Overview

Since setting up my homelab, I’ve been able to reclaim my now idle Thinkpad x230. One thing that I have never done, is run BSD. So this page is all about my experience running OpenBSD 6.7 on the x230, and lesson I learned along the way.

Lessons

Installation is FAST

Like, real fast. I went from booting the installer to a login screen in around 10 minutes.

OpenBSD docs are awesome.

Everything is very well written and concise. I wish all projects were this well documented!

Use -current for laptops and workstations

Installing Firefox was not easy while I was pointed to -stable. Switching over to -current let me install a more recent version of Firefox and seems to be a better choice if you need desktop software. Stick with -stable, for server workloads.

Laptops need performance optimizations

• apmd - has some auto performance policy settings.
• sysctl - can set some of the same settings.

doas == sudo

Took me sometime to figure out that sudo isn’t included by default and instead openbsd uses doas

Resources

OpenBSD Jumpstart - Great if you’re just getting started. I found out about a lot of this the hard way. Start here if you’re new to OpenBSD.

OpenBSD FAQ - the canonical resources, most of my configuration and google searches ended up here.

Installation

I’d previously setup netboot.xyz on my network. This is an iPXE network boot installer tool, which comes with a ton of preconfigured installers and utilities, including one for OpenBSD.

The installer was all text driven, which is quite different from your usual linux installer. After going through maybe a dozen or so prompts, it very quickly blew away everything from the SSD and replaced it with a fresh OpenBSD 6.6 install (netboot.xyz didn’t have 6.7 yet, so I ended up doing a system upgrade later). Total time was easily less then 10 minutes which was kind of amazing.

OpenBSD -current via Snapshot

OpenBSD supports 3 different flavors, -release, -stable, -current. I started this experiement on OpenBSD 6.6, which is considered -stable. To run more of an “edge” version of OpenBSD, I need to run -current, which usually starts out by using a snapshot, docs here.

Upgrading to snapshot

To move to the lastest snapshot:

$ sysupgrade -s

Post reboot, upgrade all your installed packages

$ pkg_add -u

That was actually painless!

Login Screen - xenodm

Hello 1995! What’s up with this login screen?

I configured my default account during install, so I used those credentials and ended up in my X windows session.

Window Managers

The default window manager is fvwm and feels like something straight from 1995. The docs say there are 3 window managers installed by default. cwm, fvwm and twm. So I decided to switch to another one and see what those were like.

To switch over to a different WM, I had to create a local ~/.xsession file and configure the window manager I wanted.

# ~/.xsession
cwm

cwm - The Calm Window Manager

When I landed on cwm, I was completely stuck. No menus, except for a weird menu on right click. I did some googling and found that it specializes in its use of hotkeys. Once I got used to a few of the essential keyboard commands, I decided to stick with it for a while.

• C ontrol
• S hift
• M eta

Package Management

OpenBSD uses these pkg_ commands which need to be run as root, unless you configure DOAS.

DOAS (SUDO)

After some googling around for why I couldn’t get sudo to work, I found out that OpenBSD migrated away from sudo to doas as of OpenBSD 5.8.

Wheel group

To enable your account to use doas, you need to add your user to the wheel group.

$ usermod -F wheel bwigginton

# /etc/doas.conf
permit persist :wheel

Now you can run commands as root, using doas, just like you would with sudo.

X Windows Configuration

I’ve never really been comfortable with the different X Windows system files (.xsession, .Xresources …), but to get this sytems into something that’s a pleasure to use, I’m going to have to.

xsetroot - Background Color

Setting a background color in X requires using xsetroot, root being the root window. Throw a call to xsetroot into your ~/.xsession file to persist.

# ~/.xsession

# set the default background color
# This gives you a nice Windows 95 feel.
xsetroot -solid teal &

# set the window manager you want to use
cwm

feh - Wallpaper

xsetroot only supports bitmaps, so we need another tool in order to set something like a jpg as your system wallpaper. Install feh, which is a low dependency image viewer. Then use it to set your background.

$ doas pkg_add feh
$ feh --bg-scale ~/.img/foo.png

~/.Xresources - xterm theme

xterm by default uses a black on white theme. Let’s change that and the default font using ~/.Xresources.

# ~/.Xresources

# xterm colors
xterm*background: black
xterm*foreground: lightgray
xterm*faceName: Ubuntu Mono
xterm*faceSize: 10

To reload those changes:

$ xrdb ~/.Xresources

Installing Firefox

I assumed that this would be painless, but it was the most difficult step so far, since I was on -stable and not -current!

$ pkg_info -Q firefox
debug-firefox-esr-68.10.0
debug-firefox-esr-68.9.0
firefox-esr-68.10.0
firefox-esr-68.9.0

I’d never heard of Firefox ESR until now. Turns out, it’s FF for the Enterprise.

Extended Support Release (ESR): receives major updates on average every 42 weeks with minor updates such as crash fixes, security fixes and policy updates as needed, but at least every four weeks.

Also, the version doesn’t seem right, I know the latest Firefox version is much higher that 68. After some googling, I found this at the OpenBSD Journal.

Firefox pkg for 6.6-stable will not receive latest updates. [Updated]

Dear OpenBSD users, due to Firefox being too complicated to package (thanks to cbindgen and rust dependencies) on the stable branch (as this would require testing all rust consumers), the 6.6-stable branch won’t receive updates for www/mozilla-firefox, so it will remain vulnerable to MFSA2020-03 and vulnerabilities that may appear after.

On the other hand, firefox-esr is still updated so I recommend switching to firefox-esr if you are running 6.6-stable. If you run OpenBSD 6.5, you should upgrade to OpenBSD 6.6 to get the benefit from packages updates. OpenBSD-current users are not affected, www/mozilla-firefox update is already committed and will be available soon on the mirrors.

OK, let’s go for it:

$ doas pkg_add firefox-esr
quirks-3.325 signed on 2020-07-24T21:42:34Z
Can't install dconf-0.34.0p0 because of libraries
|library gio-2.0.4200.10 not found
| /usr/local/lib/libgio-2.0.so.4200.9 (glib2-2.60.7p0): minor is too small
|library glib-2.0.4201.3 not found
| /usr/local/lib/libglib-2.0.so.4201.2 (glib2-2.60.7p0): minor is too small
|library gobject-2.0.4200.10 not found
| /usr/local/lib/libgobject-2.0.so.4200.9 (glib2-2.60.7p0): minor is too small
Direct dependencies for dconf-0.34.0p0 resolve to glib2-2.60.7p0
Full dependency tree is bzip2-1.0.8 glib2-2.60.7p0 gettext-runtime-0.20.1p0 libffi-3.2.1p5 sqlite3-3.31.1p0 xz-5.2.4 pcre-8.41p2 libiconv-1.16p0 python-3.7.4
Can't install at-spi2-core-2.34.0p0 because of libraries
Direct dependencies for at-spi2-core-2.34.0p0 resolve to glib2-2.60.7p0 dbus-1.12.16p2v0
Full dependency tree is python-3.7.4 libiconv-1.16p0 pcre-8.41p2 xz-5.2.4 sqlite3-3.31.1p0 libffi-3.2.1p5 gettext-runtime-0.20.1p0 dbus-1.12.16p2v0 bzip2-1.0.8 glib2-2.60.7p0
Can't install atk-2.34.1p1 because of libraries
Direct dependencies for atk-2.34.1p1 resolve to glib2-2.60.7p0
Full dependency tree is sqlite3-3.31.1p0 libffi-3.2.1p5 gettext-runtime-0.20.1p0 glib2-2.60.7p0 bzip2-1.0.8 python-3.7.4 pcre-8.41p2 libiconv-1.16p0 xz-5.2.4
Can't install at-spi2-atk-2.34.2: can't resolve at-spi2-core-2.34.0p0,atk-2.34.1p1
Can't install gtk+3-3.24.20: can't resolve at-spi2-atk-2.34.2,dconf-0.34.0p0
Can't install gtk+2-2.24.32p9: can't resolve atk-2.34.1p1
Can't install firefox-esr-68.10.0: can't resolve gtk+2-2.24.32p9,gtk+3-3.24.20
Couldn't install at-spi2-atk-2.34.2 at-spi2-core-2.34.0p0 atk-2.34.1p1 dconf-0.34.0p0 firefox-esr-68.10.0 gtk+2-2.24.32p9 gtk+3-3.24.20

Argh! after more googling, it seems the way to handle this is to run the -current flavor of OpenBSD, which has more recent versions of many packages including firefox.

So I switched over to -current, rebooted, ran pkg_add firefox and boom, firefox installed and runs great so far!

Networking

WiFi

The x230 has an intel wireless chipset. To configure it, you need to create the file /etc/hostname.[if] where [if] is the networking interface, which you can find using ifconfig.

# /etc/hostname.iwn0
join ESSID wpakey PASSWORD
dhcp

Then run the following:

$ doas sh /etc/netstart

localhost / DNS

I realized there was something weird going on when localhost was resolving to an external ip, other than 127.0.0.1.

Turns out, OpenBSD needs to be configured to reference your /etc/hosts file. Since /etc/resolve.conf was being auto generated based on a response from my DHCP server, I had to create a /etc/resolve.conf.tail file and add the following line:

#/etc/resolve.conf.tail
lookup file bind

This will be appended to /etc/resolv.conf when you bring up your network. lookup file bind tells it to reference /etc/hosts before hitting BIND.

See the resolv.conf man page for more info.

System Services with rcctl

System services can be managed using rcctl.

    # show all
    $ rcctl ls

    # enable
    $ rcctl enable apmd

    # start
    $ rcctl start apmd

Laptop Performance

Enable Auto CPU Scaling

The apmd service will handle scaling your processor up and down based on workload.

    # enable the service
    $ doas rcctl enable apmd

    # set the auto scale flag
    $ doas rcctl apmd flags -A

    # start the service
    $ doas rcctl start apmd

Check that it’s working with apm.

    $ apm

Enable CPU HyperThreading

HyperThreading was disabled by default for me. Use sysctl to enable:

    $ doas sysctl hw.smt=1

Auto Performance Policy

I think this is the same thing as using APMD, but im not sure.

Performance Policy was set to manual by default, set that to Auto to let OpenBSD handle scaling your processor.

    $ doas sysctl hw.perfpolicy=auto