OpenBSD Sources: Setup, Maintenance, and Compile Notes

Purchase an official OpenBSD CD-ROM set if possible: an official CD is likely more trustworthy than obtaining the sources online, and saves on download bandwidth. If paranoid, maintain several source directories from various sources, and compare them for differences; also, keep the source directories under the control of something that can audit them for changes (tripwire, mtree, or similar).

These notes cover OpenBSD 3.4. Assuming no major changes in how the source code is distributed, subsequent releases will use 3.5 or OPENBSD_3_5 and so forth for version numbers.

  1. Create the required directory structure.
  2. The sources can be maintained on any system that has a filesystem compatible with the OpenBSD Unix File System (UFS). A notable exception is the case-folding Extended Hierarchical File System (HFS+) used by default on Appleā€™s Mac OS X: use a UFS disk image or partition formatted with UFS in this case.

    If none of the systems being maintained require X11, then skip the various XF4 related notes.

    $ export TARGETDIR=/install/openbsd/3.4/sources/cd
    $ mkdir -p $TARGETDIR/{src,ports,XF4}

  3. Expand the sources.
  4. The sources should be present on CD3 (sparc and sparc64) in gzipped tar format.

    The tarball contents should be inspected before expansion; the src tarball currently does not use a subdirectory internally like ports and XF4, so a different tar command is required depending on the tarball in question.

    $ tar xzfC src.tar.gz $TARGETDIR/src
    $ tar xzfC ports.tar.gz $TARGETDIR
    $ tar xzfC XF4.tar.gz $TARGETDIR

  5. Update source directories to the latest stable release.
  6. The above step saves the CD-ROM sources under /install/openbsd/3.4/sources/cd. If disk space allows, maintain the stable release source trees in a different directory tree, such as under /install/openbsd/3.4/sources/stable. This allows comparison between the CD-ROM release and current sources, and the directory structure allows other source trees to be saved under the sources directory, for instance from different online sources to check whether the mirrors agree on what the source code looks like.

    This may be done via one of several methods, and will need to be done over time as security problems and other issues arise. I follow anonymous Concurrent Versioning System (CVS), and manually apply security patches if the CVS sites are overloaded.

    Updating requires a system with the update utilities, which depend on the method: cvs(1) and ssh(1) for anonymous CVS, or patch(1) to apply the errata patches.

    For the src tree, manual patches will follow a stable security release. The patches are usually more available than the CVS servers following a security announcement and easy to review. However, the various source trees are usually updated from CVS with bugfixes that do not make it to the Errata page.

    An anonymous CVS update may take some time. Ensure the process is run in the background or under a screen(1) session to avoid interrupts.

    $ export CVSROOT=anoncvs@anoncvs1.usa.openbsd.org:/cvs
    $ cvs -z3 update -rOPENBSD_3_4 -Pd src ports XF4 |& tee ~/cvsuplog

  7. Build packages.
  8. To simplify installation of systems dedicated to building software, create packages of the clean source and ports trees. First ensure the permissions are correct, then use something like the following commands to build src34.tgz and ports34.tgz, which can be then moved to a release directory (containing bsd, base34.tgz, and so forth) for easy installation.

    # cd /
    # tar czpf src35.tgz /usr/src/
    # tar czpf ports35.tgz /usr/ports/

  9. Compile the Sources.
  10. Unlike previous steps, the compile must be done on an OpenBSD system with the compilers installed. See the release(8) man page and related documentation for notes on how to build a new kernel, the sources, and create a new release.

    If possible, maintain a clean checkout of the sources, and compile against a different (copy to new build directory) or read-only copy (via a Network File System (NFS) mount). This prevents the build process from corrupting the sources. If space is limited, compress the gold copy of the sources before building, then restore from the compressed archive.

    The resulting releases can be stored under a directory layout similar to the one for the sources above, where the entire contents of the 3.4 CD-ROMs are copied under /install/openbsd/3.4/release/cd and subsequent releases built are saved under /install/openbsd/3.4/release/stable-YYYY-MM-DD-NN plus a softlink pointer for stable to point at the most recent known good release build.

    If the install is being done via one of the network methods, the install path will look something like: /install/openbsd/3.4/release/cd/3.4/i386 for a CD-ROM build or /install/openbsd/3.4/release/stable/3.4/sparc64 for the most recent release built for Sparc64 systems on a build host.