Difference between revisions of "Openbsd-as-a-desktop-os"

From Personal Knowledgebase
 
Line 148: Line 148:
 
== Download and Configure Ports tree ==
 
== Download and Configure Ports tree ==
  
 +
cd /tmp/
 
  ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
 
  ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
 
  signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz
 
  signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz

Latest revision as of 02:42, 27 July 2020

Downloading and starting the Install Media

Download the USB Installer f.e. if you use an amd64 device:

wget https://cdn.openbsd.org/pub/OpenBSD/6.7/amd64/install67.fs
wget https://cdn.openbsd.org/pub/OpenBSD/6.7/amd64/SHA256.sig
wget https://cdn.openbsd.org/pub/OpenBSD/6.7/amd64/SHA256

Then check File Inegetrety

sha256 -C SHA256 install67.fs
signify -Cp /etc/signify/openbsd-67-base.pub  -x SHA256.sig install67.fs

dd file to USB Stick

dd if=install67.fs of=/dev/rsd6c bs=1m

After Boot, it should look something like this

IMG 20200621 050803.jpg

Install Encrypted OpenBSD

Prepare Disk

First we write some random Data to the Storage device, so that it can't be telled how large the encrypted FS is: Choose: (I)nstall, then choose your Keyboardlayout, etc.

Follow the installer and Reinitialize your disk.


1*Ac7gml2RbSsUrGE012lH4Q.png

When the installation prompts you to create a disk layout, type ! to pause it:

1*vwaQgQ8tDcb8PlTetlkyBw.png

Optional: Enter the following command to clean your disk:

dd if=/dev/urandom of=/dev/sd0c bs=1m

This process can take a long time depending on the size of your disk.

Write the MBR and set up a RAID slice:

# fdisk -iy wd0# disklabel -E wd0
wd0> a
partition: [a]      # Hit enter
offset: [64]        # Hit enter
size: [xxx]         # Hit enter
FS type: [4.2BSD] RAID
wd0*> w
wd0> q

1*GbOfPP22SQade8A1LPl40Q.png

Set up the disk layout:

1*3JLyEvDLkSwafjvAzXkiWQ.png

If you want to use a custom layout (e.g., all directories on the same partition), type c. I will use the following settings:

sd0> a b
offset: [64]         # Hit enter
size: [xxx] 8G
FS type: [swap]      # Hit enter
sd0*> a
partition: [a]
offset: [xxx]        # Hit enter
size: [xxx]          # Hit enter
FS type: [4.2BSD]    # Hit enter
mount point: [none] /
sd0*> w
sd0> q

Set up the encrypted slice and exit the shell:

# bioctl -c C -l /dev/wd0a softraid0
New passphrase: [your super-secure password here]# exit

# exit

1*hS4KFMoqZNSGMRlTU9zd9A.png

Press CTRL+C, enter install, and continue the installation.

This will allow the installer to recognize the new encrypted volume. Most of the options will be already set. When the installation prompts you for the disk, use the encrypted volume (in my case sd0). Hit enter to use the whole disk.

Set up the disk layout:

I recommend you to use the auto layout option for security reasons.

1*l8TBREBECDr01qZhThv21w.png

installing the System

You can just select the default options next. If the installer can’t find the SHA256 signature and you are sure the image was not modified in any way, type yes.

1*5QLEy2tm5a MgQCmsPrhVA.png

Reboot

Reboot the computer. You will be prompted for your password.

1*lpEvl6W74nbGVjZAjvIeYA.png

Congratulations! At this point, you should have a fully functional OpenBSD installation. Don’t forget to log in as root and create a user account with the adduser command.

Usage

Upgrade OpenBSD

Patch Base System

syspatch

Upgrade system

sysupgrade

Upgrade Packages

pkg_add -u

Upgrade Firmware

fw_update

Package Management

Search for a package

pkg_info -Q <searchterm>

Get Info about package

pkg_info <packagename>

install package

pkg_add <packagename>

System Enhancement

If you have an SSD you can edit /etc/fstab and add attribute softdep


Download and Configure Ports tree

cd /tmp/
ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz
tar xzvf /tmp/ports.tar.gz -C /usr