SEO

hi,

it would be damn cool if openbsd systems could apply security
patches via cronjob at night.

I think about writing such a update tool but there is one
big problem. Here are the steps I would use:

* the host needs the source code on the in some dir (not
a real problem, because the user can tar -xzf the source
from the CD or FTP)

* the tool has to find out about new patches (-> check ftp
patch directory for new entries)

* the tool has to download the patch (no problem too using
cvs up -d).

* the tool has to build and re-install the patch. this is
a problem because the commands needed to build a program
are different. e.g. some programms need a different
Makefile or additional 'make <xyz>' calls.

* the kernel patch+rebuild is no problem. I would send
root a mail including the information that the new kernel
is installed but that a reboot is needed.

Is there any way to get the needed commands to apply a patch?
I know the needed commands are in top of the patch files
in the lines that start with a tab character but there are
some lines including comments like 'And then rebuild your
kernel.' that aren't very useful. It would be great if there
was such a line:

commands=cd /usr/src && patch -p0 < 015_tcp.patch && \
cd $KERNELDIR && make clean depend && make && make install

the last line could also be something like:

REBUILD_KERNEL

($KERNELDIR could be an internal variable set in the config
of the update tool)

If the patches would be in that form, it would be much
easier to create such an update tool.

-Steffen