Difference between revisions of "OpenBSD"
(→Making a release) |
|||
Line 88: | Line 88: | ||
For -stable: | For -stable: | ||
<pre>cd /usr | <pre>cd /usr | ||
− | cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get - | + | cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_2 -P src</pre> |
==== Updating ==== | ==== Updating ==== | ||
Line 97: | Line 97: | ||
For -stable: | For -stable: | ||
<pre>cd /usr/src | <pre>cd /usr/src | ||
− | cvs -q up - | + | cvs -q up -rOPENBSD_5_2 -Pd</pre> |
=== Rebuilding the Kernel === | === Rebuilding the Kernel === | ||
Line 137: | Line 137: | ||
<pre> | <pre> | ||
# cd /usr | # cd /usr | ||
− | # cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get - | + | # cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_2 -P ports |
</pre> | </pre> | ||
Line 151: | Line 151: | ||
<pre> | <pre> | ||
# cd /usr/ports | # cd /usr/ports | ||
− | # cvs -q up - | + | # cvs -q up -rOPENBSD_5_2 -Pd |
</pre> | </pre> | ||
Latest revision as of 19:43, 23 December 2012
Contents
Packet Filter
Logs
Real-time display of Packet Filter Logs:
sudo tcpdump -n -e -ttt -i pflog0 src host not 174.0.204.1 and dst port not 6882
Tables
Update/replace a table:
sudo pfctl -t retards -T replace -f /etc/pf.d/tables/blacklist.txt
Display a table called 'retards':
pfctl -t retards -T show
Show the current state table:
sudo pfctl -s state sudo pfctl -ss
Configuration Files
Load a Packet Filter configuration file:
pfctl -f /etc/pf.conf
Parse a configuration file but do not load it:
pfctl -nf /etc/pf.conf
Load only the NAT rules from the file:
pfctl -Nf /etc/pf.conf
Load only the filter rules from the file:
pfctl -Rf /etc/pf.conf
Show states
Show the current NAT rules:
pfctl -sn
Show current filter rules:
pfctl -sr
Show filter stats and counters:
pfctl -si
Show everything it can show:
pfctl -sa
Updating OpenBSD Via Source
Grab source from CVS
First Time
For -current:
cd /usr cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -P src
For -stable:
cd /usr cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_2 -P src
Updating
For -current:
cd /usr/src cvs -q up -Pd
For -stable:
cd /usr/src cvs -q up -rOPENBSD_5_2 -Pd
Rebuilding the Kernel
# cd /usr/src/sys/arch/i386/conf # /usr/sbin/config GENERIC # cd /usr/src/sys/arch/i386/compile/GENERIC # make clean && make depend && make
Rebooting with the new kernel
# cd /usr/src/sys/arch/i386/compile/GENERIC # make install (Safely install new kernel) # reboot
Rebuilding the userland binaries
# rm -rf /usr/obj/* # cd /usr/src # make obj # cd /usr/src/etc && env DESTDIR=/ make distrib-dirs # cd /usr/src # make build
Updating Ports Via CVS
First Time
For -current:
# cd /usr # cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -P ports
For -stable:
# cd /usr # cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_2 -P ports
Updating
For -current:
# cd /usr/ports # cvs -q up -Pd
For -stable:
# cd /usr/ports # cvs -q up -rOPENBSD_5_2 -Pd
Building
Making a release
Read [1]
Define our DESTDIR and RELEASEDIR environment variables:
# export DESTDIR=/usr/dest # export RELEASEDIR=/usr/rel
We now clear the DESTDIR and create the directories if needed:
# test -d ${DESTDIR} && mv ${DESTDIR} ${DESTDIR}.old && rm -rf ${DESTDIR}.old & # mkdir -p ${DESTDIR} ${RELEASEDIR}
RELEASEDIR does not normally need to be empty before starting the release process, however, if there are changes in the release files or their names, old files may be left laying around. You may wish to also erase this directory before starting.
We now make the release itself:
# cd /usr/src/etc # make release
After the release is made, it is a good idea to check the release to make sure the tar files are matching what is in the DESTDIR. The output of this step should be very minimal.
# cd /usr/src/distrib/sets # sh checkflist
You now have complete and checked release file sets in the RELEASEDIR. These files can now be used to install or upgrade OpenBSD on other machines. The authoritative instructions on making a release are in release(8).
Note: if you wish to distribute the resultant files by HTTP for use by the upgrade or install scripts, you will need to add an "index.txt" file, which contains the list of all the files in your newly created release.
# /bin/ls -1 >index.txt
Once you have the complete release made, you can use those files for a standard install or upgrade on another machine, or if updating a machine to a new -stable, simply unpack the tar files in the root directory of the target machine.
Making X
Starting with X.org v7, X switched to "modular build" system, splitting the x.org source tree into more than three hundred more-or-less independent packages. To simplify life for OpenBSD users, a "meta-build" called Xenocara was developed. This system "converts" X back into one big tree to be built in one process. As an added bonus, this build process is much more similar to the build process used by the rest of OpenBSD than the previous versions were.
The official instructions for building X exist in your machine's /usr/xenocara/README file and in release(8).
Getting source code
The "usual" location for the xenocara source tree is /usr/xenocara, and the source is stored in the xenocara module in CVS. So, the checkout process is this:
$ cd /usr $ cvs -qdanoncvs@anoncvs.example.org:/cvs checkout -P xenocara
Building Xenocara
For building the standard xenocara tree as supported by OpenBSD, no external tools are needed.
# cd /usr/xenocara # rm -rf /usr/xobj/* # make bootstrap # make obj # make build
If you wish to make actual modifications to the source code, you will probably need to add several packages. Details are in the /usr/xenocara/README file. Making a release
This is similar to the main system release process. After successfully building X, you will define a DESTDIR and RELEASEDIR, with the same purposes as above. The RELEASEDIR can be the same directory as the main system RELEASEDIR, but DESTDIR will be erased and rebuilt in this process. If done carefully, this is not a problem, but using a separate DESTDIR may be "safer". For this example, we will use a DESTDIR and RELEASEDIR of /usr/dest and /usr/rel, respectively. This must be done after the above build process.
# export DESTDIR=/usr/dest # export RELEASEDIR=/usr/rel # test -d ${DESTDIR} && mv ${DESTDIR} ${DESTDIR}- && \ rm -rf ${DESTDIR}- & # mkdir -p ${DESTDIR} ${RELEASEDIR} # make release
When this process is completed, you will have a set of release files in the $RELEASEDIR.
Hardware Sensors
Check hardware sensors
# sysctl -a | grep "hw.sensors"