Updating And Managing The OpenBSD Ports Collection

OpenBSD comes with several useful software packages on teh installation media, but due to limited space the vast majority of software is provided through the OpenBSD ports collection. The ports collection includes 1000s of software packages that can be automatically downloaded, compiled, and installed. This article will show how to configure an OpenBSD system to retrieve the latest version of the ports repository, and how to build a package from the ports collection.

Updating and installing ports

To utilize the ports collection on an OpenBSD server, you will first need to retrieve the ports.tar.gz tar archive for the release of OpenBSD you are using. The archive is located on the OpenBSD installation CDs and the OpenBSD FTP servers. To retrieve the ports.tar.gz through FTP, we can use the wget utility:

$ wget --passive-ftp ftp://ftp.openbsd.org/pub/OpenBSD/3.9/ports.tar.gz

Each OpenBSD release contains a ports tar archive, and in the example above we retrieved the version that has been certified to work with OpenBSD 3.9. Once the file finishes downloading, the gunzip and tar utilities can be used to exatrct the file to the /usr/ports directory:

$ gunzip ports.tar.gz

$ cd /usr

$ tar xfv $HOME/ports.tar

After the tar archive is extracted, the cvs utility can be used to update the individual packages in the ports collection. Since the ports are frequently updated to address security and reliability issues, you will need to periodically refresh the ports to ensure that your ports contains the latest stable set of software. The following example shows how to use the cvs utility to update the OpenBSD 3.9 ports collection:

$ export CVSROOT=anoncvs@anoncvs3.usa.openbsd.org:/cvs

$ cd /usr && cvs get -r OPENBSD_3_9 -P ports

The CVSROOT variable contains the server to connect to, the “-r” option is used to specify the OpenBSD tag (each OpenBSD version has a tag, and the example above contains the tag for the 3.9 release), the “-P” option causes cvs to prune empty directories, and the “ports” option indicates which repository to checkout. This command will update the software in /usr/ports if new versions are available, and create the /usr/ports hierarchy if it doesn’t exist. The OpenBSD website contains the complete list of CVS servers, and it is recommended to pick one that is close to you to conserve bandwidth on the Internet. Once cvsup finishes grabbing the latest set of ports, the make utility can be executed to install any of the 1000s of packages under /usr/ports. The following example show how to install ssldump:

$ cd /usr/ports/net/ssldump

$ make install

===>  Checking files for ssldump-0.9b3
>> ssldump-0.9b3.tar.gz doesn't seem to exist on this system.
cp: /cdrom/distfiles//ssldump-0.9b3.tar.gz: No such file or directory
>> Attempting to fetch /usr/ports/distfiles/ssldump-0.9b3.tar.gz from http://www.rtfm.com/ssldump/.
ftp: connect: Connection timed out
>> Attempting to fetch /usr/ports/distfiles/ssldump-0.9b3.tar.gz from ftp://ftp.openbsd.org/pub/OpenBSD/distfiles//.
Failed to change directory.
>> Attempting to fetch /usr/ports/distfiles/ssldump-0.9b3.tar.gz from ftp://ftp.usa.openbsd.org/pub/OpenBSD/distfiles//.
100% |*********************************************************************************************|   134 KB    00:01
>> Checksum OK for ssldump-0.9b3.tar.gz. (sha1)


===>  Building package for ssldump-0.9b3
Creating package /usr/ports/packages/sparc64/all/ssldump-0.9b3.tgz
Creating gzip'd tar ball in '/usr/ports/packages/sparc64/all/ssldump-0.9b3.tgz'
Link to /usr/ports/packages/sparc64/ftp/ssldump-0.9b3.tgz
Link to /usr/ports/packages/sparc64/cdrom/ssldump-0.9b3.tgz
===>  Installing ssldump-0.9b3 from /usr/ports/packages/sparc64/all/ssldump-0.9b3.tgz

Adding /usr/ports/packages/sparc64/all/ssldump-0.9b3.tgz

After the installation completes, the which and pkg_info utilities can be used to locate the executable, and to view the version that was installed:

$ which ssldump


$ pkg_info | grep ssl

ssldump-0.9b3 SSLv3/TLS network protocol analyzer


There are TONS of options available to control the cvsup and build options, and I highly recommend running “man cvs” and “man ports” if you’re interested in learning more.