Wednesday, August 01, 2007

OpenBSD: From Release to Stable

Upon installing OpenBSD I like to update it from a release to a stable, which gives me all of the security patches since the release.
There are a number of ways of updating, yet I personally like to rebuild the system from source. That way I don't have to go through each patch and apply it. For more information please see: Building the System from Source

There are a number of different "flavours" of OpenBSD:

  • -release -- The version which is released on CD every 6 months
  • -stable -- Release plus security patches
  • -current -- The development branch
There are three steps we need to take to update the system:
  1. Download the latest Source code
  2. Compiling and installing a GENERIC kernel
  3. Rebuilding the system
Download the latest Source code
There are a number of ways to get the latest source, yet I use cvs.
First I need to find a anoncvs mirror: Available Anonymous CVS Servers
Once I've decided on a server I export the mirror path to CVSROOT and download the source, e.g.:
# export
# cd /usr; cvs checkout -P -rOPENBSD_4_1 src

Note: the CVSROOT variable will not be kept after next boot. To keep this setting add it to your /root/.profile file, e.g.:
# vi /root/.profile

Compiling and installing a GENERIC kernel
First backing up current kernel
# cp /bsd /bsd.old

Then configure the kernel
# cd /usr/src/sys/arch/i386/conf
# config GENERIC

Now Compile and Install the new Kernel
# cd /usr/src/sys/arch/i386/compile/GENERIC
# make clean && make depend && make && make install

Lastly reboot and test the new kernel
# reboot

Rebuilding the system
Now I just rebuild the system:
# rm -rf /usr/obj/*
# cd /usr/src; make obj
# cd /usr/src; make build

Now reboot
# reboot
When I first log back in the first thing I notice that my system name now says OpenBSD4.1-stable.

Now I have a stable system with all of the important security updates on it.