Installing OpenBSD 6.9 on your laptop is really hard (not)

[ home ]


Running OpenBSD 6.8 6.9 on your laptop is really hard (not)

I now tend to use an OpenBSD lite install on an old 32bit Thinkpad X60. I'll do this page again from scratch when the next OpenBSD version is released sometime in October 2021.

May 18th 2021: Installed OpenBSD 6.9 i386 on a Thinkpad X60 with a 100Gb mechanical hard drive and 2Gb of ram. Xfce runs ok except for xfwm4 dumping core now and again. Firefox is just too heavy for a machine with 2Gb, but Seamonkey seems to work OK. Added mtpaint, abiword and gnumeric for a lightish desktop.

This page covers installing an XFCE4 desktop on a Thinkpad X61s laptop with 4Gb RAM, Intel graphics, an atheros WiFi card and a 120Gb SSD drive. Patrick Bucher documents an install on a Thinkpad X270, which is a much more recent machine.

February 2021. Previous versions of this page [ 5.5 | 6.2 | 6.3 | 6.4 | 6.5 | 6.6 | 6.7 | 6.8 ]

Who is this page for?

This page is aimed at people who are familiar with Linux and who wish to explore OpenBSD. I'm assuming that the reader has successfully installed Linux and has some familiarity with the command line, including the use of a text editor to modify configuration files. This page provides a task focused approach to setting up a desktop making use of many packages outside of the OpenBSD base as well as developing experience with the OpenBSD base.

Sources of information about OpenBSD

Install OpenBSD according to the FAQ

Read the OpenBSD FAQ - Installation Guide.

The Thinkpad X61s is a BIOS laptop, so I just booted from a USB stick I had prepared with the amd64 architecture install image.

The OpenBSD installer asks a series of questions and gives sensible defaults in [square brackets]. I chose to use the [W]hole drive for OpenBSD and to accept [A]utomatic partitioning.

There were three points in the installation where I had to provide non-default input (in addition to providing a root password and a user account and password)...

After the installer completes (about five minutes on the X61s) you can reboot into the graphical log-in screen and type your user name and password.

The default X Window System session

Background reading: OpenBSD FAQ - The X Window System.

OpenBSD base contains three window managers for use with X Windows. The default choice is an ancient version of fvwm and this is what should visible now.

There should be an xterm terminal window in the top left of the screen. The default terminal prompt is the machine name ('foo' for me) and the $ sign showing that the terminal has ordinary user rights. Click on the title bar of that window to give it focus (and bring it to the front if there is another window in the way). That terminal window will enable the completion of the next 4 steps.

The fonts might be very small on a modern laptop screen. With the mouse pointer over the window press Ctrl and click the right hand mouse button. A font menu will appear. Select Huge size to get readable characters.

The 'system bell' can become intrusive. To silence it on a temporary basis just type

foo$ xset b off

If the fvwm desktop in all its 90s glory becomes annoying a console (aka tty) can be used. Ctrl-Alt F2 will take you to a tty login from where all the commands in the next 4 sections can be run. Ctrl-Alt F5 returns to the X Windows 'shell'.

If the computer must be closed down before the xfce4 desktop environment is installed and configured use these commands as root

foo$ su
password:               # type the root password
foo# shutdown -ph now

Connect to the Internet install firmware packages and update the base system

Background reading: OpenBSD FAQ - Networking / Wireless Networking.

To connect to a wired network just use these commands as root...

foo# ifconfig em0 up
foo# dhclient em0

For licencing reasons some firmware packages cannot be included on the OpenBSD install media. Run the fw_update command as root to install any firmware that is available...

foo# fw_update

Upgrade the base system using syspatch

See OpenBSD FAQ - System management / Security updates, OpenBSD 6.8 errata page and man syspatch

To apply the binary updates to the base system just become root and issue the syspatch command...

foo# syspatch
Get/Verify syspatch68-001_bgpd.tgz 100% |***************|   179 KB    00:00    
Installing patch 001_bgpd
Get/Verify syspatch68-002_icmp6.tgz 100% |**************|   107 KB    00:00    
Installing patch 002_icmp6
...   
Installing patch 013_libressl
Relinking to create unique kernel... done; reboot to load the new kernel
Errata can be reviewed under /var/syspatch

Connect to WiFi

To find out the name of the WiFi driver, type the ifconfig command as root...

foo# ifconfig | grep flag                                               
lo0: flags=8049 mtu 32768
em0: flags=8802 mtu 1500
ath0: flags=808843 mtu 1500
enc0: flags=0<>
pflog0: flags=141 mtu 33136

The output from ifconfig tells me that my Thinkpad X61s has an Atheros wifi card installed and will use the ath driver which is distributed with the base system. To connect to an authenticated WiFi, you can create a hostname.if file...

foo# echo "join myhomewifi wpakey pass_phrase" >> /etc/hostname.ath0
foo# echo "dhcp" >> /etc/hostname.ath0

...and then restart the network...

foo# sh /etc/netstart

...and use ping to check that your connection is working...

foo# ping openbsd.org 
PING openbsd.org (129.128.5.194): 56 data bytes
64 bytes from 129.128.5.194: icmp_seq=0 ttl=227 time=217.378 ms
64 bytes from 129.128.5.194: icmp_seq=1 ttl=227 time=203.987 ms
^C
--- openbsd.org ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 203.987/210.682/217.378/6.695 ms

Install third party packages

See OpenBSD FAQ - Package Management.

Software not included in the OpenBSD base is ported to OpenBSD often by volunteers in the ports team. The pkg_add command is used to install packages. OpenBSD has a global mirror system that is accessed through a content delivery network and the address of the package repository is written to /etc/installurl during installation. The commands below will install nano an easy to use command line editor.

foo# pkg_add nano
quirks-3.441 signed on 2021-02-13T20:25:37Z
quirks-3.441: ok
nano-5.2:libiconv-1.16p0: ok
nano-5.2:gettext-runtime-0.21: ok
nano-5.2: ok

Occasionally, there is a glitch with the mirror or the internet connection and a package will not be correctly downloaded. pkg_add will mark such packages with the prefix partial-. I find that repeating the pkg_add command a bit later clears those up.

Install xfce4, Firefox and a pdf viewer

I like the xfce desktop environment. The OpenBSD port of xfce4 is version 4.14 and the commands below will provide a full install of xfce and Firefox and a pdf document reader.

foo# pkg_add xfce xfce-extras firefox evince xfce4-power-manager upower

This command will take some time to return as pkg_add will fetch all the dependencies for each of the packages listed above - dozens in the case of Xfce and Firefox. Dependencies of xfce include consolekit2 and dbus, both needed to enable Xfce to suspend or hibernate from the logout menu. See the next section for details.

pkg_add will stop when it reaches the document reader Evince and offer you a choice of two versions of the package, each compiled with different configuratons...

foo# pkg_add evince
Ambiguous: choose package for evince
a       0: 
        1: evince-3.36.7
        2: evince-3.36.7-light
Your choice: 2

Option 1 will pull in a large number of Gnome libraries. Option 2 has been provided by the packager for those of us who wish to use Evince to read pdf files with a different desktop or window manager.

Some of the more complex packages come with readme files installed to /usr/local/share/doc/pkg-readmes/. The pkg-readmes for the xfce and firefox packages will be essential reading in the next section.

A huge range of is ports available e.g. libreoffice and mplayer and so on. You can search for packages using pkg_info -Q <name> where <name> is part of the name of a program you know. For example....

foo$ pkg_info -Q inksc
inkscape-1.0.1 (installed)

Don't reboot yet. You need to configure the graphical login and set up some daemons. See below...

Enable power management and allow xfce to shutdown and reboot

See OpenBSD FAQ - System Management / System daemons. The pkg-readme for Xfce is essential reading, try cat /usr/local/share/doc/pkg-readmes/xfce | more. A look at /usr/local/share/doc/pkg-readmes/xfce/firefox would be useful as well.

To enable suspend and resume and to run Xfce with the ability to control the power settings and to shut down and reboot, you need to enable some daemons...

Use rcctl to enable and start the apmd daemon (straight from the FAQ page). Suspend to RAM should then work.

foo# rcctl enable apmd
foo# rcctl set apmd flags -A
foo# rcctl start apmd

Next enable and start the messagebus (aka dbus-daemon)...

foo# rcctl enable messagebus
foo# rcctl start messagebus

rcctl actually writes lines into /etc/rc.conf.local and that file can be edited directly from a root command prompt.

Finally when you start an X Window session, the server looks for a file called ~/.xsession in the root of your home drive and runs the commands in that file. Below is the contents of my .xsession file for running Xfce based on the pkg-readme...

foo$ cat ~/.xsession
# See pkg-readme for xfce
# Dbus/message bus enabled in rc.conf.local
# Want to be able to suspend from xfce4 logout menu
/usr/local/bin/startxfce4 --with-ck-launch

I usually reboot at this stage and check that Xfce starts properly and that I can suspend and reboot from the logout menu.

OpenBSD 6.8 has Firefox v82 at the time of writing. A quick look at the pkg-readme file for Firefox will tell you that Firefox can only write and read from your ~/Downloads folder using the unveil features build into OpenBSD. Solène Rapenne has a quick run-down of some of the security features built into OpenBSD including unveil and pldege.

Crashes and memory limits

By default, OpenBSD enforces limits on the maximum memory that applications can use depending on the role of the user. Web browsers like a lot of memory, so it is wise to increase the allocation of memory that can be used. The allocations are set in the `/etc/login.conf' file

I add my user to the staff group then raise the memory limit for the staff group to 3072 Mb (a good chunk of the 4096Mb on this X61s thinkpad...

#foo usermod -G staff YOUR_USERNAME
#foo cat /etc/login.conf
.... lines ....
staff:\
    :datasize-cur=3072M:\
    :datasize-max=infinity:\
    :maxproc-max=512:\
    :maxproc-cur=256:\
    :ignorenologin:\
    :requirehome@:\
    :tc=default:
.... lines ....

The login.conf file needs to be edited ('staff' is on line 72) and the change is seen on logging out and back in.

OpenBSD version 6.8 seems to be much more stable when running xfce4 verson 4.14 than version 6.7 was. I'm seeing a lot less in the way of crashes and core dumps in ~/ than I was a few months ago.

Allow user mounting of external drives using doas

See OpenBSD FAQ - Disk setup, man doas, man doas.conf, man ntfs-3g package after installation.

One of the biggest differences in everyday desktop use between Linux and OpenBSD is the approach to mounting external storage. Automount of storage sticks does not just happen in OpenBSD. Remember from installation that SCSI-like (i.e. SATA) hard drives are numbered sd0, sd1 and not sda, sdb as in Linux.

The following commands (as root) will add the needed lines to doas.conf so that your user can mount external drives...

foo# echo "permit nopass USER as root cmd mount" >> /etc/doas.conf
foo# echo "permit nopass USER as root cmd umount" >> /etc/doas.conf
foo# echo "permit nopass USER as root cmd ntfs-3g" >> /etc/doas.conf

Mounting a USB stick to ~/usb as user looks like this...

foo$ mkdir ~/usb
foo$ dmesg | grep sd1
sd1 at scsibus4 targ 1 lun 0: <, USB DISK 2.0, PMAP> removable serial. numbers
foo$ doas mount /dev/sd1i ~/usb
foo$ ls ~/usb
music
planner.pdf

...and I can unmount the USB stick easily...

foo$ doas umount ~/usb
foo$ ls usb

Use xfce4-mount to graphically mount a USB stick

The xfce4-mount allows the mounting and unmounting of USB sticks from the xfce panel.

Add an icon for the plugin to the XFCE4 panel by right-clicking on the panel and selecting Panel | Add New Items and searching for mount.

By default, xfce4-mount-plugin lists all the devices including the default local hard drive including all the partitions on sd0. I can set options to prevent that and to use a custom mount command. Right click over the xfce4-mount icon and select Properties | File Systems tab. Add the pattern /dev/sd0* to the Exclude specified file systems textbox so the local drive is not listed.

Right-click on the xfce4-mount icon, and select Preferences | Commands and write the following in the Custom Commands textboxes, after ensuring that the Custom Commands checkbox was ticked...

doas mount %m
doas umount %m

Now to ensure that a USB stick is listed in the xfce4-mount-popup list, you have to add a line for the device to /etc/fstab...

foo# echo "/dev/sd1i /home/keith/usb msdos rw,noauto 0 0" >> /etc/fstab

Using an fstab entry like this means that only one vfat formatted USB thumb drive will be listed and available with mouse clicks.

I have not yet worked out a way of automounting a mix of VFAT and NTFS drives. Probably a script run instead of doas mount that will work out what drive it is and mount it to an appropriate mount point...

Challenge: Reinstall with hard drive encryption

My threat model for this laptop includes opportunistic theft and me leaving it on the bus. Using whole drive encryption on OpenBSD is covered in the OpenBSD FAQ - Disk Setup / RAID and disk Encryption / Full Disk Encryption

The basic strategy is to

I will be trashing this installation and re-installing with drive encryption in the next few days...


Keith Burnett, June 2020