[ home ]
June 2020. Previous versions of this page [ 5.5 | 6.2 | 6.3 | 6.4 | 6.5 | 6.6 ] and an lite OpenBSD desktop on a Thinkpad X60.
17th Feb 2021: All below works on OpenBSD 6.8 install. Used the amd64 image to do a clean install on a Thinkpad X61s with 4Gb RAM and a 120Gb SSD. Writeup over the next few days. Xfce4 version 4.14 DE seems a lot more stable.
Other pages about OpenBSD on a laptop...
sysupgrade. 6.6 to 6.7 then
package upgrade /etc/installurl and use in preference to
PKG_PATHThis page describes installing OpenBSD on a Thinkpad L440 laptop with the xfce4 desktop environment. The resulting installation has auto-mounting of USB stick drives and can mount external NTFS formatted hard drives. I also present an alternative installation of the Gnome desktop environment which appears to be more stable on this hardware.
The laptop has 8Gb of RAM, Intel integrated graphics, and is fitted with a 200Gb SATA SSD.
This page is aimed at people who are familiar with Linux and who wish to explore one of the BSD distributions.
I'm assuming that the reader has successfully installed one of the popular Linux distributions, has some familiarity with the command line, including the use of a text editor to modify configuration files.
This page provides a task focused approach to setting up a desktop making use of many packages outside of the OpenBSD base as well as developing experience with the OpenBSD base.
This page draws heavily on the OpenBSD FAQ and the man
pages for commands and configuration files.
Packages ported to OpenBSD may include pkg-readmes that
explain how the ported program can be integrated into the OpenBSD base.
Mail will be found waiting for the user on any new OpenBSD
installation. Type mail at the command line to read them
(or cheat and cat /var/mail/yourusername | more). And don't
forget man afterboot.
Daemonforums have an OpenBSD section. This is not an official source but often has interesting posts. General Web searches will reveal tutorials and illustrations of various applications of OpenBSD. OpenBSD changes so be aware of the OpenBSD version used.
The OpenBSD FAQ - Installation Guide is recommended reading.
The Thinkpad L440 has UEFI boot but I disabled secure boot in the BIOS before booting from the OpenBSD USB stick that I produced on my Linux computer.
The OpenBSD installer asks a series of questions and gives sensible defaults in [square brackets]. I chose to use the [W]hole drive for OpenBSD and to accept [A]utomatic partitioning. Three points needed non-default input...
Answer Yes to the question about the X Window System
being started by xenodm. Xenodm is the OpenBSD
fork of the xdm display manager.
In the section Let's install the sets! you have to
specify that the sets are located on disk, No
the disk is not mounted, and then type the number of the USB stick
(probably sd1).
You just need to answer Yes to the question about
the missing SHA256.sig file. See the FAQ for the reason!
After the installer completes (a few minutes on the L440) you can reboot into the graphical log-in screen and type your user name and password.
The OpenBSD FAQ - https://www.openbsd.org/faq/faq11.html is recommended reading.
OpenBSD base contains three window managers for use with X Windows.
The default choice is an ancient version of fvwm and this
is what should visible now.
There should be an xterm terminal window in the top left
of the screen. The default terminal prompt is the machine name ('illy'
for me) and the $ sign showing that the terminal has ordinary user
rights. Click on the title bar of that window to give it focus
(and bring it to the front if there is another window in the way). That
terminal window will enable the completion of the next 4 steps.
The fonts might be very small on a modern laptop screen. With the mouse pointer over the window press Ctrl and click the right hand mouse button. A font menu will appear. Select Huge size to get readable characters.
The 'system bell' can become intrusive. To silence it on a temporary basis just type
illy$ xset b off
If the fvwm desktop in all its 90s glory becomes
annoying a console (aka tty) can be used. Ctrl-Alt F2 will take you to a
tty login from where all the commands in the next 4 sections can be run.
Ctrl-Alt F5 returns to the X Windows 'shell'.
If the computer must be closed down before the xfce4 desktop environment is installed and configured use these commands as root
illy$ su
password: # type the root password
illy# shutdown -ph now
See OpenBSD FAQ - Networking / Wireless Networking.
Small sections and examples from the man pages for hostname.if
the WiFi card in use iwm in
my case, ifconfig
and dhclient
will be useful. Remember that OpenBSD is often configured as a server
and the range of networking functionality is comprehensive and very
technical. man
fw_update is brief.
To connect to a wired network just use these commands as root...
illy# ifconfig em0 up
illy# dhclient em0
For licencing reasons some firmware packages cannot be included on
the OpenBSD install media. Run the fw_update command as
root to install these
illy# fw_update
If you have no access to a wired connection and if the WiFi card
itself needs a firmware package to function, it is possible to download the
firmware package needed, copy it across to the laptop and then use
the fw_update -p option to install from the local copy.
To find out the name of the WiFi driver, type the
ifconfig command as root
illy# ifconfig | grep flag
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
em0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
iwm0: flags=808843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF4> mtu 1500
enc0: flags=0<>
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
iwm0 is the Intel WiFi driver. To connect to my home WiFi with
wpa2 encryption make a hostname.if file like
this...
illy# echo "join myhomewifi wpakey pass_phrase" >> /etc/hostname.iwm0
illy# echo "dhcp" >> /etc/hostname.iwm0
and check the file for typos...
illy# cat /etc/hostname.iwm0
Then restart the network...
illy# sh /etc/netstart
Check you have a functioning connection using ping...
illy# ping openbsd.org
PING openbsd.org (129.128.5.194): 56 data bytes
64 bytes from 129.128.5.194: icmp_seq=0 ttl=228 time=198.282 ms
64 bytes from 129.128.5.194: icmp_seq=1 ttl=228 time=196.422 ms
64 bytes from 129.128.5.194: icmp_seq=2 ttl=228 time=183.269 ms
^C # Ctrl+C quits the ping command
--- openbsd.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 183.269/192.658/198.282/6.682 ms
syspatchSee OpenBSD
FAQ - System management / Security updates, OpenBSD 6.7 errata page
and man
syspatch
To apply the binary updates to the base system just become root and...
illy# syspatch
Get/Verify syspatch67-001_wscons.tgz 100% |*************| 113 KB 00:00
Installing patch 001_wscons
Get/Verify syspatch67-002_rpki.tgz 100% |***************| 36470 00:00
Installing patch 002_rpki
.... more lines ....
Relinking to create unique kernel... done; reboot to load the new kernel
Errata can be reviewed under /var/syspatch
As the message suggests, reboot the laptop to run the new kernel...
illy# reboot
OpenBSD does not have automatic updates (unless you set up a cron job
to run syspatch or something). I just check the OpenBSD errata page now
and again. You can subscribe to the openbsd-announce
mailing list for warnings of new errata.
See OpenBSD FAQ - Package Management.
Software not included in the OpenBSD base is ported to
OpenBSD often by volunteers in the ports team. The pkg_add
command is used to install packages. OpenBSD has a global mirror system
that is accessed through a content delivery network and the address of
the package repository is written to /etc/installurl during
installation. The commands below will install nano an easy
to use command line editor.
illy# pkg_add nano # example from 6.5
quirks-3.124 signed on 2019-04-15T12:10:16Z
quirks-3.124: ok
nano-4.0:libiconv-1.14p3: ok
nano-4.0:gettext-0.19.8.1p3: ok
nano-4.0: ok
Occasionally, there is a glitch with the mirror or the internet
connection and a package will not be correctly downloaded.
pkg_add will mark such packages with the prefix partial-. I
find that repeating the pkg_add command a bit later clears
those up.
I like the xfce desktop environment. The OpenBSD port of xfce4 is version 4.14 and the commands below will provide a full install of xfce and Firefox and a pdf document reader.
illy# pkg_add xfce xfce-extras firefox evince xfce4-power-manager upower
This command will take some time to return as pkg_add
will fetch all the dependencies for each of the packages listed above -
dozens in the case of Xfce and Firefox. Dependencies of
xfce include consolekit2 and
dbus, both needed to enable Xfce to suspend or hibernate
from the logout menu. See the next section for details.
pkg_add will stop when it reaches the document reader Evince and offer you a choice of two versions of the package, each compiled with different configuratons...
illy# pkg_add evince
Ambiguous: choose package for evince
a 0: <None>
1: evince-3.34.2p0
2: evince-3.34.2p0-light
Your choice: 2
Option 1 will pull in a large number of Gnome libraries. Option 2 has been provided by the packager for those of us who wish to use Evince to read pdf files with a different desktop or window manager.
Some of the more complex packages come with readme files installed to
/usr/local/share/doc/pkg-readmes/. The
pkg-readmes for the xfce and
firefox packages will be essential reading in the next
section.
A huge range of is ports available e.g. libreoffice and
mplayer and so on. You can search for packages using
pkg_info -Q <name> where <name> is
part of the name of a program you know. For example....
illy$ pkg_info -Q inksc
inkscape-0.92.4p2
illy$ pkg_info inkscape
Information for https://cdn.openbsd.org/pub/OpenBSD/6.7/packages/ amd64/inkscape-0.92.4p2.tgz
Comment:
SVG vector drawing application
.... lines about Inkscape ....
Don't reboot yet. You need to configure the graphical login and set up some daemons. See below...
See OpenBSD FAQ -
System Management / System daemons. The pkg-readme for Xfce is
essential reading, try cat /usr/local/share/doc/pkg-readmes/xfce |
more. A look at
/usr/local/share/doc/pkg-readmes/xfce/firefox would be
useful as well.
Optional: The first thing is to stop the xconsole
starting each time you log in and to permanently silence the 'bell' and
make the background to the login screen a solid colour. The file
/etc/X11/xenodm/Xsetup_0 is run when you login to
xenodm. Editing that file to comment out the line that
starts xconsole and then adding some xset
commands is best achieved using an editor. My modified file is shown
below.
illy# cp /etc/X11/xenodm/Xsetup_0 /etc/X11/xenodm/Xsetup_0-back
illy# cat /etc/X11/xenodm/Xsetup_0
#!/bin/sh
# $OpenBSD: Xsetup_0,v 1.6 2019/06/29 13:33:06 espie Exp $
#xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail
xset b off
xsetroot -solid indigo
# install package openbsd-backgrounds
# then uncomment:
#
# if test -x /usr/local/bin/openbsd-wallpaper
# then
# /usr/local/bin/openbsd-wallpaper
# fi
# sxpm OpenBSD.xpm &
To enable suspend and resume and to run Xfce with the ability to control the power settings and to shut down and reboot, you need to enable some daemons...
Use rcctl to enable and start the apmd
daemon (straight from the FAQ page). Suspend to RAM should then
work.
illy# rcctl enable apmd
illy# rcctl set apmd flags -A
illy# rcctl start apmd
Next enable and start the messagebus (aka
dbus-daemon)...
illy# rcctl enable messagebus
illy# rcctl start messagebus
rcctl actually writes lines into
/etc/rc.conf.local and that file can be edited directly
from a root command prompt.
Finally when you start an X Window session, the server looks for a
file called ~/.xsession in the root of your home drive and
runs the commands in that file. Below is the contents of my
.xsession file for running Xfce based on the
pkg-readme...
illy$ cat ~/.xsession
# See pkg-readme for xfce
# Dbus/message bus enabled in rc.conf.local
# Want to be able to suspend from xfce4 logout menu
/usr/local/bin/startxfce4 --with-ck-launch
I usually reboot at this stage and check that Xfce starts properly and that I can suspend and reboot from the logout menu.
Firefox version 76 is ported to OpenBSD 6.7 at present. The porters
have added pledge and unveil support to this
build of Firefox - a sort of sandbox to restrict Firefox's access to the
computer. The main difference this makes in everyday use is that Firefox
can only save or open files to ~/Downloads. This
new feature was described in the pkg-readme file for
Firefox. Had I read that file, I could have saved a few minutes of head
scratching and puzzlement...
If a program segfaults, OpenBSD dumps the memory in use by the
program to file for analysis. If the program is run by a user, the
resulting core file will end up in the user's home
directory.
In OpenBSD 6.7 with xfce I am seeing
xfce4-screensaver crashing on login each time, and
ocasionally xfwm and xfce4-panel decide to
join in. I have removed xfce4 screensaver from my startup
applications (always untick the save session for future
logins box when you do this as otherwise Xfce will just restore
the programs you had running in the last session...) and I don't see the
\*core files as often now.
By default, OpenBSD enforces limits on the maximum memory that applications can use depending on the role of the user. Web browsers like a lot of memory, so it is wise to increase the allocation of memory that can be used. The allocations are set in the `/etc/login.conf' file
I add my user to the staff group then raise the memory
limit for the staff group to 4096 Mb...
#illy usermod -G staff YOUR_USERNAME
#illy cat /etc/login.conf
.... lines ....
staff:\
:datasize-cur=4096M:\
:datasize-max=infinity:\
:maxproc-max=512:\
:maxproc-cur=256:\
:ignorenologin:\
:requirehome@:\
:tc=default:
.... lines ....
The login.conf file needs to be edited ('staff' is on
line 72) and the change is seen on logging out and back in.
See OpenBSD FAQ -
Disk setup, man
doas, man
doas.conf, man ntfs-3g package after
installation.
One of the biggest differences in everyday desktop use between Linux
and OpenBSD is the approach to mounting external storage. Automount of
storage sticks does not just happen in OpenBSD. Remember from
installation that SCSI-like (i.e. SATA) hard drives are numbered
sd0, sd1 and not sda,
sdb as in Linux.
OpenBSD uses doas to allow a user to run commands as
root, replacing sudo. The /etc/doas.conf file
has a simple and logical syntax for giving the user the right to mount
an external drive. Mounting NTFS drives for read and write is best
managed through an external package called ntfs-3g,
installed with pkg_add ntfs_3g (no possibility of
confusion there at all). Mounting FAT formatted USB sticks is performed
using the mount command which is part of base. Unmounting
any device is achieved using umount.
The following commands (as root) will add the needed lines to
doas.conf...
illy# echo "permit nopass keith as root cmd mount" >> /etc/doas.conf
illy# echo "permit nopass keith as root cmd umount" >> /etc/doas.conf
illy# echo "permit nopass keith as root cmd ntfs-3g" >> /etc/doas.conf
Mounting a USB stick to ~/usb as user looks like
this...
illy$ mkdir ~/usb
illy$ dmesg | grep sd1
sd1 at scsibus4 targ 1 lun 0: <, USB DISK 2.0, PMAP> removable serial. numbers
illy$ doas mount /dev/sd1i ~/usb
illy$ ls ~/usb
music
planner.pdf
With this VFAT formatted USB stick plugged in, I can mount my NTFS
formatted backup drive to ~/backup like this...
illy$ mkdir ~/backup
illy$ dmesg | grep sd2
sd2 at scsibus5 targ 1 lun 0: <WD, Elements 10B8, 1012> serial. numbers
illy$ ls ~/backup
illy$ doas ntfs-3g /dev/sd2i ~/backup
illy$ ls ~/backup
Music System Volume Information
Pix X220
Below are the commands for unmounting both drives...
illy$ doas umount ~/usb
illy$ doas umount ~/backup
illy$ ls usb
illy$ ls backup
For some reason, ntfs-3g gives an error message if you
try to unmount from /dev/sd2i, so I just unmount from the
target directories on my home drive for both commands.
Notice how the man ntfs-3g page uses Linux disk
numbering. One example of the difference between OpenBSD base
documentation and that for third-party packages.
The xfce4-mount
allows the mounting and unmounting of USB sticks from the xfce
panel.
Add an icon for the plugin to the XFCE4 panel by right-clicking on
the panel and selecting Panel | Add New Items and
searching for mount.
By default, xfce4-mount-plugin lists all the devices
including the default local hard drive including all the partitions on
sd0. I can set options to prevent that and to use a custom
mount command. Right click over the xfce4-mount
icon and select Properties | File Systems tab.
Add the pattern /dev/sd0* to the Exclude specified
file systems textbox so the local drive is not listed.
Right-click on the xfce4-mount icon,
and select Preferences | Commands and write the
following in the Custom Commands textboxes, after
ensuring that the Custom Commands checkbox was
ticked...
doas mount %m
doas umount %m
Now to ensure that a USB stick is listed in the xfce4-mount-popup
list, you have to add a line for the device to /etc/fstab...
illy# echo "/dev/sd1i /home/keith/usb msdos rw,noauto 0 0" >> /etc/fstab
Using an fstab entry like this means that only one vfat formatted USB thumb drive will be listed and available with mouse clicks.
I have not yet worked out a way of automounting a mix of VFAT and
NTFS drives. Probably a script run instead of doas mount
that will work out what drive it is and mount it to an appropriate mount
point...
See the pkg-readme for gnome. The recipe
shown here is simply the 'Cheat Sheet'!
Start with a fresh installation with xenodm disabled and a working Internet connection.
The Gnome Desktop is distributed as two main meta-packages in OpenBSD
6.7 so you need to install both of those for the full experience
including the Gnome Web browser and Evolution email. Installing just the
gnome package fetches a fully functional but bare desktop
to which you can add your own applications.
illy# pkg_add gnome gnome-extras
The gnome pkg-readme suggests creating a
gnome group and using that as an entry in
/etc/login.conf to increase the RAM available. I've left
the 1024 Mb allocation from the readme as I want to see how crashy this
desktop is.
illy# cat <<'EOF' >>/etc/login.conf gnome:\ :datasize-cur=1024M:\ :tc=default: EOF illy# usermod -L gnome keith
Then enable the various daemons required (including apmd for power management) so that they run in the correct order, and reboot into the Gnome login screen...
illy# rcctl enable apmd illy# rcctl set apmd flags -A illy# rcctl enable multicast messagebus avahi_daemon gdm illy# reboot
Once logged in, I tried the Gnome Web browser (Epiphany) - just hit the window keys and type 'Web', and a few of the other applicatons. I ended up adding Firefox, Libreoffice and some graphical programs...
illy# pkg_add firefox gimp inkscape libreoffice
And finally I added the same lines as in the Xfce section to /etc/doas.conf to
enable user mounting of storage from the command line...
illy$ cat /etc/doas.conf permit nopass keith as root cmd mount permit nopass keith as root cmd umount permit nopass keith as root cmd ntfs-3g
If I mount a usb stick from the command line, Nautilus the Gnome file manager will unmount the device by clicking on the unmount button in the left pane, but Gnome asks for confirmation. I can also unmount an NTFS hard drive in the same way. Not sure if I can prefix the command that nautilus is running with 'doas' in some way...
I also experimented with hotplugd and a script that can
be installed from packages called hotplug-diskmount. When
set up according to the suggestions in the pkg-readme, I could
mount a USB stick automatically, but had to navigate to the
mount-point manually in Nautilus. All of the hotplugd based suggestions
for disk mounting I can find don't cover safe unmounting of the attached
drives so I'm sticking with the command line at present.
The main outstanding issue so far is powering off from within Gnome. I have to type my user password into a graphical input box to confirm.
Gnome itself has not crashed at all (yet). Only LibreOffice dumped a core when I was changing the interface settings (once, not subsequently).
My threat model for this laptop includes opportunistic theft and me leaving it on the bus. Using whole drive encryption on OpenBSD is covered in the OpenBSD FAQ - Disk Setup / RAID and disk Encryption / Full Disk Encryption
The basic strategy is to
sd0)bioctl command. This becomes sd1. Set a pass phrase for the disk heresd1 as the disk to install OpenBSD toI have followed the commands in the FAQ to set up whole disk encryption. The challenge is to invite you to do the same...