I will be deploying a number of OpenBSD firewall/VPN boxes to remote sites.
Because of their nature, they will not be running nfs, smb, etc, nor will
they have source or compilers installed on the system. I'm trying to
determine how to keep these systems patched.
I figured I would keep a system in my lab with all the source and compilers,
apply the patches there, performing all 'make' steps up to 'make install'
After that, I'd tar the directory (tar zxvf ssh.tgz /usr/src/usr.bin/ssh/
for instance), copy that to my firewall over sftp and run 'make install'
Unfortunately, I get errors related to bsd.man.mk amoung others - files
which aren't in the src branch, but exist on both machines.
Does anyone have a better way of applying patches? I like OBSD for its
attention to security, but attention to making it manageable in a production
environment has been pretty poor (lack of automated install process, ala
KickStart, is another pet peeve)
The last time I asked this question, the responses included using rsync or
nfs - neither of which would I ever put on a firewall box. Hopefully I will
get more realistic answers this time
Oh, I do like that I can patch the kernel and just copy the new bsd file to
my other systems.