David Newman wrote: > I have two machines: > > - Machine A, a single i386 box without enough disk space to unpack the > source tree > > - Machine B, a two-CPU i386 box running bsd.mp with plenty of disk > > My questions: > > 1. For purposes of applying kernel security patches, can I compile a > patched kernel on Machine B and just transfer it over to Machine A and > reboot?
Of course... :) > 2. If the answer to (1) is yes, what if anything do I need to do with > userland on Machine A? For example, how would I apply patch 001 for 4.0, > which is just for httpd? IF you really know exactly what files are altered, build 'em on your fast, big machine and copy them over to your small machine, making sure you get permissions and such correct. IF you do not know for sure which files are altered, I'd suggest just making your life simple, and follow stable, make a release, and install that on the small machine (and any others). When staying with stable, the process is trivial: unpack all .tgz files (don't forget the 'p' option!!), install the kernel, reboot. If your big, fast machine has some time when no one would notice, you might even want to set it up to periodically make a -stable release for you (yes, the official instructions say "reboot between building the kernel and the userland", but since the API doesn't change in -stable, you can almost always get away without the reboot. In fact, on my -stable build machine (actually, a VMware session) at work, I only reboot the thing to make sure the build is good before installing it on a critical machine. AGAIN, if you know exactly what subset of things need to be patched, (for example, httpd), you could just stop and start that one service, but usually, by the time you have figured that all out, you could have just rebooted. See: http://www.openbsd.org/stable.html http://www.openbsd.org/faq/faq5.html , especially sections 5.1, 5.4 http://www.openbsd.org/faq/faq4.html#AddFileSet Nick. (who runs ONLY enough -release/-stable to verify the upgradeXX.html instructions are valid)
