OpenBSD Journal

OnLamp: Patching OpenBSD

Contributed by jose on from the jacek dept.

Jacek Artymiak is back in the latest installment of Securing Small Networks with OpenBSD on the OnLamp site. This current one is entitled Patching OpenBSD and describes the basic use of source code patches for keeping your system up to date. People new to the use of the source code patches will want to have a look at this.

(Comments are closed)

  1. By Anonymous Coward () on

    first post!!!!

  2. By Anonymous Coward () on

    This is absolutely the worst article I have ever seen on openbsd patching. The FAQ explains patching much better.

    I didn't want to see OpenBSD Journal go down the road of posting every little 2cent article, but here we go

    1. By Anonymous Coward () on

      so write a better one, cockmonger

      1. By Anonymous Coward () on

        Like the original poster said, the FAQ is much better.


      2. By Anonymous Coward () on

        I have to agree with the first reply. This "Patching OpenBSD" article is really bad. Most of the bugfixes are in the CVS tree, if you only install patches from the website, you only get the most serious bug and security fixes.

        They say "To apply patches, you will need access to the sources of the OpenBSD release you installed on your machine. These are the sources that have been used to build that release of OpenBSD, not the CURRENT sources held in CVS. Strictly speaking, they are in CVS, but extracting them from there would take the uninitiated users too much time and effort."

        "cvs update -r OPENBSD_3_2" doesn't take that much time and effort, IMHO.

        Don't get me wrong, most of the Onlamp OpenBSD articles are very good, but I really think that beginners should be looking at the upgrade minifaq, not this article. The upgrade minifaq is here, BTW:

    2. By couderc () on

      Criticize anonymously is so simple.

      If you think you can do better then do it else just shut up as the anonymous coward you are.

    3. By Anonymous Coward () on

      how about you write documentation that explains the difference between good, and bad documentation using said resources?

      1. By Anonymous Coward () on


  3. By Josh () on

    "OpenBSD and OpenSSH have recently become targets for hackers looking for new fields to explore, and we all need to be on guard."

    wtf?? I say

    1. By Anonymous Coward () on

      "OpenBSD and OpenSSH have recently become targets for hackers looking for new fields to explore, and we all need to be on guard."

  4. By jose () on

    i agree with many of you and feel that jacek could be doing better, not just with this piece but many of his pieces lately. however, jacek is doing more than most of you do, and that's giving back to the community.

    i started writing documentation years ago (i'm a published author) because i wanted to give back and help people out, both developers and other users. i found it also taught me a lot about the system i was documenting.

    right now openbsd is lacking a lot of documentation and could always use help in that. we're eons behind almost all other free software projects of this size in that regard.

    so step up and start writing. otherwise don't say it isn't any good.

    1. By AnonymousCanuck () on

      OpenBSD advocates will be quick to point out that OpenBSD has some of the best documentation available. This is partially true. OpenBSD has some of the best manpages of any *nix. What OpenBSD lacks is the basic documentation for the new user of OpenBSD that ties the users questions to the manpages. While the OpenBSD FAQ attempts to do this it often falls flat in not provideing enough information. Ultimately OpenBSD requires HowTos. Unfortunately I not am the person for this. I am neither an author nor a user who should be answering the harder questions. I don't have enough experience with the OpenBSD system.

    2. By Josh () selerius at codefusion dot org on

      "right now openbsd is lacking a lot of documentation and could always use help in that. we're eons behind almost all other free software projects of this size in that regard."

      What evidence do you have of this? Have you ever even read the FAQ or the man pages? OpenBSD has done a great job at the documentation side of things. period. There is no more discussion.

      OpenBSD has great documentation. The lack of step by step HOW-TO's and TUTORIALS written for brain-dead admins helps openbsd by keeping those people out of the equation who are too lazy to read the man pages and FAQ themselves, and want the information spoon fed to them. Not only are these people annoying, they also take away valuable time from the developers when the submit bug reports or mailing list questions that make it obvious they haven't taken the time to the documentation before they jumped on the oppurtunity to have someone else fix their problem for them.

      And further more, the FAQ is available in several different languages. So how can you set there and say that the OpenBSD documentation is "eons behind almost all other free software projects of this size in that regard." ?

      1. By jose () on

        lemme qualify my statement: we're eons behind in quantity of quality documents and the breadth of that information. we have a few key how-to documents (pf being the premeir one), we have a good FAQ (correct, well organized, etc). yes, we have great manpages.

        but we lack comprehensive documentation. jacek's out there trying to add to that. yes, it's mundane. it's tedious. however, it needs to be done. while it's easy to say "its for braindead admins" when you think about how-to documents, every time someone puts one together most people learn something.

        "read the manpage" is good for getting from basic to advanced behavior, but manpages are not the best place to start. (yes, i know about intro(X), afterboot, etc ...) there are a few shining examples: vpn, ssl, release, starttls (i wrote the first draft of that one, by the way), etc ... nice meta level docs.

        however, how would you learn to use ipv6 in openbsd? how would a newbie learn how to be an afs client with openbsd? what about the new pf+altq, how about getting starting with queing features there? what about the finer points of wscons and its friends? how would a newbie start learning how to do a million other things in openbsd?

        it's not a case closed situation.

        number of books on openbsd? 1/2 (linux and openbsd firewalls) with at least one other in the immediate works. number of books on linux? dozens, of varying quality.

        now, go hack. perhaps start with an "ipv6" intro manpage. we also need testing and documentation for the pf+altq merged feature set.

        recently someone asked "what would you like to see in an openbsd book?" lots of responses, both here and on slashdot. and it's not all lazy, braindead admins who are too stupid/lazy to read a manpage or experiment. it's by people who are hungry to learn, hungrey for information, and want to get using a system. people *use* openbsd, meaning they have work they want to do with it. it's fine if you're a tinkerer to spend a few days figuring something out, but you don't always have that luxury. this is where good documentation comes in. it's clear that there is an interest in good docs.

        i've been writing documentation for close to four years now, in addition to coding and hacking on stuff in a variety of arenas. i stepped up because the world needed people to do it. we still do. it's a good way to contribute, and you will certainly learn a lot when you sit down to write those docs.

        take a look at the linux documentation project, the freebsd documentation project, apache's docs, openldap's docs, postgres' docs, etc ... (openssl's docs are ... fair, but not great, until recently with some books on it.) we can easily amass such docs, we have the bright people. we just need to do it and to stop thinking that manpages and the faq are the end-all-be-all of the documentation.

        1. By Josh () on

          I apologize if I sounded harsh in the post. I wasn't aware we were lacking in so many portions of the documentation (how has IPV6 been skipped over??).

          One idea I would like to shoot at everyone would be a simple Knowledge Base/Site where people can go to see links to all of the documentation done on OpenBSD. It matters not if there are a dozen ONLAMP articles done every month of the year if nothing on the main OpenBSD Project site points to them. Of course you can say "goto google/yahoo/whatever" but who actually likes searching through all the crud that comes with a search that is totally irrelevant to what your looking for. A simple site that links (possible mirrors, if appropriate) to offsite "unoffical" articles/documentation would do wonders I believe. I would be very interested in starting something going, or helping out if one already exists (just point me in the right direction to it!) Perhaps the KB/site could be hosted on deadly, which is linked back from the main site...a page with a search tool that search's an article based on topic/body, etc. Anyone interested??

          1. By Jacek Artymiak () on

            There is such a page , right on the OpenBSD site. It is a little out of date, so perhaps someone could volunteer to keep it up to date?


          2. By couderc () on

            I apologize if I sounded harsh in the post. I wasn't aware we were lacking in so many portions of the documentation (how has IPV6 been skipped over??).

            Well we always lack of hands (or fingers if you prefer ;).

            One idea I would like to shoot at everyone would be a simple Knowledge Base/Site where people can go to see links to all of the documentation done on OpenBSD.

            Well there was infobsd ...

    3. By Jacek Artymiak () on

      It is unfortunate, but no matter how hard I try, I cannot please everyone. That's something that all authors struggle with, and fail. On one hand, I hear experienced OpenBSD users who want to read articles on advanced topics; on the other hand, I try to listen to the less experienced users who are just starting their journey with OpenBSD. Then there is my editor, who also has some say about his subject (although I must stress that he is the least intrusive editor I had ever worked with). Trying to balance all of these demands, and suggestions is not easy. An article aimed at less experienced readers must omit some information for the sake of clarity, and is therefore seen as 'worthless' by wizards; an article for wizards is seen by novices as 'black magic' and utterly useless from a practical point of view, and I fail again and it's time to get a new pair of azbestos pants.

      I do not claim to be the best person to write about OpenBSD. I only try to help the project through my writing , donations of modest sums of money (hey, you can do it too! Go and Make a Donation now!), advocacy (I spoke about OpenBSD at TRUSTSECURE 2002 , and I will be speaking about OpenBSD at an upcoming BSD conference in Warsaw this year), and trying to funnel money from people and companies I am working with to the OpenBSD project (I am negotiating some deals right now where I am trying to convince my clients to make donations to the OpenBSD project once my work is done. Basically, I want the OpenBSD project to get my bonus). I would like to do more, and better, but that will have to do for now.

      Feel free to criticize me, feel free to point out my mistakes (| do read your posts on this site, and I try to reply to all mail I get), and keep writing to me with your suggestions and comments (I read them all), so I can better serve this community. But also try to do more yourself. We really shouldn't be seeing posts like this one , but we are because it is much easier to use somebody's work that to pay or help them.

      1. By Anonymous Coward () on

        Hi Jacek,

        Thank you very much for your excellent articles. I've gotten something out of almost every technical article you've written on OnLamp. Alot of the time I found a perfect solution to a problem (getting rid of sendmail on my router), or found something I did not know about at all (BSD file flags).

        Patching OpenBSD is one of the most basic administration tasks, so its not that surprising you're getting a little flak from the "experts" on OpenBSD Journal for posting an article about it. I just want to let you know I think your articles are excellent. Keep up the good work!

      2. By Elvis has left the building () on

        Thanks to you for the work. I recently went from using snapshots for production to following -stable and patching. It IS a lot more work to get up to speed to install patched software, compared to installing the current snapshot.

        Your articles are some of the very few out there, ignore the twits that flame, and if I have any suggestions I'll email you. That way the project will get better as the community works together.

Latest Articles


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]