ctors.net
Blog tvlooy

Install OpenBSD from USB and apply patches

openbsd | July 22, 2015

Create USB installer

This are instructions for OpenBSD 5.7. First download install57.fs from a mirror.

I'm using Linux on my laptop and my USB stick is at /dev/sdb. Make sure you unmounted the filesystems (eg: umount /dev/sdb1, check with mount command). Write the image to the stick with dd.

sudo dd if=~/Downloads/install57.fs of=/dev/sdb bs=1M

Boot from the stick and install OpenBSD. See the FAQ if you are not familiar with this.

Apply patches

You can't binary upgrade your system to apply security patches (other than upgrading to snapshots which gives you a cutting edge system, not just patches). That sucks if you have to compile stuff on a Soekris i386 with an AMD Geode CPU at 434 MHz.

You could follow the -stable branch in CVS or apply the patches manually like I do.

First get the code from tar.gz

pkg_add -i wget cd /root wget http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/5.7/ports.tar.gz wget http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/5.7/sys.tar.gz wget http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/5.7/src.tar.gz cd /usr/src tar xzf /root/sys.tar.gz tar xzf /root/src.tar.gz cd /usr tar xzf /root/ports.tar.gz rm -rf /root/sys.tar.gz /root/src.tar.gz /root/ports.tar.gz

Now go to the OpenBSD errata and follow the instructions for every patch file. For example patch 8 for smtpd:

cd /root wget http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/008_smtpd.patch.sig signify -Vep /etc/signify/openbsd-57-base.pub -x 008_smtpd.patch.sig \ -m - | (cd /usr/src && patch -p0) cd /usr/src/usr.sbin/smtpd make obj make make install

That's it. Every patch has it's own instructions so read carefully.