syspatch(8), a "binary" patch system for -release is now ready for early
testing. This does not use binary diffing to update the system, but regular
signed tarballs containing the updated files (ala installer).

I would appreciate feedback on the tool. But please send it directly to *me*,
there's no need to pollute the list.
This is obviously WIP and the tool may or may not change in drastic ways.

These test binary patches are *not* endorsed by the OpenBSD project and should
not be trusted, I am only providing them to get early feedback on the tool.
If all goes as planned, I am hoping that syspatch will make it into the 6.1
release; but for it to happen, I need to know how it breaks your systems :-)

Instructions below, the most recent version will always be at:
during this early testing period.

If behind a firewall, make sure your test machine can www out.

   !!! Test this on an *amd64* 6.0 *release* (not -stable, not -current) !!!


Pay attention to the CAVEATS section.

Install the latest syspatch(8) code from current

$ cvs -d anon...@anoncvs.fr.openbsd.org:/cvs -q co -P 
$ doas install -m 0555 src/usr.sbin/syspatch/syspatch.sh /usr/sbin/syspatch

*ALWAYS* make sure you have the latest revision of syspatch.sh installed!
(i.e. check CVS often)

Get and install the signify *test|not-to-be-trusted* key

# ftp -o /etc/signify/openbsd-60-syspatch.pub \

In the future, patches will be signed with the original release key.

Using syspatch

Check for available patches:
# syspatch -c

List installed patches:
$ syspatch -l

Install patches (all of them; syspatch(8) is an all-or-nothing solution):
# syspatch

Revert the most recent patch:
# syspatch -r

That's it, enjoy or cry! ;-)
Thank you all!


Reply via email to