G'day folks,

I currently have two boxes running OpenBSD 3.6 - one is a router and the other is a DNS cache. I've been using FreeBSD for a little while now and have become accustomed to the FreeBSD

CVSup
cd /usr/src
make buildworld
make buildkernel
make installkernel
reboot
mergemaster -p
make installworld
mergemaster
reboot

scenairo. From what I believe (and please tell me if I'm wrong) is that by running this on FreeBSD I am keeping my box up to date quite acceptably. What I would like to know is what do I need to do for my OpenBSD boxes for the same effect? I don't think either machine has enough space to download the entire src tree. I tried looking at how to run CVSup with OpenBSD but I couldn't really see it working the same way - at least not from what I saw.

If anyone could give me the outline of the steps I need to run on these two boxes to keep them securely up to date it would be greatly appreciated. Furthermore, if it's not too difficult, what the options are for the downloads going to my FreeBSD fileserver so that I'm only downloading the files once rather than once for each machine.

Thanks in advance.
Gsee

$ man release

That gives you step-by-step instructions for rebuilding the system similar to what you described for FreeBSD. You'll also find these very helpful:
the upgrade mini-FAQ
using CVSup (with OpenBSD)
using anonymous CVS

Pay careful attention to which branch you're checking out of cvs. If you leave the tag off, you'll get what's know as -current. This is absolutely the latest software put in main tree. This means there's a potential that there are problems that haven't been discovered yet, and you might be the first person to discover them! In fairness, the main tree is really stable compared to other free OSs. Most of the testing code goes in special snapshots or is only used by developers and doesn't go into the main tree without a high level of confidence.

If you just want security updates, then you want to check out the patch branch, i.e. OPENBSD_3_6. This always remains constant as OPENBSD_<major>_<minor> and will always check out the patch tree for that branch.

So back to the limited space issue, with more than one machine you can benefit from a great feature of OpenBSD, which is the ability to build releases for machines of the same architecture. If you look at the man page for release(8), you'll see that it has instructions for building the sets that are used to install OpenBSD. This means that you can build the updated OS on one machine (which automatically installs it on that machine), then do a release build (on the same machine) that will let you upgrade your second box too! You can make the files available via HTTP, FTP, or NFS (depending on which services you have running) so you don't even have to burn a CD (just copy the bsd.rd to the other box and reboot with it).

If you don't have enough space on either of the OpenBSD boxes (around 1.5 GB for the /usr/src and /usr/obj I think), you could export a partition from your FreeBSD box via NFS and check out the source there. You would have to do the build operation on the OpenBSD box, but it could use the storage remotely.

So which parts of that do I need to follow for just the security patches? And how much local storage will that require?

You quoted 1.5 GB for the /usr/src and /usr/obj but is that for the entire ports tree? I'm just a little confused how much I need for JUST the security patches. I don't necessarily need cutting edge ports etc, just secure - if that's possible.

On my router for example I currently have:

$ df -lh
Filesystem Size Used Avail Capacity Mounted on
/dev/wd0a 147M 22.4M 117M 16% /
/dev/wd0h 1009M 14.0K 959M 0% /home
/dev/wd0d 118M 2.0K 112M 0% /tmp
/dev/wd0g 305M 304M -15.2M 105% /usr
/dev/wd0e 98.3M 8.0M 85.4M 9% /var

How I managed to get to -15.2M on the /usr partition I have no idea.

Thanks again Chort.

Gsee

Well, as per my expectations, there is not enough disk space on either of the OpenBSD machines for the full source tree. What steps would I need to do if I ONLY want the security updates etc?

Thanks again.

Gsee

P.S. Of course an alternate option would be to put the files in the /home partition. OR better still resize the home partition and increase the /usr partition. If anyone feels brave enough to talk me through that, that would be great. I still would be pushing it to make 1.5 Gb however.

Gsee

Well you should really have the full src tree to build security patches. I suppose you could try only checking out the portion of the tree that each patch affects, but that would be rather tedious. /usr/src is only for building the OS, the ports tree is completely separate in /usr/ports. /usr/obj is where the object files are created when building the OS.

So... hypothetically speaking. If you had two systems:

OpenBSD 3.6 - DNS Cacher

Filesystem Size Used Avail Capacity Mounted on
/dev/wd0a 147M 27.8M 112M 20% /
/dev/wd0h 603M 224K 573M 0% /home
/dev/wd0d 118M 2.0K 112M 0% /tmp
/dev/wd0g 589M 169M 390M 30% /usr
/dev/wd0e 78.9M 8.1M 66.8M 11% /var

And

OpenBSD 3.6 - Router

Filesystem Size Used Avail Capacity Mounted on
/dev/wd0a 147M 22.4M 117M 16% /
/dev/wd0h 1009M 14.0K 959M 0% /home
/dev/wd0d 118M 2.0K 112M 0% /tmp
/dev/wd0g 305M 176M 113M 61% /usr
/dev/wd0e 98.3M 8.2M 85.2M 9% /var

What would you do about keeping these systems up to date with their security patches? I suppose I _do_ have the FreeBSD fileserver, but setting things up that way sounds messy.

Looking at the router having a 1Gig /home partition of which 14K is being used is there any easy methods to either resize this partition and increase the /usr partition or can I do the updating in the /home directory?

What do you guys feel is the best way for me to approach this?

Gsee

Neither of those boxes really have the space to check out the full source tree and do a build. I'd look at the NFS possibilities. I haven't had any luck in the past resizing partions, so I couldn't help you there. You don't have enough space to make it worth it any way.