We are still actively working on the spam issue.

Difference between revisions of "OpenBSD"

From InstallGentoo Wiki
Jump to: navigation, search
Line 29: Line 29:
 
Add this to your <tt>.profile</tt> (or your <tt>.kshrc</tt> as described above):
 
Add this to your <tt>.profile</tt> (or your <tt>.kshrc</tt> as described above):
 
  export PKG_PATH="ftp://ftp.openbsd.org/pub/OpenBSD/packages/5.8/amd64"
 
  export PKG_PATH="ftp://ftp.openbsd.org/pub/OpenBSD/packages/5.8/amd64"
 
 
where 5.8 is your version number, amd64 is your architecture and the beginning of the string replaced with whatever mirror you chose. If you set up your <tt>doas.conf</tt> to pass <tt>$PKG_PATH</tt> to root, you can begin installing programs from your normal user account like so.
 
where 5.8 is your version number, amd64 is your architecture and the beginning of the string replaced with whatever mirror you chose. If you set up your <tt>doas.conf</tt> to pass <tt>$PKG_PATH</tt> to root, you can begin installing programs from your normal user account like so.
 
  $ doas pkg_add irssi
 
  $ doas pkg_add irssi
Line 41: Line 40:
 
  irssi-0.8.16p0: ok
 
  irssi-0.8.16p0: ok
 
Read the [[Package manager#OpenBSD|package management]] article for more on how to use the OpenBSD package management system.
 
Read the [[Package manager#OpenBSD|package management]] article for more on how to use the OpenBSD package management system.
 +
=== Init scripts ===
 +
The OpenBSD init system is configured in <tt>/etc/rc.conf.local</tt>. It is advised that you only put '''used''' entries into <tt>rc.conf.local</tt>, however it is easier to simply copy <tt>rc.conf</tt> to <tt>rc.conf.local</tt>.
 +
Any system daemon can be enabled by setting it's <tt>_flags</tt> variable to blank or to pass flags to the daemon, and can be disabled by setting it to <tt>NO</tt>.
 +
Daemons from packages/ports are specified in the <tt>pkg_scripts</tt> variable. For example, here is a configuration for starting [[DNSCrypt]] and [[Tor]] as system daemons.
 +
# rc.d(8) packages scripts
 +
# started in the specified order and stopped in reverse order
 +
dnscrypt_proxy_flags="-R dnscrypt.eu-dk -a 127.0.0.1:40"
 +
pkg_scripts="dnscrypt_proxy tor"
 +
The init scripts will load DNSCrypt first, passing to it the flags to choose DNS server and port, and then start Tor.

Revision as of 22:39, 19 December 2015

Puffy the pufferfish

OpenBSD is a free, multi-platform 4.4BSD based Unix-like operating system, part of the BSD family. The OpenBSD project's efforts emphasize portability, correctness, proactive security and integrated cryptography, although you probably already know this by now.

Licensing

The BSD operating systems are where the BSD licence originated from, allowing free reuse of code even in non-free software, with the requirement that the original contributors' attributions are retained. Some would argue that this means that non-free software developers can take the original software, improve it and not give back contributions to the free and open source software community.

you might live in a world without morals; I don't.
Henning Brauer

The original code will always stay as free as the original developer intended it to, and improvements on the code are often returned back in good will for the unrestricted use of the software in the first place.

As for the licensing state of OpenBSD itself, this author understands that most of the OpenBSD source inherited from BSD Net/2 and 4.4BSD-Lite stays under a traditional 3-clause BSD licence, with new programs from OpenBSD generally released under the simpler ISC licence. The only programs released under the GPL included with OpenBSD are the GNU toolchain (GCC, binutils, GDB).

How To

Set up the shell

pdksh, OpenBSD's default shell, only sources .profile out of the box. Add

export ENV="${HOME}/.kshrc"

to your .profile, and then add your interactive shell customisation to .kshrc. Programs like startx and other shells will inherit $ENV from the environment, so it will continue to be sourced in all shells in the session.

Privilege escalation

sudo, the privilege escalation tool used in many Linux distributions, was replaced by doas in OpenBSD 5.8, a far simpler implementation. To set it up, you need to edit /etc/doas.conf. This is an example doas.conf:

permit keepenv { PKG_PATH } :wheel as root
permit nopass root

This allows all users in the wheel group to run commands as root and pass the environment variable $PKG_PATH which is used to specify a package repository as described below. If you added your user account with the OpenBSD installer, it should have added it to the wheel group already. It also allows root to run commands without a password for all users on the system.

Package management

OpenBSD package management turns out to be easier and simpler than many Linux distributions. Instead of a system-wide repository and downloading a repository database, the OpenBSD package utilities simply pull packages from a remote server (or an official CD) specified in the environment variable $PKG_PATH and installs them. Remote repositories can be any of the mirrors listed here. For this example, we will use the ftp.openbsd.org mirror, ran by Theo in Canada. Add this to your .profile (or your .kshrc as described above):

export PKG_PATH="ftp://ftp.openbsd.org/pub/OpenBSD/packages/5.8/amd64"

where 5.8 is your version number, amd64 is your architecture and the beginning of the string replaced with whatever mirror you chose. If you set up your doas.conf to pass $PKG_PATH to root, you can begin installing programs from your normal user account like so.

$ doas pkg_add irssi
Password:
quirks-2.114 signed on 2015-08-09T11:57:52Z
Ambiguous: choose package for irssi
a       0: <None>
        1: irssi-0.8.16p0
        2: irssi-0.8.16p0-socks
Your choice: 1
irssi-0.8.16p0: ok

Read the package management article for more on how to use the OpenBSD package management system.

Init scripts

The OpenBSD init system is configured in /etc/rc.conf.local. It is advised that you only put used entries into rc.conf.local, however it is easier to simply copy rc.conf to rc.conf.local. Any system daemon can be enabled by setting it's _flags variable to blank or to pass flags to the daemon, and can be disabled by setting it to NO. Daemons from packages/ports are specified in the pkg_scripts variable. For example, here is a configuration for starting DNSCrypt and Tor as system daemons.

# rc.d(8) packages scripts
# started in the specified order and stopped in reverse order
dnscrypt_proxy_flags="-R dnscrypt.eu-dk -a 127.0.0.1:40"
pkg_scripts="dnscrypt_proxy tor"

The init scripts will load DNSCrypt first, passing to it the flags to choose DNS server and port, and then start Tor.