages they add (or upgrade).

My LG TV remote broke, so I had to get a replacement. Even though the replacement was an original LG remote, it wasn't for the exact model as mine. Most buttons work with my TV, but not all of them. There is nothing wrong with the TV itself, and nothing wrong with the remote either. It's just that they are not 100% compatible, but it appears that the engineer of LG changed some codes between models. The same can happen with packages; there can be changes in the firmware (or the kernel), that require (or allow) a change in the packages (or their dependencies).

You could be lucky with some packages for some upgrades, but eventually you will come across issues of incompatibility. You are practically playing the Russian roulette with your router.

I will bring a new argument to the table, and that is something I already said here but was unnoticed - If updating packages is so dangerous, why is there an "Updates" tab since 19.07? And why does it list all the packages, instead of just the luci-apps that are "presumably safer" to upgrade?

While there is indeed no option to upgrade all, it is certainly possible to upgrade any of these packages at your liking, there's nothing filtered out.

1 Like

Look like a gui for "opkg update". It gives you a list of what is upgradeable. Upgrading packages (button on the right) is still not recommended, until you know what youre doing. I learned it myself the hard way some years ago. Breaking my main router was not really funny after doing a massive update like youre implying doing since 3 years.

Beside that, i never had an issue with the imagebuilder for a metric ton of different devices.

The real alternative is to do automatic firmware rollouts like projects related to Freifunk are doing with gluon (OpenWrt fork).

Absolutely right, I've been updating all packages weekly as a task for 3 years, on around 5 different models of routers. It is very important for when there's no new openwrt version for a while, for instance.
Also, when you for instance install a new module or luci-app, it fetches the latest version, not the version that other packages had at the time that version of openwrt was released.
That is the standard GUI in the Software tab. That button kinda sits there in a prominent place isn't it?

Thanks for the suggestion, I'll try Freifunk with image builder, to also have the Linux version to date on the router. I'm opening ports without VPN :grimacing:
Yes I know that with image builder you also get the latest versions of packages, yeah, but what if compilation sometimes fails, or something breaks in the configuration? I had a router bricked by a bad build before.

I mean, opkg upgrade from an official repo, can't be more dangerous than sysupgrade to a potentially unstable build you done yourself, right? That's why I keep supporting opkg upgrade.

Never had a single issue with the image builder. There are times when some packages are not available, so I just try a few hours later. So do not spread unwarranted fear.
By upgrading packages only you are not upgrading the kernel and other base packages, so you are not really getting a more secure and up to date router, even though it feels like you do.

1 Like

Stay with OpenWRT, just look into the infrastructure the different FF communitys are running. In matter of bugs, always test the firmware first on a device you have easily access to. We basically never have bricked devices on rollouts, since they are well prepared.