[ home ]
See also an OpenBSD lite install on an old 32bit Thinkpad X60.
October 30th 2021: OpenBSD 7 is here and the instructions on this page will provide a nice xfce4 based desktop. I'm using it on a Thinkpad X220 with a 480Gb SSD and 8Gb RAM.
May 18th 2021: Installed OpenBSD 6.9 i386 on a Thinkpad X60 with a 100Gb mechanical hard drive and 2Gb of ram. Xfce runs ok except for xfwm4 dumping core now and again. Firefox is just too heavy for a machine with 2Gb, but Seamonkey seems to work OK. Added mtpaint, abiword and gnumeric for a lightish desktop.
This page covers installing an XFCE4 desktop on a Thinkpad X61s laptop with 4Gb RAM, Intel graphics, an atheros WiFi card and a 120Gb SSD drive. Patrick Bucher documents an install on a Thinkpad X270, which is a much more recent machine.
February 2021. Previous versions of this page [ 5.5 | 6.2 | 6.3 | 6.4 | 6.5 | 6.6 | 6.7 | 6.8 ]
This page is aimed at people who are familiar with Linux and who wish to explore OpenBSD. I'm assuming that the reader has successfully installed Linux and has some familiarity with the command line, including the use of a text editor to modify configuration files. This page provides a task focused approach to setting up a desktop making use of many packages outside of the OpenBSD base as well as developing experience with the OpenBSD base.
/var/mail/yourusername
after a fresh install/usr/local/share/doc/pkg-readmes/
after installing binary packages using pkg_add
Read the OpenBSD FAQ - Installation Guide.
The Thinkpad X61s is a BIOS laptop, so I just booted from a USB stick
I had prepared with the amd64
architecture install
image.
The OpenBSD installer asks a series of questions and gives sensible defaults in [square brackets]. I chose to use the [W]hole drive for OpenBSD and to accept [A]utomatic partitioning.
There were three points in the installation where I had to provide non-default input (in addition to providing a root password and a user account and password)...
Answer Yes
to the question about the X Window System
being started by xenodm
. Xenodm
is the OpenBSD
fork of the xdm
display manager. The OpenBSD FAQ discourages use of the startx
command to manage X sessions.
In the section Let's install the sets!
you have to
specify that the sets are located on disk
, No
the disk is not mounted, and then type the label of the USB stick
(probably sd1
).
You just need to answer Yes
to the question about
the missing SHA256.sig file. See the FAQ for the reason.
After the installer completes (about five minutes on the X61s) you can reboot into the graphical log-in screen and type your user name and password.
Background reading: OpenBSD FAQ - The X Window System.
OpenBSD base contains three window managers for use with X Windows.
The default choice is an ancient version of fvwm
and this
is what should visible now.
There should be an xterm
terminal window in the top left
of the screen. The default terminal prompt is the machine name ('foo'
for me) and the $ sign showing that the terminal has ordinary user
rights. Click on the title bar of that window to give it focus
(and bring it to the front if there is another window in the way). That
terminal window will enable the completion of the next 4 steps.
The fonts might be very small on a modern laptop screen. With the mouse pointer over the window press Ctrl and click the right hand mouse button. A font menu will appear. Select Huge size to get readable characters.
The 'system bell' can become intrusive. To silence it on a temporary basis just type
foo$ xset b off
If the fvwm
desktop in all its 90s glory becomes
annoying a console (aka tty) can be used. Ctrl-Alt F2 will take you to a
tty login from where all the commands in the next 4 sections can be run.
Ctrl-Alt F5 returns to the X Windows 'shell'.
If the computer must be closed down before the xfce4 desktop environment is installed and configured use these commands as root
foo$ su
password: # type the root password
foo# shutdown -ph now
Background reading: OpenBSD FAQ - Networking / Wireless Networking.
To connect to a wired network just use these commands as root...
foo# ifconfig em0 up
foo# dhclient em0
For licencing reasons some firmware packages cannot be included on
the OpenBSD install media. Run the fw_update
command as
root to install any firmware that is available...
foo# fw_update
syspatch
See OpenBSD
FAQ - System management / Security updates, OpenBSD 6.8 errata page
and man
syspatch
To apply the binary updates to the base system just become root
and issue the syspatch
command...
foo# syspatch Get/Verify syspatch68-001_bgpd.tgz 100% |***************| 179 KB 00:00 Installing patch 001_bgpd Get/Verify syspatch68-002_icmp6.tgz 100% |**************| 107 KB 00:00 Installing patch 002_icmp6 ... Installing patch 013_libressl Relinking to create unique kernel... done; reboot to load the new kernel Errata can be reviewed under /var/syspatch
To find out the name of the WiFi driver, type the
ifconfig
command as root...
foo# ifconfig | grep flag lo0: flags=8049mtu 32768 em0: flags=8802 mtu 1500 ath0: flags=808843 mtu 1500 enc0: flags=0<> pflog0: flags=141 mtu 33136
The output from ifconfig
tells me that my Thinkpad X61s has an Atheros wifi card installed and will use the ath
driver which is distributed with the base system. To connect to an authenticated WiFi, you can create a hostname.if
file...
foo# echo "join myhomewifi wpakey pass_phrase" >> /etc/hostname.ath0 foo# echo "dhcp" >> /etc/hostname.ath0
...and then restart the network...
foo# sh /etc/netstart
...and use ping
to check that your connection is working...
foo# ping openbsd.org PING openbsd.org (129.128.5.194): 56 data bytes 64 bytes from 129.128.5.194: icmp_seq=0 ttl=227 time=217.378 ms 64 bytes from 129.128.5.194: icmp_seq=1 ttl=227 time=203.987 ms ^C --- openbsd.org ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 203.987/210.682/217.378/6.695 ms
See OpenBSD FAQ - Package Management.
Software not included in the OpenBSD base is ported to
OpenBSD often by volunteers in the ports team. The pkg_add
command is used to install packages. OpenBSD has a global mirror system
that is accessed through a content delivery network and the address of
the package repository is written to /etc/installurl
during
installation. The commands below will install nano
an easy
to use command line editor.
foo# pkg_add nano quirks-3.441 signed on 2021-02-13T20:25:37Z quirks-3.441: ok nano-5.2:libiconv-1.16p0: ok nano-5.2:gettext-runtime-0.21: ok nano-5.2: ok
Occasionally, there is a glitch with the mirror or the internet
connection and a package will not be correctly downloaded.
pkg_add
will mark such packages with the prefix partial-. I
find that repeating the pkg_add
command a bit later clears
those up.
I like the xfce desktop environment. The OpenBSD port of xfce4 is version 4.14 and the commands below will provide a full install of xfce and Firefox and a pdf document reader.
foo# pkg_add xfce xfce-extras firefox evince xfce4-power-manager upower
This command will take some time to return as pkg_add
will fetch all the dependencies for each of the packages listed above -
dozens in the case of Xfce and Firefox. Dependencies of
xfce
include consolekit2
and
dbus
, both needed to enable Xfce to suspend or hibernate
from the logout menu. See the next section for details.
pkg_add will stop when it reaches the document reader Evince and offer you a choice of two versions of the package, each compiled with different configuratons...
foo# pkg_add evince Ambiguous: choose package for evince a 0:1: evince-3.36.7 2: evince-3.36.7-light Your choice: 2
Option 1 will pull in a large number of Gnome libraries. Option 2 has been provided by the packager for those of us who wish to use Evince to read pdf files with a different desktop or window manager.
Some of the more complex packages come with readme files installed to
/usr/local/share/doc/pkg-readmes/
. The
pkg-readmes
for the xfce
and
firefox
packages will be essential reading in the next
section.
A huge range of is ports available e.g. libreoffice
and
mplayer
and so on. You can search for packages using
pkg_info -Q <name>
where <name>
is
part of the name of a program you know. For example....
foo$ pkg_info -Q inksc
inkscape-1.0.1 (installed)
Don't reboot yet. You need to configure the graphical login and set up some daemons. See below...
See OpenBSD FAQ -
System Management / System daemons. The pkg-readme for Xfce is
essential reading, try cat /usr/local/share/doc/pkg-readmes/xfce |
more
. A look at
/usr/local/share/doc/pkg-readmes/xfce/firefox
would be
useful as well.
To enable suspend and resume and to run Xfce with the ability to control the power settings and to shut down and reboot, you need to enable some daemons...
Use rcctl
to enable and start the apmd
daemon (straight from the FAQ page). Suspend to RAM should then
work.
foo# rcctl enable apmd
foo# rcctl set apmd flags -A
foo# rcctl start apmd
Next enable and start the messagebus
(aka
dbus-daemon
)...
foo# rcctl enable messagebus
foo# rcctl start messagebus
rcctl
actually writes lines into
/etc/rc.conf.local
and that file can be edited directly
from a root command prompt.
Finally when you start an X Window session, the server looks for a
file called ~/.xsession
in the root of your home drive and
runs the commands in that file. Below is the contents of my
.xsession
file for running Xfce based on the
pkg-readme
...
foo$ cat ~/.xsession
# See pkg-readme for xfce
# Dbus/message bus enabled in rc.conf.local
# Want to be able to suspend from xfce4 logout menu
/usr/local/bin/startxfce4 --with-ck-launch
I usually reboot at this stage and check that Xfce starts properly and that I can suspend and reboot from the logout menu.
OpenBSD 6.8 has Firefox v82 at the time of writing. A quick look at the pkg-readme
file for Firefox will tell you that Firefox can only write and read from your ~/Downloads
folder using the unveil
features build into OpenBSD. Solène Rapenne has a quick run-down of some of the security features built into OpenBSD including unveil
and pldege
.
By default, OpenBSD enforces limits on the maximum memory that applications can use depending on the role of the user. Web browsers like a lot of memory, so it is wise to increase the allocation of memory that can be used. The allocations are set in the `/etc/login.conf' file
I add my user to the staff
group then raise the memory
limit for the staff
group to 3072 Mb (a good chunk of the 4096Mb on this X61s thinkpad...
#foo usermod -G staff YOUR_USERNAME
#foo cat /etc/login.conf
.... lines ....
staff:\
:datasize-cur=3072M:\
:datasize-max=infinity:\
:maxproc-max=512:\
:maxproc-cur=256:\
:ignorenologin:\
:requirehome@:\
:tc=default:
.... lines ....
The login.conf
file needs to be edited ('staff' is on
line 72) and the change is seen on logging out and back in.
OpenBSD version 6.8 seems to be much more stable when running xfce4 verson 4.14 than version 6.7 was. I'm seeing a lot less in the way of crashes and core dumps in ~/
than I was a few months ago.
See OpenBSD FAQ -
Disk setup, man
doas
, man
doas.conf
, man ntfs-3g
package after
installation.
One of the biggest differences in everyday desktop use between Linux
and OpenBSD is the approach to mounting external storage. Automount of
storage sticks does not just happen in OpenBSD. Remember from
installation that SCSI-like (i.e. SATA) hard drives are numbered
sd0
, sd1
and not sda
,
sdb
as in Linux.
The following commands (as root) will add the needed lines to
doas.conf
so that your user can mount external drives...
foo# echo "permit nopass USER as root cmd mount" >> /etc/doas.conf
foo# echo "permit nopass USER as root cmd umount" >> /etc/doas.conf
foo# echo "permit nopass USER as root cmd ntfs-3g" >> /etc/doas.conf
Mounting a USB stick to ~/usb
as user looks like
this...
foo$ mkdir ~/usb
foo$ dmesg | grep sd1
sd1 at scsibus4 targ 1 lun 0: <, USB DISK 2.0, PMAP> removable serial. numbers
foo$ doas mount /dev/sd1i ~/usb
foo$ ls ~/usb
music
planner.pdf
...and I can unmount the USB stick easily...
foo$ doas umount ~/usb
foo$ ls usb
The xfce4-mount
allows the mounting and unmounting of USB sticks from the xfce
panel.
Add an icon for the plugin to the XFCE4 panel by right-clicking on
the panel and selecting Panel | Add New Items and
searching for mount
.
By default, xfce4-mount-plugin
lists all the devices
including the default local hard drive including all the partitions on
sd0
. I can set options to prevent that and to use a custom
mount command. Right click over the xfce4-mount
icon
and select Properties | File Systems tab.
Add the pattern /dev/sd0*
to the Exclude specified
file systems textbox so the local drive is not listed.
Right-click on the xfce4-mount icon
,
and select Preferences | Commands and write the
following in the Custom Commands textboxes, after
ensuring that the Custom Commands checkbox was
ticked...
doas mount %m
doas umount %m
Now to ensure that a USB stick is listed in the xfce4-mount-popup
list, you have to add a line for the device to /etc/fstab
...
foo# echo "/dev/sd1i /home/keith/usb msdos rw,noauto 0 0" >> /etc/fstab
Using an fstab entry like this means that only one vfat formatted USB thumb drive will be listed and available with mouse clicks.
I have not yet worked out a way of automounting a mix of VFAT and
NTFS drives. Probably a script run instead of doas mount
that will work out what drive it is and mount it to an appropriate mount
point...
My threat model for this laptop includes opportunistic theft and me leaving it on the bus. Using whole drive encryption on OpenBSD is covered in the OpenBSD FAQ - Disk Setup / RAID and disk Encryption / Full Disk Encryption
The basic strategy is to
sd0
)bioctl
command. This becomes sd1
. Set a pass phrase for the disk heresd1
as the disk to install OpenBSD toI will be trashing this installation and re-installing with drive encryption in the next few days...