[ home ]
See also an OpenBSD lite install on an old 32bit Thinkpad X60.
October 30th 2021: OpenBSD 7 is here and the instructions on this page will provide a nice xfce4 based desktop. I'm using it on a Thinkpad X220 with a 480Gb SSD and 8Gb RAM. The example command results and links are still pointing to 6.8/6.9 at present. I'll update these in a week or two.
Patrick Bucher documents an install on a Thinkpad X270, which is a much more recent machine.
Previous versions of this page [ 5.5 | 6.2 | 6.3 | 6.4 | 6.5 | 6.6 | 6.7 | 6.8 ]
This page is aimed at people who are familiar with Linux and who wish to explore OpenBSD. I'm assuming that the reader has successfully installed Linux and has some familiarity with the command line, including the use of a text editor to modify configuration files. This page provides a task focused approach to setting up a desktop making use of many packages outside of the OpenBSD base as well as developing experience with the OpenBSD base.
/var/mail/yourusernameafter a fresh install
/usr/local/share/doc/pkg-readmes/after installing binary packages using
Read the OpenBSD FAQ - Installation Guide.
The Thinkpad X61s is a BIOS laptop, so I just booted from a USB stick
I had prepared with the
amd64 architecture install
The OpenBSD installer asks a series of questions and gives sensible defaults in [square brackets]. I chose to use the [W]hole drive for OpenBSD and to accept [A]utomatic partitioning.
There were three points in the installation where I had to provide non-default input (in addition to providing a root password and a user account and password)...
Yes to the question about the X Window System
being started by
Xenodm is the OpenBSD
fork of the
xdm display manager. The OpenBSD FAQ discourages use of the
startx command to manage X sessions.
In the section
Let's install the sets! you have to
specify that the sets are located on
the disk is not mounted, and then type the label of the USB stick
You just need to answer
Yes to the question about
the missing SHA256.sig file. See the FAQ for the reason.
After the installer completes (about five minutes on the X61s) you can reboot into the graphical log-in screen and type your user name and password.
Background reading: OpenBSD FAQ - The X Window System.
OpenBSD base contains three window managers for use with X Windows.
The default choice is an ancient version of
fvwm and this
is what should visible now.
There should be an
xterm terminal window in the top left
of the screen. The default terminal prompt is the machine name ('foo'
for me) and the $ sign showing that the terminal has ordinary user
rights. Click on the title bar of that window to give it focus
(and bring it to the front if there is another window in the way). That
terminal window will enable the completion of the next 4 steps.
The fonts might be very small on a modern laptop screen. With the mouse pointer over the window press Ctrl and click the right hand mouse button. A font menu will appear. Select Huge size to get readable characters.
The 'system bell' can become intrusive. To silence it on a temporary basis just type
foo$ xset b off
fvwm desktop in all its 90s glory becomes
annoying a console (aka tty) can be used. Ctrl-Alt F2 will take you to a
tty login from where all the commands in the next 4 sections can be run.
Ctrl-Alt F5 returns to the X Windows 'shell'.
If the computer must be closed down before the xfce4 desktop environment is installed and configured use these commands as root
foo$ su password: # type the root password foo# shutdown -ph now
Background reading: OpenBSD FAQ - Networking / Wireless Networking.
To connect to a wired network just use these commands as root...
foo# ifconfig em0 up foo# dhclient em0
For licencing reasons some firmware packages cannot be included on
the OpenBSD install media. Run the
fw_update command as
root to install any firmware that is available...
FAQ - System management / Security updates, OpenBSD 6.8 errata page
To apply the binary updates to the base system just become root
and issue the
foo# syspatch Get/Verify syspatch68-001_bgpd.tgz 100% |***************| 179 KB 00:00 Installing patch 001_bgpd Get/Verify syspatch68-002_icmp6.tgz 100% |**************| 107 KB 00:00 Installing patch 002_icmp6 ... Installing patch 013_libressl Relinking to create unique kernel... done; reboot to load the new kernel Errata can be reviewed under /var/syspatch
To find out the name of the WiFi driver, type the
ifconfig command as root...
foo# ifconfig | grep flag lo0: flags=8049
mtu 32768 em0: flags=8802 mtu 1500 ath0: flags=808843 mtu 1500 enc0: flags=0<> pflog0: flags=141 mtu 33136
The output from
ifconfig tells me that my Thinkpad X61s has an Atheros wifi card installed and will use the
ath driver which is distributed with the base system. To connect to an authenticated WiFi, you can create a
foo# echo "join myhomewifi wpakey pass_phrase" >> /etc/hostname.ath0 foo# echo "dhcp" >> /etc/hostname.ath0
...and then restart the network...
foo# sh /etc/netstart
ping to check that your connection is working...
foo# ping openbsd.org PING openbsd.org (184.108.40.206): 56 data bytes 64 bytes from 220.127.116.11: icmp_seq=0 ttl=227 time=217.378 ms 64 bytes from 18.104.22.168: icmp_seq=1 ttl=227 time=203.987 ms ^C --- openbsd.org ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 203.987/210.682/217.378/6.695 ms
See OpenBSD FAQ - Package Management.
Software not included in the OpenBSD base is ported to
OpenBSD often by volunteers in the ports team. The
command is used to install packages. OpenBSD has a global mirror system
that is accessed through a content delivery network and the address of
the package repository is written to
installation. The commands below will install
nano an easy
to use command line editor.
foo# pkg_add nano quirks-3.441 signed on 2021-02-13T20:25:37Z quirks-3.441: ok nano-5.2:libiconv-1.16p0: ok nano-5.2:gettext-runtime-0.21: ok nano-5.2: ok
Occasionally, there is a glitch with the mirror or the internet
connection and a package will not be correctly downloaded.
pkg_add will mark such packages with the prefix partial-. I
find that repeating the
pkg_add command a bit later clears
I like the xfce desktop environment. The OpenBSD port of xfce4 is version 4.14 and the commands below will provide a full install of xfce and Firefox and a pdf document reader.
foo# pkg_add xfce xfce-extras firefox evince xfce4-power-manager upower
This command will take some time to return as
will fetch all the dependencies for each of the packages listed above -
dozens in the case of Xfce and Firefox. Dependencies of
dbus, both needed to enable Xfce to suspend or hibernate
from the logout menu. See the next section for details.
pkg_add will stop when it reaches the document reader Evince and offer you a choice of two versions of the package, each compiled with different configuratons...
foo# pkg_add evince Ambiguous: choose package for evince a 0:
1: evince-3.36.7 2: evince-3.36.7-light Your choice: 2
Option 1 will pull in a large number of Gnome libraries. Option 2 has been provided by the packager for those of us who wish to use Evince to read pdf files with a different desktop or window manager.
Some of the more complex packages come with readme files installed to
pkg-readmes for the
firefox packages will be essential reading in the next
A huge range of is ports available e.g.
mplayer and so on. You can search for packages using
pkg_info -Q <name> where
part of the name of a program you know. For example....
foo$ pkg_info -Q inksc inkscape-1.0.1 (installed)
Don't reboot yet. You need to configure the graphical login and set up some daemons. See below...
See OpenBSD FAQ -
System Management / System daemons. The pkg-readme for Xfce is
essential reading, try
cat /usr/local/share/doc/pkg-readmes/xfce |
more. A look at
/usr/local/share/doc/pkg-readmes/xfce/firefox would be
useful as well.
To enable suspend and resume and to run Xfce with the ability to control the power settings and to shut down and reboot, you need to enable some daemons...
rcctl to enable and start the
daemon (straight from the FAQ page). Suspend to RAM should then
foo# rcctl enable apmd foo# rcctl set apmd flags -A foo# rcctl start apmd
Next enable and start the
foo# rcctl enable messagebus foo# rcctl start messagebus
rcctl actually writes lines into
/etc/rc.conf.local and that file can be edited directly
from a root command prompt.
Finally when you start an X Window session, the server looks for a
~/.xsession in the root of your home drive and
runs the commands in that file. Below is the contents of my
.xsession file for running Xfce based on the
foo$ cat ~/.xsession # See pkg-readme for xfce # Dbus/message bus enabled in rc.conf.local # Want to be able to suspend from xfce4 logout menu /usr/local/bin/startxfce4 --with-ck-launch
I usually reboot at this stage and check that Xfce starts properly and that I can suspend and reboot from the logout menu.
OpenBSD 6.8 has Firefox v82 at the time of writing. A quick look at the
pkg-readme file for Firefox will tell you that Firefox can only write and read from your
~/Downloads folder using the
unveil features build into OpenBSD. Solène Rapenne has a quick run-down of some of the security features built into OpenBSD including
By default, OpenBSD enforces limits on the maximum memory that applications can use depending on the role of the user. Web browsers like a lot of memory, so it is wise to increase the allocation of memory that can be used. The allocations are set in the `/etc/login.conf' file
I add my user to the
staff group then raise the memory
limit for the
staff group to 3072 Mb (a good chunk of the 4096Mb on this X61s thinkpad...
#foo usermod -G staff YOUR_USERNAME #foo cat /etc/login.conf .... lines .... staff:\ :datasize-cur=3072M:\ :datasize-max=infinity:\ :maxproc-max=512:\ :maxproc-cur=256:\ :ignorenologin:\ :requirehome@:\ :tc=default: .... lines ....
login.conf file needs to be edited ('staff' is on
line 72) and the change is seen on logging out and back in.
OpenBSD version 6.8 seems to be much more stable when running xfce4 verson 4.14 than version 6.7 was. I'm seeing a lot less in the way of crashes and core dumps in
~/ than I was a few months ago.
See OpenBSD FAQ -
man ntfs-3g package after
One of the biggest differences in everyday desktop use between Linux
and OpenBSD is the approach to mounting external storage. Automount of
storage sticks does not just happen in OpenBSD. Remember from
installation that SCSI-like (i.e. SATA) hard drives are numbered
sd1 and not
sdb as in Linux.
The following commands (as root) will add the needed lines to
doas.conf so that your user can mount external drives...
foo# echo "permit nopass USER as root cmd mount" >> /etc/doas.conf foo# echo "permit nopass USER as root cmd umount" >> /etc/doas.conf foo# echo "permit nopass USER as root cmd ntfs-3g" >> /etc/doas.conf
Mounting a USB stick to
~/usb as user looks like
foo$ mkdir ~/usb foo$ dmesg | grep sd1 sd1 at scsibus4 targ 1 lun 0: <, USB DISK 2.0, PMAP> removable serial. numbers foo$ doas mount /dev/sd1i ~/usb foo$ ls ~/usb music planner.pdf
...and I can unmount the USB stick easily...
foo$ doas umount ~/usb foo$ ls usb
allows the mounting and unmounting of USB sticks from the xfce
Add an icon for the plugin to the XFCE4 panel by right-clicking on
the panel and selecting Panel | Add New Items and
xfce4-mount-plugin lists all the devices
including the default local hard drive including all the partitions on
sd0. I can set options to prevent that and to use a custom
mount command. Right click over the
icon and select Properties | File Systems tab.
Add the pattern
/dev/sd0* to the Exclude specified
file systems textbox so the local drive is not listed.
Right-click on the
and select Preferences | Commands and write the
following in the Custom Commands textboxes, after
ensuring that the Custom Commands checkbox was
doas mount %m doas umount %m
Now to ensure that a USB stick is listed in the xfce4-mount-popup
list, you have to add a line for the device to
foo# echo "/dev/sd1i /home/keith/usb msdos rw,noauto 0 0" >> /etc/fstab
Using an fstab entry like this means that only one vfat formatted USB thumb drive will be listed and available with mouse clicks.
I have not yet worked out a way of automounting a mix of VFAT and
NTFS drives. Probably a script run instead of
that will work out what drive it is and mount it to an appropriate mount
My threat model for this laptop includes opportunistic theft and me leaving it on the bus. Using whole drive encryption on OpenBSD is covered in the OpenBSD FAQ - Disk Setup / RAID and disk Encryption / Full Disk Encryption
The basic strategy is to
bioctlcommand. This becomes
sd1. Set a pass phrase for the disk here
sd1as the disk to install OpenBSD to
I will be trashing this installation and re-installing with drive encryption in the next few days...