Making OpenBSD Binary Patches With Chroot

← Back to Stories (view on slashdot.org)

Making OpenBSD Binary Patches With Chroot

Posted by kdawson on Monday March 26, 2007 @10:41AM from the sometimes-a-cigar-is-just-a-stogie dept.

Lawrence Teo writes "Unlike other operating systems, patches for the OpenBSD base system are distributed as source code patches. These patches are usually applied by compiling and installing them onto the target system. While that upgrade procedure is well documented, it is not suitable for systems that don't have the OpenBSD compiler set installed for whatever reason, such as disk-space constraints. To fill this gap, open source projects like binpatch were started to allow administrators to create binary patches using the BSD make system. This article proposes an alternative method to build binary patches using a chroot environment in an attempt to more closely mirror the instructions given in the OpenBSD patch files."

66 comments

LOL OpenBSD by Anonymous Coward · 2007-03-26 10:45 · Score: 0

The OS for people with unlimited spare time.
1. Re:LOL OpenBSD by QuantumG · 2007-03-26 10:55 · Score: 1
  
  Nah, that's Gentoo.. 'specially if you run ReiserFS.
  
  --
  How we know is more important than what we know.
2. Re:LOL OpenBSD by frankm_slashdot · 2007-03-26 14:03 · Score: 1
  
  What's amusing is that when I read the parent thread I said to myself, "Nah, that's Gentoo..."
  And I say that as a person who only uses OpenBSD and Gentoo (as far as free OS's are concerned).
  
  What can I say, I'm a glutton for punishment.
3. Re:LOL OpenBSD by Anonymous Coward · 2007-03-26 14:52 · Score: 1, Insightful
  
  Funny, but I left the Linux world a few years ago because I got tired of wasting time managing the OS and fucking around with trying to figure out what changed this particular kernel release or what the new packet filter is going to be this year, or if we'll be using tmpfs or udev or whatever the fuck else as a memory filesystem, or why some stuff that used to work doesn't anymore. Etc, etc. ad infinitum.
  OBSD is so fucking cohesive and stable compared to Linux that I can't imagine ever wanting to go back.
4. Re:LOL OpenBSD by Anonymous Coward · 2007-03-26 15:07 · Score: 0
  
  If you run it with ReiserFS it's the OS for people who want to kill their wife.
  
  That and OJ-OS.
Thank you OpenBSD by Anonymous Coward · 2007-03-26 10:46 · Score: 1, Insightful

PF is very good and much better then pos netfilter.

PFSense has to be the best firewall software around. PFSense > mOnOwall, smoothwall, or any pos Linux firewall
1. Re:Thank you OpenBSD by Anonymous Coward · 2007-03-26 23:14 · Score: 0
  
  Better than you, better than you! Nanana!
Re:Yeah, BLOBs...that's EXACTLY what OpenBSD is fo by QuantumG · 2007-03-26 10:52 · Score: 1, Funny

BLOB means something different to OpenBSD people.. as does "vulnerability".

--
How we know is more important than what we know.
Like Rain on Your Wedding Day by Anonymous Coward · 2007-03-26 10:53 · Score: 0

fact: You don't know what binary blobs are.
Re:Yeah, BLOBs...that's EXACTLY what OpenBSD is fo by Anonymous Coward · 2007-03-26 10:53 · Score: 0

You obviously don't understand what a binary blob is; let me direct you to the wikipedia page so you can educate yourself:
http://en.wikipedia.org/wiki/Binary_blobs

Hint: The article is not about blobs at all.
Have I missed something here? by 00_NOP · 2007-03-26 10:55 · Score: 2, Insightful

Linux patches are also distributed as source code. Indeed, isn't this the old skool *nix way, full stop?
1. Re:Have I missed something here? by QuantumG · 2007-03-26 11:26 · Score: 3, Insightful
  
  There's this other OS you might have heard of, it's called "Windows". Stupid name, I know. They distribute their patches as binaries. I also heard there's this other OS, it's something like "Tiger" or "Panther" or something and they do the same thing.
  
  I know every fourth word out of Theo's mouth is a slight against Linux, but that doesn't mean everyone related to OpenBSD does this.
  
  --
  How we know is more important than what we know.
2. Re:Have I missed something here? by oscartheduck · 2007-03-26 11:38 · Score: 0, Offtopic
  
  Without wanting to start a fight or anything, I genuinely don't see how the grandparent is slighting linux here. You can for a lot of linux OSes get the patches as source code. Sure, Windows doesn't, but that's not linux, which the grandparent specifically asked about. As for Mac OS, I don't know whether you can get the patches as source, but I imagine not.
  
  --
  How to use coral cache: http://slashdot.org.nyud.net:8090/~oscartheduck
3. Re:Have I missed something here? by lexarius · 2007-03-26 16:49 · Score: 1
  
  The kernel and low-level stuff is open, so I suppose if you are so inclined you can download the latest darwin sources/patches and compile them. The GUI-type stuff is closed, though, so binary patches for that.
disk constraints? by Anonymous Coward · 2007-03-26 10:58 · Score: 0

it is not suitable for systems that don't have the OpenBSD compiler set installed for whatever reason, such as disk-space constraints

Jesus Christ. If you don't have 2 GB of disk space, and can't afford 2 GB of disk space, maybe you shouldn't run a computer.

Those of you running openbsd from flash media are entitled to flame me, but even then, 2 GB of flash is pretty cheap these days.
1. Re:disk constraints? by QuantumG · 2007-03-26 11:33 · Score: 2, Informative
  
  OpenBSD is primarily used for firewalls. The purpose of a firewall is to do essentially nothing 'cept route and filter packets. As such, the cheapest least broken hardware is typically used. Some people (*cough* Steve Wozniak *cough*) even see embedded firewall devices that run OpenBSD. They run entirely off flash memory.
  
  --
  How we know is more important than what we know.
2. Re:disk constraints? by wb8wsf · 2007-03-26 11:54 · Score: 3, Insightful
  
  Thats a questionable statement, that OpenBSD is primarily for firewalls.
  I'm writing this on an OpenBSD 4.1-current laptop (IBM A31p ThinkPad) and
  have used OpenBSD exclusively since 2001 for all my desktops. A lot of
  people are discovering that OpenBSD does really well as a desktop. With
  the introduction of 4.1, Open Office is supported, not to mention KDE,
  media stuff, a really outstanding population of wireless cards, etc. I
  think there are people who think of OpenBSD as a just a firewall; as
  good (well, wonderful) as pf is, there is so much more there.
3. Re:disk constraints? by Anonymous Coward · 2007-03-26 12:12 · Score: 0
  
  You actually need about 64mb for a compiler. But many people run firewalls off floppies, which don't have that space.
4. Re:disk constraints? by ArbitraryConstant · 2007-03-26 12:33 · Score: 3, Informative
  
  Yup. We do this at work (no link because I'm not spamming). We sell OpenBSD firewalls on minimal hardware (about the size of a broadband router, low power enough to be fanless), and then sell various services on top of that. You can do a surprising amount.
  
  We use flash memory, and the space and rewrite cycle requirements for compiling on this are prohibitive.
  
  --
  I rarely criticize things I don't care about.
5. Re:disk constraints? by Anonymous Coward · 2007-03-26 16:31 · Score: 0
  
  Compile on a vmware or qemu, or other VM. Anybody setting up a tiny flash system surely has a bigger box laying around, right? Disk space is only an issue for people who own only a single machine with a small drive, and those guys must be pretty rare these days because even laptops these days have 60+ GB internal IDE disk.
6. Re:disk constraints? by Lord+Ender · 2007-03-26 16:37 · Score: 1
  
  If OpenBSD is such a great desktop, why is your post formatted so terribly? Do you think you're writing on a typewriter, or does OpenBSD only ship with a crap web browser?
  
  Check this out. I
  can put
  random line
  breaks in my posts, too! It's
  like turning
  everything
  into poetry.
  
  --
  A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
7. Re:disk constraints? by NoMaster · 2007-03-27 00:33 · Score: 1
  
  Some people (*cough* Steve Wozniak *cough*) even see embedded firewall devices that run OpenBSD. They run entirely off flash memory.
  As do I, if I look across the room right now. A mini VIA machine, bought originally to play with, that now boots a stripped-down OpenBSD off a read-only mounted IDE-connected CF card, running firewall & local DNS.
  
  And the point of this article is *stripped down*. Unfortunately, the writer gets it all wrong, re-invents someone else's wheel, and doesn't really solve the problem (if my firewall still had GCC on it I wouldn't need to frack around like he suggests - but a compiler, like the X & Games packages, has no place on a firewall.)
  
  Binary patches - or even binary updates to -current packages & the kernel, maybe located somewhere else in the install tree - would be nice. But I can understand why they don't, and I'm not going to hold it against Theo et al if they don't provide them. I'll just continue to do an in-place upgrade every 6 or 12 months, merging my script and config changes each time.
  
  --
  What part of "a well regulated militia" do you not understand?
Slashvertisement by mandelbr0t · 2007-03-26 11:00 · Score: 4, Insightful

The submitter is just pumping up clicks to his own site. You'll notice that he's also the author of TFA. I don't see that this is a particularly useful system, since you'd just be building binaries on another box anyway. If you're going to do that, you might as well just build an upgrade CD and upgrade through the normal process.

--
"Please describe the scientific nature of the 'whammy'" - Agent Scully
1. Re:Slashvertisement by QuantumG · 2007-03-26 11:17 · Score: 0, Flamebait
  
  Wow, it must be a day for people who don't know the definition of slang terms. A Slashvertisement the term used to imply that some has paid Slashdot to run a story for them.
  
  Seems pretty unlikely in this case doesn't it?
  
  --
  How we know is more important than what we know.
2. Re:Slashvertisement by mandelbr0t · 2007-03-26 12:29 · Score: 1
  
  You got a reference for that? I understand "Slashvertisement" to mean an article posing as news being a means to advertise something/one else. My apologies for my ignorance.
  
  --
  "Please describe the scientific nature of the 'whammy'" - Agent Scully
Don't patch! by had3l · 2007-03-26 11:01 · Score: 3, Funny

I still use version 2.3, I refuse to run an OS that has a blowfish as its mascot.
1. Re:Don't patch! by QuantumG · 2007-03-26 11:22 · Score: 4, Funny
  
  Shit man, what have you got against Puff?
  
  You, me, parking lot.
  
  --
  How we know is more important than what we know.
2. Re:Don't patch! by Anonymous Coward · 2007-03-26 14:39 · Score: 0
  
  Personally, I've got nothing against Puff the Magic Dragon. It is Puff the fucking Blowfish that gets me down.
3. Re:Don't patch! by QuantumG · 2007-03-26 15:18 · Score: 1
  
  He road up stream and cleaned up that town.. how can you not like a hero?
  
  --
  How we know is more important than what we know.
4. Re:Don't patch! by Bazer · 2007-03-26 23:45 · Score: 1
  
  Theo? Is that you?
5. Re:Don't patch! by Brandybuck · 2007-04-01 09:23 · Score: 1
  
  Puff the Magic Blowfish, lived in the sea
  And frolicked in the SCSI disk in a land called Bee Ess Dee.
  Little Theo de Raadt loved that rascal puff,
  And brought him threads and interrupts and other fancy stuff!
  
  --
  Don't blame me, I didn't vote for either of them!
Why not copy-on-write? by Anonymous Coward · 2007-03-26 11:11 · Score: 1, Interesting

The article describes a technique which is in large very inefficient, and wasteful. It is analagous to the notion that a process must be completely copied on fork, however this is not true. Typically the pages used by a child process are copy-on-write, and are only duplicated as the child writes to them. To see the analogy, consider that the article describes this basic process:

(1) Create a new directory (the author creates something in /var).
(2) Unpack a brand new OpenBSD distro and source distro to this directory.
(3) chroot this directory as /
(4) Create a timestamp file using touch (the author calls this a "cookie").
(5) Unpack the modifications to the dummy system. Scripts which refer to absolute path names will work now.
(6) Create a timestamp file using touch.
(7) using find, collect all files that were modified during the time the first and second cookies were made into a tar ball.

This is analagous to copying an entire system, then working on the copy. Rather, why not using a unioning file system? Mount the file system as a unioning file system, thus when a write occurs on a file, it will actually not be modifying the system file system, but a dummy file system, mounted in /tmp or where ever. Once the patch is complete, collect all modified files (the file system will read from the dummy file system automatically) into a tarball as before. This technique has several advantages:

(1) You don't have to re-create the entire system (and upgrade it as necessary).
(2) The dummy file system typically runs in memory (which is very fast, and usually plenty large for a diff-like 'patch').
(3) It seems like a perfect fit for a unioning file system.

I am actually a fan of transactional file systems, but unionfs seems perfect for this. There is a BSD unionfs it seems here: http://people.freebsd.org/~daichi/unionfs/. Also, if you are in Linux, and you want copy-on-write for some reason, check this out: http://www.am-utils.org/project-unionfs.html.
1. Re:Why not copy-on-write? by Anonymous Coward · 2007-04-06 14:38 · Score: 0
  
  unionfs was pulled from the openbsd tree last year.
  
  Here are a couple of the removal commits:
  http://marc.info/?l=openbsd-cvs&m=111706859725229& w=2
  http://marc.info/?l=openbsd-cvs&m=111707147811254& w=2
  
  And here's the why:
  http://marc.info/?l=openbsd-misc&m=110226865110477 &w=2
Factual Errors by DaMattster · 2007-03-26 11:14 · Score: 3, Interesting

Most open source operating systems deliver their patches primarily as source code. I know Free and Net BSD and Linux provide source based patches. In fact, if you track the FreeBSD security announcements and errata information, you download a source code patch in the form of a diff file. To apply the patch, simply make certain you have downloaded the source code in the /usr/src directory and use the patch command. From there, the diffs are applied and you can run make to recompile the patched section. The commercial Linux vendors like Red Hat and SuSE provide binary patches for convenience purposes. The author of this article really should do more homework before making the statement that he did. Personally, I like the patch and compile method. I do know that this is a more secure way of supplying patches because you can read the source code and it makes delivering malware harder. I like to see what is going on behind the scenes.
1. Re:Factual Errors by QuantumG · 2007-03-26 11:19 · Score: 0, Flamebait
  
  Yeah, the summary/article didn't say "Unlike other open source operating systems" ..
  
  --
  How we know is more important than what we know.
2. Re:Factual Errors by Conley+Index · 2007-03-26 11:53 · Score: 1
  
  For FreeBSD, you may also use freebsd-update http://www.freebsd.org/cgi/man.cgi?query=freebsd-u pdate&sektion=8&manpath=FreeBSD+6.0-stable, which is very convenient... not only the "commercial Linux verdors" give you binary patches.
3. Re:Factual Errors by DaMattster · 2007-03-26 13:54 · Score: 1
  
  Hey, that's kind of cool. I didn't know about freebsd-update and I am a FreeBSD admin. That's the cool thing about UNIX like systems. There is always learning. I usually do a cvsup if I want to upgrade the whole thing. For just bugs in BIND or other programs, I grab the patch file.
DO NOT CLICK LINK! troll! by allanw · 2007-03-26 11:18 · Score: 1

i'd mod down if i had any points
Similar to existing techniques? by Anonymous Coward · 2007-03-26 11:23 · Score: 3, Informative

This is a lot like existing techniques, such as Gentoo's installation sandbox: first, a package is installed in a temporary file system, and changes made during the installation are then merged into the live filesystem (if installation was succesful, and none of the newly added files conflict with files already installed).

Furthermore, the FreeBSD manual recommends a similar procedure for automated building of package lists (lists of files installed by a package): create a regular port, install it into a temporary copy of a base filesystem, and use mtree to figure out what files were modified during the installation process. In this case no chroot environment is used, since ports are expected to honour the installation prefix (given in PREFIX).

So it's a pretty well-established technique; I'm not even sure using it to upgrade the base system is novel: as of late, FreeBSD provides binary updates to its operating system in addition to the traditional source upgrades (and binary releases), although I'm not sure how these packages are created.
MY EYES! by Anonymous Coward · 2007-03-26 11:41 · Score: 0

Done. Also, I want my innocence back.

Asmandeus
1. Re:MY EYES! by Anonymous Coward · 2007-03-26 11:52 · Score: 0
  
  Your concern has been noted, and will be dealt with shortly. Please stay on the line until an operator can assist you. Thank you, and have a nice day.
Packages? by Doug+Neal · 2007-03-26 11:45 · Score: 0, Troll

This sounds like a total hassle. What's wrong with proper package management? (I'm not trying to troll, I'd really like to know!)
1. Re:Packages? by Anonymous Coward · 2007-03-26 14:50 · Score: 3, Insightful
  
  I consider OpenBSD my primary desktop OS. Now, having used systems like Debian, I must admit yours is a question that's difficult to answer. I probably can't come up with one that is compelling for all people. But I can take a stab at how I feel about the issue.
  
  If I could use a few words to describe the interaction of base system packages on Linux with the equivalent on BSD, I could describe the BSD scheme with words like "small", "simple", "cohesive", "compact". Although many different software packages are in fact pulled from many different sources (gcc and Xorg are some important examples), there is a sense of it all belonging to a single unit. It is developed together, in the same source tree. If you look at header files, or config files for various daemons, or the source tree itself, or whatever, you get the feeling that it is all one big unit.
  
  If BSD is all these things, then Linux package management can be described as somewhat more "chaotic". This is both good and bad. It is good in the sense that different packages can be developed, configured, and upgraded separately in the base system. This has some benefits, sure. But you also lose some of that cohesion. A simple example: on OpenBSD, you can configure all of the preinstalled daemons in the base system with one fell swoop, by editing the config file /etc/rc.conf. This is accomplished by developers hand tweaking the default config file and the shell scripts that take action upon it. The typical Linux solution is to have the package manager rather chaotically add to /etc/init.d and /etc/rc.* at the whim of potentially thousands of different package authors. There are pros and cons to both approaches, but, it all boils down to a philosophical difference. And between BSD and Linux, there are many philosophical differences. I think a lot of them boil down to the contrast between chaotic and very conservative development.
  
  So, I don't know if I have conclusively answered your question, but this is a small part of my view on the subject.
  
  It might be nice for OpenBSD to provide binary patches. They do, after all, provide binaries for lots of packages in ports. It might also be worthwhile to remember that OpenBSD is relatively small, relatively developer-oriented, and not a rich project. It might not be worth the effort to put lots of different binaries online when they can focus their energies on improving -current.
2. Re:Packages? by mrsbrisby · 2007-03-27 01:24 · Score: 1
  
  This sounds like a total hassle. What's wrong with proper package management? (I'm not trying to troll, I'd really like to know!)
  The only thing wrong with proper package management is that OpenBSD doesn't have it, so you're going to get lots of touchy-feely responses about how it feels better, or is about some matter of taste to do extra work that someone else has already done.
  
  Fortunately, FreeBSD has something _almost_ as good as Slackware's packaging system (which isn't very) so it shows that at least a few *BSDers recognize that there's a problem, any requests for packages in FreeBSD-land are met with "just compile it yourself", and "disks are cheap", and my all time favorite, "your time isn't worth anything".
  
  Besides, ports and cvsup are "good enough" so long as every machine maintains itself, so people who use a *BSD as their "desktop os" aren't noticing the problems anyway. Two or three machines aren't that bad, and anyone maintaining fifty machines has rolled their own solution long ago.
3. Re:Packages? by stripe42 · 2007-03-27 05:29 · Score: 1
  
  Thanks for the description. I haven't really used BSD, but the description -- one big unit -- interests me to try it out.
4. Re:Packages? by evilviper · 2007-03-28 21:50 · Score: 2, Informative
  
  The *BSDs package management is better than any other I've seen, and far better than Slackware's pkgs, which don't manage dependencies at all... OpenBSD just doesn't use packages for the base system (dist sets instead), and doesn't provide updated binaries (for manpower reasons), only source.
  
  Maintenance actually gets easier, the more machines you have. If you need to build from ports for some reason, you only have to do it once, and can distribute the generated packages across as many systems as you want. Ditto for updating the base system, you just have to build it, then you can make dist sets to distribute.
  
  You're not even a good troll.
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
5. Re:Packages? by mrsbrisby · 2007-03-29 05:50 · Score: 1
  
  and far better than Slackware's pkgs, which don't manage dependencies at all...
  Slackware's packages are truly horrible, but dependency tracking isn't very important.
  Maintenance actually gets easier, the more machines you have. If you need to build from ports for some reason, you only have to do it once, and can distribute the generated packages across as many systems as you want.
  Of course it should get easier. If maintenance got harder then nobody would use FreeBSD. You're missing the point. If I build the packages from source, then there's exactly _one person_ doing QA for my packages, and that's me. Obviously, if I use someone elses' packages, then I get to share their QA.
  
  If I distribute the generated packages, and I am doing the QA, then I am doing things that almost every other packaging systems do for me. At least slackware users can share the QA to make sure the packages work.
  
  Sharing cpu-time isn't the only think Linux users are sharing.
  You're not even a good troll.
  And you're the problem with FreeBSD. You keep saying "everything's fine here- no wait- everything is _superior_ here. No problems whatsoever. we're ready for prime time", when FreeBSD has some serious catching up to do.
  
  Fortunately, other FreeBSD developers aren't as stupid as you, and are actually working to fix their flaws.
6. Re:Packages? by evilviper · 2007-03-29 15:03 · Score: 1
  
  If I build the packages from source, then there's exactly _one person_ doing QA for my packages, and that's me. Obviously, if I use someone elses' packages, then I get to share their QA.
  
  You've completely and utterly ignored a key point:
  
  "If you need to build from ports for some reason,"
  
  FreeBSD, NetBSD, and OpenBSD provide full packages of almost all of their ports (a few have licensing issues), just like Linux.
  when FreeBSD has some serious catching up to do.
  
  You haven't mentioned one single issue where FreeBSD is behind. You just blindly assert that they are, somewhere, somehow...
  
  Prove it. Stop hiding behind vague statements that can't be pinned down.
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Wow, no substitute for good programming by Anonymous Coward · 2007-03-26 12:41 · Score: 0

It's really a shame they couldn't be bothered to program it right the first time.
Where dreams are crushed. by Lethyos · 2007-03-26 12:55 · Score: 2

This is the beauty of peer review, especially from a group as vicious as Slashdot. I imagine the author of this process was so pleased with himself and excited to share his ingenuity with the world, only to submit it here and have his ideas stomped, blasted, toasted, dragged through mud, and rendered to pieces. Not that I would suggest we do anything different, but sometimes I cannot help but to admire the crucible that is public forum.

--
Why bother.
Yeah, totally well-supported comment, dude. by Lethyos · 2007-03-26 12:58 · Score: 1

I agree. PF is just like so totally awesome and everything else is like major sucks. Because I say so.

--
Why bother.
Re:Who cares by Anonymous Coward · 2007-03-26 14:53 · Score: 0

BSD is dieing. Netcraft confirms it. You're lieing and I'm crieing that BSD is dieing
So start tieing your shoez cuz I'm bieing the drinks.
And OpenBSD is made by frieing some chinks. Word!
Why on the desktop? by zsau · 2007-03-26 15:09 · Score: 1

I currently use Debian on my desktop; I used to use FreeBSD. Given that both of these are aimed at being general purpose operating systems, whereas OpenBSD is at least perceived as being primarily a firewall/server operating system, why would you choose to use OpenBSD on your desktop instead of something more general purpose? What advantages and limitations does it have over GNU/Linux distributions or FreeBSD as a desktop? Is it something along the lines of you know it from your firewall so you'll use it on your desktop, or do you feel it's independently the best OS for the job?

(I use Debian GNU/Linux largely for hardware support; at least at the time I installed it, no BSD supported my PPC64. That's probably changed, but if it ain't broke, don't fix it eh?)

--
Look out!
OBSD patching explained to us mere mortals by OpenBSD101 · 2007-03-26 18:13 · Score: 0

From OpenBSD 101: http://www.openbsd101.com/patching.html
1. Re:OBSD patching explained to us mere mortals by Anonymous Coward · 2007-03-26 20:21 · Score: 0
  
  Oh goody, as if the story wasn't enough spam, but then you come along to add to it, why thank you, it's wonderful that you'd link such a rotten pile of GNUisms and stupid ideas, it's just what OpenBSD newbies need, to be told to do stupid shit.
Article: Testdriving -current by hubertf · 2007-03-26 21:05 · Score: 0, Offtopic

FWIW I've written the following article on how to testdrive (NetBSD, but that shouldn't matter) -current on a 'release' system quite some time ago:

http://www.feyrer.de/NetBSD/testdriving-current.ht ml

Maybe it's of interest to someone. Enjoy!

- Hubert
Just like Gerardo Santana's work by gwolf · 2007-03-27 04:19 · Score: 3, Informative

Gerardo Santana worked on a project implementing binary patches for OpenBSD at least since 2001. His code is quite reliable, IIRC he basically lacked the needed machines to create the patches for all the OBSD officially supported architectures.