Recently, I got fed-up with the bloated Linux distributions and wanted to try something that is secure, small and efficient and downloaded OpenBSD 6.0 from Theo De Raadt's server in Calgary. Since Calgary is actually my old home town - why not?
OpenBSD tries to be the most simple and secure UNIX system out of the box. It is very much server oriented, but it can do anything and many architectures are supported just for fun. For example, Arm RPi and Beaglebone, Intel 32 and 64 bit and several more. So OpenBSD is a good choice whether you want to build a server farm, a network router, or a robot.
I have an old little Lenovo S10e netbook that I threatened to toss away numerous times, but it doesn't want to break. As I feel guilty about tossing something that works perfectly well in a bin, once in a while when I run short of resources, I end up using it again. Last year, it was pressed into service as a Linux Mirror server to install a bunch of embedded computers.
So I dusted the Netbook off and readied it for a new Olde Skool UNIX experience...
Here you go: https://ftp.openbsd.org/pub/OpenBSD/6.0/
When I bought the netbook, I wanted something small that I could carry around easily and although the single core 32 bit Intel processor is slow as molasses with the original Windows 7 OS, it always ran Linux with the XFCE desktop quite well, but I wanted to see whether I can make it fly.
From the above list of files, download the install60.fs file if you want to use a USB memory stick as the install medium.
I made the mistake of not reading the INSTALL.i386 instructions and downloaded the ISO file, then wondered why it would not boot. So, do go and read the INSTALL file. Pretty much everything you need to know is in there!
Write the install60.fs file to a memory schtick using dd: http://www.aeronetworks.ca/2013/05/using-dd-on-mac-to-copy-iso-file.html
The OpenBSD installer is super simple and OpenBSD is even easier and quicker to install than Linux. It just takes a few minutes. So, plug the USB widget in and boot it, follow the very simple instructions and mostly just accept the defaults, till you get to the network configuration. Be sure to type the correct information in for the WiFi adaptor if you are using one: You need to supply the SSID and password as a minimum.
Of course I fat fingered the password, so it could not connect. The WiFi setup information is in a file called /etc/hostname.run0 and editing it later presented an interesting challenge, since I am severely vi impeded. I had to read the vi man page to find out how to delete a character - really.
When you boot up, you get a nice, self explanatory login prompt:
Login: herman
password
$
If you are freaked out by a $ prompt, then you either have to return your Geek Card, or read a UNIX book or three.
At that point, I had to go and fix the WiFi password first and then rebooted to see if it worked properly, but you can simply run startx to get a beautiful FVWM desktop, with a xterm and a clock on it - woohoo.
The default install doesn't have much of anything for a laptop machine. The vi editor, ssh and a ftp client are about it. No web browser, not even links.
Packages are listed here: https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/
(or https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/ if you have a better machine!).
You can install the dillo web browser like this:
# pkg_add https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/dillo-3.0.5p0.tgz
Dillo is quite a horrible little browser, but it sure is fast and much less clunky than links. However, if you want something more full featured, install surf or luakit, which are both based on webkit and work with everything, including yootoob...
To preserve your sanity, add the path to the /root/.profile file:
# echo "export PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/ >> /root/.profile"
and also export it so it will work immediately:
# export "PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/"
(If you have a better 64 bit machine: echo export "PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/">>/root/.profile)
After that you can simply run:
# pkg_add dillo
# pkg_add links
# pkg_add surf
# pkg_add nano
# pkg_add abiword
# pkg_add gnumeric
# pkg_add xournal
# pkg_add pdfshuffler
# pkg_add gimp
# pkg_add minicom
# pkg_add putty
# pkg_add deadbeef
...
You can make that all one line of course, but I prefer getting error messages for one thing at a time, to preserve my sanity.
Utilities like ftp, ssh, telnet, netcat, tcpdump and more are installed by default, so with the above additions, I can do pretty much anything I would ever want to do on a Netbook.
Services are controlled via the /etc/rc.conf and /etc/rc.conf.local files, with a utility called rcctl:
# rcctl stop smtpd
# rcctl disable smtpd
The result is:
# cat /etc/rc.conf.local
smtpd_flags=NO
Simple.
The package manager pkg_add is quite smart, so you can install XFCE for a better laptop experience by simply running:
# pkg_add xfce
You can then press Ctrl-Alt-Del to quit X and restart it with:
$ startx /usr/local/bin/startxfce4
Or, you can put exec /usr/local/bin/startxfce4 in ~/.xinitrc and then just run startx as usual and with a nice wintry themed wall paper the little Netbook looks quite cool now:
See this for more details: https://www.openbsd.org/faq/faq11.html
For OpenBSD 6.4, install xenodm, boot up with edit the .xsession file instead:
The OpenBSD FAQ (https://www.openbsd.org/faq/faq6.html#Wireless) eventually revealed the netstart command, which successfully restores the WiFi connection after a resume:
# sh /etc/netstart
I just needed to figure out where to hook netstart so it would be invoked automatically upon resume.
# rcctl get apmd
apmd_flags=NO
Configure and start apmd with:
# rcctl enable apmd
# rcctl start apmd
apmd(ok)
The result is:
# cat /etc/rc.conf.local
apmd_flags=
smtpd_flags=NO
According to the apmd man page the /etc/apm/resume program is run after resuming from standby, so that is the one where I need to put a call to /etc/netstart.
So I tried this:
# mkdir /etc/apm
# nano /etc/apm/resume
and added the following:
#! /bin/sh
/etc/netstart
# chmod 755 /etc/apm/resume
Let's see if all is OK:
# rcctl stop apmd
# rcctl start apmd
apmd(ok)
Let's see if it works with the zzz command:
# zzz
Suspending system...
and a few seconds later I type:
zzz
It resumes from its slumber.
However, it didn't seem to run the resume program.
Let's see what happened:
# tail /var/log/messages
apmd: failed to exec /etc/apm/resume: Exec format error
So, how now brown cow?
Eventually, I did two things to get it to work as explained below. Don't ask me how I found these tricks, it is just years of experience with obstreperous embedded widgets coming to the rescue and a dogged determination to try various things till the hardware responds the way it should.
Make the netstart script executable, so I don't have to invoke a shell explicitly to run it:
# chmod +x /etc/netstart
Add a delay to the /etc/apm/resume script to give the USB widget time to load its firmware and let the magic fairy dust settle, before trying to configure it:
#! /bin/sh
sleep 1
/etc/netstart
Now I can make the netbook suspend and resume, the little green lights flash on the WiFi dongle and all is well, the whole universe shook, the BSD daemons sung and flowers fell down from the heavens...
It is really only a couple hundred companies that are ruining the web for a couple billion people on the planet, so with even the littlest machine it is trivial to disable the culprits.
You can get a good /etc/hosts file to efficiently squash and square the rubbish on the wild wild web here:
https://github.com/StevenBlack/hosts
My little netbook now zooms like a much faster model, with no Windows, SELinux, systemd, advertisements or spyware to slow it down and now that Uncle Sam decided to ban laptops on board aircraft, this little one becomes the ideal machine to chuck into my luggage since nobody will steal what looks like a clunky old netbook!
I solved this with a little script called mcdonalds - duh...
#! /bin/sh
ifconfig run0 nwid mcdonalds
dhclient run0
and ditto for the two or three other places I go to - good enough for me.
# pkg_add deadbeef
Now when I run dillo and click a category on internet-radio, select a station, look at the left and download a playlist .pls file - save as - /home/herman/radio/whatever.pls - thereafter, in the file browser simply double click the desired .pls file to play the radio station with deadbeef.
There is probably a way to get dillo to spawn deadbeef, but since I only ever listen to two or three radio stations, this is dead simple and now I actually can listen to Country and Western music - Och, my poor bleeding ears...
I then found that the speaker volume keys on the chicklet keyboard actually work too - neat!
I actually prefer slightly smaller than full screen, so I can retain access to the host task manager bar more easily. The easiest way to get the size right, is to take a screen shot by grabbing a rectangle, save the file and open it with a photo editor to see the dimensions.
There are are some weird limitations and I could only get it to work with 16 bit video on my Lenovo and on my Macbook Pro I had to select 2560x1600x16 and Unscaled High Definition Video in the machine video properties to make it work full screen.
Define a custom screen for the OpenBSD VM like this, sized for my Lenovo Thinkpad:
$ VBoxManage setextradata OpenBSD CustomVideoMode1 1600x868x16
Start the VM and scp the below /etc/X11/xorg.conf file over to the VM. Modify the Depth, DefaultDepth and Modes at the bottom to suit:
When you launch startx, you should get a large window and may need Right-Control F to switch to full-screen mode.
$ sudo su -
# pkg_add -u
For information on installing packages and ports, read the FAQ here:
https://www.openbsd.org/faq/faq15.html
Pretty much everything is in the FAQ, so RTFF really is a good idea.
or refer to the Original Grumpy BSD Guy:
https://bsdly.blogspot.ae/2013/04/youve-installed-it-now-what-packages.html
For questions on any flavour of BSD when you did RTFF and is still stuck, go to http://daemonforums.org.
--oOo--
The default is nosoftdep, so add softdep to each ffs line of fstab:
/dev/sd0a / ffs rw,softdep 1 1
--oOo--
At the boot prompt: Spacebar
boot> boot -s
# fsck -p
# mount -a
Now you can try to undo your last boo-boo.
--oOo--
Restart Network:
# sh /etc/netstart
--oOo--
Start XFCE with:
$ startx /usr/local/bin/startxfce4
Or, you can put exec /usr/local/bin/startxfce4 in ~/.xinitrc and then just run startx
--oOo--
# sysctl kern.securelevel
kern.securelevel=1
It can be reduced to -1 in the rc.securelevel file:
# nano /etc/rc.securelevel
add one line:
sysctl kern.securelevel=-1
Verify:
# cat /etc/rc.securelevel
sysctl kern.securelevel=-1
A reboot will make it permanent:
# reboot
La voila, now it runs with no securelevel:
# sysctl kern.securelevel
kern.securelevel=-1
This allows file flags and a few other things to be changed. This is also needed to turn the clock back if it is ahead.
--oOo--
The default rules:
# pfctl -s all
FILTER RULES:
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
STATES:
all udp 192.168.1.14:32260 -> 5.32.10.107:123 MULTIPLE:MULTIPLE
all tcp 192.168.1.14:22 <- 192.168.1.16:49495 ESTABLISHED:ESTABLISHED
all udp 192.168.1.255:137 <- 192.168.1.16:137 NO_TRAFFIC:SINGLE
all udp 224.0.0.251:5353 <- 192.168.1.19:5353 NO_TRAFFIC:SINGLE
all udp 224.0.0.251:5353 <- 192.168.1.16:5353 NO_TRAFFIC:SINGLE
Delete all rules:
# pfctl -F all
0 tables deleted.
rules cleared
2 states cleared
source tracking entries cleared
pf: statistics cleared
pf: interface flags reset
Show no rules any more:
# pfctl -s all
FILTER RULES:
INFO:
Status: Enabled for 0 days 00:00:44 Debug: err
State Table Total Rate
current entries 0
half-open tcp 0
--oOo--
# ifconfig re0 inet alias 192.168.10.199 netmask 255.255.255.0
Permanent aliases in /etc/hostname.em0:
# nano /etc/hostname.em0
dhcp
inet alias 192.168.111.101 255.255.255.0
inet alias 192.168.1.101 255.255.255.00
Restart network:
# sh /etc/netstart
# ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr b8:ae:ed:ec:0c:03
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.111.101 netmask 0xffffff00 broadcast 192.168.111.255
inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255
--oOo--
--oOo--
The best way to start Xorg by non-root users now is:
# rcctl enable xenodm
# rcctl start xenodm
--oOo--
Latest and Greatest
The latest version has many, many, many improvements, including improved support for my favourite computer toy the Raspberry Pi:
https://www.openbsd.org/67.html
--oOo--
La voila!
Herman
OpenBSD tries to be the most simple and secure UNIX system out of the box. It is very much server oriented, but it can do anything and many architectures are supported just for fun. For example, Arm RPi and Beaglebone, Intel 32 and 64 bit and several more. So OpenBSD is a good choice whether you want to build a server farm, a network router, or a robot.
I have an old little Lenovo S10e netbook that I threatened to toss away numerous times, but it doesn't want to break. As I feel guilty about tossing something that works perfectly well in a bin, once in a while when I run short of resources, I end up using it again. Last year, it was pressed into service as a Linux Mirror server to install a bunch of embedded computers.
So I dusted the Netbook off and readied it for a new Olde Skool UNIX experience...
Where to get OpenBSD
The last time I used OpenBSD was about 2004 - for web and mail servers in Calgary. I certainly know Linux better, but my main machine is a Macbook Pro which runs a kind of BSD and the more things change, the more they stay the same.Here you go: https://ftp.openbsd.org/pub/OpenBSD/6.0/
When I bought the netbook, I wanted something small that I could carry around easily and although the single core 32 bit Intel processor is slow as molasses with the original Windows 7 OS, it always ran Linux with the XFCE desktop quite well, but I wanted to see whether I can make it fly.
From the above list of files, download the install60.fs file if you want to use a USB memory stick as the install medium.
I made the mistake of not reading the INSTALL.i386 instructions and downloaded the ISO file, then wondered why it would not boot. So, do go and read the INSTALL file. Pretty much everything you need to know is in there!
Write the install60.fs file to a memory schtick using dd: http://www.aeronetworks.ca/2013/05/using-dd-on-mac-to-copy-iso-file.html
Install
The WiFi adaptor in this netbook never worked with Linux, so I didn't expect it to work with BSD. I therefore plugged in a trusty little Edimax USB dongle (Ralink chip set) and hoped it would work. OpenBSD recognized it and loaded the run driver, so the dongle showed up as run0 in ifconfig.The OpenBSD installer is super simple and OpenBSD is even easier and quicker to install than Linux. It just takes a few minutes. So, plug the USB widget in and boot it, follow the very simple instructions and mostly just accept the defaults, till you get to the network configuration. Be sure to type the correct information in for the WiFi adaptor if you are using one: You need to supply the SSID and password as a minimum.
Of course I fat fingered the password, so it could not connect. The WiFi setup information is in a file called /etc/hostname.run0 and editing it later presented an interesting challenge, since I am severely vi impeded. I had to read the vi man page to find out how to delete a character - really.
First boot
OpenBSD is a simple and clean system with no bells and whistles. None. Zilch.When you boot up, you get a nice, self explanatory login prompt:
Login: herman
password
$
If you are freaked out by a $ prompt, then you either have to return your Geek Card, or read a UNIX book or three.
At that point, I had to go and fix the WiFi password first and then rebooted to see if it worked properly, but you can simply run startx to get a beautiful FVWM desktop, with a xterm and a clock on it - woohoo.
We have Country AND Western music!
The default install doesn't have much of anything for a laptop machine. The vi editor, ssh and a ftp client are about it. No web browser, not even links.
Install a Package or Three
In order to make the netbook useful, I need a web browser and an editor that is more to my liking.Packages are listed here: https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/
(or https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/ if you have a better machine!).
You can install the dillo web browser like this:
# pkg_add https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/dillo-3.0.5p0.tgz
Dillo is quite a horrible little browser, but it sure is fast and much less clunky than links. However, if you want something more full featured, install surf or luakit, which are both based on webkit and work with everything, including yootoob...
To preserve your sanity, add the path to the /root/.profile file:
# echo "export PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/ >> /root/.profile"
and also export it so it will work immediately:
# export "PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/"
(If you have a better 64 bit machine: echo export "PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/">>/root/.profile)
After that you can simply run:
# pkg_add dillo
# pkg_add links
# pkg_add surf
# pkg_add nano
# pkg_add abiword
# pkg_add gnumeric
# pkg_add xournal
# pkg_add pdfshuffler
# pkg_add gimp
# pkg_add minicom
# pkg_add putty
# pkg_add deadbeef
...
You can make that all one line of course, but I prefer getting error messages for one thing at a time, to preserve my sanity.
Utilities like ftp, ssh, telnet, netcat, tcpdump and more are installed by default, so with the above additions, I can do pretty much anything I would ever want to do on a Netbook.
Stop the Mail Daemon
I don't need the mail daemon on my teenie little netbook. The mail daemon isn't actually doing much, but I prefer it doing nothing and save every processor cycle and byte of RAM that I can.Services are controlled via the /etc/rc.conf and /etc/rc.conf.local files, with a utility called rcctl:
# rcctl stop smtpd
# rcctl disable smtpd
The result is:
# cat /etc/rc.conf.local
smtpd_flags=NO
Simple.
XFCE Desktop Environment
The FVWM desktop is nice and fast, but it is really only good for masochists. My favourite light weight desktop is XFCE and installing it is just as simple as any other package.The package manager pkg_add is quite smart, so you can install XFCE for a better laptop experience by simply running:
# pkg_add xfce
You can then press Ctrl-Alt-Del to quit X and restart it with:
$ startx /usr/local/bin/startxfce4
Or, you can put exec /usr/local/bin/startxfce4 in ~/.xinitrc and then just run startx as usual and with a nice wintry themed wall paper the little Netbook looks quite cool now:
See this for more details: https://www.openbsd.org/faq/faq11.html
For OpenBSD 6.4, install xenodm, boot up with edit the .xsession file instead:
$ nano .xsession
exec ck-launch-session startxfce4
Then reboot and when you log in, you get XFCE instead of the default FVWM..
Minor Niggles
With OpenBSD, there is no drama and most everything works. If I close the lid, it sleeps, if I open it, it resumes. Well, almost - the WiFi dongle didn't come back after a resume, so I needed to figure out how to resuscitate the run device driver and hook it into the resume process somewhere.The OpenBSD FAQ (https://www.openbsd.org/faq/faq6.html#Wireless) eventually revealed the netstart command, which successfully restores the WiFi connection after a resume:
# sh /etc/netstart
I just needed to figure out where to hook netstart so it would be invoked automatically upon resume.
Advanced Power Management
The problem with the WiFi widget was that apmd was not running. The Advanced Power Management service controls suspend and resume, processor speed and a few more things.# rcctl get apmd
apmd_flags=NO
Configure and start apmd with:
# rcctl enable apmd
# rcctl start apmd
apmd(ok)
The result is:
# cat /etc/rc.conf.local
apmd_flags=
smtpd_flags=NO
According to the apmd man page the /etc/apm/resume program is run after resuming from standby, so that is the one where I need to put a call to /etc/netstart.
So I tried this:
# mkdir /etc/apm
# nano /etc/apm/resume
and added the following:
#! /bin/sh
/etc/netstart
# chmod 755 /etc/apm/resume
Let's see if all is OK:
# rcctl stop apmd
# rcctl start apmd
apmd(ok)
Let's see if it works with the zzz command:
# zzz
Suspending system...
and a few seconds later I type:
zzz
It resumes from its slumber.
However, it didn't seem to run the resume program.
Let's see what happened:
# tail /var/log/messages
apmd: failed to exec /etc/apm/resume: Exec format error
So, how now brown cow?
Eventually, I did two things to get it to work as explained below. Don't ask me how I found these tricks, it is just years of experience with obstreperous embedded widgets coming to the rescue and a dogged determination to try various things till the hardware responds the way it should.
Make the netstart script executable, so I don't have to invoke a shell explicitly to run it:
# chmod +x /etc/netstart
Add a delay to the /etc/apm/resume script to give the USB widget time to load its firmware and let the magic fairy dust settle, before trying to configure it:
#! /bin/sh
sleep 1
/etc/netstart
Now I can make the netbook suspend and resume, the little green lights flash on the WiFi dongle and all is well, the whole universe shook, the BSD daemons sung and flowers fell down from the heavens...
Squash and Square the Web
British Prime Minister Harold Wilson said of the press:
If you can't squash them, square them
and if you can't square them, squash them.
It is really only a couple hundred companies that are ruining the web for a couple billion people on the planet, so with even the littlest machine it is trivial to disable the culprits.
You can get a good /etc/hosts file to efficiently squash and square the rubbish on the wild wild web here:
https://github.com/StevenBlack/hosts
My little netbook now zooms like a much faster model, with no Windows, SELinux, systemd, advertisements or spyware to slow it down and now that Uncle Sam decided to ban laptops on board aircraft, this little one becomes the ideal machine to chuck into my luggage since nobody will steal what looks like a clunky old netbook!
Connect to Free WiFi Access Points
My WiFi setup is now automated for home use, but what if I travel and want to connect to free WiFi in McDonalds, or Vienna airport, or Cafe Nero, or.... ???I solved this with a little script called mcdonalds - duh...
#! /bin/sh
ifconfig run0 nwid mcdonalds
dhclient run0
and ditto for the two or three other places I go to - good enough for me.
Play Internet Radio with deadbeef
On Linux, I use Streamtuner, a wonderful little application, but it doesn't have a BSD equivalent. The solution is to run dillo and browse to http://www.internet-radio.com (39,520 radio stations!) however, I didn't have a music player installed yet, so:# pkg_add deadbeef
Now when I run dillo and click a category on internet-radio, select a station, look at the left and download a playlist .pls file - save as - /home/herman/radio/whatever.pls - thereafter, in the file browser simply double click the desired .pls file to play the radio station with deadbeef.
There is probably a way to get dillo to spawn deadbeef, but since I only ever listen to two or three radio stations, this is dead simple and now I actually can listen to Country and Western music - Och, my poor bleeding ears...
I then found that the speaker volume keys on the chicklet keyboard actually work too - neat!
OpenBSD on Virtualbox
If you are not quite ready to go bare metal, then you can install OpenBSD in Virtualbox, but since there is no Guest Additions for OBSD, you need to tweak things manually to get full screen operation.I actually prefer slightly smaller than full screen, so I can retain access to the host task manager bar more easily. The easiest way to get the size right, is to take a screen shot by grabbing a rectangle, save the file and open it with a photo editor to see the dimensions.
There are are some weird limitations and I could only get it to work with 16 bit video on my Lenovo and on my Macbook Pro I had to select 2560x1600x16 and Unscaled High Definition Video in the machine video properties to make it work full screen.
Define a custom screen for the OpenBSD VM like this, sized for my Lenovo Thinkpad:
$ VBoxManage setextradata OpenBSD CustomVideoMode1 1600x868x16
Start the VM and scp the below /etc/X11/xorg.conf file over to the VM. Modify the Depth, DefaultDepth and Modes at the bottom to suit:
Section "ServerLayout"
Identifier "X.org Configured"
Screen 0 "Screen0" 0 0
InputDevice "Mouse0" "CorePointer"
InputDevice "Keyboard0" "CoreKeyboard"
EndSection
Section "Files"
ModulePath "/usr/X11R6/lib/modules"
FontPath "/usr/X11R6/lib/X11/fonts/ misc/"
FontPath "/usr/X11R6/lib/X11/fonts/TTF/ "
FontPath "/usr/X11R6/lib/X11/fonts/OTF"
FontPath "/usr/X11R6/lib/X11/fonts/ Type1/"
FontPath "/usr/X11R6/lib/X11/fonts/ 100dpi/"
FontPath "/usr/X11R6/lib/X11/fonts/ 75dpi/"
EndSection
Section "Module"
Load "dbe"
Load "dri"
Load "extmod"
Load "glx"
Load "freetype"
EndSection
Section "InputDevice"
Identifier "Keyboard0"
Driver "kbd"
EndSection
Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "wsmouse"
Option "Device" "/dev/wsmouse"
Option "ZAxisMapping" "4 5 6 7"
EndSection
Section "Monitor"
Identifier "Monitor0"
HorizSync 31-80
VertRefresh 30-100
VendorName "Monitor Vendor"
ModelName "Monitor Model"
EndSection
Section "Device"
Identifier "Card0"
Driver "vesa"
VendorName "InnoTek"
BoardName "VirtualBox Graphics Adapter"
BusID "PCI:0:2:0"
EndSection
Section "Screen"
DefaultDepth 16
Identifier "Screen0"
Device "Card0"
Monitor "Monitor0"
SubSection "Display"
Viewport 0 0
Depth 16
Modes "1600x868"
EndSubSection
EndSection
When you launch startx, you should get a large window and may need Right-Control F to switch to full-screen mode.
Care and Feeding of Your Puffer Fish
Once in a blue moon, to update the system I do:$ sudo su -
# pkg_add -u
For information on installing packages and ports, read the FAQ here:
https://www.openbsd.org/faq/faq15.html
Pretty much everything is in the FAQ, so RTFF really is a good idea.
or refer to the Original Grumpy BSD Guy:
https://bsdly.blogspot.ae/2013/04/youve-installed-it-now-what-packages.html
For questions on any flavour of BSD when you did RTFF and is still stuck, go to http://daemonforums.org.
OpenBSD Foibles And Quirks (FAQ)
Sometimes things are a little weird and other times they are just annoyingly strange.
Man will only be free,
once the last computer has been strangled
with the power cord of the last router.
-- With apologies to Didero.
--oOo--
Strange Command Options
There are some BSD commands that one has to reread the man pages, since they are different from Linux.- ifconfig
- route
- pkg_add packagename
- pkg_add -u
Fast File System Softdep
It is important to edit /etc/fstab and configure soft update, otherwise an unclean power down can corrupt the disk irretrievably: https://www.openbsd.org/faq/faq14.htmlThe default is nosoftdep, so add softdep to each ffs line of fstab:
/dev/sd0a / ffs rw,softdep 1 1
--oOo--
System Recovery
If the system needs recovery, try Single User Mode:At the boot prompt: Spacebar
boot> boot -s
# fsck -p
# mount -a
Now you can try to undo your last boo-boo.
--oOo--
Network Settings
/etc/hostname.em0Restart Network:
# sh /etc/netstart
--oOo--
Additional Useful Programs
pkg_add xfce nano firefox mplayer links lynx gimp abiword gnumeric xournal evinceStart XFCE with:
$ startx /usr/local/bin/startxfce4
Or, you can put exec /usr/local/bin/startxfce4 in ~/.xinitrc and then just run startx
--oOo--
Securelevel
The securelevel is +1 by default at runtime. This protects a bunch of crucial stuff against modification at runtime. It may interfere with R&D work.# sysctl kern.securelevel
kern.securelevel=1
It can be reduced to -1 in the rc.securelevel file:
# nano /etc/rc.securelevel
add one line:
sysctl kern.securelevel=-1
Verify:
# cat /etc/rc.securelevel
sysctl kern.securelevel=-1
A reboot will make it permanent:
# reboot
La voila, now it runs with no securelevel:
# sysctl kern.securelevel
kern.securelevel=-1
This allows file flags and a few other things to be changed. This is also needed to turn the clock back if it is ahead.
--oOo--
Packet Filter PF
There are a few default rules which may interfere with R&D work. They can be deleted with the pfctl -F all command.The default rules:
# pfctl -s all
FILTER RULES:
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
STATES:
all udp 192.168.1.14:32260 -> 5.32.10.107:123 MULTIPLE:MULTIPLE
all tcp 192.168.1.14:22 <- 192.168.1.16:49495 ESTABLISHED:ESTABLISHED
all udp 192.168.1.255:137 <- 192.168.1.16:137 NO_TRAFFIC:SINGLE
all udp 224.0.0.251:5353 <- 192.168.1.19:5353 NO_TRAFFIC:SINGLE
all udp 224.0.0.251:5353 <- 192.168.1.16:5353 NO_TRAFFIC:SINGLE
Delete all rules:
# pfctl -F all
0 tables deleted.
rules cleared
2 states cleared
source tracking entries cleared
pf: statistics cleared
pf: interface flags reset
Show no rules any more:
# pfctl -s all
FILTER RULES:
INFO:
Status: Enabled for 0 days 00:00:44 Debug: err
State Table Total Rate
current entries 0
half-open tcp 0
--oOo--
Multiple IP Address Aliases on a Single Device
Temporary alias with ifconfig:# ifconfig re0 inet alias 192.168.10.199 netmask 255.255.255.0
Permanent aliases in /etc/hostname.em0:
# nano /etc/hostname.em0
dhcp
inet alias 192.168.111.101 255.255.255.0
inet alias 192.168.1.101 255.255.255.00
Restart network:
# sh /etc/netstart
# ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr b8:ae:ed:ec:0c:03
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.111.101 netmask 0xffffff00 broadcast 192.168.111.255
inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255
--oOo--
Startx Won’t
Startx with fails with “/usr/bin/xauth: timeout in locking authority file /home/user/.Xauthority”
$ ls -l .Xauthority*
-rw------- 1 user user 55 Jul 12 22:04 .Xauthority
-rw------- 1 user user 0 Jul 12 22:36 .Xauthority-c
-rw------- 1 user user 0 Jul 12 22:36 .Xauthority-l
Those files are lock files for .Xauthority, so simply removing them resolves the issue.
$ rm -f /home/user/.Xauthority-*
These files should have been written to /tmp, where they will be cleaned up automatically at reboot. You can put the above command in /etc/rc.local to fix the problem.
$ ls -l .Xauthority*
-rw------- 1 user user 55 Jul 12 22:04 .Xauthority
-rw------- 1 user user 0 Jul 12 22:36 .Xauthority-c
-rw------- 1 user user 0 Jul 12 22:36 .Xauthority-l
Those files are lock files for .Xauthority, so simply removing them resolves the issue.
$ rm -f /home/user/.Xauthority-*
These files should have been written to /tmp, where they will be cleaned up automatically at reboot. You can put the above command in /etc/rc.local to fix the problem.
--oOo--
SUID Removed From startx
The setuid bit was removed from /usr/X11R6/bin/Xorg. Therefore startx can no longer be used by non-root users.The best way to start Xorg by non-root users now is:
# rcctl enable xenodm
# rcctl start xenodm
--oOo--
Latest and Greatest
The latest version has many, many, many improvements, including improved support for my favourite computer toy the Raspberry Pi:
https://www.openbsd.org/67.html
--oOo--
La voila!
Herman
Comments
Post a Comment
On topic comments are welcome. Junk will be deleted.