Skip to main content

OpenBSD on a Netbook

Recently, I got fed-up with the bloated Linux distributions and wanted to try something that is secure, small and efficient and downloaded OpenBSD 6.0 from Theo De Raadt's server in Calgary.  Since Calgary is actually my old home town - why not?


OpenBSD tries to be the most simple and secure UNIX system out of the box.  It is very much server oriented, but it can do anything and many architectures are supported just for fun. For example, Arm RPi and Beaglebone, Intel 32 and 64 bit and several more.  So OpenBSD is a good choice whether you want to build a server farm, a network router, or a robot.

I have an old little Lenovo S10e netbook that I threatened to toss away numerous times, but it doesn't want to break.  As I feel guilty about tossing something that works perfectly well in a bin, once in a while when I run short of resources, I end up using it again.  Last year, it was pressed into service as a Linux Mirror server to install a bunch of embedded computers.

So I dusted the Netbook off and readied it for a new Olde Skool UNIX experience...

Where to get OpenBSD

The last time I used OpenBSD was about 2004 - for web and mail servers in Calgary.  I certainly know Linux better, but my main machine is a Macbook Pro which runs a kind of BSD and the more things change, the more they stay the same.

Here you go: https://ftp.openbsd.org/pub/OpenBSD/6.0/

When I bought the netbook, I wanted something small that I could carry around easily and although the single core 32 bit Intel processor is slow as molasses with the original Windows 7 OS, it always ran Linux with the XFCE desktop quite well, but I wanted to see whether I can make it fly.

From the above list of files, download the install60.fs file if you want to use a USB memory stick as the install medium.

I made the mistake of not reading the INSTALL.i386 instructions and downloaded the ISO file, then wondered why it would not boot.  So, do go and read the INSTALL file.  Pretty much everything you need to know is in there!

Write the install60.fs file to a memory schtick using dd: http://www.aeronetworks.ca/2013/05/using-dd-on-mac-to-copy-iso-file.html

Install

The WiFi adaptor in this netbook never worked with Linux, so I didn't expect it to work with BSD.  I therefore plugged in a trusty little Edimax USB dongle (Ralink chip set) and hoped it would work.  OpenBSD recognized it and loaded the run driver, so the dongle showed up as run0 in ifconfig.

The OpenBSD installer is super simple and OpenBSD is even easier and quicker to install than Linux.  It just takes a few minutes.  So, plug the USB widget in and boot it, follow the very simple instructions and mostly just accept the defaults, till you get to the network configuration.  Be sure to type the correct information in for the WiFi adaptor if you are using one: You need to supply the SSID and password as a minimum.

Of course I fat fingered the password, so it could not connect.  The WiFi setup information is in a file called /etc/hostname.run0 and editing it later presented an interesting challenge, since I am severely vi impeded.  I had to read the vi man page to find out how to delete a character - really.

First boot

OpenBSD is a simple and clean system with no bells and whistles.  None.  Zilch.

When you boot up, you get a nice, self explanatory login prompt:
Login: herman
password
$

If you are freaked out by a $ prompt, then you either have to return your Geek Card, or read a UNIX book or three.

At that point, I had to go and fix the WiFi password first and then rebooted to see if it worked properly, but you can simply run startx to get a beautiful FVWM desktop, with a xterm and a clock on it - woohoo.

We have Country AND Western music!

The default install doesn't have much of anything for a laptop machine.  The vi editor, ssh and a ftp client are about it.  No web browser, not even links

Install a Package or Three

In order to make the netbook useful, I need a web browser and an editor that is more to my liking.

Packages are listed here: https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/
(or https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/ if you have a better machine!).

You can install the dillo web browser like this:
# pkg_add https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/dillo-3.0.5p0.tgz

Dillo is quite a horrible little browser, but it sure is fast and much less clunky than links.  However, if you want something more full featured, install surf or luakit, which are both based on webkit and work with everything, including yootoob...

To preserve your sanity, add the path to the /root/.profile file:
# echo "export PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/ >> /root/.profile"

and also export it so it will work immediately:
# export "PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/i386/"

(If you have a better 64 bit machine: echo export "PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/">>/root/.profile)

After that you can simply run:
# pkg_add dillo
# pkg_add links 
# pkg_add surf
# pkg_add nano 
# pkg_add abiword
# pkg_add gnumeric
# pkg_add xournal
# pkg_add pdfshuffler
# pkg_add gimp
# pkg_add minicom
# pkg_add putty 
# pkg_add deadbeef
...

You can make that all one line of course, but I prefer getting error messages for one thing at a time, to preserve my sanity.

Utilities like ftp, ssh, telnet, netcat, tcpdump and more are installed by default, so with the above additions, I can do pretty much anything I would ever want to do on a Netbook.

Stop the Mail Daemon

I don't need the mail daemon on my teenie little netbook.  The mail daemon isn't actually doing much, but I prefer it doing nothing and save every processor cycle and byte of RAM that I can.

Services are controlled via the /etc/rc.conf and /etc/rc.conf.local files, with a utility called rcctl:
# rcctl stop smtpd
# rcctl disable smtpd

The result is:
# cat /etc/rc.conf.local
smtpd_flags=NO

Simple.

XFCE Desktop Environment

The FVWM desktop is nice and fast, but it is really only good for masochists.  My favourite light weight desktop is XFCE and installing it is just as simple as any other package.

The package manager pkg_add is quite smart, so you can install XFCE for a better laptop experience by simply running:
# pkg_add xfce 

You can then press Ctrl-Alt-Del to quit X and restart it with:
$ startx /usr/local/bin/startxfce4

Or, you can put exec /usr/local/bin/startxfce4 in ~/.xinitrc and then just run startx as usual and with a nice wintry themed wall paper the little Netbook looks quite cool now:


See this for more details: https://www.openbsd.org/faq/faq11.html

For OpenBSD 6.4, install xenodm, boot up with edit the .xsession file instead:
$ nano .xsession 
exec ck-launch-session startxfce4

Then reboot and when you log in, you get XFCE instead of the default FVWM..

Minor Niggles

With OpenBSD, there is no drama and most everything works.  If I close the lid, it sleeps, if I open it, it resumes.  Well, almost - the WiFi dongle didn't come back after a resume, so I needed to figure out how to resuscitate the run device driver and hook it into the resume process somewhere.

The OpenBSD FAQ (https://www.openbsd.org/faq/faq6.html#Wireless) eventually revealed the netstart command, which successfully restores the WiFi connection after a resume:
# sh /etc/netstart

I just needed to figure out where to hook netstart so it would be invoked automatically upon resume.

Advanced Power Management

The problem with the WiFi widget was that apmd was not running.  The Advanced Power Management service controls suspend and resume, processor speed and a few more things.
# rcctl get apmd
apmd_flags=NO

Configure and start apmd with:
# rcctl enable apmd
# rcctl start apmd
apmd(ok)

The result is:
# cat /etc/rc.conf.local
apmd_flags=
smtpd_flags=NO

According to the apmd man page the /etc/apm/resume program is run after resuming from standby, so that is the one where I need to put a call to /etc/netstart.

So I tried this:

# mkdir /etc/apm 

# nano /etc/apm/resume

and added the following:
#! /bin/sh
/etc/netstart

# chmod 755 /etc/apm/resume

Let's see if all is OK:
# rcctl stop apmd
# rcctl start apmd
apmd(ok)

Let's see if it works with the zzz command: 
# zzz
Suspending system...

and a few seconds later I type:
zzz
It resumes from its slumber.

However, it didn't seem to run the resume program.

Let's see what happened:
# tail /var/log/messages
apmd: failed to exec /etc/apm/resume: Exec format error

So, how now brown cow?

Eventually, I did two things to get it to work as explained below.  Don't ask me how I found these tricks, it is just years of experience with obstreperous embedded widgets coming to the rescue and a dogged determination to try various things till the hardware responds the way it should.

Make the netstart script executable, so I don't have to invoke a shell explicitly to run it:

# chmod +x /etc/netstart

Add a delay to the /etc/apm/resume script to give the USB widget time to load its firmware and let the magic fairy dust settle, before trying to configure it:
#! /bin/sh
sleep 1
/etc/netstart


Now I can make the netbook suspend and resume, the little green lights flash on the WiFi dongle and all is well, the whole universe shook, the BSD daemons sung and flowers fell down from the heavens...


Squash and Square the Web

British Prime Minister Harold Wilson said of the press:
If you can't squash them, square them 
and if you can't square them, squash them.

It is really only a couple hundred companies that are ruining the web for a couple billion people on the planet, so with even the littlest machine it is trivial to disable the culprits.

You can get a good /etc/hosts file to efficiently squash and square the rubbish on the wild wild web here:
https://github.com/StevenBlack/hosts

My little netbook now zooms like a much faster model, with no Windows, SELinux, systemd, advertisements or spyware to slow it down and now that Uncle Sam decided to ban laptops on board aircraft, this little one becomes the ideal machine to chuck into my luggage since nobody will steal what looks like a clunky old netbook!

Connect to Free WiFi Access Points

My WiFi setup is now automated for home use, but what if I travel and want to connect to free WiFi in McDonalds, or Vienna airport, or Cafe Nero, or.... ???

I solved this with a little script called mcdonalds - duh...
#! /bin/sh
ifconfig run0 nwid mcdonalds
dhclient run0

and ditto for the two or three other places I go to - good enough for me.

Play Internet Radio with deadbeef

On Linux, I use Streamtuner, a wonderful little application, but it doesn't have a BSD equivalent.  The solution is to run dillo and browse to http://www.internet-radio.com (39,520 radio stations!) however, I didn't have a music player installed yet, so:
# pkg_add deadbeef

Now when I run dillo and click a category on internet-radio, select a station, look at the left and download a playlist .pls file - save as - /home/herman/radio/whatever.pls  - thereafter, in the file browser simply double click the desired .pls file to play the radio station with deadbeef.

There is probably a way to get dillo to spawn deadbeef, but since I only ever listen to two or three radio stations, this is dead simple and now I actually can listen to Country and Western music - Och, my poor bleeding ears...

I then found that the speaker volume keys on the chicklet keyboard actually work too - neat!

OpenBSD on Virtualbox

If you are not quite ready to go bare metal, then you can install OpenBSD in Virtualbox, but since there is no Guest Additions for OBSD, you need to tweak things manually to get full screen operation.   

I actually prefer slightly smaller than full screen, so I can retain access to the host task manager bar more easily.  The easiest way to get the size right, is to take a screen shot by grabbing a rectangle, save the file and open it with a photo editor to see the dimensions.

There are are some weird limitations and  I could only get it to work with 16 bit video on my Lenovo and on my Macbook Pro I had to select 2560x1600x16 and Unscaled High Definition Video in the machine video properties to make it work full screen.

Define a custom screen for the OpenBSD VM like this, sized for my Lenovo Thinkpad:
$ VBoxManage setextradata OpenBSD CustomVideoMode1 1600x868x16

Start the VM and scp the below /etc/X11/xorg.conf file over to the VM. Modify the Depth, DefaultDepth and Modes at the bottom to suit:


Section "ServerLayout"
 Identifier     "X.org Configured"
 Screen      0  "Screen0" 0 0
 InputDevice    "Mouse0" "CorePointer"
 InputDevice    "Keyboard0" "CoreKeyboard"
EndSection

Section "Files"
 ModulePath   "/usr/X11R6/lib/modules"
 FontPath     "/usr/X11R6/lib/X11/fonts/misc/"
 FontPath     "/usr/X11R6/lib/X11/fonts/TTF/"
 FontPath     "/usr/X11R6/lib/X11/fonts/OTF"
 FontPath     "/usr/X11R6/lib/X11/fonts/Type1/"
 FontPath     "/usr/X11R6/lib/X11/fonts/100dpi/"
 FontPath     "/usr/X11R6/lib/X11/fonts/75dpi/"
EndSection

Section "Module"
 Load  "dbe"
 Load  "dri"
 Load  "extmod"
 Load  "glx"
 Load  "freetype"
EndSection

Section "InputDevice"
 Identifier  "Keyboard0"
 Driver      "kbd"
EndSection

Section "InputDevice"
 Identifier  "Mouse0"
 Driver      "mouse"
 Option     "Protocol" "wsmouse"
 Option     "Device" "/dev/wsmouse"
 Option     "ZAxisMapping" "4 5 6 7"
EndSection

Section "Monitor"
 Identifier   "Monitor0"
 HorizSync    31-80
 VertRefresh  30-100
 VendorName   "Monitor Vendor"
 ModelName    "Monitor Model"
EndSection

Section "Device"
 Identifier  "Card0"
 Driver      "vesa"
 VendorName  "InnoTek"
 BoardName   "VirtualBox Graphics Adapter"
 BusID       "PCI:0:2:0"
EndSection

Section "Screen"
 DefaultDepth  16
 Identifier "Screen0"
 Device     "Card0"
 Monitor    "Monitor0"
 SubSection "Display"
  Viewport   0 0
  Depth     16
  Modes     "1600x868"
 EndSubSection
EndSection

When you launch startx, you should get a large window and may need Right-Control F to switch to full-screen mode.

Care and Feeding of Your Puffer Fish

Once in a blue moon, to update the system I do:
$ sudo su -
# pkg_add -u

For information on installing packages and ports, read the FAQ here:
https://www.openbsd.org/faq/faq15.html

Pretty much everything is in the FAQ, so RTFF really is a good idea.

or refer to the Original Grumpy BSD Guy:
https://bsdly.blogspot.ae/2013/04/youve-installed-it-now-what-packages.html

For questions on any flavour of BSD when you did RTFF and is still stuck, go to http://daemonforums.org.

OpenBSD Foibles And Quirks (FAQ)

Sometimes things are a little weird and other times they are just annoyingly strange. 

Man will only be free, 
once the last computer has been strangled 
 with the power cord of the last router. 
-- With apologies to Didero.

--oOo-- 

Strange Command Options

There are some BSD commands that one has to reread the man pages, since they are different from Linux.
  • ifconfig
  • route
  • pkg_add packagename
  • pkg_add -u
--oOo-- 

Fast File System Softdep

It is important to edit /etc/fstab and configure soft update, otherwise an unclean power down can corrupt the disk irretrievably: https://www.openbsd.org/faq/faq14.html

The default is nosoftdep, so add softdep to each ffs line of fstab:
/dev/sd0a / ffs rw,softdep 1 1

--oOo--

System Recovery

If the system needs recovery, try Single User Mode:
At the boot prompt: Spacebar
boot> boot -s
# fsck -p
# mount -a


Now you can try to undo your last boo-boo.

--oOo--

Network Settings

/etc/hostname.em0

Restart Network:
# sh /etc/netstart

--oOo-- 

Additional Useful Programs

pkg_add xfce nano firefox mplayer links lynx gimp abiword gnumeric xournal evince

Start XFCE with:
$ startx /usr/local/bin/startxfce4


Or, you can put exec /usr/local/bin/startxfce4 in ~/.xinitrc and then just run startx

--oOo-- 

Securelevel

The securelevel is +1 by default at runtime.  This protects a bunch of crucial stuff against modification at runtime.  It may interfere with R&D work.

# sysctl kern.securelevel     
kern.securelevel=1

It can be reduced to -1 in the rc.securelevel file:
# nano /etc/rc.securelevel
add one line:
sysctl kern.securelevel=-1

Verify:
# cat /etc/rc.securelevel
sysctl kern.securelevel=-1

A reboot will make it permanent:
# reboot

La voila, now it runs with no securelevel:
# sysctl kern.securelevel                                                                  
kern.securelevel=-1

This allows file flags and a few other things to be changed.  This is also needed to turn the clock back if it is ahead.

--oOo--

Packet Filter PF

There are a few default rules which may interfere with R&D work.  They can be deleted with the pfctl -F all command.

The default rules:
# pfctl -s all
FILTER RULES:
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55

STATES:
all udp 192.168.1.14:32260 -> 5.32.10.107:123       MULTIPLE:MULTIPLE
all tcp 192.168.1.14:22 <- 192.168.1.16:49495       ESTABLISHED:ESTABLISHED
all udp 192.168.1.255:137 <- 192.168.1.16:137       NO_TRAFFIC:SINGLE
all udp 224.0.0.251:5353 <- 192.168.1.19:5353       NO_TRAFFIC:SINGLE
all udp 224.0.0.251:5353 <- 192.168.1.16:5353       NO_TRAFFIC:SINGLE

Delete all rules:
# pfctl -F all
0 tables deleted.
rules cleared
2 states cleared
source tracking entries cleared
pf: statistics cleared
pf: interface flags reset

Show no rules any more:
# pfctl -s all  
FILTER RULES:

INFO:
Status: Enabled for 0 days 00:00:44              Debug: err

State Table                          Total             Rate
  current entries                        0              
  half-open tcp                          0              

--oOo--

Multiple IP Address Aliases on a Single Device

Temporary alias with ifconfig:
# ifconfig re0 inet alias 192.168.10.199 netmask 255.255.255.0

Permanent aliases in /etc/hostname.em0:
# nano /etc/hostname.em0
dhcp
inet alias 192.168.111.101 255.255.255.0
inet alias 192.168.1.101 255.255.255.00

Restart network:
# sh /etc/netstart

# ifconfig em0   
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr b8:ae:ed:ec:0c:03
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
        status: active
        inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255
        inet 192.168.111.101 netmask 0xffffff00 broadcast 192.168.111.255
        inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255

--oOo--

Startx Won’t

Startx with fails with “/usr/bin/xauth: timeout in locking authority file /home/user/.Xauthority”
$ ls -l .Xauthority*
-rw------- 1 user user 55 Jul 12 22:04 .Xauthority
-rw------- 1 user user  0 Jul 12 22:36 .Xauthority-c
-rw------- 1 user user  0 Jul 12 22:36 .Xauthority-l

Those files are lock files for .Xauthority, so simply removing them resolves the issue.
$ rm -f  /home/user/.Xauthority-*

These files should have been written to /tmp, where they will be cleaned up automatically at reboot.  You can put the above command in /etc/rc.local to fix the problem.

--oOo--

SUID Removed From startx 

The setuid bit was removed from /usr/X11R6/bin/Xorg.  Therefore startx can no longer be used by non-root users.

The best way to start Xorg by non-root users now is:
# rcctl enable xenodm
# rcctl start xenodm

--oOo--

Latest and Greatest
The latest version has many, many, many improvements, including improved support for my favourite computer toy the Raspberry Pi:
https://www.openbsd.org/67.html

--oOo--

La voila!

Herman


Comments

Popular posts from this blog

Parasitic Quadrifilar Helical Antenna

This article was reprinted in OSCAR News, March 2018:  http://www.amsat-uk.org If you want to receive Satellite Weather Pictures , then you need a decent antenna, otherwise you will receive more noise than picture. For polar orbit satellites, one needs an antenna with a mushroom shaped radiation pattern .  It needs to have strong gain towards the horizon where the satellites are distant, less gain upwards where they are close and as little as possible downwards, which would be wasted and a source of noise.  Most satellites are spin stabilized and therefore the antenna also needs circular polarization, otherwise the received signal will flutter as the antennas rotate through nulls. The helical antenna, first proposed by Kraus in 1948, is the natural solution to circular polarized satellite communications.  It is a simple twisted wire - there seems to be nothing to it.  Various papers have been published on helix antennas, so the operation is pretty well understood. Therefore,

Patch Antenna Design with NEC2

The older free Numerical Electromagnetic Code version 2 (NEC2) from Lawrence Livermore Lab assumes an air dielectric.  This makes it hard (but not impossible) for a radio amateur to experiment with Printed Circuit Board Patch antennas and micro strip lines. Air Spaced Patch Antenna Radiation Pattern You could use the free ASAP simulation program , which handles thin dielectrics, you could shell out a few hundred Dollars for a copy of NEC4 , You could buy GEMACS if you live in the USA, or you could add distributed capacitors to a NEC2 model with LD cards (hook up one capacitor in the middle of each element.), but that is far too much money/trouble for most. More information on driving an array antenna can be found here: https://www.aeronetworks.ca/2019/03/driving-quad-patch-array-antenna.htm l Air Dielectric Patch   The obvious lazy solution is to accept the limitation and make an air dielectric patch antenna. An advantage of using air dielectric, is that the antenn

Weather Satellite Turnstile Antennas for the 2 meter Band

NEC2, 2 m band, 146 MHz, Yagi Turnstile Simulation and Build This article describes a Turnstile Antenna for the 2 meter band, 146 MHz amateur satcom, 137 MHz NOAA and Russian Meteor weather satellites.  Weather satellite reception is described here .  A quadrifilar helical antenna is described here .   Engineering, is the art of making what you need,  from what you can get. Radiation Pattern of the Three Element Yagi-Uda Antenna Once one combine and cross two Yagis, the pattern becomes distinctly twisted. The right hand polarization actually becomes visible in the radiation pattern plot, which I found really cool. Radiation Pattern of Six Element Turnstile Antenna Only a true RF Geek can appreciate the twisted invisible inner beauty of a herring bone antenna... Six Element Turnstile Antenna Essentially, it is three crosses on a stick.  The driven elements are broken in the middle at the drive points.  The other elements can go straight throug