Gerardo Santana's Binpatch System is a fantastic way to keep your OpenBSD sytems up to date.With Binpatch, you create a directory structure not unlike the OpenBSD ports tree. For each update, you create a section declaring the patch and a section to build the binpatch. Take the i386-only 004 Errata, for example. Append PATCH_I386= with "004_i386machdep" so the line looks like "PATCH_I386=003_i386pmap 004_i386machdep". Then, create a make directive for the patch using "004_i386machdep: _kernel" so binpatch will use its built-in kernel building routine. You can see my entire Makefile for the full effect. Now you're ready to get started building the binpatch for 004...
I like to build my binpatches one step at a time:
- Modify Makefile (as above)
- Run: sudo make PATCH=004 patch (make sure patch downloads and applies properly)
- Run: sudo make PATCH=004 build (build the code with the patch)
- Run: sudo make PATCH=004 plist (create the list of changed files)
- Review the PLIST to make sure nothing extraneous is being installed
- Run: sudo make PATCH=004 package (build the actual package)
- On a machine needing the patch, I download the patch file and then...
- Run: sudo tar -xvzpf binpatch-3.8-i386-004.tgz -C /
Note that the p in tar's switches is VERY important. It preserves the permissions (including SUID bit, if applicable). Also, the "-C /" extracts the patch into the root directory (/) no matter where you run tar from.
When OpenSSH was released, I tried to think of a way to leverage the Binpatch system to create an OpenSSH-4.3-for-3.8 binpatch.
I went into my source tree and renamed the ssh directory to ssh.old. Then I unpacked the OpenSSH-4.3 source code. I created a patch file using "diff -u -r usr.bin/ssh.old usr.bin/ssh". Then I put the patch file in my binpatch/patches/common directory and modified my Makefile to create a section for building the OpenSSH binpatch:
mwe2_ssh:
cd ${WRKSRC}/usr.bin/ssh && \
(${_obj}; ${_cleandir}; ${_depend}; ${_build}; \
install -c -o root -g wheel -m 644 ssh_config \
${WRKINST}/etc/ssh/ssh_config.43; \
install -c -o root -g wheel -m 644 sshd_config \
${WRKINST}/etc/ssh/sshd_config.43 \
)This binpatch installed the changed OpenSSH 4.3 files and copies the ssh_config & sshd_config files to /etc/ssh with ".43" on the end (soas not to overwrite your existing configuration files). So, apply the binpatch and modify your /etc/ssh/{ssh_config,sshd_config} files to include any new options from 4.3 (diff with sshd_config.43?). Then run: sudo kill -HUP `head -1 /var/run/sshd.pid`
Telnet to port 22 and see your success: SSH-2.0-OpenSSH_4.3
My available binpatches:
- binpatch-3.8-i386-001.tgz
- binpatch-3.8-i386-002.tgz
- binpatch-3.8-i386-003.tgz
- binpatch-3.8-i386-004.tgz
- binpatch-3.8-i386-openssh-4.3.tgz
Additionally, I created combo binpatches for all of the current Errata entries. I also created combo binpatches for the three non-GENERIC kernels I use:
- binpatch-3.8-i386-001-004.tgz
- binpatch-3.8-i386_mp-001-004.tgz
- binpatch-3.8-i386_raid-001-004.tgz
- binpatch-3.8-i386_raid_mp-001-004.tgz
The one's with i386_raid & i386_raid_mp are both the GENERIC & GENERIC.MP kernels with RAIDFrame enabled (and RAID_AUTOCONFIG).
No comments:
Post a Comment