[ home ]
Note added October 1st 2018: Installed a snapshot of
OpenBSD current which will be released as OpenBSD 6.4 sometime later in
October if all goes according to plan. Everything here seems to work (I
have not checked the whole drive encryption recipe). There is a new wifi
feature called 'auto-join' that permits automatic connection to a series
of known wifi access points according to an algorithm based on security,
signal strength and frequency. I need to work out how that works. The
new version has a pre-populated
/etc/installurl that points
to a cdn for OpenBSD. You don't have to add a mirror. Check the contents
/etc/installurl before adding your own mirror path.
I have used the instructions in this page to install amd64 OpenBSD 6.3 with the xfce4 desktop and a range of applications on a Thinkpad X220 (legacy boot) and a Thinkpad X61s. I have also installed the 32bit version of OpenBSD 6.3 on a Thinkpad T42 with the radeon graphics chip and 1Gb of RAM - it runs fine but slowly.
I suggest that you print and read this page before proceeding.
Background reading: FAQ 4: The OpenBSD installation guide.
The steps below assume that you have successfully installed the base
OpenBSD system from the USB stick installer (
or the CD-ROM image (
Background reading: OpenBSD FAQ 6.2.1, 6.13.
Jack into your router with a cable and...
# dhclient em0 DHCPDISCOVER on em0 - interval 3 DHCPOFFER from 192.168.0.1 (00:1b:2f:42:41:42) DHCPREQUEST on em0 to 255.255.255.255 DHCPACK from 192.168.0.1 (00:1b:2f:42:41:42) bound to 192.168.0.4 -- renewal in 43200 seconds. #
Then install any non-free firmware that your laptop might need...
Pull the cable out and set up a wifi connection. Most Thinkads have Intel wifi cards...
$ su -l # ifconfig -a # shows a list of all the interfaces # ifconfig iwn0 up # ifconfig iwn0 scan # ifconfig iwn0 nwid connection_name wpakey password wpaprotos wpa1,wpa2 # dhclient iwn0 DHCPREQUEST on iwn0 to 255.255.255.255 # lots more output
Warning: You need to use the
option with argument
wpa1 to enable connections using
wpa1 protocol is now considered
Background reading: OpenBSD FAQ 15.2.
pkg_add command reads the URL of the package
mirror from the
If you installed the OpenBSD package sets from the Internet, you will
already have the
/etc/installurl file in place and you can
skip this section. If, like me, you prefer to install OpenBSD from the
install.fs images, you will
need to create the
/etc/installurl file as below...
$ su -l # echo "https://www.mirrorservice.org/pub/OpenBSD" >> /etc/installurl # exit
To install applications, you need to become root and run
$ su -l # pkg_add nano quirks-2.114 signed on 2015-08-09T15:30:39Z nano-2.4.2: ok # exit $
Once the command returns, exit root and try editing a text file with nano.
I like the xfce desktop and the packages below will install Firefox, a pdf reader, an image organiser, a music player and an office package.
# pkg_add -v consolekit2 xfce xfce-extras evince firefox shotwell audacious audacious-plugins libreoffice
consolekit2 package is needed to allow the user to
shut down or reboot from within xfce4 without using terminal commands.
pkg_add will stop when it reaches the document reader
Evince and offer you a choice of two versions of the package, each
compiled with different configuratons...
# pkg_add evince quirks-2.114 signed on 2015-08-09T15:30:39Z Ambiguous: choose package for evince a 0: <none> 1: evince-3.16.1p0 2: evince-3.16.1p0-light Your choice: 2
Option 1 will pull in a large number of Gnome libraries. Option 2 has been provided by the packager for those of us who wish to use Evince to read pdf files with a different desktop or window manager.
Some of the more complex packages come with
/usr/local/share/doc/pkg-readmes/. It is best
to read these to complete configuration of the package.
Don't reboot yet. You need to configure the graphical login and set up some daemons. See below...
/etc/rc.conf.localto enable apmd and graphical log-in
Background reading: Comparison
of Desktop Environments, ConsoleKit Github
readme with definitions, xenodm man page and
the package_readme for consolekit2 at
As root add some lines to
/etc/rc.conf.local to enable power management
apmd) so that you can use Fn-F4 to suspend your thinkpad,
and to enable the graphical log-in manager
is an OpenBSD fork of the venerable
# nano /etc/rc.conf.local multicast_host=YES # Some avahi shenanigans apmd_flags="-A" # Laptop power saving xenodm_flags="" # Starts xenodm graphical login pkg_scripts="messagebus" # Enables dbus/ConsoleKit stuff
Then as user add an
.xsession file with
a line that will start consolekit so that you can shutdown &c from
$ cat .xsession exec ck-launch-session startxfce4
My Thinkpad X220 has 8Gb of RAM. Firefox (and Chromium) like lots of
RAM. By default, OpenBSD enforces limits on the largest amount of RAM
that a user level program can use to around 1.5Gb, and if it exceeds
that limit, the OOM killer will terminate the process. Your user will be
part of the
staff group and you can edit
/etc/login.conf to increase the default limit. Mine is set as follows...
# # Staff have fewer restrictions and can login even when nologins are set. # staff:\ :datasize-cur=4096M:\ :datasize-max=infinity:\ :maxproc-max=512:\ :maxproc-cur=256:\ :ignorenologin:\ :requirehome@:\ :tc=default:
Reboot and you'll get the xenodm login greeter. When you log in, Xfce4 will ask you to specify a layout, and then show you the desktop.
/etc/doas.confto allow user mounting of an external USB stick
Background reading: OpenBSD FAQ sections 10 (doas), 14 (File Systems Intro)
as well as
man doas and
You must use
doas and a few lines in
/etc/doas.conf to allow user mounting of USB sticks. My
/etc/doas.conf file looks like this...
$ cat /etc/doas.conf # http://daemonforums.org/showthread.php?t=9774 permit nopass keith as root cmd mount permit nopass keith as root cmd umount
Then you can mount a USB stick like this...
doas mount /dev/sd1i /home/keith/usb # mounts my USB on ~/usb doas umount /dev/sd1i # un-mounts the drive
Once mounted, you can use a graphical file manager like Thunar to
copy and paste files to and from your storage stick. You can't unmount
the USB stick from Thunar, remember to use the
/dev/sd1i command before removing the USB stick.
/etc/fstabentry to allow graphical mount/unmount of a USB thumb drive
Background reading: xfce4-mount-plugin page on the Xfce Web site.
A note on how disks get numbered: My laptop has SATA
hard drive as its fixed disc, and that device will appear as
/dev/sd0 to OpenBSD. Your
vfat formatted USB
thumb drive will appear as
$ mount /dev/sd0a on / type ffs (local) /dev/sd0k on /home type ffs (local, nodev, nosuid) /dev/sd0d on /tmp type ffs (local, nodev, nosuid) /dev/sd0f on /usr type ffs (local, nodev) /dev/sd0g on /usr/X11R6 type ffs (local, nodev) /dev/sd0h on /usr/local type ffs (local, nodev, wxallowed) /dev/sd0j on /usr/obj type ffs (local, nodev, nosuid) /dev/sd0i on /usr/src type ffs (local, nodev, nosuid) /dev/sd0e on /var type ffs (local, nodev, nosuid) /dev/sd1i on /home/keith/usb type msdos (local, uid=1000, gid=1000)
xfce4-mount package is installed as part of the
xfce4 package set. Add an icon for the plugin to the XFCE4
panel by right-clicking on the panel and selecting
Panel | Add New Items and searching for 'mount'.
xfce4-mount-plugin lists all the devices
including the default local hard drive including all the partitions on
sd0. I can set options to prevent that and to use a custom mount
command. Right click over the xfce4-mount icon and select
Properties | File Systems tab. Add the pattern
/dev/sd0* to the Exclude specified file systems textbox so
the local drive is not listed.
Right-click on the xfce4-mount icon, and selected Preferences | Commands and write the following in the Custom Commands textboxes, after ensuring that the Custom Commands checkbox was ticked...
doas mount %m doas umount %m
Now to ensure that a USB stick is listed in the
xfce4-mount-popup list, you have to add a line for the device to
/etc/fstab. My extra line looks like this (adapted from the
/dev/sd1i /home/keith/usb msdos rw,noauto 0 0
fstab entry like this means that only one vfat
formatted USB thumb drive will be listed and available with mouse
Background reading: pages about following the
-stable branch or following the
-current branch, and the OpenBSD 6.2 Errata
syspatch command provides binary updates to the core
system. Running the
syspatch command without arguments
while connected to the Internet resulted in the first three errata for
OpenBSD 6.2 being installed as you can see in the transcript below.
$ su Password: # syspatch Get/Verify syspatch62-002_fktrace... 100% |*************| 77434 00:00 Installing patch 002_fktrace Get/Verify syspatch62-003_mpls.tgz 100% |***************| 29798 00:00 Installing patch 003_mpls Relinking to create unique kernel... done.
M:Tier sponsors OpenBSD and has provided
the packages in the stable release for use together with the
openup script. Their update page has not yet been
updated for OpenBSD 6.3. They recommend using
upgrade packages that you have installed in addition to the base
Background reading: OpenBSD FAQ sections 14.1, 14.2 and 14.3.
In OpenBSD 6.3 I used the commands detailed in the FAQ to create an encrypted softraid device and then install OpenBSD within that device. I omitted the command to over-write the disk with random numbers because of time.
Because I install from a USB stick, the drive numbering is 'off by one' compared to the example commands in the FAQ, so the fixed disk in the laptop is sd0 and the USB stick that I am installing from is sd1. The softraid device I use to install OpenBSD is therefore sd2. The commands I actually used in the installer shell session are shown below.
Boot from the installer USB stick and then select
[S]hell to get a command prompt...
# fdisk -iy sd0 # MBR not GPT # disklabel -E sd0 >a a offset: size:[the size of your drive] FS type:[4.2BSD] RAID >w >q No label changes # bioctl -c C -l sd0a softraid0 New pass phrase: re-type passphrase # cd /dev && sh MAKEDEV sd2 # dd if=/dev/zero of=/dev/rsd2c bs=1m count=1 # exit
exit command starts the installer script and you
type in the root password, your user and the user password and so on.
Then you select
sd2 as the installer disk. You also have to
[disk] as the location of the package sets and then
answer 'no' when asked if the disk is mounted, select
a partition. The installer script should then
find the package sets.
There is no graphical wifi manager available on OpenBSD. I like this
little script that runs from my user account and simply automates the
typing in of the
ifconfig commands. None of the network
related configuration files are changed so I can always fall back on the
ifconfig commands in a new place. The script itself also
serves as a reminder of the syntax of the commands.
$ cat bin/wifi #!/bin/sh # adapted from http://marc.info/?l=openbsd-tech&m=146490607627340&w=2 if [[ $1 == "home" ]]; then doas ifconfig iwn0 nwid home_wifi_name wpa wpakey home_wifi_password wpaprotos wpa1,wpa2 doas dhclient iwn0 fi if [[ $1 == "blackberry" ]]; then doas ifconfig iwn0 nwid phone_hotspot_name wpa wpakey phone_hotspot_password doas dhclient iwn0 fi
The script requires the following lines to be added to
permit nopass keith as root cmd ifconfig permit nopass keith as root cmd dhclient
Keith Burnett, 3rd April 2018: Updated for OpenBSD 6.3. Still working through the release notes, so this page might change.