Re: Clarification on patching 5.5-release...

[Stuart Henderson]

On 2015-01-17, Daniel Dickman didick...@gmail.com wrote:
 1) Can patches be applied selectively and out of order?

 Don't do that.

Actually, yes they can. If you can identify that a particular patch
doesn't apply to your use of the system there's no particular need to
apply it. I can't think of any patches where the order matters, though
it might happen occasionally.

Re: Clarification on patching 5.5-release...

[Theo de Raadt]

 On 2015-01-17, Daniel Dickman didick...@gmail.com wrote:
  1) Can patches be applied selectively and out of order?
 
  Don't do that.
 
 Actually, yes they can. If you can identify that a particular patch
 doesn't apply to your use of the system there's no particular need to
 apply it. I can't think of any patches where the order matters, though
 it might happen occasionally.

Around 3 releases ago we noticed that our patches were becoming quite
independent.

That made me wonder whether we could make the descriptions less
assertive.  That might make people relax a bit, so they don't need to
get a in a panic over a every diff for a feature they don't use.

Don't worry.  When diffs overlap in the future, we'll let you know.
Otherwise, just track the assessments and make a decision.  Risks
have been quite low.

Re: Clarification on patching 5.5-release...

[Ted Unangst]

On Mon, Jan 19, 2015 at 08:11, Stuart Henderson wrote:
 On 2015-01-17, Daniel Dickman didick...@gmail.com wrote:
 1) Can patches be applied selectively and out of order?

 Don't do that.
 
 Actually, yes they can. If you can identify that a particular patch
 doesn't apply to your use of the system there's no particular need to
 apply it. I can't think of any patches where the order matters, though
 it might happen occasionally.

I wouldn't trust all the libssl diffs to apply cleanly out of order.

Clarification on patching 5.5-release...

[Andrew Lester]

Hello misc,

I've got some simple questions on the patch process which I couldn't find 
answers to on
my own. Currently I am running 5.5-RELEASE, and sitting on my 5.6 disc set 
waiting to
upgrade. I want to make sure I've been patching my 5.5 system correctly first, 
though. :)

1) Can patches be applied selectively and out of order?

2) Is it necessary to reboot the system between each patch, or can a batch be 
applied,
and then a reboot performed?

3) Early on I made what I hope is an inconsequential mistake. One of the first 
patches
that I applied, I ran the signify command not from root, but using sudo, and 
didn't put
sudo in the second part of the piped command. I didn't catch this until after 
going
through the make obj, make and make install process (with sudo). When I 
realized the
second part of the original signify command didn't work successfully as it was 
not run
with root privileges, I just went through the process again, from the root 
account. Doing
this seemed to be successful. Does anybody know if this would have failed for 
any reason?

My next question is regarding patching the kernel, as is the case with the 013, 
016 and
017 patches for OpenBSD 5.5-RELEASE. Unlike the other patches, kernel patches 
don't have
explicit instructions on rebuilding the kernel. I believe I've found a correct 
procedure,
and would like to confirm it will work. My system uses the AMD64 GENERIC.MP 
kernel. Is the
below process correct?

1) Download the patch file and run the associated piped signify command

2) Then, run the following commands:

cd /usr/src/sys/arch/amd64/conf
config GENERIC.MP  cd ../compile/GENERIC.MP
make depend  make  make install
reboot

If this process is incorrect, what would I do instead? How would I back up the 
old kernel?

Finally, I arrive at my last question, and it relates to another careless 
mistake on my
part. :( I downloaded the sig files, and ran the associated signify commands 
for patch 013
and 016 before realizing they were kernel patches and I didn't know how to 
recompile the
kernel yet. I caught 017 luckily (fool me thrice?).

Is it a problem that the source patches for 013 and 016 have both been applied, 
without
going through the make process between? If so, is there a way I can revert the 
016 source
patch so I can first make and install the 013 patch? If not, is it safe to 
recompile the
kernel with both source patches in place? If yes, I assume it would also be 
safe to throw
in 017 as well so I can get all three patches in with a single compile, correct?


Many thanks to anybody who can assist me! :)


Warm regards,

Andrew Lester

Re: Clarification on patching 5.5-release...

[Daniel Dickman]

Hi Andrew,

On Sat, Jan 17, 2015 at 4:13 PM, Andrew Lester martinblan...@gmail.com wrote:
 Hello misc,

 I've got some simple questions on the patch process which I couldn't find 
 answers to on
 my own. Currently I am running 5.5-RELEASE, and sitting on my 5.6 disc set 
 waiting to
 upgrade. I want to make sure I've been patching my 5.5 system correctly 
 first, though. :)

You don't need to apply the 5.5 patches to upgrade to 5.6. Use your CD
to upgrade to 5.6 and then apply the 5.6 errata.


 1) Can patches be applied selectively and out of order?

Don't do that.


 2) Is it necessary to reboot the system between each patch, or can a batch be 
 applied,
 and then a reboot performed?

Read the instructions at the top of each patch. If it says to reboot,
reboot. Obviously if you update your kernel you should reboot at the
end.


 3) Early on I made what I hope is an inconsequential mistake. One of the 
 first patches
 that I applied, I ran the signify command not from root, but using sudo, and 
 didn't put
 sudo in the second part of the piped command. I didn't catch this until after 
 going
 through the make obj, make and make install process (with sudo). When I 
 realized the
 second part of the original signify command didn't work successfully as it 
 was not run
 with root privileges, I just went through the process again, from the root 
 account. Doing
 this seemed to be successful. Does anybody know if this would have failed for 
 any reason?

I've no idea what you did. Follow the instructions and you won't have a problem.


 My next question is regarding patching the kernel, as is the case with the 
 013, 016 and
 017 patches for OpenBSD 5.5-RELEASE. Unlike the other patches, kernel patches 
 don't have
 explicit instructions on rebuilding the kernel. I believe I've found a 
 correct procedure,
 and would like to confirm it will work. My system uses the AMD64 GENERIC.MP 
 kernel. Is the
 below process correct?

See the FAQ:
http://www.openbsd.org/faq/faq5.html#BldKernel


[...snip]


 Finally, I arrive at my last question, and it relates to another careless 
 mistake on my
 part. :( I downloaded the sig files, and ran the associated signify commands 
 for patch 013
 and 016 before realizing they were kernel patches and I didn't know how to 
 recompile the
 kernel yet. I caught 017 luckily (fool me thrice?).

 Is it a problem that the source patches for 013 and 016 have both been 
 applied, without
 going through the make process between? If so, is there a way I can revert 
 the 016 source
 patch so I can first make and install the 013 patch? If not, is it safe to 
 recompile the
 kernel with both source patches in place? If yes, I assume it would also be 
 safe to throw
 in 017 as well so I can get all three patches in with a single compile, 
 correct?


Don't waste your time on this, upgrade to 5.6 then follow the
instructions for all the errata and you should be in good shape..