syspatch

syspatch helps provide binary patches to OpenBSD. It brings your system up-to-date from -release to -stable. These patches do not include feature updates and should be safe to apply to production servers immediately.

$ doas syspatch

System patching can be automated by setting up a cronjob:

$ doas crontab -e

At the bottom, add this line:

~      ~      *       *       *       /usr/sbin/syspatch

The system update will start at a random minute and hour of the day. This prevents all machines from running the exact same job at the exact same time, which would slow down the system.

Troubleshooting

$ doas syspatch
syspatch: Error retrieving https://cdn.openbsd.org/pub/OpenBSD/syspatch/7.1/amd64/SHA256.sig: 404 Not Found

If you see this message, then the server is missing the patches for this version of the OS. Switch mirrors by editing /etc/installurl.