OpenBSD binpatches and package updates

Datetime:2016-08-22 22:47:24          Topic:          Share

Introduction

Keeping your installed OpenBSD packages up to date is hard and time-consuming. Nobody wants to read the mailing lists to spot security fixes and/or updates never mind wanting to build new packages from their ports tree and manually install them on each of their servers and/or desktops.

For this reasonM:Tier is launching a new package repository which includes the latest security fixes and critical updates for OpenBSD since 5.3

It's easy to setup and even easier to maintain…you don't need to do anything anymore. M:Tier will even notify you by e-mail if there's an update available (unless you opt-out).

Service levels

M:Tier offers two service levels:

  • LTS : binpatches, LTS package updates and support for the two most recent releases
  • free : binpatches and stable packages for the most recent release
The LTS level is only available for subscribers, so sign up today

!

But wait, there's more!

M:Tier has continued it'sBinpatch service in this new infrastructure. Our Binpatches provide you with convenient packages to apply official errata for stable releases.

In addition to binpatch updates which are part of the free service and includes the most recent release, we offer our stable updates for OpenBSD packages built from the official OpenBSD ports tree . And for our LTS subscribers we offer backports for the two most recent releases. M:Tier will ensure that the packages it builds on your behalf are genuine, made possible thanks to M:Tier's signed packages. This will provide the total assurance that any package you download was built by M:Tier, and only M:Tier.

Remember that this service wouldn't be possible without the efforts by the OpenBSD community . So please consider donating or buying a CD-set .

openup(8)

openup is a small utility for OpenBSD that can be run standalone or from cron(8) and that checks for security updates in both packages and the base system. It uses the standard pkg tools.

Read more ordownload.

Notifications

New packages (both third party packages and binpatches) are built as soon as an update is committed to OpenBSD's CVS tree. Once the package has been validated and uploaded a notification will be sent out to our subscribers by e-mail. For a greater level of trust our notifications have been GPG signed. These e-mails can be verified after importing our key into your keyring:

gpg --recv-keys 9F50B17B

Announcements on Twitter

will be made as soon as new packages are available.

TL;DR

Packages for OpenBSD's -stable releases, built for you to keep your -stable system up to date with the most recent security fixes. Includes binpatches and packages for premium users and binpatches for users of the free service.

Getting started

Installation instructions

Please note that if you useopenup you can skip these steps as openup will take care of that for you! So go ahead anddownload openup now.

Several steps are needed in order to use M:Tier's OpenBSD stable packages, these are listed below:

1) Install the M:Tier public key

Retrieve thekey and install it as:

/etc/signify/mtier-59-pkg.pub

2) Update your PKG_PATH

Please update your $PKG_PATH environment variable to:

PKG_PATH=https://stable.mtier.org/updates/$(uname -r)/$(arch -s):${PKG_PATH}

For example:

PKG_PATH=http://ftp.fr.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(arch -s) PKG_PATH=https://stable.mtier.org/updates/$(uname -r)/$(arch -s):${PKG_PATH} export PKG_PATH

Alternatively you may replace $(arch -s) with ${ARCH}

and export that variable too. This can currently simplify installing new binpatches. For OpenBSD 5.8 and 5.9 both binpatches and packages are freely available, for OpenBSD 5.7 binpatches and packages are available to subscribers.

Usage

Updating all packages to their latest stable version is just a matter of running:

pkg_add -u

Installing binpatches

Since binpatches will update parts of the base system, you have to manually install them for now. When an update is available for a binpatch you will be able to update it with pkg_add -u like a regular package.

Installing a binpatch works just like a regular package. So for example:

pkg_add binpatch59-amd64-sshd-1.0.tgz

rsync

It's also possible to mirror our packages locally using rsync

:

rsync -av rsync://stable.mtier.org/OpenBSD-Stable/ .

Questions?

In case you have any questions, concerns, or having issues getting started using the service, please contact M:Tier viae-mail or @mtierltd .