santana / binpatch
- Source
- Commits
- Network (0)
- Issues (0)
- Downloads (0)
- Wiki (1)
- Graphs
-
Tree:
e850b7a
Ports-like framework for creating binary patches for OpenBSD
Gerardo Santana (author)
Mon Apr 21 21:28:06 -0700 2008
binpatch / README
| e850b7a5 » | Gerardo Santana | 2008-04-21 | 1 | = The binpatch framework | |
| 18435074 » | convexo | 2005-12-05 | 2 | ||
| 3 | Table of contents | ||||
| 4 | |||||
| 5 | 1. What is binpatch | ||||
| 6 | 2. Why binary patches | ||||
| 7 | 3. Using binpatch | ||||
| 8 | 3.1 Maintenance | ||||
| 9 | 3.2 Building a binary patch | ||||
| 10 | 3.3 Installation | ||||
| 892ab4ce » | convexo | 2005-12-16 | 11 | 4. Download | |
| 18435074 » | convexo | 2005-12-05 | 12 | ||
| e850b7a5 » | Gerardo Santana | 2008-04-21 | 13 | == 1. What is binpatch | |
| 18435074 » | convexo | 2005-12-05 | 14 | ||
| 15 | binpatch is a framework for creating binary patches for OpenBSD on all | ||||
| 16 | platforms in a semi-automatic way. It can automatically download the | ||||
| 17 | source patches published on http://www.openbsd.org/errata.html, apply them, | ||||
| 18 | build them, and package the result into binary patches. | ||||
| 19 | |||||
| 20 | These binary patches in turn can be distributed across a network and applied | ||||
| 21 | easily to any number of servers with a custom script. Since they are just | ||||
| 22 | simple compressed tar balls with the programs/libraries patched, applied is | ||||
| dc362483 » | convexo | 2005-12-16 | 23 | as easy as: | |
| 24 | |||||
| 25 | # tar xzpf binpatch-3.8-i386-001.tgz -C / | ||||
| 18435074 » | convexo | 2005-12-05 | 26 | ||
| e850b7a5 » | Gerardo Santana | 2008-04-21 | 27 | == 2. Why binary patches | |
| 18435074 » | convexo | 2005-12-05 | 28 | ||
| 29 | Binary patches is a convenient way to keep your servers up to date with | ||||
| 30 | security and reliability patches. Unlike the traditional method of patching | ||||
| 31 | the source tree, applying binary patches doesn't need extra disk space to | ||||
| 32 | hold the whole source tree, compilers or a powerful enough CPU to build the | ||||
| 33 | programs patched in a reasonable period of time. | ||||
| 34 | |||||
| e850b7a5 » | Gerardo Santana | 2008-04-21 | 35 | == 3. Using binpatch | |
| 18435074 » | convexo | 2005-12-05 | 36 | ||
| 37 | The binpatch framework resemblances the OpenBSD ports subsystem in many ways. | ||||
| 38 | It's no coincidence since binpatch took ideas from the OpenBSD ports | ||||
| 39 | subsystem. | ||||
| 40 | |||||
| 41 | binpatch is a make script with routines that automate downloading, applying, | ||||
| 42 | building and packaging binary patches. Using binpatch means executing the | ||||
| 43 | following tasks: maintenance, building and installation. | ||||
| 44 | |||||
| 45 | Maintenance and building are not intended for end users of binary patches. If | ||||
| 46 | you are insterested only on installing a binary patch you can safely skip the | ||||
| 47 | following two sections. | ||||
| 48 | |||||
| e850b7a5 » | Gerardo Santana | 2008-04-21 | 49 | === 3.1 Maintenance | |
| 18435074 » | convexo | 2005-12-05 | 50 | ||
| 51 | The magic in binpatch must be invoked by a custom Makefile that informs | ||||
| 52 | binpatch about the patches available and how they should be built. It's similar | ||||
| 53 | as making a port, where you need to write a Makefile with directions about how | ||||
| 54 | a port must be built. A sample self-documented Makefile is included in this | ||||
| 55 | distribution. After editing a Makefile, we have to build the patched files. | ||||
| 56 | |||||
| 57 | This is the sequence of targets: | ||||
| 58 | |||||
| 59 | init: "fake" install of a complete OpenBSD system | ||||
| 60 | extract: unpacks the OpenBSD sources | ||||
| 61 | patch: downloads the patch given from the master site and applies it | ||||
| 62 | build: builds the programs/libraries affected | ||||
| 63 | plist: creates the PLIST with the names of the files modified | ||||
| 64 | |||||
| 65 | There's no fetch target. binpatch doesn't currently download neither the | ||||
| 66 | installation sets nor the sources. You have to put them manually under the | ||||
| 67 | required directory. | ||||
| 68 | |||||
| 69 | The binpatch directory structure must be like this: | ||||
| 70 | |||||
| 71 | binpatch/ | ||||
| 72 | | | ||||
| 73 | +--- Makefile | ||||
| 74 | | | ||||
| 75 | +--- bsd.binpatch.mk | ||||
| 76 | | | ||||
| 77 | +--- distfiles/ | ||||
| 78 | | | | ||||
| 79 | | +--- i386/ (installation sets here) | ||||
| 80 | | | | ||||
| 81 | | +--- src.tar.gz | ||||
| 82 | | | | ||||
| 83 | | +--- sys.tar.gz | ||||
| 84 | | | ||||
| 85 | +--- packages/ | ||||
| 86 | | | ||||
| 87 | +--- patches/ | ||||
| 88 | | | | ||||
| 89 | | +--- common/ | ||||
| 90 | | | | ||||
| 91 | | +--- i386/ | ||||
| 92 | | | ||||
| 93 | +--- pkg/ | ||||
| 94 | | | | ||||
| 95 | | +--- PLIST-i386-001 (PLIST files here) | ||||
| 96 | | | ||||
| dc362483 » | convexo | 2005-12-16 | 97 | +--- work-binpatch-3.7/ | |
| 18435074 » | convexo | 2005-12-05 | 98 | | | |
| 99 | +--- fake/ | ||||
| 100 | | | ||||
| 101 | +--- obj/ | ||||
| 102 | | | ||||
| 103 | +--- src/ | ||||
| 104 | |||||
| 105 | All directories, except for distfiles, are created by binpatch. | ||||
| 106 | |||||
| 107 | Building the patches files is as easy as: | ||||
| 108 | |||||
| 109 | # make PATCH="001" build | ||||
| 110 | |||||
| 111 | or: | ||||
| 112 | |||||
| 113 | # make PATCH="001" | ||||
| 114 | |||||
| 115 | since build is the default target. build will run all the previous steps | ||||
| 116 | needed. | ||||
| 117 | |||||
| 118 | After that, run the plist target: | ||||
| 119 | |||||
| 120 | # make PATCH="001" plist | ||||
| 121 | |||||
| 122 | You'll get a PLIST file under pkg with the name of the modified files. | ||||
| dc362483 » | convexo | 2005-12-16 | 123 | Builders of binary patches will use this file to package binary patches. | |
| 18435074 » | convexo | 2005-12-05 | 124 | ||
| 125 | WARNING: binpatch is not aware of any dependency between patches. You have | ||||
| 126 | to build them sequentially. DO NOT clean anything. | ||||
| 127 | |||||
| e850b7a5 » | Gerardo Santana | 2008-04-21 | 128 | === 3.2 Building a binary patch | |
| 18435074 » | convexo | 2005-12-05 | 129 | ||
| 130 | # make PATCH="001" package | ||||
| 131 | |||||
| 132 | That's it. This will create a binpatch-${OSREV}-${ARCH}-001.tgz file under the | ||||
| 133 | pkg directory. | ||||
| 134 | |||||
| e850b7a5 » | Gerardo Santana | 2008-04-21 | 135 | === 3.3 Installation | |
| 18435074 » | convexo | 2005-12-05 | 136 | ||
| 137 | From within the binpatch subdirectory and after building the binary patch: | ||||
| 138 | |||||
| 139 | # make PATCH="001" install | ||||
| 140 | |||||
| 141 | or if you got the binary patch from somewhere else: | ||||
| 142 | |||||
| 143 | # tar xzpf binpatch-${OSREV}-${ARCH}-001.tgz -C / | ||||
| 144 | |||||
| 145 | binpatch doesn't provide a way to keep track of patches applied, but if you | ||||
| 146 | need it, you can always write a simple script to do it: | ||||
| 147 | |||||
| 148 | patch_add: | ||||
| 149 | #!/bin/sh | ||||
| dc362483 » | convexo | 2005-12-16 | 150 | tar xzpf "$1" -C / | |
| 18435074 » | convexo | 2005-12-05 | 151 | mkdir -p /var/db/patches/`basename "$1" .tgz` | |
| 152 | |||||
| 153 | patch_info: | ||||
| 154 | #!/bin/sh | ||||
| 155 | ls /var/db/patches/ | ||||
| 156 | |||||
| 157 | patch_add could be modified to backup the files listed by tar tf $1 into | ||||
| 158 | /var/db/patches; this would make patch_delete possible. | ||||
| 159 | |||||
| 160 | WARNING: Binary patches are incremental and cannot be uninstalled. | ||||
| 892ab4ce » | convexo | 2005-12-16 | 161 | ||
| e850b7a5 » | Gerardo Santana | 2008-04-21 | 162 | == 4. Download | |
| 892ab4ce » | convexo | 2005-12-16 | 163 | ||
| 164 | binpatch is freely available under the BSD license at | ||||
| 165 | http://sf.net/projects/openbsdbinpatch | ||||
