On 17-05-2015 11:08, Peter Leber wrote:
> I recognize that there's m:tier's binary patching service
> (https://stable.mtier.org), but the packages are signed
> by m:tier rather than the OpenBSD project. While following m:tier's
> binary patches is a good compromise to me, it's not a perfect solution.
> I'm perfectly fine with running the -current flavour of OpenBSD feature-
> and stability-wise, but I did not have the success of remotely triggering
> a script, rebooting the machine and have an up and running updated
> machine.
> While I did find the autoinstall(8) feature, which, since 5.7, should be
> able to trigger an automatic upgrade if the file /auto_upgrade.conf is
> present, I did not see an effect in the bootup messages on the virtual
> machine I'm using for testing things out.
> Furthermore, I did find a tool named snap, aiming at making running
> -current more enjoyable (see https://github.com/qbit/snap), but it does
> also seem to be relying on the user to manually start the upgrading
> process on system reboot, if I got everything correctly.
Do you really need to follow -current? Because I've been using
m:tier and their openup tool for years to follow -stable with no
problems. I don't like the idea of automatic update + reboot. But it's
doable with openup. I personally have it setup to run with -c from cron
so it will mail me what changed.
Following -current on a production or critical environment will
prove to be a challenge. Unless you carefully test each snapshot and
then have some tool like puppet to automate the upgrade with snap or
other tool. Even with autoinstall(8).
Cheers,
Giancarlo Razzolini
