[ home ]

Installing OpenBSD 6.3 on your laptop is really hard (not)

I have used the instructions in this page to install amd64 OpenBSD 6.3 with the xfce4 desktop and a range of applications on a Thinkpad X220 (legacy boot) and a Thinkpad X61s. I have also installed the 32bit version of OpenBSD 6.3 on a Thinkpad T42 with the radeon graphics chip and 1Gb of RAM - it runs fine but slowly.

I suggest that you print and read this page before proceeding.

Install OpenBSD according to the instructions in FAQ

Background reading: FAQ 4: The OpenBSD installation guide.

The steps below assume that you have successfully installed the base OpenBSD system from the USB stick installer (install63.fs) or the CD-ROM image (install63.iso).

Connect to the Internet

Background reading: OpenBSD FAQ 6.2.1, 6.13.

Jack into your router with a cable and...

# dhclient em0
DHCPDISCOVER on em0 - interval 3
DHCPOFFER from (00:1b:2f:42:41:42)
DHCPACK from (00:1b:2f:42:41:42)
bound to -- renewal in 43200 seconds.

Then install any non-free firmware that your laptop might need...

# fw_update

Pull the cable out and set up a wifi connection. Most Thinkads have Intel wifi cards...

$ su -l
# ifconfig -a # shows a list of all the interfaces 
# ifconfig iwn0 up
# ifconfig iwn0 scan
# ifconfig iwn0 nwid connection_name wpakey password wpaprotos wpa1,wpa2 
# dhclient iwn0 
DHCPREQUEST on iwn0 to # lots more output

Warning: You need to use the wpaprotos option with argument wpa1 to enable connections using wpa1. The wpa1 protocol is now considered insecure.

Set up a package mirror and install a package

Background reading: OpenBSD FAQ 15.2.

The pkg_add command reads the URL of the package mirror from the /etc/installurl file.

If you installed the OpenBSD package sets from the Internet, you will already have the/etc/installurl file in place and you can skip this section. If, like me, you prefer to install OpenBSD from the install.iso or install.fs images, you will need to create the /etc/installurl file as below...

$ su -l
# echo "https://www.mirrorservice.org/pub/OpenBSD" >> /etc/installurl
# exit

To install applications, you need to become root and run pkg_add.

$ su -l
# pkg_add nano    
quirks-2.114 signed on 2015-08-09T15:30:39Z
nano-2.4.2: ok
# exit

Once the command returns, exit root and try editing a text file with nano.

Install the xfce4 desktop environment and some applications

I like the xfce desktop and the packages below will install Firefox, a pdf reader, an image organiser, a music player and an office package.

# pkg_add -v consolekit2 xfce xfce-extras evince firefox shotwell audacious audacious-plugins libreoffice

The consolekit2 package is needed to allow the user to shut down or reboot from within xfce4 without using terminal commands.

pkg_add will stop when it reaches the document reader Evince and offer you a choice of two versions of the package, each compiled with different configuratons...

# pkg_add evince
quirks-2.114 signed on 2015-08-09T15:30:39Z
Ambiguous: choose package for evince
a       0: <none>
        1: evince-3.16.1p0
        2: evince-3.16.1p0-light
Your choice: 2

Option 1 will pull in a large number of Gnome libraries. Option 2 has been provided by the packager for those of us who wish to use Evince to read pdf files with a different desktop or window manager.

Some of the more complex packages come with readme files installed to /usr/local/share/doc/pkg-readmes/. It is best to read these to complete configuration of the package.

Don't reboot yet. You need to configure the graphical login and set up some daemons. See below...

Use /etc/rc.conf.local to enable apmd and graphical log-in

Background reading: Comparison of Desktop Environments, ConsoleKit Github readme with definitions, xenodm man page and the package_readme for consolekit2 at /usr/local/share/doc/pkg-readmes/consolekit2-1.0.2p1 .

As root add some lines to /etc/rc.conf.local to enable power management (apmd) so that you can use Fn-F4 to suspend your thinkpad, and to enable the graphical log-in manager xenodm. Xenodm is an OpenBSD fork of the venerable xdm.

# nano /etc/rc.conf.local
multicast_host=YES       # Some avahi shenanigans
apmd_flags="-A"          # Laptop power saving
xenodm_flags=""          # Starts xenodm graphical login
pkg_scripts="messagebus" # Enables dbus/ConsoleKit stuff

Then as user add an .xsession file with a line that will start consolekit so that you can shutdown &c from within xfce4.

$ cat .xsession
exec ck-launch-session startxfce4

Memory limits in /etc/login.conf

My Thinkpad X220 has 8Gb of RAM. Firefox (and Chromium) like lots of RAM. By default, OpenBSD enforces limits on the largest amount of RAM that a user level program can use to around 1.5Gb, and if it exceeds that limit, the OOM killer will terminate the process. Your user will be part of the staff group and you can edit /etc/login.conf to increase the default limit. Mine is set as follows...

# Staff have fewer restrictions and can login even when nologins are set.

Reboot and you'll get the xenodm login greeter. When you log in, Xfce4 will ask you to specify a layout, and then show you the desktop.

Use /etc/doas.conf to allow user mounting of an external USB stick

Background reading: OpenBSD FAQ sections 10 (doas), 14 (File Systems Intro) as well as man doas and man mount.

You must use doas and a few lines in /etc/doas.conf to allow user mounting of USB sticks. My /etc/doas.conf file looks like this...

$ cat /etc/doas.conf
# http://daemonforums.org/showthread.php?t=9774
permit nopass keith as root cmd mount
permit nopass keith as root cmd umount

Then you can mount a USB stick like this...

doas mount /dev/sd1i /home/keith/usb 	# mounts my USB on ~/usb
doas umount /dev/sd1i 			# un-mounts the drive

Once mounted, you can use a graphical file manager like Thunar to copy and paste files to and from your storage stick. You can't unmount the USB stick from Thunar, remember to use the umount /dev/sd1i command before removing the USB stick.

Use xfce4-mount-plugin and an /etc/fstab entry to allow graphical mount/unmount of a USB thumb drive

Background reading: xfce4-mount-plugin page on the Xfce Web site.

A note on how disks get numbered: My laptop has SATA hard drive as its fixed disc, and that device will appear as /dev/sd0 to OpenBSD. Your vfat formatted USB thumb drive will appear as /dev/sd1i.

$ mount
/dev/sd0a on / type ffs (local)
/dev/sd0k on /home type ffs (local, nodev, nosuid)
/dev/sd0d on /tmp type ffs (local, nodev, nosuid)
/dev/sd0f on /usr type ffs (local, nodev)
/dev/sd0g on /usr/X11R6 type ffs (local, nodev)
/dev/sd0h on /usr/local type ffs (local, nodev, wxallowed)
/dev/sd0j on /usr/obj type ffs (local, nodev, nosuid)
/dev/sd0i on /usr/src type ffs (local, nodev, nosuid)
/dev/sd0e on /var type ffs (local, nodev, nosuid)
/dev/sd1i on /home/keith/usb type msdos (local, uid=1000, gid=1000)

The xfce4-mount package is installed as part of the xfce4 package set. Add an icon for the plugin to the XFCE4 panel by right-clicking on the panel and selecting Panel | Add New Items and searching for 'mount'.

By default, xfce4-mount-plugin lists all the devices including the default local hard drive including all the partitions on sd0. I can set options to prevent that and to use a custom mount command. Right click over the xfce4-mount icon and select Properties | File Systems tab. Add the pattern /dev/sd0* to the Exclude specified file systems textbox so the local drive is not listed.

Right-click on the xfce4-mount icon, and selected Preferences | Commands and write the following in the Custom Commands textboxes, after ensuring that the Custom Commands checkbox was ticked...

doas mount %m
doas umount %m

Now to ensure that a USB stick is listed in the xfce4-mount-popup list, you have to add a line for the device to /etc/fstab. My extra line looks like this (adapted from the examples in man fstab...

/dev/sd1i /home/keith/usb msdos rw,noauto 0 0

Using an fstab entry like this means that only one vfat formatted USB thumb drive will be listed and available with mouse clicks.

Set up updates (6.2 info, 6.3 has no updates as yet)

Background reading: pages about following the -stable branch or following the -current branch, and the OpenBSD 6.2 Errata page.

The syspatch command provides binary updates to the core system. Running the syspatch command without arguments while connected to the Internet resulted in the first three errata for OpenBSD 6.2 being installed as you can see in the transcript below.

$ su
# syspatch
Get/Verify syspatch62-002_fktrace... 100% |*************| 77434       
Installing patch 002_fktrace
Get/Verify syspatch62-003_mpls.tgz 100% |***************| 29798       
Installing patch 003_mpls
Relinking to create unique kernel... done.

M:Tier sponsors OpenBSD and has provided binpatches for the packages in the stable release for use together with the openup script. Their update page has not yet been updated for OpenBSD 6.3. They recommend using openup to upgrade packages that you have installed in addition to the base system.

Install OpenBSD with whole drive encryption (advanced)

Background reading: OpenBSD FAQ sections 14.1, 14.2 and 14.3.

In OpenBSD 6.3 I used the commands detailed in the FAQ to create an encrypted softraid device and then install OpenBSD within that device. I omitted the command to over-write the disk with random numbers because of time.

Because I install from a USB stick, the drive numbering is 'off by one' compared to the example commands in the FAQ, so the fixed disk in the laptop is sd0 and the USB stick that I am installing from is sd1. The softraid device I use to install OpenBSD is therefore sd2. The commands I actually used in the installer shell session are shown below.

Boot from the installer USB stick and then select [S]hell to get a command prompt...

# fdisk -iy sd0		# MBR not GPT
# disklabel -E sd0
>a a
size:[the size of your drive]
FS type:[4.2BSD] RAID
No label changes
# bioctl -c C -l sd0a softraid0
New pass phrase:
re-type passphrase
# cd /dev && sh MAKEDEV sd2
# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1
# exit

The exit command starts the installer script and you type in the root password, your user and the user password and so on. Then you select sd2 as the installer disk. You also have to specify [disk] as the location of the package sets and then answer 'no' when asked if the disk is mounted, select sd1, mount the a partition. The installer script should then find the package sets.

Simple wifi script

There is no graphical wifi manager available on OpenBSD. I like this little script that runs from my user account and simply automates the typing in of the ifconfig commands. None of the network related configuration files are changed so I can always fall back on the ifconfig commands in a new place. The script itself also serves as a reminder of the syntax of the commands.

$ cat bin/wifi
# adapted from http://marc.info/?l=openbsd-tech&m=146490607627340&w=2 

if [[ $1 == "home" ]]; then
        doas ifconfig iwn0 nwid home_wifi_name wpa wpakey home_wifi_password wpaprotos wpa1,wpa2
        doas dhclient iwn0

if [[ $1 == "blackberry" ]]; then
        doas ifconfig iwn0 nwid phone_hotspot_name wpa wpakey phone_hotspot_password
        doas dhclient iwn0

The script requires the following lines to be added to /etc/doas.conf.

permit nopass keith as root cmd ifconfig
permit nopass keith as root cmd dhclient

Keith Burnett, 3rd April 2018: Updated for OpenBSD 6.3. Still working through the release notes, so this page might change.