Patching and Kernel Building

One of the only times you will need to compile and install your own OpenBSD kernel is after applying patches to the kernel.

Unlike compiling a Linux kernel, which seems to be a rite of passage for Linux users, compiling an OpenBSD kernel is not recommended and is actually frowned upon in the OpenBSD community.

Patching intro - patching simply explained
Obtaining source code - where to find source code for your system and kernel
Where to unpack source files - suggested locations for source code
Obtaining patch files - where to locate patch files
Identifying patches - some examples - distinguish between system and kernel patches
Patching the kernel - apply all patches to the kernel
Building a kernel after patching - after all patches have been applied to the kernel source
Booting an old kernel - booting into an older kernel after the new kernel has problems

Patching Intro

Patch files are text files and by reading the beginning of the patch file you will be able to determine what type of patch you have. If you see the words 'Rebuild your kernel' that will be your clue that the patch you are looking at is for the kernel. Also at the beginning of the patch file will be the instructions explaining how to apply the patch and how to rebuild/install the newly patched code.

Patching should be divided into two areas

Patching programs and servers (in essence the same thing)
Patching the kernel

Patching is a two step process

Step 1 - Apply patch to source code
Step 2 - Rebuild and install patched source code

Patches when they become available can be found here.

Obtaining Source Code

In order to do any kind of patching you will need the source code files for the programs. And if you are patching the kernel you will need the kernel source code.

Source code for the core system (103MB): ftp://ftp.openbsd.org/pub/OpenBSD/4.3/src.tar.gz
Source code for the kernel (17MB): ftp://ftp.openbsd.org/pub/OpenBSD/4.3/sys.tar.gz

When patching your port system or the Xenocara (X Window) system you will need these sources:

Source code for the port system (13MB): ftp://ftp.openbsd.org/pub/OpenBSD/4.3/ports.tar.gz
Source code for the Xenocara (X Window) system (99MB): ftp://ftp.openbsd.org/pub/OpenBSD/4.3/xenocara.tar.gz

Unpacking the system source files:

# mv src.tar.gz /usr/src
# cd /usr/src
# tar -xvzf src.tar.gz

Unpacking the kernel source files:

# mv sys.tar.gz /usr/src
# cd /usr/src
# tar -xvzf sys.tar.gz

Unpacking the port system source files:

# mv ports.tar.gz /usr
# cd /usr
# tar -xvzf ports.tar.gz

Unpacking the Xenocara (X Window) system source files:

# mv xenocara.tar.gz /usr
# cd /usr
# tar -xvzf xenocara.tar.gz

Unpacking the files will take a while making this a good opportunity to grab yourself a beer.

Where to Unpack Source Files

It really doesn't matter where you unpack and store your sources. Just remember these locations for future patching, building or when keeping your sources up to date with cvsup.

Suggested locations for unpacking your source files

Core system source (src.tar.gz) - /usr/src
Kernel source (sys.tar.gz) - /usr/src
Ports collection source (ports.tar.gz) - /usr
Xenocara (X Window) system source (xenocara.tar.gz) - /usr

Obtaining Patch Files

You will want to get your hands on the patch files when they become available.

Patches for OpenBSD 4.3 - ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3.tar.gz

Now create a /usr/src/patches directory and copy the 4.3.tar.gz file to this directory then unpack:

# mkdir /usr/src/patches
# mv 4.3.tar.gz /usr/src/patches
# cd /usr/src/patches
# tar -xvzf 4.3.tar.gz

Patch files will be located in the /usr/src/patches/4.3/i386 directory and the /usr/src/patches/4.3/common directory. The i386 directory will normally contain no patches.

Identifying Patches - Some Examples

Next we need to identify what type of patch files we have.

Using the head command to view patch files:

# head 001_st.patch

Apply by doing:
        cd /usr/src
        patch -p0 < 001_st.patch

Rebuild your kernel.

Index: sys/scsi/st.c
=========================
RCS file: /cvs/src/sys/scsi/st.c,v
retrieving revision 1.41

Because of the Rebuild your kernel comment we know this is a patch for the kernel.

Below I've picked a patch that will fix an Apache local vulnerability (from OpenBSD 3.6)

Let's take a look at the patch file:

# head -n 17 009_httpd.patch

Apply by doing:
        cd /usr/src
        patch -p0 < 009_httpd.patch

And then rebuild and install httpd and its modules:
        cd usr.sbin/httpd
        make -f Makefile.bsd-wrapper obj
        make -f Makefile.bsd-wrapper cleandir
        make -f Makefile.bsd-wrapper depend
        make -f Makefile.bsd-wrapper
        make -f Makefile.bsd-wrapper install

If httpd had been started, you might want to run
        apachectl stop
before running "make install", and
        apachectl start afterwards.

This is a patch for the Apache web server, which is a part of the core system.

Following the above instructions there should be no problems installing the patch and rebuilding/installing the patched Apache server (hence the name A PAtCHy server). Geek humor, sorry.

Next is a patch for the Xenocara (X Window) system

Let's take a look at the patch file:

# head -n 7 006_xorg.patch

Apply by doing:
        cd /usr/xenocara     # Assuming Xenocara is in /usr/xenocara
        patch -p0 < 006_xorg.patch

And then rebuild and install X:
        make build

Following the above instructions there should be no problems installing the patch. After patching the Xenocara sources, you will next need to rebuild Xenocara. Information on rebuilding the Xenocara (X Window) system can be found here.

Patching the Kernel

Patching a kernel should be treated slightly different than patching programs. First apply all kernel patches then finally rebuild the kernel.

Using the head command to view patch files:

# head 001_st.patch

Apply by doing:
        cd /usr/src
        patch -p0 < 001_st.patch

Rebuild your kernel.

Index: sys/scsi/st.c
=========================
RCS file: /cvs/src/sys/scsi/st.c,v
retrieving revision 1.41

Because of the Rebuild your kernel comment we know this is a patch for the kernel.

Go through each patch file to find all of the kernel patches. Once you have identified all of the kernel patches then start patching the kernel using the above instructions. After applying all patches to the kernel source you will next rebuild the kernel and install.

Building a Kernel After Patching

After applying all kernel patches to the kernel source code the next step will be rebuilding and installing the kernel. The kernel source code will be needed when rebuilding the kernel. Information on obtaining the kernel source code can be found here.

First, backup the current kernel:

# cp /bsd /bsd.old

Next configure the kernel:

# cd /usr/src/sys/arch/i386/conf/
# config GENERIC
Don't forget to run "make depend"

Next compile and install the new kernel:

# cd ../compile/GENERIC
# make clean && make depend && make && make install

Simply reboot to try out the new kernel.

Booting an Old Kernel

If the newly installed kernel will not boot then boot into a previous bootable kernel.

When you restart the system wait until you see something similar to the below:

Using drive 0, partition 3.
Loading...
probing : pc0 com0 apm mem[634K 319M a20=on]
disk: fd0 hd0+
>> OpenBSD/i386 BOOT 3.01
boot>

at this point boot into a previous bootable kernel:

Using drive 0, partition 3.
Loading...
probing : pc0 com0 apm mem[634K 319M a20=on]
disk: fd0 hd0+
>> OpenBSD/i386 BOOT 3.01
boot> bsd.old

If you notice any errors, please let me know.