Adam Richardson's Site

OpenBSD Notes

Table of Contents

<2022-05-01 Sun>

Setup

These are setup notes for setting up an OpenBSD workstation

Full Disk Encryption

  • OpenBSD FAQ: Softraid Full Disk Encryption
  • When you see the welcome message press s to enter the shell
  • Create the sd0 device node with, cd /dev && sh MAKEDEV sd0
  • Write random data to the disk with dd if=/dev/urandom of=/dev/rsd0c bs=1m
  • Initialize the disk with fdisk -iy -g -b 960 sd0
  • Use disklabel to create the partition layout:
    • disklabel -E sd0
    • At the sd0> prompt type a a
      • If there were existing partitions delete them all with z first then type a a
    • At the offset: prompt use the default value and press enter
    • At the size: prompt type *
    • At the FS type: prompt type RAID
    • Back at the sd0*> prompt write the changes with w
    • And finally at the sd0> prompt quit disklabel with q
  • To create the encrypted device with bioctl -c C -l sd0a softraid0
    • This will prompt you for a passphrase for the encrypted drive
    • Once you are done it will tell you which device the encrypted volume is attached to, usually sd1 or sd2
  • Create the device node for the encrypted volume you just created cd /dev && sh MAKEDEV sd2
  • Write zero to the first byte of the encrypted volume, dd if=/dev/zero of=/dev/rsd2c bs=1m count=1
  • Finally type exit to get back to the installer
  • When picking your disk make sure you pick the encrypted volume that was reported after the bioctl command

Swap Caps Lock and Control

  • When prompted for your keyboard layout type us.swapctrlcaps

Networking

  • During installation it is probably easier to use a wired connection if possible
  • This is typically the em device

WiFi

  • OpenBSD man page: hostname.if(5)
  • OpenBSD FAQ: Wireless
  • Use ifconfig to see what the interface name of your wireless card.
  • Next create a file named /etc/hostname.<WIRELESS_INTERFACE> for example /etc/hostname.iwm0
  • Inside this file place the connection details for your wireless network using the below template
nwid <SSID> wpakey <PASSWORD>
inet autoconf
  • This hostname.if file will ensure that ifconfig automatically joins the network the next time it is started up
  • To join the network now without restarting run these commands:
    • ifconfig <WIRELESS_DEVICE> nwid <SSID> wpakey <PASSWORD>
    • ifconfig <WIRELESS_DEVICE> inet autoconf

Disks

  • OpenBSD FAQ: Disks and Partitions
  • IDE drives are usually wd* and SCSI drives are usually sd*
  • Drive numbers come after the drive type
  • Drives are numbered according to how they are discovered at boot
  • Use sysctl hw.disknames to see a list of hard disk names
  • disklabel is used to manage partitions
  • A given disk can have up to 16 label partitions that use the letters a - p
  • Some labels are special
    • The boot disk's root partition is always a
    • The boot disk's swap partition is always b
    • The c partition is always the entire disk
  • Disks have 16 digit random hex strings that serve as the Disklabel Unique Identifiers (DUIDs)
  • sysctl hw.disknames lists these
  • The fstab uses the DUIDs when specifying disks

Man Page Numbers

  • 1 - General Commands
  • 2 - System Calls
  • 3 - Library Functions
  • 3p - Perl Library Functions
  • 4 - Device Drivers
  • 5 - File Formats
  • 6 - Games
  • 7 - Miscellaneous Information
  • 8 - System Manager's Manual
  • 9 - Kernel Developer's Manual

Using rcctl to manage services

  • OpenBSD man page: rcctl(8)
  • Use rcctl ls on to view a list of all running services
  • Use rcctl enable <SERVICE> to enable a service, this is the same as rcctl set <SERVICE> status on

Becoming Root with doas

  • OpenBSD man page: doas.conf(5)
  • doas is the OpenBSD equivalent of sudo
  • The su command works on OpenBSD just like other Unices
  • Create the file /etc/doas.conf to enable doas
  • Add the following line to enable doas for the wheel group and persist the password for a bit:
    • permit persist :wheel

Power Management

  • OpenBSD man page: apm(8)
  • Use the command apm to see the current power status, this will include the battery level
  • apmd will need to be enabled with: rcctl enable apmd
  • To set the apmd to automatically manage the power level set the flag on apmd to -A with rcctl set apmd flags -A
  • You might need to restart for changes to apmd to take effect
  • Use the zzz command to be the computer into suspend state

Packages

  • OpenBSD FAQ: Package Management
  • To search for a package run pkg_info -Q <SOME_PACKAGE>
  • To install a package run pkg_add <SOME_PACKAGE>
  • pkg_add -u will update all installed packages
  • To delete a package run pkg_delete <SOME_PACKAGE>
  • There might be dependecies still installed that are no longer needed, to remove them run pkg_delete -a
  • Sometimes individual packages have a readme that explains some info related to using it on OpenBSD
  • Those readme files are in /usr/local/share/doc/pkg-readmes/

Packages

doas pkg_add mosh rsync nethack aspell ledger cdparanoia abcde beets zbar unzip ncdu p7zip pv gnupg fzf wget git python py3-pip password-store pass-otp firefox hack-fonts noto-cjk noto-emoji noto-fonts vlc mpv redshift ImageMagick feh thunar arandr syncthing pinentry-gnome3

Syncthing

  • You might need to disable fsWatcherEnabled in the ~/.config/syncthing/config.xml file after you have added shares

Disable xconsole

  • Inside the /etc/X11/xenodm/Xsetup_0 file comment out line with xconsole
  • You can also change the xsetroot command to change the default background

Building Emacs

  • Lars Ingebrigsten: Building the Development Version of Emacs on OpenBSD (6.7)
  • To build Emacs on OpenBSD ensure the following packages are installed:
    • git
    • autoconf
    • automake
    • gnutls
    • gmake
    • gcc
    • texinfo
  • Add all the dependencies that the emacs package needs: pkg_add `pkg_info -f emacs | grep ^@depend | sed 's/^.*://'`
  • Once the emacs source is clone set the autoconf version to the newly installed one, export AUTOCONF_VERSION=2.71
  • Tell emacs to use gmakeinfo instead of the one OpenBSD ships with, export MAKEINFO=gmakeinfo
  • You should now be able to run ./autogen.sh
  • After that is complete run configure like so: CC=egcc ./configure --with-json
  • OpenBSD does not have a port of libgccjit so for now omit --with-native-compilation

Environment Variables in Xenocara

  • When you login the .xsession script is run
  • In this script you would want to setup any environment variables you need

Using GNU tools

  • OpenBSD ships with its own version of the POSIX tools
  • Sometimes those versions do not work the same as the GNU versions which are standard on Linux
  • You can still install the GNU tools from the package manager
  • The GNU versions typically have a prefix like g or e, for instance the GNU version of gcc is egcc and the GNU version of grep is ggrep
  • A simple solution to prefer the GNU version over the standard is to add a local search path like $HOME/.local/bin to the beginning of your PATH environment variable
  • In your local bin folder symlink the prefixed GNU tool with the standard tool
mkdir -p $HOME/.local/bin
cd $HOME/.local/bin
ln -s /usr/local/bin/ggrep grep

Updating

Patching

  • OpenBSD man page: syspatch
  • Run syspatch -c as root to view the available patches for the system
  • To apply the patches run syspatch as root with no argument

Upgrading

DHCP

subnet 192.168.1.0 netmask 255.255.255.0 {
       option routers 192.168.1.1; # Gateway IP
       option domain-name-servers 192.168.1.1;
       range 192.168.1.100 192.168.1.254; # Dynamic IP Range
       host lan-host-1 { # Static IP for some host
            fixed-address 192.168.6.2;
            hardware ethernet 01:02:03:04:05:06;
       }
       host lan-host-2 { # Another Static IP for some host
            fixed-address 192.168.6.3;
            hardware ethernet 02:03:04:05:06:07;
       }
}
  • Once you are finished editing the dhcpd.conf restart the service with rcctl restart dhcpd

Resources