On Sun, 06 Jul 2025 15:20:48 +0200,
"Theo de Raadt" <deraadt@openbsd.org> wrote:
> 
> I'm sure you are are that if we make it very easy for people to upgrade
> from an arbitrary point in the release cycle, to another arbitrary point,
> the failure mores increase.
> 
> A good example is the current tech@ thread "Re: Unprivileged font cache: src",
> please see my most recent reply to that.
> 
> But there have been other circumstances like this.  You are exposing admins
> to something which was not tested.  We've only ever really tested
>    R-.1 -> R
>    R-.2 -> R
>    R-.1 -> S
>    R-.2 -> S
>    S (less than 6 months old) -> S
>    S (less than a year old) -> R
> 
> I won't argue jumping around is useful to find bugs.
> 
> That's why we carefully documented it this way:
> 
>      -R version
>              Upgrade to a specific release version.  Only upgrades from one
>              version to the next are tested.  Skipping versions may work.
>              Downgrading is unlikely to work.
> 
> But surely your diff needs a change to this wording.  That archive
> directory does not contain releases, it contains snapshot dates.
> 
> I think this needs a bit more clarity.  
> 

Thanks for rewiew.

I had spent some time to thinking about original design, because as you had
shown it opens a bad door.

Instead, after some thinking, I suggest to add a new option, let say -F
which enforces that provided URL is treated as a path.

Inlined diff allows to install desired snapshot from archive as:

sysupgrade -F https://openbsd.cs.toronto.edu/archive/2025-07-14/amd64/

I not sure about wording in man page, and not sure that -F is good name.

Index: sysupgrade.8
===================================================================
RCS file: /home/cvs/src/usr.sbin/sysupgrade/sysupgrade.8,v
diff -u -p -r1.22 sysupgrade.8
--- sysupgrade.8	25 Oct 2024 03:42:06 -0000	1.22
+++ sysupgrade.8	17 Jul 2025 21:30:57 -0000
@@ -22,7 +22,7 @@
 .Nd upgrade system to the next release or a new snapshot
 .Sh SYNOPSIS
 .Nm
-.Op Fl fkns
+.Op Fl fFkns
 .Op Fl b Ar base-directory
 .Op Fl R Ar version
 .Op Ar installurl | path
@@ -57,6 +57,10 @@ instead of
 .It Fl f
 For snapshots, force an already applied upgrade.
 This option has no effect on releases.
+.It Fl F
+Treat the
+.Pa installurl
+as a path to a version that should be installed.
 .It Fl k
 Keep the files in
 .Pa /home/_sysupgrade .
Index: sysupgrade.sh
===================================================================
RCS file: /home/cvs/src/usr.sbin/sysupgrade/sysupgrade.sh,v
diff -u -p -r1.58 sysupgrade.sh
--- sysupgrade.sh	3 Feb 2025 18:55:55 -0000	1.58
+++ sysupgrade.sh	17 Jul 2025 21:19:10 -0000
@@ -83,10 +83,11 @@ WHAT='release'
 VERSION=$(uname -r)
 NEXT_VERSION=$(echo ${VERSION} + 0.1 | bc)
 
-while getopts b:fknrR:s arg; do
+while getopts b:fFknrR:s arg; do
 	case ${arg} in
 	b)	SETSDIR=${OPTARG}/_sysupgrade;;
 	f)	FORCE=true;;
+	F)	FILE=true;;
 	k)	KEEP=true;;
 	n)	REBOOT=false;;
 	r)	;;
@@ -111,8 +112,10 @@ case $# in
 	;;
 *)	usage
 esac
-[[ $MIRROR == @(file|ftp|http|https)://* ]] ||
+if [[ ! $MIRROR == @(file|ftp|http|https)://* ]]; then
 	FILE=true
+	MIRROR=file://$MIRROR/
+fi
 $FORCE_VERSION && $SNAP &&
 	err "incompatible options: -s -R $NEXT_VERSION"
 $FORCE && ! $SNAP &&
@@ -128,7 +131,7 @@ fi
 
 # Oh wait, this is a path install
 if $FILE; then
-	URL=file://$MIRROR/
+	URL=$MIRROR
 	ALT_URL=
 fi