Become a fan of Slashdot on Facebook


Forgot your password?
Upgrades BSD

Making OpenBSD Binary Patches With Chroot 66

Lawrence Teo writes "Unlike other operating systems, patches for the OpenBSD base system are distributed as source code patches. These patches are usually applied by compiling and installing them onto the target system. While that upgrade procedure is well documented, it is not suitable for systems that don't have the OpenBSD compiler set installed for whatever reason, such as disk-space constraints. To fill this gap, open source projects like binpatch were started to allow administrators to create binary patches using the BSD make system. This article proposes an alternative method to build binary patches using a chroot environment in an attempt to more closely mirror the instructions given in the OpenBSD patch files."
This discussion has been archived. No new comments can be posted.

Making OpenBSD Binary Patches With Chroot

Comments Filter:
  • by 00_NOP ( 559413 ) on Monday March 26, 2007 @06:55PM (#18494597) Homepage
    Linux patches are also distributed as source code. Indeed, isn't this the old skool *nix way, full stop?
    • by QuantumG ( 50515 ) <> on Monday March 26, 2007 @07:26PM (#18494941) Homepage Journal
      There's this other OS you might have heard of, it's called "Windows". Stupid name, I know. They distribute their patches as binaries. I also heard there's this other OS, it's something like "Tiger" or "Panther" or something and they do the same thing.

      I know every fourth word out of Theo's mouth is a slight against Linux, but that doesn't mean everyone related to OpenBSD does this.
      • Re: (Score:1, Offtopic)

        Without wanting to start a fight or anything, I genuinely don't see how the grandparent is slighting linux here. You can for a lot of linux OSes get the patches as source code. Sure, Windows doesn't, but that's not linux, which the grandparent specifically asked about. As for Mac OS, I don't know whether you can get the patches as source, but I imagine not.
        • The kernel and low-level stuff is open, so I suppose if you are so inclined you can download the latest darwin sources/patches and compile them. The GUI-type stuff is closed, though, so binary patches for that.
  • Slashvertisement (Score:5, Insightful)

    by mandelbr0t ( 1015855 ) on Monday March 26, 2007 @07:00PM (#18494647) Journal
    The submitter is just pumping up clicks to his own site. You'll notice that he's also the author of TFA. I don't see that this is a particularly useful system, since you'd just be building binaries on another box anyway. If you're going to do that, you might as well just build an upgrade CD and upgrade through the normal process.
    • Re: (Score:1, Flamebait)

      by QuantumG ( 50515 )
      Wow, it must be a day for people who don't know the definition of slang terms. A Slashvertisement the term used to imply that some has paid Slashdot to run a story for them.

      Seems pretty unlikely in this case doesn't it?
      • You got a reference for that? I understand "Slashvertisement" to mean an article posing as news being a means to advertise something/one else. My apologies for my ignorance.
  • by had3l ( 814482 ) on Monday March 26, 2007 @07:01PM (#18494657)
    I still use version 2.3, I refuse to run an OS that has a blowfish as its mascot.
  • by Anonymous Coward
    The article describes a technique which is in large very inefficient, and wasteful. It is analagous to the notion that a process must be completely copied on fork, however this is not true. Typically the pages used by a child process are copy-on-write, and are only duplicated as the child writes to them. To see the analogy, consider that the article describes this basic process:

    (1) Create a new directory (the author creates something in /var).
    (2) Unpack a brand new OpenBSD distro and source distro to thi
  • Factual Errors (Score:4, Interesting)

    by DaMattster ( 977781 ) on Monday March 26, 2007 @07:14PM (#18494809)
    Most open source operating systems deliver their patches primarily as source code. I know Free and Net BSD and Linux provide source based patches. In fact, if you track the FreeBSD security announcements and errata information, you download a source code patch in the form of a diff file. To apply the patch, simply make certain you have downloaded the source code in the /usr/src directory and use the patch command. From there, the diffs are applied and you can run make to recompile the patched section. The commercial Linux vendors like Red Hat and SuSE provide binary patches for convenience purposes. The author of this article really should do more homework before making the statement that he did. Personally, I like the patch and compile method. I do know that this is a more secure way of supplying patches because you can read the source code and it makes delivering malware harder. I like to see what is going on behind the scenes.
  • by Anonymous Coward on Monday March 26, 2007 @07:23PM (#18494927)
    This is a lot like existing techniques, such as Gentoo's installation sandbox: first, a package is installed in a temporary file system, and changes made during the installation are then merged into the live filesystem (if installation was succesful, and none of the newly added files conflict with files already installed).

    Furthermore, the FreeBSD manual recommends a similar procedure for automated building of package lists (lists of files installed by a package): create a regular port, install it into a temporary copy of a base filesystem, and use mtree to figure out what files were modified during the installation process. In this case no chroot environment is used, since ports are expected to honour the installation prefix (given in PREFIX).

    So it's a pretty well-established technique; I'm not even sure using it to upgrade the base system is novel: as of late, FreeBSD provides binary updates to its operating system in addition to the traditional source upgrades (and binary releases), although I'm not sure how these packages are created.
  • by Lethyos ( 408045 ) on Monday March 26, 2007 @08:55PM (#18495815) Journal

    This is the beauty of peer review, especially from a group as vicious as Slashdot. I imagine the author of this process was so pleased with himself and excited to share his ingenuity with the world, only to submit it here and have his ideas stomped, blasted, toasted, dragged through mud, and rendered to pieces. Not that I would suggest we do anything different, but sometimes I cannot help but to admire the crucible that is public forum.

  • FWIW I've written the following article on how to testdrive (NetBSD, but that shouldn't matter) -current on a 'release' system quite some time ago: ml []

    Maybe it's of interest to someone. Enjoy!

      - Hubert
  • by gwolf ( 26339 ) <gwolf AT gwolf DOT org> on Tuesday March 27, 2007 @12:19PM (#18502567) Homepage
    Gerardo Santana worked on a project implementing binary patches for OpenBSD [] at least since 2001. His code is quite reliable, IIRC he basically lacked the needed machines to create the patches for all the OBSD officially supported architectures.

Forty two.