The ports & packages collection does NOT go through the thorough security audit that OpenBSD follows. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security.
The port collection, originally borrowed from FreeBSD, fills this gap. The concept is to have, for each third-party software, a Makefile that controls
Packages are the binary equivalent of ports. A compiled port becomes a package that can be registered into the system using pkg_add(1)
Packages look like simple .tgz
bundles, but they should
always be added using
pkg_add(1),
as there might be some extra information that only
pkg_add(1)
knows how to handle.
Tip: you can distinguish between packages and .tgz bundles
using
pkg_info(1).
pkg_add pkgname.tgz
.
If you are grabbing packages from a single source (a package repository),
set PKG_PATH to that repository URL, in order to grab dependencies.
For instance, to install the Gimp package for the 4.1 release on an i386 machine off the ftp site (including dependencies), do:
# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/ # pkg_add gimp-2.2.13.tgz
The 2.7 release saw the introduction of a stable branch for the ports tree.
For instance, to grab the stable branch for the 4.1 release:
$ cd /usr/ports $ cvs -q -d anoncvs@some.anon.server:/cvs up -r OPENBSD_4_1 -Pd
Starting with the 2.8 release, selected binary packages are also made available. Please refer to the stable packages page to find out about updated packages and important updates to the stable branch. If you want to receive security announcements, you can subscribe to the ports-security mailing list.
Package names are always changed in case of a package update, to avoid any risk of confusion between a package from the release and a bug-fixed package.
As of OpenBSD 2.8, to update a package you must:
You can ftp the release version from the pub/OpenBSD/[version] (where [version] is the release number) directory on any of the ftp mirror sites. The release versions are the ones we ship on our CDROM, and have gone through more testing than any snapshot. Further information is available in the ports(7) man page.
The ports tree, like the rest of OpenBSD, is constantly changing.
The current ports tree may not be used with the previous release. This is due to changes, typically with the port make process, that require code based upon the OpenBSD-current source tree.
The ports tree works as a single entity. Updating a single directory is
not guaranteed to work, as package dependencies may force you to update
and recompile vast portions of the ports tree.
It is strongly suggested that people don't track ports-current unless
they're prepared to deal with various problems.
Mailing lists such as
ports-changes@openbsd.org
or
tech@openbsd.org
will probably be invaluable.
You are advised to track ports-stable on a production machine: we will try to keep the stable ports tree up-to-par with respect to problems, and to provide timely binary updates as well.
Note that vanishing distfiles is not an issue, as ftp.openbsd.org holds the complete repository. Even changing checksums is not an issue: you can issue the command
make checksum REFETCH=trueto make sure you are grabbing the correct distfile for your ports tree. For definitions of current and stable, see the OpenBSD's flavors.
A list of daily changes to ports and ports-current is available.
The ports-current tree can be retrieved via:
Let's say you managed to get a ports tree and you want to compile and install the archiving utility unzip. You should be able to do something like this:
% cd /usr/ports/archivers/unzip % su # make # make install # exitEasy, huh ? Especially considering all that happened in the background:
With OpenBSD 3.0, almost all ports automatically build packages when installing.
As ports get built, the /usr/ports/distfiles directory gets filled with program sources, and /usr/ports/packages gets filled with binary packages. Users with low connectivity may refer to mirroring-ports(7) for an efficient way to grab all distfiles at once. In OpenBSD-current, you can use the script /usr/ports/infrastructure/fetch/clean-old to track old distfiles. Note that the OpenBSD CD only includes the ports tree and selected packages. If you wish to have the distfiles, you will have to get them through an independent way.
Ports tree has many features for the advanced user that make it a valuable tool beyond basic installation. Advanced users may wish to tamper with the makefiles (you should read the make(1) manual page first) or set various variables from the make command-line or in /etc/mk.conf. These variables are described in detail in the bsd.port.mk(5) manual page, and the porting documents below.
If you are interested in helping to expand the OpenBSD ports tree you should first read porting.html. That page references the FreeBSD Porter's Handbook as well as OpenBSD specific policies and hints.
The ports collection is a volunteer project. Sometimes the project simply doesn't have the developer resources to keep everything up-to-date. Developers pretty much pick up what they consider interesting and can test in their environment. Your donations count for what platforms the ports can be tested on.
Some individual ports may lag behind the mainstream versions because of this. The ports collection may have a version back of a program from January while a new version of the program has been released by its developers in May three months ago. Often this is a conscious decision; the new version may have problems in it on OpenBSD that the maintainer is trying to solve, or that have simply made the application worse than the old version: OpenBSD may have different goals than the mainstream developers in other projects, which sometimes results in features and design or implementation choices that are undesirable from OpenBSD developers' point of view. The update may also be postponed because the new version is not considered a crucial update.
If you really need a new version of a port, you should ask the MAINTAINER of the port to update the port (see below on how to find out who the maintainer is); if you can send patches for this, all the better. To create proper patches, you should refer to the documentation on building ports.
If you have trouble with an existing port, please send e-mail to the port maintainer. To see who is the maintainer of the port, type, for example:
% cd /usr/ports/archivers/unzip % make show=MAINTAINERAlternatively, if there is no maintainer, or you can't reach him/her, send mail to the OpenBSD ports mailing list, ports@openbsd.org. Please don't use the misc@openbsd.org mailing list for questions about ports. Corrections are always welcome, but in any case do please provide:
uname -a
,
% cd /usr/ports/archivers/unzip % su # mkdir -p ~/portslogs # make clean install 2>&1 | /usr/ports/infrastructure/build/portslogger \ ~/portslogsAfter this, you should have a logfile of the build in your ~/portslogs directory that you can send to the port maintainer. Also, make sure you are not using any special options in your build, for example in /etc/mk.conf.
Alternatively, you can