free software resistance
the cost of computing freedom is eternal vigilance
### tcoyc-poking-around-openbsd
*originally posted:* dec 2023
despite the name, openbsd is actually more free than freebsd. hyperbolabsd is an effort to make openbsd even more free.
as in the previous chapter, we will start off using openbsd to create a bootable usb, this time with openbsd on it. we will also add the gui, xenocara, from the installer.
i recommend the "installnn.img" file for your architecture- this tutorial is using amd64, and other architectures may have different install procedures:
=> https://openbsd.org
i have saved it as install74.img, so im going to write it to rsd8c like this as root:
```
dd if=install74.img of=/dev/rsd8c bs=1M
```
if you read the previous chapter you know thats a ruse, i used /dev/rsd1c because thats where the usb is. but this way you have to pay more attention and you likely dont have an rsd8c, so this is safer if youre not paying attention.
you really want to be certain that you are pointing "of=" to the right device, because if you point it to a wrong one and the wrong one exists, you now have a bootable image of the openbsd installer there instead.
the openbsd version of dd gives you no warnings, even if you are writing to a mounted partition. it will simply start overwriting. using dd requires vigilance- backups are also good.
once you have written the image to your usb, you are ready to boot the installer. hopefully the settings on your laptop, desktop or server already allow this, otherwise you will need to poke around your firmware settings too. sometimes theres a key you can press for a boot menu without changing your settings, but it varies from machine to machine.
before you even turn the machine on, decide if you want to install updates to the cpu microcode or not. if you boot with network access, it may update your microcode on the first boot after installation or even sooner.
theres no text dialogue like in freebsd, openbsd just says "welcome to the openbsd/amd64 7.4 installation program."
it offers you the options of (i)nstall, (u)pgrade, (a)utoinstall or (s)hell.
as tempting as it is to try autoinstall, lets run the installer by typing "i" and hitting enter.
hit enter for default keyboard, unless you think you need to change it.
type a hostname or just put openbsd.
hit enter if you want to configure the default network interface. this is related to the decision earlier about your network configuration.
hit enter for autoconf if you decided to have it access the network at this point.
hit enter again to go with the default for ipv6, unless the default isnt [none] and you dont want it to access the network.
when it mentions vlan0 thats not a real network interface, you can ignore it. theres nothing to do with it during installation anyway.
hit enter for done.
type a password for the root account- it wont show as you type.
tell it to start sshd by default unless you really dont want to. you can turn it off later with rcctl disable sshd- your call.
do you want the x window system to be started by xenodm? type yes unless you know that running x will cause problems- you can turn it off later with rcctl disable xenodm.
type a username or just "u" to setup a user. at this point in the installation it is impossible to setup a user named "no".
hit enter until it says "password for user"- then enter a password that is not the same as your root password.
definitely hit enter to the default "no" for allowing root ssh login.
i choose utc for the timezone, and you must type it all upper.
hit ? if you wish to use another time zone than the default or utc.
hit ? for details to be certain the drive to install to is sd0 and the usb is sd1.
if it is, then allow it the default of sd0 for the "root" disk or change it if you have to.
its your choice if you want to encrypt the root disk. this chapter wont cover that, the default is no.
hit enter for default "whole".
hit enter for default "auto".
hit enter for "done".
type "disk" to install from usb and hit enter.
hit enter for "no".
hit enter for "sd1" unless you know the usb is a different device.
hit enter for "a" unless another disk says "4.2bsd" on the line.
hit enter for the pathname.
hit enter for done.
be sure to type yes to continue without verification.
now it will install.
hit enter for done. this is where fw_update runs.
hit enter to reboot. this is when i like to enter the firmware setup to remove the usb while its unmounted.
when you get the graphical login, switch to a vt with ctrl-alt-f2.
login as root, by typing root, hitting enter and then typing your password.
it says you have mail- this is sent from your system to your system, and doesnt require a network connection.
if you want to read it you can type "mail" and hit enter. hit enter to scroll through your mail. when it says "at eof" that means end of file, type "q" and hit enter to quit the mail program.
run ifconfig by typing it and hitting enter. if you see "lo0" thats not a useful section to you right now, youre looking for a network interface other than lo0. if it exists it will be on the left, like lo0 is, and it will be followed by a colon, like lo0 is.
ignore lo0, enc0 and pflog0, if theres another section it will probably say "inet" followed by your ip address on the local network. it wont list your external/internet ip.
openbsd uses pkg_add, pkg_delete and pkg_info. if you type pkg and hit tab, it will show you all the programs you can run that start with pkg.
running "pkg_info -Q python" to see whats available, it looks like we can install python-tkinter-2.7.18p1, so lets do that.
```
pkg_add python-tkinter-2.7.18p1
```
this also brings in python2. more about that later.
lets install some other things, like tor browser:
```
pkg_add tor-browser torsocks
```
this also brings in python3 and gtk3, sadly.
you dont want xorg without a better window manager, so lets also install:
```
pkg_add dwm
```
i would suggest you install icewm too, but both icewm and fluxbox bring in imlib2 which appears to bring in a vulnerable version of libwebp in openbsd 7.4.
run this:
```
man dwm
```
and if it seems like something you want to try instead of fvwm you can do this:
```
d=$(which dwm)
f=$(which fvwm)
mv $f /root
cp $d $f
```
since fvwm and dwm arent in the same folder, this saves the pathnames of both to variables and lets you move fvwm to /root as a backup, and copy dwm in its place.
this is to avoid editing /etc/X11/xinit/xinitrc. but we can do that to get rid of the annoying xconsole:
```
sed -i "s/xconsole/#xconsole/" /etc/X11/xinit/xinitrc
```
that will edit the file to change xconsole to #xconsole. lines that start with # dont do anything, because "#" denotes a comment- a human-readable note, in code.
we can also stop xconsole like this:
```
kill $(pgrep xconsole)
```
but that by itself wouldnt stop it from running again. xinitrc is the file that runs it, but we took care of that.
if you are going to edit xinitrc further, it is recommended you make a backup copy:
```
cp /etc/X11/xinit/xinitrc /root/xinitrc.b
```
technically, we could have also used this trick from the previous chapter:
```
startx $(which dwm)
```
but that would be a shame, since openbsd has a dm setup and doesnt require us to run x (or "xorg") as root.
the $() runs the commands in the parentheses first, and the output of "which dwm" is /usr/local/bin/dwm, so its like saying startx /usr/local/bin/dwm.
hit ctrl-alt-f5 to go back to the graphical login. i think its ctrl-alt-f9 in freebsd. which fn it is depends on which vt x was run from.
login with your username and password. if you dont know it or typed it wrong somehow, go back to the vt and use root with "passwd username"- whatever your username is- to reset your password.
lets try opening tor browser:
```
tor-browser
```
if you want to run any graphical programs as root, run this from a term window before you become root:
```
xhost +local:root
```
if you run a graphical program like tor-browser from xterm, it will take over xterm to use for outputting certain information that can be hypothetically useful to someone. if you add an ampersand like this:
```
tor-browser &
```
it will let you use the command line, and when you hit ctrl-d it will close xterm. this also works:
```
tor-browser &exit
```
for some reason, editing xinitrc didnt stop xconsole, so we are going to do what i usually do with it:
```
mv $(which xconsole) /root
```
moving it to /root ensures it wont run unless we want it to. it also makes it possible to move it back to /usr/X11R6/bin if we want.
if this seems like a lot of arcane stuff you wont ever use, dont worry about that- you will get used to these things if you do use them, and if you dont need them you wont get used to them since you wont do them.
now that weve seen xorg working, we are actually going to go back to the command line. hit ctrl-alt-f2 and it should go back to the "vt" or "virtual term" we were using before.
since installing tor browser also installed python3, we could start python now by typing "python3" and hitting tab to complete the filename. python3 is needed by many programs, but i consider python3 unstable- they keep breaking features and making people change their programs, like rust does.
since i have no respect for that, i prefer pypy. unlike python2, pypy is maintained and updated- but they dont break existing compatibility with python2 programs. if you want a stable version of python, this is what i recommend.
unfortunately, pypy is not available as a package for openbsd- thought it was in a recent version of openbsd. if you find it in the ports tree perhaps you can compile it, and for now python2 (which definitely isnt maintained, it even has some security vulnerabilities) is available in openbsd- and weve already installed it.
you will notice that the python2 port in openbsd is deprecated. there are other nice things about pypy besides its support of both python2 and python3. there are precompiled binaries for windows, macos and gnu/linux, its a shame that pypy doesnt have a precompiled binary for openbsd.
in freebsd we did this to make a shortcut called python2:
```
cd /usr/local/bin
ln -s python2.7 python2
```
in openbsd this was already done for us. that will make it so we dont have to keep tab-completing python2.7 to run python. now we can say:
```
python2
```
this prompt is a bit different- we have a shell, technically- but the environment is python, rather than sh. we also have a prompt that says ">>> " for python instead of "# " for root or "$ " for user.
the following bits about python, if they were included, would be nearly 100% identical to the ones in the freebsd chapter. instead of reproducing them here, it is recommended you either read that section of the previous chapter, or if youve done so- theres no point in repeating that part with openbsd. its exactly the same, except for this:
"find / -type f | wc -l" will most likely return fewer than 37,000 files if you follow the instructions in this chapter.
```
find / -type f -name '*.txt' -exec wc -c {} + | sort -n | less
```
that line is also from the previous chapter, as is:
> less is a pager, by piping text to it you can page through the output using arrow keys or pgup and pgdn. a few gui text editors will let you pipe text to them too. jed can be used as a pager this way, then it can edit the results.
the man page for less in freebsd shows that it has betrayed the free software world by remaining on github, even though its a gnu program.
openbsd actually has a fork of less, so they arent using the github version. that isnt the reason they forked, but it did result in a non-github version of less.
many command line tutorials exist, ive written more comprehensive ones than this- but they were not for bsd and they were not focused on finding your way around the system- they were more general than that.
the commands demonstrated here can help you manage packages, manage files, get started coding in python or possibly inspire you to learn more about the shell in freebsd.
check the battery, same as freebsd:
```
apm
```
you can:
```
reboot
```
or:
```
shutdown -p now
```
license: 0-clause bsd
```
# 2019, 2020, 2021, 2022, 2023
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
```
=> https://freesoftwareresistance.neocities.org