On 17-05-2015 11:08, Peter Leber wrote: > I recognize that there's m:tier's binary patching service > (https://stable.mtier.org), but the packages are signed > by m:tier rather than the OpenBSD project. While following m:tier's > binary patches is a good compromise to me, it's not a perfect solution. > I'm perfectly fine with running the -current flavour of OpenBSD feature- > and stability-wise, but I did not have the success of remotely triggering > a script, rebooting the machine and have an up and running updated > machine. > While I did find the autoinstall(8) feature, which, since 5.7, should be > able to trigger an automatic upgrade if the file /auto_upgrade.conf is > present, I did not see an effect in the bootup messages on the virtual > machine I'm using for testing things out. > Furthermore, I did find a tool named snap, aiming at making running > -current more enjoyable (see https://github.com/qbit/snap), but it does > also seem to be relying on the user to manually start the upgrading > process on system reboot, if I got everything correctly. Do you really need to follow -current? Because I've been using m:tier and their openup tool for years to follow -stable with no problems. I don't like the idea of automatic update + reboot. But it's doable with openup. I personally have it setup to run with -c from cron so it will mail me what changed.
Following -current on a production or critical environment will prove to be a challenge. Unless you carefully test each snapshot and then have some tool like puppet to automate the upgrade with snap or other tool. Even with autoinstall(8). Cheers, Giancarlo Razzolini