OpenBSD Anonymous CVS


Anonymous CVS is a method of keeping your local copy of the OpenBSD source tree up to date with respect to changes made to current OpenBSD sources. In addition to following the bleeding edge of development, it is also possible to track the errata patches of a release.

Anonymous CVS works directly against a central source code repository. This means that you have the full set of CVS commands available to control merging and updating your changes with other source changes, performing diffs, change histories and other queries against the central repository. In the event that the changes can't be completely merged, CVS provides annotated changes to your local copy and preserves an unmodified copy of your version.

The OpenBSD Project currently has four active source repositories:

What is CVS?

CVS is the source code control system used to manage the OpenBSD source tree. It implements a central repository for all officially released source code and changes, while permitting developers to maintain local copies of the source code with their working changes.

There are two levels of source tree access:

Pre-Loading the Source Tree

While you can download the entire source tree from an AnonCVS server, you can save time and bandwidth by pre-loading your tree with the source tarballs. This is particularly true if you are running -stable, as relatively few files change between the release and -stable.

The source files for download from the mirrors are separated into two files to reduce the download time for those wishing to work with only one part of the tree. The kernel sources are in sys.tar.gz and the userland sources are in src.tar.gz.

The following commands assume you have followed these instructions to give a non-root user write access to the src, ports and xenocara directories.

$ cd /usr/src
$ tar xzf /tmp/src.tar.gz
$ tar xzf /tmp/sys.tar.gz
$ cd /usr
$ tar xzf /tmp/ports.tar.gz
$ cd /usr/xenocara
$ tar xzf /tmp/xenocara.tar.gz

Using CVS to Get and Update Your Source Trees

cvs(1) was designed to be a simple way to retrieve and update your sources. You must first decide whether you want to track -current or a -stable branch. The current tree has all of the up to the minute changes, whereas the -stable branch contains the sources for the release plus the patches from the errata and lesser issues already applied. For more information on the flavors of OpenBSD, see here.

Choose the Anonymous CVS server you are going to use from the list of servers below, then you can start using cvs. If you begin with src.tar.gz and sys.tar.gz as mentioned above, you can skip the initial checkout and proceed to updating.

Warning: When using cvs, you should take care that your current directory is either the root of the tree you are referencing or in a separate place such as /tmp. Some commands, such as cvs checkout, can create an arbitrary sub-tree in the current directory, and a subsequent update will recursively flesh out this sub-tree.

Getting an Initial Tree

The following commands assume that your user is member of the wsrc group:

If you are following -current:

$ cd /usr
$ cvs -qd [email protected]:/cvs checkout -P src

If you are following the 7.3 -stable branch:

$ cd /usr
$ cvs -qd [email protected]:/cvs checkout -rOPENBSD_7_3 -P src

Anonymous CVS uses passwordless SSH as a transport. If this is the first time you have connected to a server, you will be asked to confirm the SSH fingerprint to ensure that you are connecting to the expected server:

$ cvs -d [email protected]:/cvs checkout -P src
The authenticity of host 'anoncvs.spacehopper.org (2001:67c:15f4:a423::28)' can't be established.
ED25519 key fingerprint is SHA256:oaJ7VEyjt2EHMeixzKn9zJGiV5YlWHIUls070tKdBzI.
Are you sure you want to continue connecting (yes/no)?

In most cases, the list below includes the fingerprints for the server, so you can compare it against the displayed fingerprint as additional verification that you are connecting to the correct server. Confirm this, and the fingerprint will then be saved as usual.

Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'anoncvs.spacehopper.org' (ED25519) to the list of known hosts.

Updating an Existing Tree

If you are following -current:

$ cd /usr/src
$ cvs -q up -Pd -A

If you are following the 7.3 -stable branch:

$ cd /usr/src
$ cvs -q up -Pd -rOPENBSD_7_3

Every time you run this, cvs(1) synchronizes your /usr/src tree. It does not destroy any of your local changes; rather it attempts to merge changes in.

Changing the Server

If you are updating a source tree that you initially fetched from a different server, or from a tar file, you must add the -d [cvsroot] option to cvs.

$ cd /usr/src
$ cvs -d [email protected]:/cvs -q up -Pd

Getting the ports and xenocara Trees

Make sure your user is member of the wsrc group and that /usr/ports is group writable by wsrc. Replace ports with xenocara throughout to get or update a xenocara tree.

Creating a Diff

To make a diff of a locally patched module (here cd.c) to include with a bug report:

$ cd /usr/src
$ cvs diff -u sys/scsi/cd.c > /tmp/patch

Example Usage

$ cd /tmp
$ cvs -d [email protected]:/cvs checkout -P src/sys/arch/sparc
[copies the files from the repository to your machine]
$ cd src/sys/arch/sparc
$ cvs log locore.s
[shows the commit log for the chosen file]
$ cvs diff -bc -r1.1 -r1.5 locore.s
[shows the changes between revisions 1.1 and rev 1.5]

Mirroring the Repository

As noted in the list below, some repository mirrors also allow fetching the entire repository via rsync. Please use the reposync wrapper script which checks for updates to CVSROOT/ChangeLog and avoids a full directory scan in some cases where no update was detected. It also handles SSH port forwarding for mirrors where this is available, allowing to connect to an "rsync --daemon" server over an authenticated and encrypted channel.

Install reposync from packages, create a user and directory to hold the repository, and a directory for reposync's own use:

# pkg_add reposync
# useradd cvs
# install -d -o cvs /home/cvs /var/db/reposync

Now the following command might be used to mirror or update the repository. If your chosen mirror does not support SSH port-forwarding, either switch to a better mirror, or change to "reposync -p".

# su -m cvs -c "reposync rsync://mirror.example.org/cvs /home/cvs"

After mirroring, you can use the local directory as your cvsroot, for example:

$ cd /usr/src
$ cvs -d /home/cvs -q up -Pd
As of November 2019, repository sizes are as follows:
$ du -shc *
175M    CVSROOT
1.1G    ports
2.9G    src
787M    www
1.7G    xenocara
6.6G    total

The overall repository size currently increases at a rate of about 400MB per annum. The src repository increases by about 150MB.

Available Anonymous CVS Servers

If your server is listed on here with inaccurate or unknown information, please contact [email protected].

You may want to use traceroute(8) to find out which server is nearest you. Problems with a server should be reported to the maintainer of the server in question.

If local policy prevents outgoing connections to ssh's default port of 22, some servers permit connections on an alternative port (typically 2022). These are noted in the list above. To use a different port, reconfigure your ssh client by adding a Host entry to $HOME/.ssh/config, e.g.:

Host anoncvs.ca.openbsd.org
    Port 2022

Setting up an AnonCVS Mirror

AnonCVS mirrors currently require about 6GB of disk (and it will grow!), and use up to 64MB of swap per anoncvs user (assuming the user does a large operation; while smaller operations use fewer resources, AnonCVS still makes much more of an impact than ftp). Such AnonCVS machines should have excellent network connectivity for the area they are expected to serve. A document which describes the setup of AnonCVS servers is available.

Final Notes

After upgrading your source tree, you should read the comments at the top of /usr/src/Makefile before attempting a build. Also, you should build a new kernel before doing a make build if possible. In some cases it may be necessary to rebuild and install the config utility before you can build the kernel. If config GENERIC fails this is probably the case.

It is important to note that upgrading from a release to the current tree by rebuilding the sources is not supported. Therefore, it is suggested that you first install the latest snapshot before attempting a tree build from source.