BSD Updates and Installs

BSD Updates and Building from Source

sysctl options

This is a collection of different configuration and install options for network performance that exists elsewhere, but are consolidated here.

BSD Update Notes for OpenBSD and FreeBSD, check http://www.openbsd.org and http://www.freebsd.org for the most up-to-date instructions.

OpenBSD CVS notes

#NOTE: Make sure to pick servers close to you.
CVSROOT=anoncvs@anoncvs1.usa.openbsd.org:/cvs
export CVSROOT
PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/`uname -r`/packages/`uname -m`/
export PKG_PATH

#First checkout the source
cd /usr
cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_6_6 -P src
cd /usr
cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_6_6 -P ports
cd /usr
cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_6_6 -P xenocara

#Getting source updates after the initial checkout
cd /usr/src;
cvs -q up -rOPENBSD_6_6 -Pd;

#Getting port updates
cd /usr/ports;
cvs -q up -rOPENBSD_6_6 -Pd;

#Getting xenocara updates
cd /usr/xenocara;
cvs -q up -rOPENBSD_6_6 -Pd;


#Rebuilding the kernel
#To rebuild the default kernel from stable:
cd /usr/src/sys/arch/`uname -m`/conf
/usr/sbin/config GENERIC.MP
cd ../compile/GENERIC.MP
make obj && make clean && make && make install

#Replace amd64 with your architecture, e.g. sparc, alpha, etc.
#Old kernel will be available as /obsd, new kernel as /bsd
#Rebooting with the new kernel
reboot

#As above, substitute your architecture for amd64. 
#If your system has trouble booting the new kernel, 
#you can easily go back and reboot from the old kernel, 
#now called obsd.
#Rebuilding the binaries

#To rebuild the system binaries:

rm -rf /usr/obj/*
cd /usr/src
make obj && make build

#This will take awhile... 

Binary only updates for OpenBSD

There is now a feature called sysupgrade, that walks through the process of automatically updating OpenBSD and rebooting and installing.

# sysupgrade

Full Disk Encryption on OpenBSD

Even though I have typed this a number of times, these are the steps to create the softraid0 and encrypt the drive before installing on OpenBSD referenced in the OpenBSD FAQ

Welcome to the OpenBSD/amd64 X.X installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s
# cd /dev && sh MAKEDEV sd0
# dd if=/dev/urandom of=/dev/rsd0c bs=1m
# fdisk -iy -g -b 960 sd0
# disklabel -E sd0
Label editor (enter '?' for help at any prompt)
sd0> a a			
offset: [64]
size: [39825135] *
FS type: [4.2BSD] RAID
sd0> w
sd0> q
No label changes.
# bioctl -c C -l sd0a softraid0
New passphrase:
Re-type passphrase:
sd1 at scsibus2 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed
sd1: 19445MB, 512 bytes/sector, 39824607 sectors
softraid0: CRYPTO volume attached as sd1
# cd /dev && sh MAKEDEV sd1
# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
# exit

The OpenBSD installer now runs, and when you get to the root drive selection, select the one newly created device which is sd1 in this example

[...]
Available disks are: sd0 sd1.
Which disk is the root disk? ('?' for details) [sd0] sd1

Binary only updates for FreeBSD

freebsd-update fetch install

FreeBSD Rebuild for World and Kernel

#The following steps assume that you have checked out the latest
#source for a stable branch from the FreeBSD subversion
svnlite checkout http://svn0.us-east.FreeBSD.org/base/head /usr/src
#Then run the following to update
cd /usr/src
svnlite update
cd /usr/src && make buildworld && make buildkernel KERNCONF=NEWCONF
#Install in single-user or reboot with secure-level off depending on your setup
cd /usr/src/ && make installkernel KERNCONF=NEWCONF && mergemaster -pa && make installworld && make BATCH_DELETE_OLD_FILES=yes delete-old && mergemaster -iFU
#Port Updates:
portaudit -Fda
portsnap fetch extract
portupgrade -fa

Binary only updates for HardenedBSD

hbsd-update -V

If you are using ZFS, you can perform the update in a boot environment for testing:

hbsd-update -b update-test -V

This will create a boot environment called update-test, install the OS updates there and set it to mount on the next boot.

Copyright © 2020 Daemon Security Inc. | Privacy Policy
Terms and Conditions | Email Daemon Security
443-579-5162