*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I currently have two boxes running OpenBSD 3.6 - one is a router and the other is a DNS cache. I've been using FreeBSD for a little while now and have become accustomed to the FreeBSD
CVSup
cd /usr/src
make buildworld
make buildkernel
make installkernel
reboot
mergemaster -p
make installworld
mergemaster
reboot
scenairo. From what I believe (and please tell me if I'm wrong) is that by running this on FreeBSD I am keeping my box up to date quite acceptably. What I would like to know is what do I need to do for my OpenBSD boxes for the same effect? I don't think either machine has enough space to download the entire src tree. I tried looking at how to run CVSup with OpenBSD but I couldn't really see it working the same way - at least not from what I saw.
If anyone could give me the outline of the steps I need to run on these two boxes to keep them securely up to date it would be greatly appreciated. Furthermore, if it's not too difficult, what the options are for the downloads going to my FreeBSD fileserver so that I'm only downloading the files once rather than once for each machine.
Pay careful attention to which branch you're checking out of cvs. If you leave the tag off, you'll get what's know as -current. This is absolutely the latest software put in main tree. This means there's a potential that there are problems that haven't been discovered yet, and you might be the first person to discover them! In fairness, the main tree is really stable compared to other free OSs. Most of the testing code goes in special snapshots or is only used by developers and doesn't go into the main tree without a high level of confidence.
If you just want security updates, then you want to check out the patch branch, i.e. OPENBSD_3_6. This always remains constant as OPENBSD_<major>_<minor> and will always check out the patch tree for that branch.
So back to the limited space issue, with more than one machine you can benefit from a great feature of OpenBSD, which is the ability to build releases for machines of the same architecture. If you look at the man page for release(8), you'll see that it has instructions for building the sets that are used to install OpenBSD. This means that you can build the updated OS on one machine (which automatically installs it on that machine), then do a release build (on the same machine) that will let you upgrade your second box too! You can make the files available via HTTP, FTP, or NFS (depending on which services you have running) so you don't even have to burn a CD (just copy the bsd.rd to the other box and reboot with it).
If you don't have enough space on either of the OpenBSD boxes (around 1.5 GB for the /usr/src and /usr/obj I think), you could export a partition from your FreeBSD box via NFS and check out the source there. You would have to do the build operation on the OpenBSD box, but it could use the storage remotely.
So which parts of that do I need to follow for just the security patches? And how much local storage will that require?
You quoted 1.5 GB for the /usr/src and /usr/obj but is that for the entire ports tree? I'm just a little confused how much I need for JUST the security patches. I don't necessarily need cutting edge ports etc, just secure - if that's possible.
Well, as per my expectations, there is not enough disk space on either of the OpenBSD machines for the full source tree. What steps would I need to do if I ONLY want the security updates etc?
Thanks again.
Gsee
P.S. Of course an alternate option would be to put the files in the /home partition. OR better still resize the home partition and increase the /usr partition. If anyone feels brave enough to talk me through that, that would be great. I still would be pushing it to make 1.5 Gb however.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well you should really have the full src tree to build security patches. I suppose you could try only checking out the portion of the tree that each patch affects, but that would be rather tedious. /usr/src is only for building the OS, the ports tree is completely separate in /usr/ports. /usr/obj is where the object files are created when building the OS.
What would you do about keeping these systems up to date with their security patches? I suppose I _do_ have the FreeBSD fileserver, but setting things up that way sounds messy.
Looking at the router having a 1Gig /home partition of which 14K is being used is there any easy methods to either resize this partition and increase the /usr partition or can I do the updating in the /home directory?
What do you guys feel is the best way for me to approach this?
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Neither of those boxes really have the space to check out the full source tree and do a build. I'd look at the NFS possibilities. I haven't had any luck in the past resizing partions, so I couldn't help you there. You don't have enough space to make it worth it any way.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.