syspatch

syspatch helps provide binary patches to OpenBSD. It brings your system up-to-date from -release to -stable. These patches do not include feature updates and should be safe to apply to production servers immediately.

$ doas syspatch

System patching can be automated by setting up a cronjob:

$ doas crontab -e

At the bottom, add this line:

~      *      *       *       *       /usr/sbin/syspatch

A random sleep has been added to ensure that the update starts at a unique time. This prevents all machines from running the exact same job at the exact same time, which would slow down the system.