With a few exceptions most popular Linux distributions has some kind of package manager installed in order to handle installation of third party applications in binary format. Arch has "pacman", Debian has "apt" (and several others), Fedora uses "dnf", and Alpine has "apk".
The different BSD systems also has package managers. FreeBSD has "pkg" and OpenBSD has "pkg_add".
Common to all these popular Linux distributions and FreeBSD is that packages regularly gets updated. The rolling-release distributions like Arch, Void, and the Debian "testing" version, gets updated regularly with new features, bug fixes, and security fixes from upstream, whereas the non-rolling release distributions, such as the Debian "stable" version, Linux Mint, Fedora, etc. only gets updated when serious bugs or security flaws are discovered, new features or releases of software are only available when the Linux distribution itself has reached a new release cycle.
FreeBSD is also a rolling-release system where you can run the "pkg" package manager with two different settings. The "latest" option turns FreeBSD into a rolling release like Arch or void, providing mostly bleeding edge software, whereas the default option "quarterly" only gets updates 4 times a year. This option was chosen as the default setting in order to have the software "mature" a bit first (kinda like Debian stable on steroids). One thing that is a bit different on FreeBSD from all the other systems is that FreeBSD currently separates the base system into its own. The base system never gets upgraded with "pkg", you have to use "freebsd-update" for that. However this is changing.
With OpenBSD on the other hand you don't get any binary package upgrades! You don't get new features, bug fixes, or even security fixes!
The reason for this is mainly due to a lack of resources.
On OpenBSD you generally have four different options to choose from:
So to sum up, OpenBSD does not provide security updates for packages outside of the "current" branch. You will need to use the "stable" ports for security fixes. In order for a port to get updated it usually requires a CVE. The "current" branch will only work on "current". Things must be kept in sync with the base system version so you cannot simply use packages for "current" on the "stable" branch. The base system however always gets both security and bug fixes.
One big disadvantage on OpenBSD is that you need to track updates manually using the mailing list. Depending on how busy you are and on how many different setups you're dealing with, this can become quite tiresome, especially when you need to track software with multiple dependencies.
In the past, before ports and packages, you would need to manually get the source code for the applications you wanted to run. Then you would try to compile them, make a lot of changes and conditional compilation options, and keep doing that until the software would compile without any errors. Then you would have to figure out if the software had any dependencies (tools or libraries) that also needed to be compiled following the same process. When you where done you could use the diff utility to create a patch that you could send to the application developer and maybe he or she would then add your changes into the next release of the software. Later someone thought about sharing such diffs with other people using revision software and after some depate on different mailing lists the first version of the ports system was incorporated into FreeBSD version 1.0 in December 1993.
On OpenBSD, whether you follow "current" or "stable", getting the ports system up and running requires that you use CVS.
Lets take a look at an example.
First you need to add the normal user "foo" to the "wsrc" group:
# user mod -G wsrc foo
This change takes effect with foo's next login.
Then you must create the ports directory and set its permissions manually:
# cd /usr # mkdir ports # chgrp wsrc ports # chmod 775 ports
Then you checkout the branch you're following using CVS. To fetch the "stable" src tree, you specify the branch you want with the "-r" option:
$ cd /usr $ cvs -qd email@example.com:/cvs checkout -rOPENBSD_6_2 -P ports
Once you have the tree checked out, you can update it at a later time with:
$ cd /usr/ports $ cvs -q up -Pd -rOPENBSD_6_2
Once you have the ports tree in place on your system, you can search for software. Just use make search key="searchkey" as shown in this example:
$ cd /usr/ports $ make search key="rsnapshot" Port: rsnapshot-1.3.1p0 Path: net/rsnapshot Info: remote filesystem snapshot utility Maint: Antoine Jacoutot <firstname.lastname@example.org> Index: net sysutils L-deps: B-deps: :net/rsync R-deps: :devel/p5-Lchown :net/rsync Archs: any
The search shows that the application "rsnapshot" has one dependency called "rsync". The ports system will automatically fetch and compile that too:
$ cd /usr/ports/net/rsnapshot $ su # make install
You can then find all the packages you have just compiled and installed in "/usr/ports/packages" and you can deploy these to other machines if needed.
However, compare all that to the following examples:
# apt update # apt full-upgrade
# pkg update # pkg upgrade
# pacman -Syu
# xbps-install -Su
As a result of the above "tiresome" procedure on OpenBSD, some people decided to create M:Tier's OpenBSD packages and binpatches:
Keeping your installed OpenBSD packages up to date is hard and time-consuming. Nobody wants to read the mailing lists to spot security fixes and/or updates never mind wanting to build new packages from their ports tree and manually install them on each of their servers and/or desktops. For this reason M:Tier is launching a new package repository which includes the latest security fixes and critical updates. It's easy to setup and even easier to maintain. you don't need to do anything anymore. M:Tier will even notify you by e-mail if there's an update available (unless you opt-out).
The M:Tier team comprises various open source developers, some from the OpenBSD project itself. However, I personally have no experience using their services.
Regarding the OpenBSD base system, you can always keep that upgraded with binary upgrades using syspatch.
I hope you have found the information above useful.
OpenBSD is still fantastic, you just need to choose the right tool for the job and plan how you can manage these challenges in an effective manner.
If you have any comments or corrections feel free to email them to me.