Binary Patches for OpenBSD 4.6

To track stable, you don’t necessarily need to work with cvs snapshots. Ideally, you’d fetch all relevant patches for your architecture and OpenBSD version from here and cobble together those patches with binpatch

This also requires that you fetch architecture-independant src.tar.gz and sys.tar.gz from here, and all installation-set tarballs from here.

From the project description file, the tree structure is then:

  • binpatch-1.1.0/

  • Makefile

  • bsd.binpatch.mk
  • distfiles/
    • i386/
    • src.tar.gz
    • sys.tar.gz
  • packages/
  • patches/
    • common/
    • i386/
  • pkg/
    • (e.g. PLIST-i386-001)
  • work-binpatch-4.6/
    • fake/
    • obj/
    • src/

The following changes to Makefile were made to suit patches for OpenBSD 4.6:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
### Last Updated: June 3rd 2010
# List of patches for all architectures
PATCH_COMMON=001_bind 003_getsockopt 004_openssl 005_ptrace 006_openssl 007_ftpd 008_kerberos 009_mpi 010_openssl 011_pfsync 012_trunklacp
# List of patches for i386 only
PATCH_I386=002_xmm
#...
002_xmm: _kernel
003_getsockopt: _kernel
005_ptrace: _kernel
009_mpi: _kernel
011_pfsync: _kernel
012_trunklacp: _kernel
001_bind:
cd ${WRKSRC}/usr.sbin/bind && \
(${_obj_wrp}; ${_depend_wrp}; ${_build_wrp})
004_openssl:
cd ${WRKSRC}/lib/libssl && \
(${_obj}; ${_depend}; ${_includes}; ${_build}) && \
cd ${WRKSRC}/sbin && \
(${_obj}; ${_depend}; ${_build})
006_openssl:
cd ${WRKSRC}/lib/libssl && \
(${_obj}; ${_depend}; ${_includes}; ${_build}) && \
cd ${WRKSRC}/sbin && \
(${_obj}; ${_depend}; ${_build})
007_ftpd:
cd ${WRKSRC}/libexec/ftpd && \
(${_depend}; ${_build})
008_kerberos:
cd ${WRKSRC}/lib/libkrb5 && \
(${_obj}; ${_depend}; ${_build}) && \
cd ${WRKSRC}/kerberosV/libexec/kdc && \
(${_obj}; ${_depend}; ${_build})
010_openssl:
cd ${WRKSRC}/lib/libssl && \
(${_obj}; ${_depend}; ${_includes}; ${_build}) && \
cd ${WRKSRC}/sbin && \
(${_obj}; ${_depend}; ${_build})

You’ll need to modify the above to include more recent patches i.e. patches dated later than June 3rd 2010.

To patch the relevant files on your OpenBSD install, and to prepare packages (in packages/) for installation, as root:

# make PATCH="001" build

# make PATCH="001" plist

# make PATCH="001" package

To install the packages, do:

# make PATCH="001" install

I prefer to use the following script (documented here) to install packages:

1
2
3
4
#!/bin/sh
tar xzpf "$1" -C /
mkdir -p /var/db/patches/$(basename "$1" .tgz)

.. or to query previously installed packages:

# ls /var/db/patches/

Dump/Restore Data Between Partitions

Here’s a script I created to backup and restore data between partitions on OpenBSD:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#!/bin/sh
newfs /dev/ad1s1a
newfs /dev/ad1s1e
newfs /dev/ad1s1f
mount /dev/ad1s1a /backup/root
mount /dev/ad1s1e /backup/var
mount /dev/ad1s1f /backup/usr
( dump -0f - / ) | ( cd /backup/root ; restore -rf - )
( dump -0f - /var ) | ( cd /backup/var ; restore -rf - )
( dump -0f - /usr ) | ( cd /backup/usr ; restore -rf - )
umount /backup/root
umount /backup/var
umount /backup/usr
tunefs -n enable /dev/ad1s1a
tunefs -n enable /dev/ad1s1e
tunefs -n enable /dev/ad1s1f

On OpenBSD

This blog does not currently contain many entries on OpenBSD, and I imagine this will be the case indefinitely. Simply put, my experiences with OpenBSD have been of the set-and-forget variety, and consequently do not warrant blog updates. Granted, setting up my first ever Soekris box to run OpenBSD was no easy feat - as I was still rather spoiled by various Linux distro installers. But, as with all BSDs, OpenBSD’s documentation was thoroughly fantastic, and it didn’t take long before I was able to add more OpenBSD boxes to my ever-expanding home network. On the very rare occasion when I needed to maintain a box, the process was extremely straightforward.

OpenBSD, you are toxically-delicious!

FreeBSD 8.0 on Server

Half a decade later, I have decided to use FreeBSD on my server machines (instead of Gentoo) - where, in 2003, I had a brief encounter with the highly unstable FreeBSD 5.0. Back then, I was more at home with Red Hat Linux (with the newly introduced RHCE program); and the ever-fussy FreeBSD 5.0 Release - which seemed more like a developer preview with its pronounced instability - had left a bad taste in my mouth.

Now, the problems that plagued FreeBSD 5 are all but forgotten. Earlier today, FreeBSD 8.0 was formally released to the public (the announcement can be found here,) and having installed it soon after, I can certainly say that all bodes well for the future of this Internet-serving superstar.

As a side note, several OpenBSD-on-Soekris boxes still manage the IP routing in my household. FreeBSD has managed to incorporate a lot of the security features of OpenBSD, but for routing purposes, the much slimmer and more efficient OpenBSD still reigns supreme.