On 7/7/05, Markus Wernig <[EMAIL PROTECTED]> wrote: > Hello all! > > After some years of other unices, I finally got a chance to have a go at > a very interesting project with openbsd (redundant hot failover ipsec > gateway + firewall). Everything works just fine up to now, but when I > tried to determine how to further manage (update, patch) the boxes, I > stumbled about some questions that neither google nor openbsd.org nor > various searchable archives could solve or I was not cabable of > understanding. Maybe somebody here more literate that me can help me out > with some pointers. > > Systems were installed with 3.7 from /pub/OpenBSD/3.7/i386/floppy37.fs > and ftp set files (bsd, bsd.rd, base, etc, comp, misc, man). Then added > sys.tar.gz and src.tar.gz to /usr/src. I want to follow the -stable branch. > > 1) With the above install lots of software came onto my disk that I do > not want nor need (named, httpd, inetd ...). How can I get rid of those > in a consistent way, since they don't show in pkg_info?
Everything (excluding X) doesn't take up more than 250MB. It's hard to find a drive smaller than 20GB, so I think httpd, named, and inetd really aren't that big of a problem. If they aren't running (they aren't by default) then all they do is take up some disk space, that's it. Leave the base system alone, you'll only screw up a perfectly working system. > > 2) I assume that the answer to the following question is "yes", but I'd > like to double-check: Is there really no way to upgrade a single > package/program to a recent version in a consistent way? The "packages" for the base system are, base37.tgz, etc37.tgz etc... but there is a consistent way to upgrade. > > 3) At the time I installed the systems, openssl.org was at version 0.98. > Openbsd 3.7 still came with openssl 0.97d. What about the various > issues/bugs that have been raised against the openssl versions since > 0.97d (ASN parsing etc.)? Do I just have to wait for 3.8 to have them > fixed or have the fixes been backported and are already included in > 3.7-stable? Or were they just not severe enough to be considered for > patching? I've cvs up'd and recompiled the whole system just now and > openssl remains at 0.97d. Are there any features in OpenSSL 0.98 that you need that aren't in the one installed on your OpenBSD system? If not, there isn't much point in upgrading. The OpenBSD guys will fix any security problems that are in the version included in OpenBSD 3.7, but the whole point of the stable branch is that it's stable (as in unchanging). > > 4) Are patched binary packages released if there is a patch to the > source? If yes, do those packages carry the same version numbers as the > original one or do they have new ones? The OpenBSD guys don't release official patched binaries, but there are easy ways around that. One method that I do, having so many OpenBSD installations, is have one machine with source code, recompile with the stable patches (http://www.openbsd.org/faq/faq5.html#Bld), then make my own release (http://www.openbsd.org/faq/faq5.html#Release), put it on a local ftp server, and ftp upgrade all my machines at appropriate times, depending on when they can go down. > > > You see: The openbsd software management concept is rather arcane to me. > Would somebody shed a little light for a lost soul? Hints? Pointers? Howtos? How about read the faq (http://www.openbsd.org/faq/index.html), and start reading the very well written man pages Jason
