OpenBSD Archive
Following on from OpenBSD/arm64 on QEMU, it’s not always practical to compile userland software or a new kernel on some systems, particularly small SoCs with limited space and memory – or indeed QEMU, in fear of melting your CPU. There are two scenarios here – the first, if you are looking for a standard cross-compiler for Aarch64, and the second if you want an OpenBSD-specific environment. ↫ Daniel Nechtan Exactly what it says on the tin.
Another six months have passed, so it’s time for a new OpenBSD release: OpenBSD 7.7 to be exact. Browsing through the long, detailed list of changes, a few important bits jump out. First, OpenBSD 7.7 adds support for Ryzen AI 300 (Strix Point, Strix Halo, Krackan Point), Radeon RX 9070 (Navi 48), and Intel’s Arrow Lake, adding support for the latest x86 processors to OpenBSD. There seems to be quite a few entries in the list related to power management, from work on hibernation and suspend, to more fine-grained control over performance profiles when on battery or plugged in. There’s also the usual long list of driver improvements, new drivers, and tons and tons of other fixes and changes. OpenBSD 7.7 also ships with the latest GNOME and KDE releases, and contains fixes and improvements for a whole slew of obscure and outdated architectures.
Ted Unangst published dude, where are your syscalls? on flak yesterday, with a neat demonstration of OpenBSD’s pinsyscall security feature, whereby only pre-registered addresses are allowed to make system calls. Whether it strengthens or weakens security is up for debate, but regardless it’s an interesting, low-level programming challenge. The original demo is fragile for multiple reasons, and requires manually locating and entering addresses for each build. In this article I show how to fix it. To prove that it’s robust, I ported an entire, real application to use raw system calls on OpenBSD. ↫ Chris Wellons Some light reading for the weekend.
I’ve linked to quite a few posts by OpenBSD developer Solène Rapenne on OSNews, mostly about her work for and knowledge of OpenBSD. However, she recently posted about her decision to leave the OpenBSD team, and it mostly comes down to the fact she hasn’t been using OpenBSD for a while now due to a myriad of problems she’s encountering. Posts like these are generally not that fun to link to, and I’ve been debating about this for a few days now, but I think highlighting such problems, especially when detailed by a now-former OpenBSD developer, is an important thing to do. Hardware compatibility is an issue because OpenBSD has no Bluetooth support, its gamepad support is fractured and limited, and most of all, battery life and heat are a major issue, as Solène notes that “OpenBSD draws more power than alternatives, by a good margin”. For her devops work, she also needs to run a lot of software in virtual machines, and this seems to be a big problem on OpenBSD, as performance in this area seems limited. Lastly, OpenBSD seems to be having stability issues and crashes a lot for her, and while this in an of itself is a big problem already, it’s compounded by the fact that OpenBSD’s file system is quite outdated, and most crashes will lead to corrupted or lost files, since the file system doesn’t have any features to mitigate this. I went through a similar, but obviously much shorter and far less well-informed experience with OpenBSD myself. It’s such a neat, understandable, and well-thought out operating system, but its limitations are obvious, and they will start to bother you sooner or later if you’re trying to use it as a general purpose operating system. While it’s entirely understandable because OpenBSD’s main goal is not the desktop, it still sucks because everything else about the operating system is so damn nice and welcoming. Solène found her alternative in Linux and Qubes OS: I moved from OpenBSD to Qubes OS for almost everything (except playing video games) on which I run Fedora virtual machines (approximately 20 VM simultaneously in average). This provides me better security than OpenBSD could provide me as I am able to separate every context into different spaces, this is absolutely hardcore for most users, but I just can’t go back to a traditional system after this. ↫ Solène Rapenne She lists quite a few Linux features she particularly likes and why, such as cgroups, systemd, modern file systems like Btrfs and ZFS, SELinux, and more. It’s quite rare to see someone of her calibre so openly list the shortcomings of the system she clearly otherwise loves and put a lot of effort in, and move to what is generally looked at with some disdain within the community she came from. It also highlights that issues with running OpenBSD as a general purpose operating system are not confined to less experienced users such as myself, but extend towards extremely experienced and knowledgeable people like actual OpenBSD developers. I’m definitely not advocating for OpenBSD to change course or make a hard pivot to becoming a desktop operating system, but I do think that even within the confines of a server operating system there’s room for at least things like a much improved and faster file system that provides the modern features server users expect, too.
OpenBSD 7.6, the release in which every single line of the original code form the first release has been edited or removed, has been released. There’s a lot of changes, new features, bug fixes, and more in 7.6, but for desktop users, the biggest new feature is undoubtedly hardware-accelerated video decoding through VA-API. Or, as the changelog puts it: Imported libva 2.22.0, an implementation for VA-API (video acceleration API). VA-API provides access to graphics hardware acceleration capabilities for video processing. ↫ OpenBSD 7.6 release announcement This is a massive improvement for anyone using OpenBSD for desktop use, especially on power-constrained devices like laptops. Problematic video playback was one of the reasons I went back to Fedora KDE after running OpenBSD on my workstation, and it seems this would greatly improve that situation. I can’t wait until I find some time to reinstall OpenBSD and see how much difference this will make for me personally. There’s more, of course. OpenBSD 7.6 starts the bring-up for Snapdragon X Elite devices, and in general comes with a whole slew of low-level improvements for the ARM64 architecture. AMD64 systems don’t have to feel left out, thanks to AVX-512 support, several power management improvements to make sleep function more optimally, and several other low-level improvements I don’t fully understand. RISC-V, PowerPC, MIPS, and other architectures also saw small numbers of improvements. The changelog is vast, so be sure to dig through it to see if your pet bug has been addressed, or support for your hardware has been improved. OpenBSD users will know how to upgrade, and for new installations, head on over to the download page.
Our favorite operating system is now changing the default shell (ksh) to enforce not allowing invalid NUL characters in input that will be parsed as parts of the script. ↫ Undeadly.org As someone who doesn’t deal with stuff like this – I rarely actively use shell scripts – it seems kind of insane to me that this wasn’t the norm since the beginning.
Since we’re on the topic of BSD, what about yet another helpful guide on what to do after first installing OpenBSD? We’ve covered a few of these already, but more can never hurt, and OpenBSD is a great platform that would suit a lot more of us than you might think. Despite some persistent rumors, installing OpenBSD is both quick and easy on most not too exotic hardware. But once the thing is installed, what is daily life with the most secure free operating system like? ↫ Peter N. M. Hansteen This guide by Hansteen focuses primarily on the various basic system management tools you’ll be needing to keep OpenBSD up to date after initial installation, and how to install anything else you might need.
The internet today relies TOO MUCH on just a few big players. When one of them stops working, half the world is impacted because too many services, in my opinion, depend on them. “Too big to fail,” some might say. “Single Point of Failure,” I respond.” The strength of the internet has always been its extreme decentralization, which is now less evident due to this phenomenon. In this article, I want to show how easy it is to create a self-hosted CDN using OpenBSD and just two external packages: Varnish and Lego. ↫ Stefano Marinelli Stefano Marinelli is a gem of a person, and a great voice for the wider BSD community. In this article he covers building your own CDN using OpenBSD, and a few days ago he published a similar article, but using FreeBSD instead. These are excellent resources for anyone who wants to take self-hosting and data ownership to the next level, even cutting out big players like Cloudflare which often don’t have the best interests of us regular people at heart. It’s probably not for everyone, but odds are if you’re reading OSNews, you might be capable of and interested in doing this. And Marinelli’s point about the internet being overly reliant on a just a few small players is well taken. We often focus on the front-end of the monopolised internet – Google, Apple, Microsoft, and so on – but the backend and infrastructure often also suffers from the same problem. These articles focus on effectively replacing Cloudflare, but something like Amazon Web Services is also a prime example of a service that’s basically become too big to fail. That’s not at all how the internet was supposed to work, but unfettered capitalism ruins everything, and this is no exception. While a few of us breaking away from the monopolies and building our own alternatives isn’t going to have any material impact, it at least aides in a cleaner conscience.
The greek quiz is so obscure that it is ridiculous — noone can play this. Replace it with a new quiz about galley (ship) parts. This commit changes the LAST UNMODIFIED ORIGINAL FILE (meaning revision 1.1.1.1) from the original import that created OpenBSD on Oct 18, 1995. With this commit, we have completed an amusing mission of replacing the final parts of the original OpenBSD. We have reached OpenBSD of Theseus. ↫ Theo de Raadt With this change to a quiz game in OpenBSD, every single file of the OpenBSD code base is newer than that first, original import. Now I’m curious to see which other projects have achieved this milestone, and when.
This blog post is a guide explaining how to setup a full-featured email server on OpenBSD 7.5. It was commissioned by a customer of my consultancy who wanted it to be published on my blog. Setting up a modern email stack that does not appear as a spam platform to the world can be a daunting task, the guide will cover what you need for a secure, functional and low maintenance email system. ↫ Solène Rapenne If you ever wanted to set up and run your own email server, this is a great way to do it. Solène, an OpenBSD developer, will help you through setting up IMAP, POP, and Webmail, an SMTP server with server-to-server encryption and hidden personal information, every possible measure to make sure your server is regarded as legitimate, and all the usual firewall and anti-spam stuff you are definitely going to need. Taking back email from Google – or even Proton, which is now doing both machine learning and Bitcoin, of all things – is probably one of the most daunting tasks for anyone willing to cut ties with as much of big tech as possible. Not only is there the technical barrier, there’s also the fact that the major email providers, like Gmail or whatever Microsoft offers these days, are trying their darnest to make self-hosting email as cumbersome as possible by trying to label everything you send as spam or downright malicious. It’s definitely not an easy task, but at least with guides like this there’s some set of easy steps to follow to get there.
This is an attempt at building an OpenBSD desktop than could be used by newcomers or by people that don’t care about tinkering with computers and just want a working daily driver for general tasks. Somebody will obviously need to know a bit of UNIX but we’ll try to limit it to the minimum. ↫ Joel Carnat An excellent, to-the-point, no-nonsense guide about turning a default OpenBSD installation into a desktop operating system running Xfce. You definitely don’t need intimate, arcane knowledge of OpenBSD to follow along with this one.
Only yesterday, I mentioned one of the main reasons I decided to switch back to Fedora from OpenBSD were performance issues – and one of them was definitely the lack of hardware acceleration for video decoding/encoding. The lack of such technology means that decoding/encoding video is done using the processor, which is far less efficient than letting your GPU do it – which results in performance issues like stuttering and tearing, as well as a drastic reduction in battery life. Well, that’s changed now. Thanks to the work of, well, many, a major commit has added hardware accelerated video decoding/encoding to OpenBSD. Hardware accelerated video decode/encode (VA-API) support is beginning to land in #OpenBSD -current. libva has been integrated into xenocara with the Intel userland drivers in the ports tree. AMD requires Mesa support, hence the inclusion in base. A number of ports will be adjusted to enable VA-API support over time, as they are tested. ↫ Bryan Steele This is great news, and a major improvement for OpenBSD and the community. Apparently, performance in Firefox is excellent, and with simply watching video on YouTube being something a lot of people do with their computers – especially laptops – anyone using OpenBSD is going to benefit immensely from this work.
This is an attempt to turn OpenBSD into a Whonix or Tails alternative, although if you really need that level of privacy, use a system from this list and not the present guide. It is easy to spot OpenBSD using network fingerprinting, this can not be defeated, you can not hide the fact you use OpenBSD to network operators. I did this guide as a challenge for fun, but I also know some users have a use for this level of privacy. ↫ Solène Rapenne Written by OpenBSD developer Solène Rapenne, so you’re probably not going to find a guide written by anyone more knowledgeable.
Last year marked a significant milestone for both myself and the OpenBSD desktop community, as we successfully ported KDE Plasma 5 and all dependencies to OpenBSD. With the release of OpenBSD 7.5 on April 5, 2024, KDE Plasma in version 5.27.10 has become a part of our lovely operating system. This success is the result of years of development work and commitment to achieving this goal. KDE launched version 6 of its Plasma desktop environment on February 28, 2024, bringing numerous updates and features as well as the major switch to Qt6. I am immensely proud that the OpenBSD team has managed to prepare for this major update so swiftly. All necessary components have been committed to our CVS tree, and the packages will soon be available. ↫ Rafael Sadowski Excellent news for OpenBSD users who don’t wish to be using GNOME, Xfce, or one of the smaller build-it-yourself desktop environments. My dual-Xeon workstation, which I switched over from Fedora KDE to OpenBSD, runs Xfce, because I feel a smaller desktop environment is a more natural fit for OpenBSD, but I’m very happy to know that I have KDE to fall back on in case Xfce turns out not to be a good fit for me in the long term. I’ll give the OpenBSD developers an other experts in that community some more time to iron out any wrinkles, and then I’ll probably give it a go to see just how well KDE will be integrated with the OpenBSD base system.
But the biggest differential factor between BSDs and GNU/Linux is the way it is structured. In Linux, all components are designed to work together, but are completely separate. You’ve got the kernel, init systems, multimedia daemons, userland, bootloader, virtualization and containerization mechanisms, package managers, and so on. They are all separate projects with their own goals and are operated by separate entities. This is why we’ve got different Linux Distributions instead of Operating System. Everyone can take the kernel, start adding components on top of it, and a few minutes later the DistroWatch is even harder to keep up with. Each BSD on the other hand is designed as single system. All components are created and developed together. Things work together perfectly, because they are designed, coded, tested and released as one. ↫ Michał Sapka As I’ve mentioned here and there over the past few weeks, I’ve been exploring the world of BSD lately, and after bouncing of FreeBSD I’ve found a very happy home on OpenBSD. Now, this doesn’t mean I’m now a full-time OpenBSD user or anything like that – Linux is the main operating system on my gaming PC, my laptop, and my workstation, and that’s not going to be changing any time soon. However, after installing, exploring, and using OpenBSD on a machine cobbled together from spare and older parts, I can definitely see the appeal. OpenBSD feels more coherent than a Linux distribution – I use Fedora KDE, if that matters – and the various lower-level systems seem to talk to each other in ways that make more intuitive sense than the individually developed systems in a Linux distribution do. Diving into the command-line interface of a Linux distribution can sometimes feel confusing because different tools use different conventions, because they’re developed by entirely different people and projects, with different ideas about how flags should work, how output should be presented, and so on. On OpenBSD, it seems much easier to carry over something you learn from one tool to the next. I simply feel more secure and knowledgeable, even if it’s still the same idiot me. The documentation plays a big role here. They’re in one place, written in a consistent style, and reference each other left and right, making it easy to find your way around to other commands or tools you haven’t yet considered using. On Linux, you’re going from one project’s documentation to another project’s documentation, and not only will the style change, the quality will also vary greatly. That’s not to say everything’s perfect on OpenBSD – it’s clearly a hardened server operating system, and its focus on security will definitely throw up annoying hurdles if you’re just trying to do workstation things. Firefox, for instance, is hobbled by strict security rules through unveil, which makes perfect sense for what OpenBSD is first and foremost trying to be, but if you’re just a regular user like me, it’s annoying that Firefox can only access ~/Downloads, or that it can’t set itself as the default browser so unless you disable that check, Firefox will keep complaining about it. Diving into Firefox and unveil is on my list, though, because you should be able to ‘fix’ this. Furthermore, while every piece of software, or an equivalent, is pretty much always available for Linux, on OpenBSD it’s more hit and miss, and it seems to take a bit longer for new releases of especially bigger software packages to get updated. I mean, there’s obviously no Steam on OpenBSD, but smaller, less well-known projects generally also don’t support OpenBSD, so you’re either going to be compiling things yourself or hope someone packages it up for OpenBSD. Then there’s the various vanity things we’ve come to expect from modern Linux distributions, like slick, fully graphical boot and shutdown sequences, detailed graphical tools for managing your packages, graphical firmware and driver managers, and so on. OpenBSD has none of these things, and while that’s no issue for me, I can see how it would throw other people off. FreeBSD, OpenBSD, NetBSD, and the few others often kind of get lost in all the Linux, Windows, and macOS violence, and to be quite honest – I feel like many people in the BSD community seem mostly okay with that. If you’ve never spent any serious time using any of the BSDs, but you’re interested in operating systems and don’t mind spending a few hours learning how to manipulate your system through CLI tools – dive in. There’s a ton of fun to be had, and things to learn. For now, I’m continuing my exploration of OpenBSD, and if things keep going as well as they are, I may consider at least switching over the workstation in my office from Fedora KDE to OpenBSD – but I highly doubt it’ll ever make its way to my gaming desktop or my laptop.
Game of Trees (Got) is a version control system which prioritizes ease of use and simplicity over flexibility. Got is still under development; it is being developed on OpenBSD and its main target audience are OpenBSD developers. Got uses Git repositories to store versioned data. Git can be used for any functionality which has not yet been implemented in Got. It will always remain possible to work with both Got and Git on the same repository. ↫ Game of Trees website OpenBSD is developing Game of Trees because they want a version control system that adheres to OpenBSD coding conventions, implements various OpenBSD security practices, and uses nothing but BSD-licensed code. It’s important to note, as its developers make very clear, that GoT is not in any way intended as a replacement for git.
I always like it when I can link to an article written by an OSNews, and this time it’s even relevant to me as I’m exploring OpenBSD myself. OSNews reader and silver Patreon supporter Morgan has written an article about using OpenBSD as a daily driver. OpenBSD is forever tied in first place with Void Linux as my favorite desktop OS. This is particularly funny because OpenBSD isn’t “just a desktop OS”; in its purest form, the base installation without any installed packages, it makes for an excellent Ethernet router, firewall, or web server. It even ships with its own fork of X11 called Xenocara, along with fvwm2 and its own calm window manager, so there’s a rudimentary desktop OS in there too. With that said, in 2024 there is no such thing as a fully functioning desktop computer or workstation without at least a web browser of some kind, and if you’re adding packages you may as well build a full desktop system to suit your needs. So how do you go from the amazing but unfortunately limited base install to a “daily driver” workstation operating system? There are many ways to do this, and I will present a couple of paths I take depending on the hardware and use case involved. Before I do that, a bit of prep is necessary to get OpenBSD into more of a desktop OS mode. ↫ Morgan I’ll be using this guide over the coming days to make sure I end up with something usable. I still haven’t decided on what desktop environment I want to go for – I’m not interested in running GNOME or KDE, so Xfce is probably the most likely option. I’d also love to try out LXQt, but it seems the version OpenBSD has in its repositories is very, very outdated (1.0.0 from years ago, when 2.0.0 was just released). There’s a small chance I might suck it up and use one of those “build your own desktop environment” options, but I have no idea which one I should go for.
With the recent release of OpenBSD 7.5, I decided to run through my personal OpenBSD “installer” for laptop/desktop devices. The project is built off of the dwm tiling window manager and only installs a few basic packages. The last time I updated it was with the release of 7.3, so it’s been due for an minor rework. While making these minor changes, I remembered how incredibly easy the entire install process for OpenBSD is and how cozy the entire operating system feels. All the core systems just work out the box. Yes, you need to “patch” in WiFi with a firmware update, so you’ll need an Ethernet connection during the initial setup. Yes, the default desktop environment is not intuitive or ideal for newcomers. But the positives heavily outweigh the negatives (in my opinion). ↫ Bradley Taunt OpenBSD has a very dedicated community, and I’ve noticed they tend to be very helpful and friendly. It’s making me curious about trying it out, and both this article and the helpful posts it links to will be a great way to start.
OpenBSD 7.5 has hit the streets (or servers and workstations), and it comes with a metric ton of improvements and new features. Of course, the kernel has been improved in countless ways, from symmetric multiprocessing improvements to a new font usable as a console font. The graphics drivers have been updated to match Linux 6.6.19, and drivers for the Apple display coprocessor were added. Furthermore, a whole slew of additional ARM boards and SoC are now supported, and new drivers for a variety of networking chips, both wired and wireless, were added as well. Of course, that’s just a selection of the changes, and the full changelog lists them all for those of you with specific wishes.
In this blog post, you will learn about some OpenBSD features that can be useful, but not widespread. They often have a niche usage, but it’s important to know they exist to prevent you from reinventing the wheel. ↫ Solène Rapenne Written by Solène Rapenne, who also happens to be an OpenBSD developer, so a great source for information like this.
