Raiders of the lost OpenBSD



A few people asked if I would do a review of the latest release of OpenBSD (version 4.8) and it is with some reluctance that I approached the task. It's not that I have anything against OpenBSD or the developers behind the project, it's the nature of the review. Most of my distro reviews are like visiting a museum and looking at all the interesting things on display. On the virtual shelves are package managers, configuration tools and shiny new desktop environments. Tackling a review of OpenBSD is more akin to a digital Indiana Jones adventure. One enters the deep jungles of the command line, explores the ruins of text-based installers and digs up cryptic package names. In short, it's more work and less sightseeing.



Before we get into the actual running of OpenBSD, I think it's important to explore the mindset of the developers and the community surrounding it. Taking a look at the project's website shows us a lot of clues. There's the simple layout of the site and the links are generally developer oriented, pointing to change logs, patches and talks about cryptography. It's also telling to note there's no link to a user forum, instead we find a bug tracker and mailing lists -- mailing lists where people are asked to use text (not HTML) and format their lines to be 72 characters in length or less. There are manual pages, most of which expect that the reader has some experience with the UNIX family of operating systems and probably some time with the BSDs. But enough looking around, let's get down to business.



Following the announcement of the new 4.8 release took me to a page with a list of international mirrors, which passed me off to a download server. There I dug down through the directory levels, selecting my desired release version and architecture. This brought me to a folder with some packages, a few floppy images and some ISO images. Fortunately for those unfamiliar with OpenBSD there is a manual page provided in this folder so people know which file to grab. I downloaded the installation CD image, which weighs in at a light 212 MB. It had been awhile since I last installed OpenBSD and so I decided to begin with a test run in a virtual machine. I fired up VirtualBox and booted from the install image. The system starts off by displaying a prompt which reads "boot>" and, after waiting a few seconds, continues with loading the system. This being an installation disc, the installer kicks off right after the boot process. I think it's worth noting that the OpenBSD installer works entirely from the console. There are no menus or Next/Back buttons, it's all done with text prompts and typing out responses. The good news, for newcomers, is the prompts almost always come with a default, so just pressing Enter will usually be the correct response if you're uncertain.







OpenBSD 4.8 - the desktop

(full image size: 15kB, resolution 1280x1024 pixels)

At first the installer asks if we would like to perform a fresh install or upgrade an existing install. We're then asked to select a keyboard layout, enter a hostname and configure our network connection. (Again, pressing Enter through these will generally work for most people.) We're then told to set a root password and asked if we would like to have secure shell and network time services enabled. We're then asked if we would like to have an X Window environment installed and we're given the option of creating a new user account. Assuming we do create a regular user account, the installer offers to disable remote root logins, which I think is a good feature. We're then asked to select our time zone and partition the disk. This is where I ran into my first problem. After telling the installer to take over the entire virtual disk, I was given a segfault message and told that my new partition couldn't be mounted. I rebooted and went through the installer again, taking all the defaults and made it past partitioning and had arrived at package selection when I received more segfault messages and was told that the package formats were incorrect.



After confirming that my install image checksum matched the one provided by the OpenBSD project, I did some poking around on forums and found that there are known issues with OpenBSD and VirtualBox. Apparently VirtualBox doesn't act enough like real hardware for OpenBSD's taste and (unofficially at least) Oracle is uninterested in fixing the issues due to lack of demand.



My next step was to try the install on my HP laptop (dual-core 2 GHz CPU, 3 GB of RAM, Intel video card) and things got off to a good start. The installation went smoothly up to, and including, selecting which packages I wanted to install. The files copied over and I was prompted to reboot the machine. This I did and was instantly given a text screen which told me that my hardware was being probed and the system came to a halt. After confirming that my disc had burned cleanly and running through the install again, I once more found that my laptop would hang within seconds of powering up.



A little discouraged, but determined to see this review through, I turned to my desktop machine (2.5 GHz CPU, 2 GB of RAM, NVIDIA video card) and ran through the installer once more. Again, on physical hardware, the install went smoothly and at this point I was feeling grateful that the OpenBSD install can be completed in ten minutes. Upon rebooting the system started up and, about one minute later, I arrived at a graphical login screen. I logged in with my regular user account to find a mostly-empty desktop. The background is a fuzzy grey and we're given a terminal and a virtual desktop map. Clicking on an unoccupied area of the desktop brings up a menu which allows us to launch a few applications or logout. Available programs include a calculator, process monitor (aka the top command) and a screen magnifier. As you might expect, the system doesn't require much memory, generally using less than 100 MB including cache.







OpenBSD 4.8 - the accessibility option

(full image size: 14kB, resolution 800x600 pixels)

A fresh install provides a fairly sparse environment, populated mostly by standard UNIX command-line tools, the GNU Compiler Collection (GCC) and a handful of text-based games. To retrieve more software, we'll have to turn to the package manager. As with most aspects of OpenBSD, package management is a more hands-on experience than it is with Linux distributions or OpenBSD's cousin, FreeBSD. As with other BSDs, the OpenBSD system includes a kernel and basic userland programs together. They make up a platform upon which we can add third-party ports and packages. To install binary packages first we have to tell the package tool where we can locate new packages. It may seem odd for people coming from Linux that we have to set an environment variable to tell the package manager were the repository is; however, it's something we have to do just once and the process is outlined in the Frequently Asked Questions. After we tell the package tool where our repository is, we can use the command line tool, pkg_add, to download, install and upgrade new software.



For people who like to compile their software, OpenBSD has a ports collection. Again, the ports tree needs to be downloaded and installed manually and, again, the process is laid out in the project's documentation. Once the ports tree is in place it's fairly simple to locate a piece of software we want to install and kick off the build process. I installed a handful programs via the packages repository and a few through ports and found that all of them installed and worked without any problems. It's a theme I saw repeated often during my time with OpenBSD: the initial configuration may look daunting, but once it's in place, things run smoothly.



As I mentioned before, OpenBSD separates the base system from third-party packages. While packages can be easily updated using the pkg_add command, keeping the base system up to date is a bit more complicated. The project doesn't release binary updates, which means users need to apply patches to the source code. Users are required to get a copy of the code, manually apply patches, compile and re-install components. It's a more involved process than we find on most other operating systems, but the good news is that OpenBSD has very few patches for each release -- typically in the range of a dozen. The developers maintain mailing lists to let users know when patches are available.







OpenBSD 4.8 - testing the compiler

(full image size: 13kB, resolution 800x600 pixels)

On the topic of patches, the big drawing factor with OpenBSD is their proactive approach to security. The project has a strong focus on security and stability with their website proudly stating, "Only two remote holes in the default install, in a heck of a long time!" An impressive claim and the operating system lives up to it. Much of this is due to continuous code reviews, but part of being secure is having a small attack area and that means not having vulnerable programs installed and running on the system. There are very few network services running by default: secure shell (if it's enabled during install), Sendmail and a time daemon. Immediately after an install OpenBSD is very bare by modern standards which means that the user will be required to install anything they want to use. The project gives us a solid foundation on which to build and then leaves the user to build their own house the way they see fit, if they can. All projects find a balance between out-of-the-box functionality and security and the OpenBSD team strongly favours security.



I've already mentioned hardware a little in this review and I have just one more thing to add on the subject. As of the time of writing I have been unable to get sound working on my system. The graphical interface runs without any issues on my desktop machine, though the resolution is low. The network card is recognized and automatically connects on start-up so the only missing piece of the puzzle is sound.



When looking at OpenBSD and evaluating it, I think it's important to keep in mind what the project's goals are. This isn't a project trying to make a great desktop OS (though I have talked with people who happily use OpenBSD on their desktops) and it's not making the most powerful server system. The OpenBSD team is interested in producing correct, secure code and they do that. Fortunately their work boils over into other areas of the open source world -- OpenSSH being an excellent example. The operating system is small and simple, resulting in low-resource requirements and a responsive environment. I don't think that many people would accuse OpenBSD of being intuitive, but the community does have sound documentation and the project's processes are very open. These characteristics make OpenBSD not only a good firewall or server, but also a great teaching tool. If you're the sort of person who enjoys building their system from the ground up, OpenBSD is a suitable place to begin. My only complaint while trying out the new release was in regards to hardware. I wasn't able to get OpenBSD running in VirtualBox, nor on my laptop and, so far, I don't have sound on my desktop. Otherwise it was a good adventure and I applaud the developers for producing another solid release.



