[ home ]
June 2020. Previous versions of this page [ 5.5 | 6.2 | 6.3 | 6.4 | 6.5 | 6.6 ] and an lite OpenBSD desktop on a Thinkpad X60.
17th Feb 2021: All below works on OpenBSD 6.8 install. Used the amd64 image to do a clean install on a Thinkpad X61s with 4Gb RAM and a 120Gb SSD. Writeup over the next few days. Xfce4 version 4.14 DE seems a lot more stable.
Other pages about OpenBSD on a laptop...
sysupgrade. 6.6 to 6.7 then package upgrade
/etc/installurland use in preference to
This page describes installing OpenBSD on a Thinkpad L440 laptop with the xfce4 desktop environment. The resulting installation has auto-mounting of USB stick drives and can mount external NTFS formatted hard drives. I also present an alternative installation of the Gnome desktop environment which appears to be more stable on this hardware.
The laptop has 8Gb of RAM, Intel integrated graphics, and is fitted with a 200Gb SATA SSD.
This page is aimed at people who are familiar with Linux and who wish to explore one of the BSD distributions.
I'm assuming that the reader has successfully installed one of the popular Linux distributions, has some familiarity with the command line, including the use of a text editor to modify configuration files.
This page provides a task focused approach to setting up a desktop making use of many packages outside of the OpenBSD base as well as developing experience with the OpenBSD base.
This page draws heavily on the OpenBSD FAQ and the
pages for commands and configuration files.
Packages ported to OpenBSD may include
explain how the ported program can be integrated into the OpenBSD base.
Mail will be found waiting for the user on any new OpenBSD
cat /var/mail/yourusername | more). And don't
Daemonforums have an OpenBSD section. This is not an official source but often has interesting posts. General Web searches will reveal tutorials and illustrations of various applications of OpenBSD. OpenBSD changes so be aware of the OpenBSD version used.
The OpenBSD FAQ - Installation Guide is recommended reading.
The Thinkpad L440 has UEFI boot but I disabled secure boot in the BIOS before booting from the OpenBSD USB stick that I produced on my Linux computer.
The OpenBSD installer asks a series of questions and gives sensible defaults in [square brackets]. I chose to use the [W]hole drive for OpenBSD and to accept [A]utomatic partitioning. Three points needed non-default input...
Yes to the question about the X Window System
being started by
Xenodm is the OpenBSD
fork of the
xdm display manager.
In the section
Let's install the sets! you have to
specify that the sets are located on
the disk is not mounted, and then type the number of the USB stick
You just need to answer
Yes to the question about
the missing SHA256.sig file. See the FAQ for the reason!
After the installer completes (a few minutes on the L440) you can reboot into the graphical log-in screen and type your user name and password.
The OpenBSD FAQ - https://www.openbsd.org/faq/faq11.html is recommended reading.
OpenBSD base contains three window managers for use with X Windows.
The default choice is an ancient version of
fvwm and this
is what should visible now.
There should be an
xterm terminal window in the top left
of the screen. The default terminal prompt is the machine name ('illy'
for me) and the $ sign showing that the terminal has ordinary user
rights. Click on the title bar of that window to give it focus
(and bring it to the front if there is another window in the way). That
terminal window will enable the completion of the next 4 steps.
The fonts might be very small on a modern laptop screen. With the mouse pointer over the window press Ctrl and click the right hand mouse button. A font menu will appear. Select Huge size to get readable characters.
The 'system bell' can become intrusive. To silence it on a temporary basis just type
illy$ xset b off
fvwm desktop in all its 90s glory becomes
annoying a console (aka tty) can be used. Ctrl-Alt F2 will take you to a
tty login from where all the commands in the next 4 sections can be run.
Ctrl-Alt F5 returns to the X Windows 'shell'.
If the computer must be closed down before the xfce4 desktop environment is installed and configured use these commands as root
illy$ su password: # type the root password illy# shutdown -ph now
See OpenBSD FAQ - Networking / Wireless Networking.
Small sections and examples from the man pages for
the WiFi card in use
will be useful. Remember that OpenBSD is often configured as a server
and the range of networking functionality is comprehensive and very
fw_update is brief.
To connect to a wired network just use these commands as root...
illy# ifconfig em0 up illy# dhclient em0
For licencing reasons some firmware packages cannot be included on
the OpenBSD install media. Run the
fw_update command as
root to install these
If you have no access to a wired connection and if the WiFi card
itself needs a firmware package to function, it is possible to download the
firmware package needed, copy it across to the laptop and then use
fw_update -p option to install from the local copy.
To find out the name of the WiFi driver, type the
ifconfig command as root
illy# ifconfig | grep flag lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768 em0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 iwm0: flags=808843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF4> mtu 1500 enc0: flags=0<> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
iwm0 is the Intel WiFi driver. To connect to my home WiFi with
wpa2 encryption make a
hostname.if file like
illy# echo "join myhomewifi wpakey pass_phrase" >> /etc/hostname.iwm0 illy# echo "dhcp" >> /etc/hostname.iwm0
and check the file for typos...
illy# cat /etc/hostname.iwm0
Then restart the network...
illy# sh /etc/netstart
Check you have a functioning connection using ping...
illy# ping openbsd.org PING openbsd.org (220.127.116.11): 56 data bytes 64 bytes from 18.104.22.168: icmp_seq=0 ttl=228 time=198.282 ms 64 bytes from 22.214.171.124: icmp_seq=1 ttl=228 time=196.422 ms 64 bytes from 126.96.36.199: icmp_seq=2 ttl=228 time=183.269 ms ^C # Ctrl+C quits the ping command --- openbsd.org ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 183.269/192.658/198.282/6.682 ms
FAQ - System management / Security updates, OpenBSD 6.7 errata page
To apply the binary updates to the base system just become root and...
illy# syspatch Get/Verify syspatch67-001_wscons.tgz 100% |*************| 113 KB 00:00 Installing patch 001_wscons Get/Verify syspatch67-002_rpki.tgz 100% |***************| 36470 00:00 Installing patch 002_rpki .... more lines .... Relinking to create unique kernel... done; reboot to load the new kernel Errata can be reviewed under /var/syspatch
As the message suggests, reboot the laptop to run the new kernel...
OpenBSD does not have automatic updates (unless you set up a cron job
to run syspatch or something). I just check the OpenBSD errata page now
and again. You can subscribe to the
mailing list for warnings of new errata.
See OpenBSD FAQ - Package Management.
Software not included in the OpenBSD base is ported to
OpenBSD often by volunteers in the ports team. The
command is used to install packages. OpenBSD has a global mirror system
that is accessed through a content delivery network and the address of
the package repository is written to
installation. The commands below will install
nano an easy
to use command line editor.
illy# pkg_add nano # example from 6.5 quirks-3.124 signed on 2019-04-15T12:10:16Z quirks-3.124: ok nano-4.0:libiconv-1.14p3: ok nano-4.0:gettext-0.19.8.1p3: ok nano-4.0: ok
Occasionally, there is a glitch with the mirror or the internet
connection and a package will not be correctly downloaded.
pkg_add will mark such packages with the prefix partial-. I
find that repeating the
pkg_add command a bit later clears
I like the xfce desktop environment. The OpenBSD port of xfce4 is version 4.14 and the commands below will provide a full install of xfce and Firefox and a pdf document reader.
illy# pkg_add xfce xfce-extras firefox evince xfce4-power-manager upower
This command will take some time to return as
will fetch all the dependencies for each of the packages listed above -
dozens in the case of Xfce and Firefox. Dependencies of
dbus, both needed to enable Xfce to suspend or hibernate
from the logout menu. See the next section for details.
pkg_add will stop when it reaches the document reader Evince and offer you a choice of two versions of the package, each compiled with different configuratons...
illy# pkg_add evince Ambiguous: choose package for evince a 0: <None> 1: evince-3.34.2p0 2: evince-3.34.2p0-light Your choice: 2
Option 1 will pull in a large number of Gnome libraries. Option 2 has been provided by the packager for those of us who wish to use Evince to read pdf files with a different desktop or window manager.
Some of the more complex packages come with readme files installed to
pkg-readmes for the
firefox packages will be essential reading in the next
A huge range of is ports available e.g.
mplayer and so on. You can search for packages using
pkg_info -Q <name> where
part of the name of a program you know. For example....
illy$ pkg_info -Q inksc inkscape-0.92.4p2 illy$ pkg_info inkscape Information for https://cdn.openbsd.org/pub/OpenBSD/6.7/packages/ amd64/inkscape-0.92.4p2.tgz Comment: SVG vector drawing application .... lines about Inkscape ....
Don't reboot yet. You need to configure the graphical login and set up some daemons. See below...
See OpenBSD FAQ -
System Management / System daemons. The pkg-readme for Xfce is
essential reading, try
cat /usr/local/share/doc/pkg-readmes/xfce |
more. A look at
/usr/local/share/doc/pkg-readmes/xfce/firefox would be
useful as well.
Optional: The first thing is to stop the
starting each time you log in and to permanently silence the 'bell' and
make the background to the login screen a solid colour. The file
/etc/X11/xenodm/Xsetup_0 is run when you login to
xenodm. Editing that file to comment out the line that
xconsole and then adding some
commands is best achieved using an editor. My modified file is shown
illy# cp /etc/X11/xenodm/Xsetup_0 /etc/X11/xenodm/Xsetup_0-back illy# cat /etc/X11/xenodm/Xsetup_0 #!/bin/sh # $OpenBSD: Xsetup_0,v 1.6 2019/06/29 13:33:06 espie Exp $ #xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail xset b off xsetroot -solid indigo # install package openbsd-backgrounds # then uncomment: # # if test -x /usr/local/bin/openbsd-wallpaper # then # /usr/local/bin/openbsd-wallpaper # fi # sxpm OpenBSD.xpm &
To enable suspend and resume and to run Xfce with the ability to control the power settings and to shut down and reboot, you need to enable some daemons...
rcctl to enable and start the
daemon (straight from the FAQ page). Suspend to RAM should then
illy# rcctl enable apmd illy# rcctl set apmd flags -A illy# rcctl start apmd
Next enable and start the
illy# rcctl enable messagebus illy# rcctl start messagebus
rcctl actually writes lines into
/etc/rc.conf.local and that file can be edited directly
from a root command prompt.
Finally when you start an X Window session, the server looks for a
~/.xsession in the root of your home drive and
runs the commands in that file. Below is the contents of my
.xsession file for running Xfce based on the
illy$ cat ~/.xsession # See pkg-readme for xfce # Dbus/message bus enabled in rc.conf.local # Want to be able to suspend from xfce4 logout menu /usr/local/bin/startxfce4 --with-ck-launch
I usually reboot at this stage and check that Xfce starts properly and that I can suspend and reboot from the logout menu.
Firefox version 76 is ported to OpenBSD 6.7 at present. The porters
unveil support to this
build of Firefox - a sort of sandbox to restrict Firefox's access to the
computer. The main difference this makes in everyday use is that Firefox
can only save or open files to
new feature was described in the
pkg-readme file for
Firefox. Had I read that file, I could have saved a few minutes of head
scratching and puzzlement...
If a program segfaults, OpenBSD dumps the memory in use by the
program to file for analysis. If the program is run by a user, the
core file will end up in the user's home
In OpenBSD 6.7 with
xfce I am seeing
xfce4-screensaver crashing on login each time, and
xfce4-panel decide to
join in. I have removed
xfce4 screensaver from my startup
applications (always untick the
save session for future
logins box when you do this as otherwise Xfce will just restore
the programs you had running in the last session...) and I don't see the
\*core files as often now.
By default, OpenBSD enforces limits on the maximum memory that applications can use depending on the role of the user. Web browsers like a lot of memory, so it is wise to increase the allocation of memory that can be used. The allocations are set in the `/etc/login.conf' file
I add my user to the
staff group then raise the memory
limit for the
staff group to 4096 Mb...
#illy usermod -G staff YOUR_USERNAME #illy cat /etc/login.conf .... lines .... staff:\ :datasize-cur=4096M:\ :datasize-max=infinity:\ :maxproc-max=512:\ :maxproc-cur=256:\ :ignorenologin:\ :requirehome@:\ :tc=default: .... lines ....
login.conf file needs to be edited ('staff' is on
line 72) and the change is seen on logging out and back in.
See OpenBSD FAQ -
man ntfs-3g package after
One of the biggest differences in everyday desktop use between Linux
and OpenBSD is the approach to mounting external storage. Automount of
storage sticks does not just happen in OpenBSD. Remember from
installation that SCSI-like (i.e. SATA) hard drives are numbered
sd1 and not
sdb as in Linux.
doas to allow a user to run commands as
has a simple and logical syntax for giving the user the right to mount
an external drive. Mounting NTFS drives for read and write is best
managed through an external package called
pkg_add ntfs_3g (no possibility of
confusion there at all). Mounting FAT formatted USB sticks is performed
mount command which is part of base. Unmounting
any device is achieved using
The following commands (as root) will add the needed lines to
illy# echo "permit nopass keith as root cmd mount" >> /etc/doas.conf illy# echo "permit nopass keith as root cmd umount" >> /etc/doas.conf illy# echo "permit nopass keith as root cmd ntfs-3g" >> /etc/doas.conf
Mounting a USB stick to
~/usb as user looks like
illy$ mkdir ~/usb illy$ dmesg | grep sd1 sd1 at scsibus4 targ 1 lun 0: <, USB DISK 2.0, PMAP> removable serial. numbers illy$ doas mount /dev/sd1i ~/usb illy$ ls ~/usb music planner.pdf
With this VFAT formatted USB stick plugged in, I can mount my NTFS
formatted backup drive to
~/backup like this...
illy$ mkdir ~/backup illy$ dmesg | grep sd2 sd2 at scsibus5 targ 1 lun 0: <WD, Elements 10B8, 1012> serial. numbers illy$ ls ~/backup illy$ doas ntfs-3g /dev/sd2i ~/backup illy$ ls ~/backup Music System Volume Information Pix X220
Below are the commands for unmounting both drives...
illy$ doas umount ~/usb illy$ doas umount ~/backup illy$ ls usb illy$ ls backup
For some reason,
ntfs-3g gives an error message if you
try to unmount from
/dev/sd2i, so I just unmount from the
target directories on my home drive for both commands.
Notice how the
man ntfs-3g page uses Linux disk
numbering. One example of the difference between OpenBSD base
documentation and that for third-party packages.
allows the mounting and unmounting of USB sticks from the xfce
Add an icon for the plugin to the XFCE4 panel by right-clicking on
the panel and selecting Panel | Add New Items and
xfce4-mount-plugin lists all the devices
including the default local hard drive including all the partitions on
sd0. I can set options to prevent that and to use a custom
mount command. Right click over the
icon and select Properties | File Systems tab.
Add the pattern
/dev/sd0* to the Exclude specified
file systems textbox so the local drive is not listed.
Right-click on the
and select Preferences | Commands and write the
following in the Custom Commands textboxes, after
ensuring that the Custom Commands checkbox was
doas mount %m doas umount %m
Now to ensure that a USB stick is listed in the xfce4-mount-popup
list, you have to add a line for the device to
illy# echo "/dev/sd1i /home/keith/usb msdos rw,noauto 0 0" >> /etc/fstab
Using an fstab entry like this means that only one vfat formatted USB thumb drive will be listed and available with mouse clicks.
I have not yet worked out a way of automounting a mix of VFAT and
NTFS drives. Probably a script run instead of
that will work out what drive it is and mount it to an appropriate mount
gnome. The recipe
shown here is simply the 'Cheat Sheet'!
Start with a fresh installation with xenodm disabled and a working Internet connection.
The Gnome Desktop is distributed as two main meta-packages in OpenBSD
6.7 so you need to install both of those for the full experience
including the Gnome Web browser and Evolution email. Installing just the
gnome package fetches a fully functional but bare desktop
to which you can add your own applications.
illy# pkg_add gnome gnome-extras
gnome pkg-readme suggests creating a
gnome group and using that as an entry in
/etc/login.conf to increase the RAM available. I've left
the 1024 Mb allocation from the readme as I want to see how crashy this
illy# cat <<'EOF' >>/etc/login.conf gnome:\ :datasize-cur=1024M:\ :tc=default: EOF illy# usermod -L gnome keith
Then enable the various daemons required (including apmd for power management) so that they run in the correct order, and reboot into the Gnome login screen...
illy# rcctl enable apmd illy# rcctl set apmd flags -A illy# rcctl enable multicast messagebus avahi_daemon gdm illy# reboot
Once logged in, I tried the Gnome Web browser (Epiphany) - just hit the window keys and type 'Web', and a few of the other applicatons. I ended up adding Firefox, Libreoffice and some graphical programs...
illy# pkg_add firefox gimp inkscape libreoffice
And finally I added the same lines as in the Xfce section to
enable user mounting of storage from the command line...
illy$ cat /etc/doas.conf permit nopass keith as root cmd mount permit nopass keith as root cmd umount permit nopass keith as root cmd ntfs-3g
If I mount a usb stick from the command line, Nautilus the Gnome file manager will unmount the device by clicking on the unmount button in the left pane, but Gnome asks for confirmation. I can also unmount an NTFS hard drive in the same way. Not sure if I can prefix the command that nautilus is running with 'doas' in some way...
I also experimented with
hotplugd and a script that can
be installed from packages called
set up according to the suggestions in the pkg-readme, I could
mount a USB stick automatically, but had to navigate to the
mount-point manually in Nautilus. All of the hotplugd based suggestions
for disk mounting I can find don't cover safe unmounting of the attached
drives so I'm sticking with the command line at present.
The main outstanding issue so far is powering off from within Gnome. I have to type my user password into a graphical input box to confirm.
Gnome itself has not crashed at all (yet). Only LibreOffice dumped a core when I was changing the interface settings (once, not subsequently).
My threat model for this laptop includes opportunistic theft and me leaving it on the bus. Using whole drive encryption on OpenBSD is covered in the OpenBSD FAQ - Disk Setup / RAID and disk Encryption / Full Disk Encryption
The basic strategy is to
bioctlcommand. This becomes
sd1. Set a pass phrase for the disk here
sd1as the disk to install OpenBSD to
I have followed the commands in the FAQ to set up whole disk encryption. The challenge is to invite you to do the same...