DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th July 2015
betweendayandnight betweendayandnight is offline
friendly
 
Join Date: Jul 2015
Posts: 67
Default Install a package from -current version?

I am using the release version of OpenBSD 5.7 with the latest patches. I suppose it is called stable version? Can I download packages from the "snapshots" version and install them on my stable version without bricking my system? What is the sudo command to accomplish it?
Reply With Quote
  #2   (View Single Post)  
Old 16th July 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by betweendayandnight View Post
I am using the release version of OpenBSD 5.7 with the latest patches. I suppose it is called stable version?
No, -stable contains more fixes than -release + patches.
Quote:
Can I download packages from the "snapshots" version and install them on my stable version without bricking my system?
Per Section 15.4.1 of the FAQ:
Quote:
Do NOT check out a -current ports tree and expect it to work on a -release or -stable system.
Snapshots come from the head of the CVS repository which is where all current development takes place. The libraries used in -current may be different from that in -release & -stable. These are known as the "flavors" of OpenBSD, & I highly recommend you study Section 5.1 of the FAQ to understand the difference.

OpenBSD is an integrated whole, an entire system. Mixing & matching is neither recommended nor supported.

As a newcomer to OpenBSD, you will find a lot of information, including answers to many common questions in the official FAQ. Taking the time now, while beginning, to study will save you significant time & aggravation later on...
Reply With Quote
  #3   (View Single Post)  
Old 16th July 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

To add to ocicat's comments.
  1. Unless a -current package (and all of its dependencies) was statically linked or is a non-binary script, pkg_add(1) will fail to install it on -release or -stable. Ports, as noted in the FAQ, will not build without the appropriate dependent libraries in place.
  2. When I first started using this OS, I lived and breathed the FAQ. It really helped. It still does. The FAQ also is the only source of official "How To" documentation by the Project. It is kept up to date with the latest release, which cannot be said for things you find searching here or on the Internet.
  3. I also lived with Absolute OpenBSD by my side. My original edition is well worn, and well loved, and lives proudly next to the second edition on my bookshelves. Unofficial, yes, but very well written, and very helpful.

Last edited by jggimi; 16th July 2015 at 04:38 PM. Reason: clarity, addition of comments regarding M.W. Lucas's wonderful book
Reply With Quote
  #4   (View Single Post)  
Old 16th July 2015
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 344
Default

[Off topic]
I would also recommend purchasing Absolute OpenBSD.
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #5   (View Single Post)  
Old 17th July 2015
betweendayandnight betweendayandnight is offline
friendly
 
Join Date: Jul 2015
Posts: 67
Default

Quote:
Originally Posted by ocicat View Post
No, -stable contains more fixes than -release + patches
My definition of "stable" is exactly the same as in http://www.openbsd.org/faq/faq5.html#Flavors:

Quote:
The -stable branch is -release plus patches found on the errata page. The operation of -stable is the same as the -release it is based on.
The patches that I was referring to are those found on the Errata page.
Reply With Quote
  #6   (View Single Post)  
Old 17th July 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by betweendayandnight View Post
My definition of "stable" is exactly the same as in http://www.openbsd.org/faq/faq5.html#Flavors:
Quote:
The -stable branch is -release plus patches found on the errata page. The operation of -stable is the same as the -release it is based on.
It is great you are putting in the effort needed to understand the ramifications of OpenBSD's flavors. Discussion over what is the relationship between -release & -stable actually gets revisited both here, & on the project's mailing lists from time to time.

There are, however, some fixes occasionally checked into the -stable branch which are not deemed to be significant enough to warrant standalone patches made available on the errata page. As an equation, the following is actually what can be found in CVS:
Quote:
-release + all released patches <= -stable
Sometimes these "extra" fixes are merely cosmetic, or may be part of code from -current which cannot be easily separated out, & because of this, they are deemed minor enhancements. Are they documented? Yes, CVS diff's can reveal them for those that study CVS very carefully.

Reply With Quote
  #7   (View Single Post)  
Old 17th July 2015
betweendayandnight betweendayandnight is offline
friendly
 
Join Date: Jul 2015
Posts: 67
Default

Quote:
Originally Posted by ocicat View Post
There are, however, some fixes occasionally checked into the -stable branch which are not deemed to be significant enough to warrant standalone patches made available on the errata page.
Just not to be confused by you any further, please answer me with a "Yes" or "No" to the two questions below:

1. Is it sufficient for me to just apply whatever is on the Errata page to the --release version in order to have a secure (that is not vulnerable), hardened and stable (as opposed to unstable) operating system?

2. --If I don't apply the stuff that you called "fixes in the CVS's diff"--will my operating system consisting of only --release+errata become insecure (that is vulnerable) and unstable?
Reply With Quote
  #8   (View Single Post)  
Old 17th July 2015
blackhole's Avatar
blackhole blackhole is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 316
Default

Your question has now been clearly answered no less than three times. Your provided link to faq5 explains it clearly in fact.

http://www.openbsd.org/faq/faq5.html#Flavors
Reply With Quote
  #9   (View Single Post)  
Old 17th July 2015
betweendayandnight betweendayandnight is offline
friendly
 
Join Date: Jul 2015
Posts: 67
Default

Quote:
Originally Posted by cynwulf View Post
Your question has now been clearly answered no less than three times. Your provided link to faq5 explains it clearly in fact.

http://www.openbsd.org/faq/faq5.html#Flavors
You're so totally wrong. I didn't ask a question; I asked two.

Prove to me that you're right by quoting the relevant sections from http://www.openbsd.org/faq/faq5.html#Flavors that directly answer my two (2) questions.
Reply With Quote
Old 17th July 2015
betweendayandnight betweendayandnight is offline
friendly
 
Join Date: Jul 2015
Posts: 67
Default

Quote:
Originally Posted by ocicat View Post
As an equation, the following is actually what can be found in CVS:
Code:
-release + all released patches <= -stable
Your above equation doesn't square (pun intended) with what is explained in the page http://www.openbsd.org/faq/faq5.html#Flavors.
Reply With Quote
Old 17th July 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Please, people. Let's all remain civil. We're trying to share knowledge, and that's all. While the word "discussion" and "percussion" may have similar etymologies, can we please not traverse the path from one to the other?

---

The -stable CVS branch is tagged simultaneously with -release during the development cycle. Unlike -release, which remains static, this branch will receive patches as needed for reliability, availability, and security. If a -stable fix is deemed to be of broad interest or sufficient severity, an errata patch will be published on the Project website. It is possible to have a fix developed and deployed for -stable that does not receive publication as errata. It may be deemed non-critical, or determined to have limited impact. If so, this won't be a security fix, those are always critical.

Is there a difference between -release+errata patches when compared with -stable? The answer is sometimes. Does it matter which you choose? For security, no.
Reply With Quote
Old 17th July 2015
betweendayandnight betweendayandnight is offline
friendly
 
Join Date: Jul 2015
Posts: 67
Default

Quote:
Originally Posted by jggimi View Post
Please, people. Let's all remain civil.
I meant no offense and I hope none has been taken.

Quote:
Originally Posted by jggimi View Post
Does it matter which you choose? For security, no.
Thanks for the answer on security.

What about stability of the OS if I don't apply the "fixes in the CVS diff"?
Reply With Quote
Old 17th July 2015
blackhole's Avatar
blackhole blackhole is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 316
Default

No idea what you mean by "stability of the OS". Read the section on the stable or "patch" branch and on anoncvs if you want to know more.

Also read faq15 and faq9:

http://www.openbsd.org/faq/faq15.html
http://www.openbsd.org/faq/faq9.html
Reply With Quote
Old 17th July 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I'll try to clarify where I think there may be confusion.
  • Will there be any difference to me if I use -release+errata instead of -stable?

    The Project doesn't think so. While it is possible there may be some -stable patches you wouldn't have on your system, they are unlikely to have any operational impact. If they did, they would be published as errata. However, if it turned out you did have a problem fixed by a -stable patch that has not been published as errata, a) you would learn this by filing a bug report, and b) once reported, it is likely the Project would then publish the patch.
  • Can I leave some errata patches out, if I know they don't affect my system?

    Yes.
  • Why would some people use -stable instead of -release+errata? Isn't it harder to deal with?

    It's only harder to climb the learning curve the first time. After that, building -stable is routine, and can be scripted. Yes, it takes longer to build the complete system, but that's only the clock on the wall, not the administrative effort.

    Admins who manage multiple -stable systems may also build their own -stable release(8) for distribution to their systems, simplifying change management.

    There are also -stable users who take advantage of M:Tier's binary -stable solutions. They don't have to apply any patches or build any components to run -stable.
  • What about -stable packages? Are there any?

    The ports tree has a -stable branch, and ports are updated, but the Project does not build -stable packages due to lack of resources. M:Tier provides update services for -stable packages also.

    Users of -stable can build their own -stable packages, if they have the time, interest, skills, and resources. I do this for my own -stable systems, using a combination of of cvs(1), out-of-date(1), and dpb(1). That isn't strictly necessary, since M:Tier provides these services, but I began doing this sort of thing years ago and do it mostly to stay proficient with the toolchain.

Last edited by jggimi; 17th July 2015 at 05:09 PM. Reason: Added M:Tier comment under release(8), for binary -stable services
Reply With Quote
Old 17th July 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by betweendayandnight View Post
Your above equation doesn't square (pun intended) with what is explained in the page http://www.openbsd.org/faq/faq5.html#Flavors.
As I have already explained, -stable may contain minor fixes which may be included in patches targetting -release. These fixes are not security related, & are deemed to be not important enough to warrant inclusion in any -release patch.

You are correct in stating that the FAQ does not make this clear, however, careful mining of the project's mailing lists will reveal my statements to be true.
Reply With Quote
Old 17th July 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by betweendayandnight View Post
...please answer me with a "Yes" or "No" to the two questions below:
I will address this concern at the end of this message.
Quote:
Is it sufficient for me to just apply whatever is on the Errata page to the --release version in order to have a secure (that is not vulnerable), hardened and stable (as opposed to unstable) operating system?
Applying the errata to a -release installation will address recent vulnerabilities which the project has addressed. The result of patching an installation will be better than an unpatched system.
Quote:
If I don't apply the stuff that you called "fixes in the CVS's diff"--will my operating system consisting of only --release+errata become insecure (that is vulnerable) and unstable?
As previously stated, the additional fixes found in -stable which are not addressed by -release patches are considered to be minor, & have no security ramifications.

General security can be had by properly running a -release installation with relevant patches.

However, "being secure" is not simply a matter of applying errata patches. An improperly managed system, be it OpenBSD or any other operating system, can result in a system which is insecure. What the project maintains is that OpenBSD, as installed by the installation process, is pretty gosh darn secure. How people fiddle with permissions, or install unknown applications, or share passwords is completely out of their control.

Security takes constant vigilance. Applying patches helps, but being aware of the fallout of daily usage is important too. Studying the project's FAQ will help guide behaviors, & it will also help shape your questions. Over time, you will develop a better feel for what is not a black & white subject.
Reply With Quote
Old 17th July 2015
betweendayandnight betweendayandnight is offline
friendly
 
Join Date: Jul 2015
Posts: 67
Default

Quote:
Originally Posted by cynwulf View Post
No idea what you mean by "stability of the OS".
An OS is described as being unstable when it crashes often resulting in users having to reboot their machines. In Microsoft Windows OS for example, OS instability often results in BSOD (blue screen of death). In Unix and Unix-like OSes, it's called "kernel panic".
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Critical security hole in current version of Opera J65nko News 5 20th October 2011 06:14 AM
Can't install package because of libraries yggdrasil OpenBSD Packages and Ports 6 29th November 2010 03:50 PM
Need help-binary package install bsdadmin NetBSD Installation and Upgrading 11 29th October 2009 05:08 AM
Package install error. delboy FreeBSD Ports and Packages 10 25th March 2009 05:54 PM
Latest ZFS version available for -CURRENT tanked FreeBSD General 0 30th July 2008 10:06 AM


All times are GMT. The time now is 11:03 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick