Hi Jay, Jay Hart wrote on Tue, Aug 13, 2019 at 08:55:33PM -0400:
> Currently have 6.5 stable installed on my router/firewal. > > My /usr partition is a bit on the "too loaded" side, space wise. > Its a 2GB partition with 1.8GB being used (175MB being reported as free). > I also have the following '/usr' dedicated slices (as > separate partitions): > > /usr/local > /usr/X11R6 > /usr/obj > /usr/src > > I haven't been compiling anything since 6.3 or 6.2, > so I haven't loaded the src tarballs in a while. I'm not convinced /usr/src/ is really needed on a router/firewall, in particular not since syspatch(8) has been available since OpenBSD 6.1. Having /usr/src/ around can be useful for various purposes: * bleeding edge development on -current * testing backported security or reliability patches on -stable * testing experimental private patches to the base system But i doubt that a production firewall is a good place for doing any of that. The fact that you didn't actually use /usr/src/ for more than a year confirms my argument that it usually won't be needed. The only reason i can think of that might make sense for having /usr/src/ around on a production server is if you want to backport selected bugfix patches to selected programs that no official patches are issued for but that matter for you for specific reasons (for example, i do that for mandoc(1) and man.cgi(8) on man.openbsd.org which is otherwise running -stable). That is not a typical need at all, though. People choose -stable when low maintenance effort and low danger of regressions matters more than having all the latest minor bugs fixed. So why would you then go ahead and fix minor issues manually anyway - risking regressions in case you botch a backport that you do yourself? All this applies to /usr/xenocara/, too, and even more so. Few parts of X11 will ever be used on a firewall, so it is very unlikely that applying minor patches to xenocara by hand on a firewall provides any benefit. > /usr/xenocara currently is using 650MB of space and it looks like > the last data set installed was Oct of 2018. On machines where i do install /usr/xenocara/ because i might do X11 developmenmt there, i usually put it on its own partition. The /usr/ partition does not look like its best home to me in the first place. For starters, /usr/xenocara/ can be mounted nosuid... But i don't recall ever installing it on a firewall, or ever using it on any kind of a server - and that even though i did commit a number of patches to xenocara in the past. > I used 'sysclean' to remove all unneeded files this evening. > > Going to assume I can remove all the data within the xenocara > directory to free up some space. > Would 'rm -f /usr/xenocara' be the best command to use? Well, i guess you mean 'rm -rf /usr/xenocara'. Unless you have put private data or patches somewhere below that directory that you want to preserve, i don't see how doing that could adversely affect the operation or maintenenace of a firewall. > In lieu of cleaning xenocara, what else would you recommend? /usr/xenocara/ looks like an excellent candidate for removal, even before using sysclean IMHO, so i don't see much need to look any further unless you put some other data into the /usr/ partition that doesn't belong there in the first place. Yours, Ingo
