Upon installing OpenBSD I like to update it from a release to a stable, which gives me all of the security patches since the release.
There are a number of ways of updating, yet I personally like to rebuild the system from source. That way I don't have to go through each patch and apply it. For more information please see: Building the System from Source
There are a number of different "flavours" of OpenBSD:
- -release -- The version which is released on CD every 6 months
- -stable -- Release plus security patches
- -current -- The development branch
- Download the latest Source code
- Compiling and installing a GENERIC kernel
- Rebuilding the system
There are a number of ways to get the latest source, yet I use cvs.
First I need to find a anoncvs mirror: Available Anonymous CVS Servers
Once I've decided on a server I export the mirror path to CVSROOT and download the source, e.g.:
# export CVSROOTfirstname.lastname@example.org:/cvs
# cd /usr; cvs checkout -P -rOPENBSD_4_1 src
Note: the CVSROOT variable will not be kept after next boot. To keep this setting add it to your /root/.profile file, e.g.:
# vi /root/.profile
Compiling and installing a GENERIC kernel
First backing up current kernel
# cp /bsd /bsd.old
Then configure the kernel
# cd /usr/src/sys/arch/i386/conf
# config GENERIC
Now Compile and Install the new Kernel
# cd /usr/src/sys/arch/i386/compile/GENERIC
# make clean && make depend && make && make install
Lastly reboot and test the new kernel
Rebuilding the system
Now I just rebuild the system:
# rm -rf /usr/obj/*
# cd /usr/src; make obj
# cd /usr/src; make build
When I first log back in the first thing I notice that my system name now says OpenBSD4.1-stable.
Now I have a stable system with all of the important security updates on it.