DaemonForums  

Go Back   DaemonForums > Miscellaneous > Guides

Guides All Guides and HOWTO's.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 31st May 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,696
Thanked 214 Times in 189 Posts
Default OpenBSD: Comparing Errata and -Stable

It is best practice to maintain OpenBSD between releases. The OpenBSD Project presents the admin with two choices: track errata patches published on the Project website, or use -stable, sometimes called the "patch branch".

Key differences:
  • Not all patches may be published on the web. At this writing, there is a single security patch for libssl published, as it affects most users, but there is another patch for systrace(1), available only with -stable as the patch applies to a smaller audience.
  • There are -stable patches to the ports tree, usually to apply third party security fixes. At this time these ports are not built into packages and distributed; there are insufficient Project resources to do this for all architectures.
Considerations:
  1. Patch builds are faster than complete builds of kernel and userland, cvs(1) or other CVS clients are not used so there is no network bandwidth or time consumed to transit the source trees (/usr/src, /usr/xenocara) to apply patches.
  2. A -stable release can be created in order to install the patches to multiple platforms. Simply put, the release you build is applied as a binary upgrade via the bsd.rd RAMDISK kernel and its standard upgrade script.
  3. The -stable ports tree can be used to create and then install any applicable -stable patches.
FAQ

Q: How can I tell what -stable ports are in the tree?

A: At least two ways: 1) You could peruse the CVS logs -- those patches worked up for 5.1-stable will make mention of the OPENBSD_5_1 tag. The src and ports CVS logs are published to Project mailing lists and and can be found in the various mailing list archives. The CVS logs are also directly available if you have a local CVS repository, but a local repository is not required to maintain the OS and is unnecessary for most users. 2) You could start with a -release ports tree and then checkout -stable, reviewing the console output produced by cvs(1), which will list all changes applied. The script(1) or tee(1) tools may be helpful to log output.

Q: Do I need to have deep knowledge of CVS to use -stable?

A: No, you just need to follow FAQ 5.3, and perhaps the release(8) man page, for guidance on cvs(1) commands and options. Before executing them, of course, you will look them up in the cvs(1) man page to learn what they do. You would never blindly type in something you found on the Internet, would you?

Q: How do I know when there has been a -stable patch committed?

A: I recommend adding cvs update commands to your daily.local or weekly.local scripts, as you see fit, per daily(8). The output is Emailed to root by default, though if you've followed afterboot(8) when you first installed you have updated /etc/mail/aliases so you get these Emails, and they don't hang out unread by root. You did this, didn't you?

Q: Uh... oops. I didn't know about afterboot(8). Wow.

A: When you first installed, there was an Email from Theo sitting in root's inbox. It had a number of good suggestions, including afterboot(8).

Q: ... Sorry, I didn't pay attention, and deleted it.

A: Since you now have the source code, because you plan to either apply patches or use -stable, you still have that letter. See /usr/src/etc/root/root.mail -- I hope it helps!
Reply With Quote
  #2   (View Single Post)  
Old 31st May 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Teacher jgimmi,
Thank you so much for all the effort you contribute !!
Very helpful FAQs and subFAQS !
Reply With Quote
  #3   (View Single Post)  
Old 1st June 2012
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 563
Thanked 14 Times in 13 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
Thank you so much for all the effort you contribute !!
+1
Reply With Quote
  #4   (View Single Post)  
Old 1st June 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,696
Thanked 214 Times in 189 Posts
Default

Thank you both.

Q: Can I mix errata patches with -stable ports?

A: Sure. The -stable patches are designed to interoperate with -release.

Last edited by jggimi; 1st June 2012 at 10:07 AM. Reason: typo
Reply With Quote
  #5   (View Single Post)  
Old 6th June 2012
comet--berkeley comet--berkeley is offline
Shell Scout
 
Join Date: Apr 2009
Posts: 90
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by jggimi View Post
...
Q: ... Sorry, I didn't pay attention, and deleted it.

A: Since you now have the source code, because you plan to either apply patches or use -stable, you still have that letter. See /usr/src/etc/root/root.mail -- I hope it helps!
And the source is always online too:

http://www.openbsd.org/cgi-bin/cvsweb/

http://www.openbsd.org/cgi-bin/cvswe...root/root.mail
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
-stable snapshots "openbsd-stable.org" (?) dnix OpenBSD Installation and Upgrading 9 18th December 2011 12:48 PM
-Stable Ports with -Release+Errata Base Android1 OpenBSD Packages and Ports 5 16th May 2010 09:26 PM
Noob: Updating To OpenBSD-Stable. MetalHead OpenBSD Installation and Upgrading 3 11th November 2008 02:06 AM
updates from openbsd errata milo974 OpenBSD General 10 24th September 2008 12:41 PM
OpenBSD -STABLE BSDfan666 OpenBSD General 6 21st May 2008 10:10 PM


All times are GMT. The time now is 08:18 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick