Skip to main content.

Tracking -STABLE and -CURRENT (OpenBSD)

2014-01-29

Live demo in BSD Now Episode 022. FreeBSD version here, NetBSD version here.

In most of the BSDs, there are different branches (or "versions") of the OS that you can use. Often times in addition to the normal releases, there is a development version with the latest features. In OpenBSD, there are three main flavors of the OS you can use: -release, -stable and -current. In contrast to FreeBSD, -stable is just the latest -release plus security fixes and minor improvements. All development happens in -current and then goes to a new -release after being tested. New releases of OpenBSD happen every six months. Theo gave a talk at AsiaBSDCon entitled "The OpenBSD Release Process: A Success Story" if you're interested in the details of their release engineering.


-release

Every May and November, there is a new version of OpenBSD announced and uploaded to the FTP servers. The only updates that a -release will get are security and "reliability" fixes. They're distributed as source code patches in the errata page. There is no automated system or mailing list that announces security fixes. A nightly cron script is provided in our OpenBSD router tutorial that should be sufficient for most users. If you're running -release, you will have to manually download these patches, apply them to your /usr/src directory and rebuild whatever was affected. At the top of every patch, there are usually instructions on how to apply it and what needs to be rebuilt.

In this example, I'll apply a fix for OpenSSL in 5.4. I'm assuming you already have the source code installed.

# cd /usr/src
# ftp http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/005_sha512.patch
# patch -p0 < 005_sha512.patch

Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Apply by doing:
|      cd /usr/src
|      patch -p0 < 005_sha512.patch
|
|And then rebuild and install libcrypto:
|      cd lib/libssl/crypto/
|      make obj
|      make
|      make install
|
|Index: lib/libssl/src/crypto/sha/sha512.c
|===================================================================
|RCS file: /cvs/src/lib/libssl/src/crypto/sha/sha512.c,v
|retrieving revision 1.1.1.4
|diff -u -p -r1.1.1.4 sha512.c
|--- lib/libssl/src/crypto/sha/sha512.c 13 Oct 2012 21:23:43 -0000      1.1.1.4
|+++ lib/libssl/src/crypto/sha/sha512.c 19 Dec 2013 22:35:17 -0000
--------------------------
Patching file lib/libssl/src/crypto/sha/sha512.c using Plan A...
Hunk #1 succeeded at 232.
done

Now follow the directions of the patch. In this case, that was:

# cd lib/libssl/crypto/
# make obj
# make
# make install

And just to tidy up a bit..

# make clean
# rm /usr/src/005_sha512.patch

That's it. As of version 5.5, patches are signed. You'll want to verify the patches as described in the patch file. Sometimes patches require kernel rebuilds, reboots or certain services to be restarted. Only the most recent -release and the -previous release get security updates, so they basically have a one-year life cycle. Upgrading between -release versions can be done via manual steps or with a third party script.


-current

The active development of OpenBSD happens in the bleeding edge -current branch. In the past, there was sometimes a way to upgrade directly from a -release to -current via source. Now, the recommended way is to start from the "appropriate binary." Doing so is fairly easy, but if you want an even easier experience, reinstall the OS from a snapshot ISO as a starting point. That is a requirement if you wish to build future -current revisions from source. It's encouraged to only use snapshots to follow -current, using bsd.rd and binary upgrades, but this tutorial outlines the method of building it from source.

I've installed the latest snapshot, so now I'll sync my system sources via AnonCVS. I want the base system as well as OpenBSD's version of X11. I'm assuming you do not currently have the system sources installed.

# cd /usr
# cvs -qd anoncvs@anoncvs.usa.openbsd.org:/cvs get -P src xenocara

Choose a mirror close to you for the best speed. Future updates of the source code can be done like so:

# cd /usr/src
# cvs -q up -Pd

Before building anything, we should check the -current updates page to see any special workarounds that are needed. The changelog may also be of interest to you. When a big change is added to the tree that requires extra instructions, it will be posted to those pages. Keep in mind that you can only go TO -current, not FROM -current back to something else. A reinstall will be required if you decide you don't want to run it anymore.

Now that we have our source tree up to date, let's go through the build process. While slightly different for some architectures, the following will work on the more common i386 and x86_64 versions of the OS. The first step is to build the new kernel.

# cd /usr/src/sys/arch/`machine`/conf
# config GENERIC.MP
# cd ../compile/GENERIC.MP
# make clean && make && make install
# reboot

Use "GENERIC" if your CPU only has one core. Once the system comes up with the new kernel, we can build the userland applications and X11. Make sure your /usr/obj and /usr/xobj directories are empty first.

# cd /usr/src
# make obj
# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
# cd /usr/src
# make build
# cd /usr/xenocara
# make bootstrap
# make obj
# make build
# sysmerge -s /usr/src

You may also be required to update /dev and /etc, but those will be outlined in the aforementioned -current changelog. Let's clean up a bit and reboot into the new system.

# rm -rf /usr/xobj/*
# rm -rf /usr/obj/*
# reboot

You should now have the latest and greatest OpenBSD has to offer! Remember to upgrade your installed packages if you have any. It's also possible to binary upgrade -current whenever new snapshots are posted, avoiding the whole build process. Consider watching the source code changes mailing list to see new features and fixes added as they come in.


-stable

OpenBSD does their -stable branch a little differently than other BSDs. There are really only two branches of the OS: -current and -release (with or without patches). The -stable branch is -release plus security patches and other small fixes. The changes between -release and -stable are always very small. If you only want the security patches, just rebuild what is detailed in the previously-mentioned patch instructions. This is assuming something else has been added and you want to rebuild the whole system, which is usually way overkill for such a small amount of changes. The process is largely the same as the -current instruction set. I'm assuming you don't have the source code installed.

# cd /usr
# cvs -qd anoncvs@anoncvs.usa.openbsd.org:/cvs get \
 -rOPENBSD_`uname -r | sed 's/\./_/'` -P src xenocara

This will check out the source branch of the currently-running version of the OS. Choose a mirror that's close to you for better speeds. Updating the source code in the future is as easy as:

# cd /usr/src
# cvs -q up -rOPENBSD_`uname -r | sed 's/\./_/'` -Pd

Next we build the kernel.

# cd /usr/src/sys/arch/`machine`/conf
# config GENERIC.MP
# cd ../compile/GENERIC.MP
# make clean && make && make install
# reboot

Use "GENERIC" if your CPU only has one core. Rebooting isn't always required for -stable, but it's included for completeness' sake. Once the system comes up with the new kernel, we can build the userland applications and X11. Make sure your /usr/obj and /usr/xobj directories are empty first.

# cd /usr/src
# make obj
# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
# cd /usr/src
# make build
# cd /usr/xenocara
# make bootstrap
# make obj
# make build
# sysmerge -s /usr/src

Clean up and reboot...

# rm -rf /usr/xobj/*
# rm -rf /usr/obj/*
# reboot

That's all you need to do!

Originally written by TJ for bsdnow.tv | Last updated: 2014/03/10

Latest News

AsiaBSDCon 2014

2014-03-05

Both Allan and Kris will be going to AsiaBSDCon this year, so episode 28 will be shorter than usual. We'll be back the following week with a huge episode. Hopefully they can get some interviews there!...

Christmas & New Year

2013-12-19

Episode 16 was just uploaded, and that's the last one we'll be doing live for this year. Episode 17 will be on Christmas, and feature a prerecorded interview with Scott Long about his BSD magic over at Netflix. Thanks for watching everyone! We look forward to more BSD Now in...

Welcome iXsystems

2013-12-11

As you may have noticed in Episode 015, BSD Now has gotten our first sponsor! We're very happy to welcome iXsystems to the BSD Now team. In case you aren't familiar with them, they have quite a long history with FreeBSD. Their current CTO is in fact Jordan Hubbard, one of...

Update 2013/11/26

2013-11-26

Hi BSD Now fans. Here's a sneak peek at our upcoming schedule: 11/27: Jordan Hubbard, co-founder of FreeBSD and creator of ports, to talk about FreeBSD's founding and future. The tutorial will be an update to the OpenBSD router guide with some new improvements I've made. 12/04: George Wilson from Delphix...


Episode 034: It's Gonna Get NASty

2014-04-23

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Interview - John Hixson - john@ixsystems.com / @bsdwhore FreeNAS development All the tutorials are posted in their entirety at bsdnow.tv Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv If...

Episode 033: Certified Package Delivery

2014-04-16

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines BSDCan schedule, speakers and talks This year's BSDCan will kick off on May 14th in Ottawa The list of speakers is also out And finally the talks everyone's looking forward to Lots of great tutorials and...

Episode 032: PXE Dust

2014-04-09

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines FreeBSD ASLR status update Shawn Webb gives us a little update on his address space layout randomization work for FreeBSD He's implemented execbase randomization for position-independent executables (which OpenBSD also just enabled globally in...

Episode 031: Edgy BSD Users

2014-04-01

Direct Download: Video | HD Video | MP3 Audio | OGG Audio | Torrent This episode was brought to you by Headlines Preorders for cool BSD stuff The 2nd edition of The Design and Implementation of the FreeBSD Operating System is up for preorder We talked to GNN briefly about it, but he and Kirk have...