OpenBSD Journal

You've Installed It. Now What? -stable packages!

Contributed by pitrh on from the even-puffier-packages dept.

Jasper Lievisse Adriaanse writes in about his (and M:tier's) -stable packaging work:

Introduction

A short while ago an article was published on here on Undeadly, which explained how to use the ports and packages framework. While it was a good read, it focused on -current.

This article will show how to keep your -stable system up to date, without building anything yourself!

Up to date packages....on -stable?

OpenBSD is continuously working on providing snapshots for all architectures and to provide the packages that go with it. Development happens in -current so this is where the interesting changes are happening that will make the next release. However, you may not always want to run -current in a production for a variety of reasons.

So you're stuck with -stable and the packages that were built for it during the release period. While this is all good and well; this means you're also missing out on security fixes and updates made to the ports and src trees.

You can checkout the latest tagged tree, like OPENBSD_5_3 and start building your own packages with the back-ported security fixes. Before you know it, you're filling the CF card of your precious Soekris box just because you wanted to have an up to date PHP package.

Up to date packages...on -stable!

At M:Tier we've been building our own packages from the latest -stable tree for our servers for a while now, and I bet a lot of people have been doing that. So we figured we'd complement OpenBSD in providing up to date packages for the latest -stable releases.

In practice, this means that as soon as a security fix/update is committed to the OPENBSD_5_3 tree a package will be built from the CVS tree. This package is then being tested and pushed to our fan-out server over at Stable.MTier.org, for everyone to use!

We currently build for the two primary architectures, amd64 and i386. To make sure the package you download was actually built by us, we're digitally signing our packages.

On top of providing packages built from the ports tree, we're also continuing our pre-built binpatches with this new model. If you're looking for some more information on binpatches, have a look at this article. So this means that you can keep your base system up to date with this new service too.

And to make your life even easier, you'll get an email notification when a new package gets uploaded. So head over to Stable.MTier.org and apply those security updates!

(Comments are closed)


  1. By Anonymous Coward (82.161.212.238) on

    This is exactly the kind of service OpenBSD needs. Thanks for the finishing touch!

  2. By Chris B. (80.131.63.14) on

    Hi,
    that's an awesome service! I've been looking for something like that!

    However - I wonder how trustworthy those packages are. Sure I know, there's no real answer to that (except: "If you don't trust us, build your own"), I just wanted to point out that those stable packages don't come out of the OpenBSD project and that you might want to consider this before using the packages.

    Still, thanks for your effort, it _is_ a great service!

    Chris

    1. By Reiner Jung (79.248.124.189) on

      > Hi,
      > that's an awesome service! I've been looking for something like that!
      >
      > However - I wonder how trustworthy those packages are. Sure I know, there's no real answer to that (except: "If you don't trust us, build your own"), I just wanted to point out that those stable packages don't come out of the OpenBSD project and that you might want to consider this before using the packages.

      This packages are build from active members of the OpenBSD project but you can still build your own. Everything you need is available like the binpatchng framework.

      Reiner

      >
      > Still, thanks for your effort, it _is_ a great service!
      >
      > Chris

    2. By marc (95.171.199.47) none@none.org on

      Good question.

      However, thhird-party packages don't come [and are not built by] OpenBSD developers anyway, so I don't think this could be of any bigger issue.


      > Hi,
      > that's an awesome service! I've been looking for something like that!
      >
      > However - I wonder how trustworthy those packages are. Sure I know, there's no real answer to that (except: "If you don't trust us, build your own"), I just wanted to point out that those stable packages don't come out of the OpenBSD project and that you might want to consider this before using the packages.
      >
      > Still, thanks for your effort, it _is_ a great service!
      >
      > Chris

    3. By Marc Espie (espie) on

      > Hi,
      > that's an awesome service! I've been looking for something like that!
      >
      > However - I wonder how trustworthy those packages are. Sure I know, there's no real answer to that (except: "If you don't trust us, build your own"), I just wanted to point out that those stable packages don't come out of the OpenBSD project and that you might want to consider this before using the packages.
      >
      > Still, thanks for your effort, it _is_ a great service!
      >
      > Chris

      Well, some of the people involved with M:tier are also some of the most prolific contributors to the OpenBSD ports tree, and they also build official packages on some architectures...

      if you don't trust those packages, start auditing commits to the ports tree, everything that's going on in gnome, in libreoffice, in chromium, and start building your everything from scratch.

  3. By marc (95.171.199.47) none@none.org on

    Wow, guys, YOU ARE AWESOME! Thank you, M:Tier crew!

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]