This is me, Wu!
» e-shell.org
In this page
Rate this page!
Search inside the wiki!
  Home >> hacks >> Multi-port install in OpenBSD

Multi-port install in OpenBSD

I have found this while reading Secure Architectures with OpenBSD, the book writted by Brandon Palmer and Jose Nazario, and I have found it really useful, not only in server environments, but in the personal workstation too.

Basically, it is the way to automatically install a set of different ports on the system at once. It could sound simple but, in my oppinion, it is a powerful feature. It could be nice to save a list of needed ports and use it to reinstall all the software I need on my laptop with one command, in case I have to reinstall the system.

What? do you track -current from snapshots? With this feature you can reinstall the snapshot, checkout the ports tree and use one command to get all the software you will need installed.

To do that, the first step is create a file with the list of ports you want to install:

$ cat myports
net/nmap,no_x11
security/bsd-airtools
security/aide
security/dsniff,no_x11
security/john
security/l0phtcrack
security/smbsniff
security/smtpscan
security/whisker
www/links+,no_x11
$

In this example, this is a list of programs you would need in a security workstation, one you could use in network auditing for example. Notice that the correct way to add ports to this list is category/port,flavour, a nice way to know what you have to put in there is use make search name and get the info from there, for example, to get the info from the nmap port:

$ pwd
/usr/ports
$ make search name=nmap
Port:   nmap-3.81
Path:   net/nmap
Info:   scan ports and fingerprint stack of network hosts
Maint:  Okan Demirmen
Index:  net security
L-deps: gtk.1.2,gdk.1.2::x11/gtk+ pcre::devel/pcre
B-deps:
R-deps:
Archs:  any

Port:   nmap-3.81-no_x11
Path:   net/nmap,no_x11
Info:   scan ports and fingerprint stack of network hosts
Maint:  Okan Demirmen
Index:  net security
L-deps: pcre::devel/pcre
B-deps:
R-deps:
Archs:  any
$

Using the line defined by Path: will do the job. Once we have the list, it is time to launch the build and installation process:

$ pwd
/usr/ports
$ export CLEANDEPENDS=yes
$ sudo make BUILD=yes SUBDIRLIST=/home/wu/myports install clean
Password:
===> net/nmap,no_x11
===>  Checking files for nmap-3.81-no_x11
>> nmap-3.81.tgz doesn't seem to exist on this system.
>> Attempting to fetch /usr/ports/distfiles/nmap-3.81.tgz from http://www.insecure.org/nmap/dist/.
...

Notice that the environment variable CLEANDEPENDS is set to yes, which will cause the make clean command to clean not only the ports themselves but their dependencies too. In this example I use sudo to perform the action as an unprivileged user, so the password prompt is about sudo asking me my password to demonstrate I'm myself.

After the password is provided (notice that this step is only needed if you are using sudo and you have not configured sudo to let the user run commands without a password prompt), the build and install process begins, going through each port in the list, getting it's sources, configuring them, checking for dependencies and so on.

Nice, isn't it?