DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
Old 6th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

I have no answer, because the word "security" here is undefined, and even if you try to define it you will likely have multiple definitions.

So instead of answering an unanswerable question, I'll try to provide you with some context.

---

As oft repeated, -current is the development branch. It is where new features are added, new functionality tested, and therefore it is where risks are taken. And as any software developer will tell you, any development effort can introduce flaws or bugs. And as any OpenBSD developer will tell you, a design flaw or a bug may have unintended consequences.

-current is where development and testing of the OS and of ports occur. But there are additional users who run -current, and some may do so because they want access to the latest/greatest versions of ports or packages. (But as noted above, development introduces flaws and bugs. So a higher version number isn't always better.)

The project will publish a -release twice per year. It is never changed after publication. A -release is maintained and supported for 1 year, through the publication of errata patches, or through the syspatch(8) binary patch management subsystem for i386 and amd64, and additionally through the -stable branch of CVS.

---

I run both -current and patched -release systems. I use -current on a workstation, as I am a port maintainer and occasional port tester, and -current is a requirement for this. I use patched -release on all of my production servers.[1] I do so because it eliminates introducing any new features which might disrupt stability, and it is also a much lower workload to maintain than a -current system, which requires frequent updates in order to stay relatively up-to-date with the constantly churning -current developments.

[1] Prior to syspatch, I maintained -stable branches on all my servers as it was operationally simpler than applying individual errata patches across them. The -stable branch will occasionally have patches committed that are not published as errata, and in the years I ran -stable I did once have the need for a patch from that category of committed patches.

Last edited by jggimi; 6th October 2017 at 03:58 AM. Reason: clarity
Reply With Quote
Old 6th October 2017
drhowarddrfine drhowarddrfine is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 377
Default

If only openBSD had some sort of documentation for all this.
__________________
Want to bash FreeBSD and promote Linux? Go to https://forums.freebsd.org! It's allowed. Even encouraged by the mods!
Reply With Quote
Old 6th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Just one more question. When 6.2 reaches its EOL will I get a notification ?

Asking to upgrade ?
Reply With Quote
Old 6th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by drhowarddrfine View Post
If only openBSD had some sort of documentation for all this.
The scope of the FAQ has been reduced in recent years. This included removal of a number of general questions, such as the operational comparison of -current with -release/-stable. Otherwise, I'd just have linked to that.

Quote:
Originally Posted by bsd007 View Post
Just one more question. When 6.2 reaches its EOL will I get a notification ?
No. It is the admin's responsibility to maintain and update their systems.
  • Only the two most recent releases are supported with break/fix patches.
  • The FAQ is specific only for the most recent release. After six months, the older release is supported for break/fix only.
Reply With Quote
Old 6th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Quote:
Originally Posted by jggimi View Post
No. It is the admin's responsibility to maintain and update their systems.
  • Only the two most recent releases are supported with break/fix patches.
  • The FAQ is specific only for the most recent release. After six months, the older release is supported for break/fix only.
So please make this a little easy for me. Since I am running 6.2 when should I do a clean/fresh install (The exact date)?

I dont want to upgrade instead I want to do a fresh install when 6.2 reaches its EOL.

Thanks a lot for replying.

Last edited by bsd007; 6th October 2017 at 02:12 PM.
Reply With Quote
Old 6th October 2017
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by bsd007 View Post
Since I am running 6.2 when should I do a clean/fresh install (The exact date)?
We don't know. You must keep track of openbsd-announce mailing list.
6.2 is going to be released soon, but it is not released yet.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 6th October 2017
ibara ibara is offline
OpenBSD language porter
 
Join Date: Jan 2014
Posts: 783
Default

One year from the release date: https://www.openbsd.org/62.html
aka October 15, 2018
Reply With Quote
Old 6th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

So all will be okay till October 15, 2018.

Thanks to both.
Reply With Quote
Old 6th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by bsd007 View Post
...Since I am running 6.2...
You are not running 6.2. You are running -current, which was named "6.2" in order to prepare for 6.2-release. Your system is either older or newer than 6.2-release, depending on the date of your snapshot.
Quote:
when should I do a clean/fresh install (The exact date)?
Let us assume that you install 6.2-release after it is announced and published for download.
As stated above, you are not running 6.2-release. At this moment, the most recent release is 6.1.
When 6.2 is released, it will be supported until the day that the Project releases 6.4. There is no exact date. OpenBSD is released twice per year. Historically, this has been on-or-about May 1 and November 1. But these dates are subject to change.
Quote:
I dont want to upgrade instead I want to do a fresh install when 6.2 reaches its EOL.
The best practice is to upgrade a -release system twice per year, and to maintain the systems with syspatch(8)/errata patches/-stable between upgrades. The overlap to support the two most recent releases is to allow for continued support while admins plan and deploy their upgrades.

Last edited by jggimi; 6th October 2017 at 02:40 PM. Reason: typos
Reply With Quote
Old 6th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

I'll add, you can be notified when a release is announced by subscribing to the announce@ mailing list.
Reply With Quote
Old 6th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

@jggimi

Then please suggest me what to do at this moment. Should I install 6.1 ?

I have spent a lot of time installing XFCE and configuring the system.

Is a fresh reinstall with 6.1 the way to go ?
Reply With Quote
Old 6th October 2017
hitest's Avatar
hitest hitest is offline
Real Name: George Nielsen
VPN Cryptographer
 
Join Date: Sep 2008
Location: B.C., Canada
Posts: 373
Default

bsd007,

My buddy jggimi is an advanced user, a port maintainer. It makes sense for people like him and ibara to run -current. You and I have the luxury of benefiting from their expertise. They hack the -current branch and their work makes it into upcoming releases. I am a new user (I've been using OpenBSD since version 5.0). It may make more sense for you to install OpenBSD 6.2 when it is released on or about September 15, and apply security updates via syspatch as the updates become available. As jggimi suggested taking the time to read the ample documentation is a requirement for new OpenBSD users. These are suggestions only and not intended as a put down. I'm happy that you are a member here. I'm glad that you like OpenBSD. I like it as well.
__________________
hitest

Last edited by hitest; 6th October 2017 at 03:03 PM. Reason: Odd sentence structure
Reply With Quote
Old 6th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Okay I will download and install 6.2 when it is released but before I do that I have to figure out how to burn a CD in OpenBSD using K3B. I have installed K3B but when I launch it it says

Code:
No optical drive found.
K3b did not find any optical device in your system.
Solution: Make sure HAL daemon is running, it is used by K3b for finding devices.
Reply With Quote
Old 6th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

What is the date of your snapshot's kernel build?

$ sysctl kern.version

I ask, because you could upgrade from an older -current to 6.2-release. But you cannot "downgrade."
Reply With Quote
Old 6th October 2017
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by bsd007 View Post
Okay I will download and install 6.2 when it is released but before I do that I have to figure out how to burn a CD in OpenBSD using K3B. I have installed K3B but when I launch it it says

Code:
No optical drive found.
K3b did not find any optical device in your system.
Solution: Make sure HAL daemon is running, it is used by K3b for finding devices.
It is topic for another thread.
HAL is ancient, deprecated Linux technology (it is not included in Gnu/Linux distros for a few years). I suggest using pendrive. If you really want CD, burn it with growisofs (I had successfully burn 1 CD disc some time ago).
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 6th October 2017 at 03:38 PM. Reason: mentioned growisofs
Reply With Quote
Old 6th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Quote:
Originally Posted by jggimi View Post
What is the date of your snapshot's kernel build?

$ sysctl kern.version

I ask, because you could upgrade from an older -current to 6.2-release. But you cannot "downgrade."
Code:
$ sysctl kern.version
kern.version=OpenBSD 6.2 (GENERIC.MP) #134: Tue Oct  3 21:22:29 MDT 2017
    deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Quote:
Originally Posted by e1-531g View Post
It is topic for another thread.
HAL is ancient, deprecated Linux technology (it is not included in Gnu/Linux distros for a few years). I suggest using pendrive. If you really want CD, burn it with growisofs (I had successfully burn 1 CD disc some time ago).
I too used pendrive but the step where it asks where the installtion files are it defaults to CD Rom and I had a tough time pointing it to pendrive. I dont remember the exact words.
Reply With Quote
Old 6th October 2017
blackhole's Avatar
blackhole blackhole is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 314
Default

I have always used cdio(1) to burn CDRs

https://www.openbsd.org/faq/faq13.html#writeCD
Reply With Quote
Old 6th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by bsd007 View Post
...I have to figure out how to burn a CD in OpenBSD...
This is not a requirement. You do not need bootable media to reinstall or to upgrade if you have a running system. Just download the appropriate RAMDISK kernel (bsd.rd), place it in your root directory, and select it when booting. Then you can do a network install or a network upgrade, without a local copy of installation media. If needed, local filesets can be stored locally and then mounted by the install or upgrade script.
Quote:
Originally Posted by e1-531g View Post
...If you really want CD, burn it with growisofs ...
That is the tool for burning to DVD media, it is not used with CD media. The use of growisofs is discussed in the FAQ.
Quote:
Originally Posted by bsd007 View Post
Code:
$ sysctl kern.version
kern.version=OpenBSD 6.2 (GENERIC.MP) #134: Tue Oct  3 21:22:29 MDT 2017
    deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
According to my local CVS repository, the tag was created on October 1, and the CVS ChangeLogs show that release engineering was already underway.
Quote:
I too used pendrive but the step where it asks where the installtion files are it defaults to CD Rom and I had a tough time pointing it to pendrive. I dont remember the exact words.
"d" as in "disk" is the correct answer.
Reply With Quote
Old 6th October 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Quote:
According to my local CVS repository, the tag was created on October 1, and the CVS ChangeLogs show that release engineering was already underway.
Sorry didn't understand that. Does that mean I can upgrade ?
Reply With Quote
Old 6th October 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

This is a little off topic but may as well be addressed here for clarity.
Quote:
Originally Posted by hitest View Post
...It makes sense for people like him and ibara....They hack the -current branch and their work makes it into upcoming releases....
I am not, nor have I ever been, any more than a user.
  • Yes, I've submitted patches. Some have been accepted, but most have been rejected. It takes two developers to agree to any commit.
  • I am a port maintainer, of a small set of ports. Any user can be one. All they need do is develop and submit a port which is accepted (two developers must agree), and be willing to continue to maintain and support the port. There is a Porter's Handbook, with a link from the FAQ's top page.
  • I am a port tester, of ports that I use. It's not hard, there is even a Port Testing Guide to assist -current users. It's a chapter of the Handbook.
However, ibara was a developer. Now, a developer emeritus.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Most software already has a “golden key” backdoor: the system update J65nko News 0 27th February 2016 10:31 PM
Installed OpenBSD 5.7.Need update help Itproman OpenBSD Installation and Upgrading 18 19th August 2015 02:57 PM
Ran make update and the system decided to install Gnome? sparky NetBSD Package System (pkgsrc) 6 22nd April 2013 02:53 PM
Clonezilla Live clone system update J65nko News 0 28th September 2011 05:53 PM
how update openbsd 4.8 craze OpenBSD Installation and Upgrading 6 6th March 2011 03:20 PM


All times are GMT. The time now is 10:49 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick