Slashdot Mirror

← Back to Stories (view on slashdot.org)

Making OpenBSD Binary Patches With Chroot

Posted by kdawson on from the sometimes-a-cigar-is-just-a-stogie dept.

Lawrence Teo writes "Unlike other operating systems, patches for the OpenBSD base system are distributed as source code patches. These patches are usually applied by compiling and installing them onto the target system. While that upgrade procedure is well documented, it is not suitable for systems that don't have the OpenBSD compiler set installed for whatever reason, such as disk-space constraints. To fill this gap, open source projects like binpatch were started to allow administrators to create binary patches using the BSD make system. This article proposes an alternative method to build binary patches using a chroot environment in an attempt to more closely mirror the instructions given in the OpenBSD patch files."

3 of 66 comments (clear)

  1. Similar to existing techniques? by Anonymous Coward · · Score: 3, Informative

    This is a lot like existing techniques, such as Gentoo's installation sandbox: first, a package is installed in a temporary file system, and changes made during the installation are then merged into the live filesystem (if installation was succesful, and none of the newly added files conflict with files already installed).

    Furthermore, the FreeBSD manual recommends a similar procedure for automated building of package lists (lists of files installed by a package): create a regular port, install it into a temporary copy of a base filesystem, and use mtree to figure out what files were modified during the installation process. In this case no chroot environment is used, since ports are expected to honour the installation prefix (given in PREFIX).

    So it's a pretty well-established technique; I'm not even sure using it to upgrade the base system is novel: as of late, FreeBSD provides binary updates to its operating system in addition to the traditional source upgrades (and binary releases), although I'm not sure how these packages are created.

  2. Re:disk constraints? by ArbitraryConstant · · Score: 3, Informative

    Yup. We do this at work (no link because I'm not spamming). We sell OpenBSD firewalls on minimal hardware (about the size of a broadband router, low power enough to be fanless), and then sell various services on top of that. You can do a surprising amount.

    We use flash memory, and the space and rewrite cycle requirements for compiling on this are prohibitive.

    --
    I rarely criticize things I don't care about.
  3. Just like Gerardo Santana's work by gwolf · · Score: 3, Informative

    Gerardo Santana worked on a project implementing binary patches for OpenBSD at least since 2001. His code is quite reliable, IIRC he basically lacked the needed machines to create the patches for all the OBSD officially supported architectures.