See this document for our documentation on how to track NetBSD-current. If you are running a stable NetBSD release (such as NetBSD 3.1), in a production environment, you should occasionally update your sources and rebuild the system or the kernel, in order to incorporate any security fixes that have been applied to the branch since its release. Most of the following steps can be done as ordinary user. Only the installation of a new kernel and the userland will require root privileges. Although /usr is choosen as the working directory in the following examples, the procedure can also take place in a user's home directory. Ordinary users have normally not the permissions to make changes in /usr, but this can be changed by root. You can retrieve or update the sources for your release using anoncvs over ssh by specifying the correct branch tag. For example, to checkout the sources for the NetBSD 3.1 release, you could use: $ cd /usr $ export CVS_RSH=ssh $ cvs -d anoncvs@anoncvs.NetBSD.org:/cvsroot co -r netbsd-3-1 -P src Be sure to take care in selecting the correct and desired branch tag so you don't accidently downgrade your source tree. To update an existing source tree, do: $ cd /usr/src $ export CVS_RSH=ssh $ cvs update -dP The next step is to build the toolchain. You need to create an obj/ and a tools/ directory, followed by a run of build.sh: $ mkdir /usr/obj /usr/tools $ cd /usr/src $ ./build.sh -O /usr/obj -T /usr/tools -U -u tools Building a new kernel pretty much follows the steps as described in this document. The steps to build the kernel are: $ cd /usr/src $ ./build.sh -O ../obj -T ../tools kernel=<KERNEL> Please always refer to build.sh -h and the files UPDATING and BUILDING for details - it's worth it, there are many options that can be set on the command line or in /etc/mk.conf. The build the userland, do: $ ./build.sh -O ../obj -T ../tools -U distribution Installing the new kernel, rebooting (to ensure that the new kernel works) and installing the new userland are the final steps of the updating procedure: $ cd /usr/src $ su # mv /netbsd /netbsd.old # mv /usr/obj/sys/arch/<ARCH>/compile/<KERNEL>/netbsd / # shutdown -r now ... $ cd /usr/src $ su # ./build.sh -O ../obj -T ../tools -U install=/ If the new kernel netbsd does not boot successfully, you can fall back on booting the netbsd.old kernel. If a security advisory has been issued, and you want to just rebuild the necessary libraries and applications, your best bet is to follow the instructions provided in the advisory. An example is given below: $ cd src $ export CVS_RSH=ssh cvs update -d -P -r netbsd-3-1 gnu/dist/sendmail/sendmail $ cd gnu/usr.sbin/sendmail $ make USETOOLS=no cleandir dependall $ su # make USETOOLS=no install Updating the sources: $ cd /usr/src $ export CVS_RSH=ssh $ cvs update -dP Building the new kernel and userland: $ cd /usr/src $ ./build.sh -O ../obj -T ../tools tools $ ./build.sh -O ../obj -T ../tools kernel=<KERNEL> $ ./build.sh -O ../obj -T ../tools -U distribution Installing the new kernel and userland: $ su # mv /netbsd /netbsd.old # mv /usr/obj/sys/arch/<ARCH>/compile/<KERNEL>/netbsd / # shutdown -r now ... $ cd /usr/src $ su # ./build.sh -O ../obj -T ../tools -U install=/