In the shell, run:
su - build lftp http://mirrors.kernel.org/openwall/Owl/current/
To prepare for upgrading Owl-current on i686 (for example), issue the following commands to lftp:
mget Owl.mtree* # downloads Owl.mtree and Owl.mtree.sign get native.tar.gz cd i686 mget i686.mtree* # downloads i686.mtree and i686.mtree.sign mirror -ev RPMS
If you intend to rebuild anything from source, you may also download or update your copy of the sources tree (optional, most people don't need this):
cd .. # back from i686 mirror -Lev sources
Now exit from lftp and proceed to check the authenticity and integrity of your downloads. If you do this for the very first time on a given system, you need to download and install Openwall's PGP keys first. You may get the keys from the Openwall website and install them with:
lftpget http://www.openwall.com/signatures/openwall-signatures.asc lftpget http://www.openwall.com/signatures/openwall-online-signatures.asc gpg --import openwall-signatures.asc openwall-online-signatures.asc
Alternatively, you may get the keys from a third-party keyserver:
gpg --keyserver pgp.mit.edu --recv-key 295029F1 8B4EDA79
Now that you have the keys in place, verify the *.mtree files:
gpg Owl.mtree.sign gpg i686.mtree.sign
Each of these commands should report either Good signature from “Openwall Project …” (higher assurance, typical for Owl releases) or Good signature from “Openwall GNU/*/Linux online signing key” (lower assurance, typical for Owl-current snapshots).
Finally, verify the remaining downloaded files using the *.mtree files:
mtree -f Owl.mtree mtree -f i686.mtree
This will detect a few “missing” things (since you did not download everything from the directories) and maybe a few “extra” things (e.g., your .bash* files), but it should not complain about any differing message digests (MD5 and SHA-1).
On x86_64, just use x86_64 in place of i686.
You only need to upgrade the kernel if there's a new revision of the kernel package for your branch of Owl (since you installed or since your last upgrade). Also, please note that there's no kernel package installed inside OpenVZ containers with the Owl userland; the host system's kernel is shared for all containers and for the host system itself.
Install the new kernel package while preserving the old version as well:
rpm -ivh ~build/RPMS/kernel-2*
Obtain and take note of the new kernel image filename (e.g., copy it into your clipboard):
rpm -qlp ~build/RPMS/kernel-2* | fgrep vmlinuz
Then edit your LILO bootloader configuration file (add a new section for the new kernel image) and make your changes take effect:
vi /etc/lilo.conf lilo
Of course, the new kernel will only take effect after you reboot.
Extract the native tree and edit installworld.conf to indicate that you really do want to install over the main system:
su - build rm -rf native tar xzf native.tar.gz cp native/Owl/build/installworld.conf . vi installworld.conf
Change the line:
ROOT=/owl
to read:
ROOT=/
As root, run:
cd ~build make installworld
Watch for any “Failed …” lines (there should be none).
As an alternative to the approach above, in many cases you may simply issue:
rpm -Fvh ~build/RPMS/*.rpm
which also tends to run a lot quicker since it upgrades changed packages only, not all of them.
Please note that you must have already upgraded the kernel as described above, or rpm -F will result in your old kernel package getting removed (upgraded to the new one), which will break your existing bootloader setup and also leave you with no fallback kernel (having a fallback kernel is desirable in case the new kernel would fail to boot up). When upgrading a system inside an OpenVZ container, this does not matter (there's no real kernel package installed on the in-container system anyway).
Although not recommended for most users, it is also possible to retrieve the Owl native tree from Openwall's anoncvs server and/or to build the RPM packages from source. This is illustrated on its separate wiki page, and the relevant documentation may be found in Owl/doc/DOWNLOAD and Owl/doc/BUILD.