This guide showcases a basic install of OpenBSD 7.1 with Xfce without any encryption and with some performance improvements. While the OpenBSD base system comes with complete and carefully edited documentation for each command and for many of the configuration files, some people may find it easier to have a written out step by step guide of doing things.
Prerequisites
a USB stick
an ethernet connection (the installer might not load your wifi drivers, don’t worry they’ll work after installing)
lacking the irrational fear of terminal installers
Creating the live media
To start, prepare a USB stick with the OpenBSD installer. For example, on GNU/Linux it can be created by attaching the target device and copying over the image with dd(1).
The dd command will overwrite existing data. Make sure to find and then verify the correct device identifier of the USB stick.
Assuming the device was recognized as sdc
:
dd if=install*.img of=/dev/sdc bs=1M
Copy
where the * is the version on the img file, the current one being 7.1.
Backup everything you do not wish to lose on some external storage.
Check in the BIOS that Secure Boot is disabled and that UEFI Boot is enabled.
Installing
Boot the installer.
Once the kernel is booted, the installer asks the first question.
...
root on rd0a swap on rd0b dump on rd0b
erase ^?, werase ^W, kill ^U, intr ^C, status ^T
Welcome to the OpenBSD/amd64 7.X installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
Copy
Select (I)nstall
and answer the questions.
The default keyboard uses the US layout, press enter if you wish to use that or choose the one you’d like from the list. As previously stated, wifi may not work so an ethernet connection is required, typically the default is em0 or the name of your adapter if on a laptop.
System and Networking
Choose your keyboard layout ('?' or 'L' for list)
[default]
System hostname? (short form, e.g. ‘foo’)
OpenBSD
Available network interfaces are: em0 vlan0.
Which network interface do you wish to configure? (or 'done')
[em0]
IPv4 address for em0? (or 'autoconf' or 'none')
[autoconf]
IPv6 address for em0? (or 'autoconf' or 'none')
[none]
Which network interface do you wish to configure? (or 'done')
[done]
You may now see the DNS domainname and nameservers being echoed on the screen
Using DNS domainname my.domain
Using DNS nameservers at 192.168.122.1
Copy
Users and Logins
Password for root account? (will not echo)
= *******************
Password for root account? (again)
= *******************
Start sshd(8) by default?
= yes
Do you want the X Window System to be started by xenodm(1)?
= yes
Change the default console to com0?
= no
Setup a user? (enter a lower-case loginname, or 'no')
= username
Full name for user *username*?
= Username
Password for user *username*? (will not echo)
= *******************
Password for user *username*? (again)
*******************
WARNING: root is targeted by password guessing attacks, pubkeys are safer.
Allow root ssh login? (yes, no, prohibit-password)
= no
What timezone are you in? ('?' for list)
= UTC
Disk Setup
Available disks are: sd0
. Which disk is the root disk? ('?' for details)
= sd0
Use the (W)hole disk MBR, whole disk (G)PT or (E)dit?
= gpt
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout?
= auto
File Sets
OpenBSD is broken up into multiple parts called sets. Depending on the intended purpose of the machine, as well as the available space, you can either install all sets or only the required ones. Installing all sets is recommended for new users.
Location of sets? (cd0 disk http nfs or 'done')
= disk
Is the disk partition already mounted?
= no
Which disk contains the install media?
= sd1
Select sets by entering a set name, a file name pattern or ‘all’. De-select sets by prepending a ‘-’, e.g.: ‘-game*’. Selected sets are labelled ‘[X]’.
[X] bsd [X] comp6X.tgz [X] xbase6X.tgz [X] xserv6X.tgz
[X] bsd.rd [X] man6X.tgz [X] xshare6X.tgz
[X] base6X.tgz [X] game6X.tgz [X] xfont6X.tgz
Copy
Set name(s)? (or ‘abort’ or ‘done’)
= done
Directory does not contain SHA256.sig. Continue without verification?
= yes
CONGRATULATIONS! Your OpenBSD install has been successfully completed!
Exit to (S)hell, (H)alt or (R)eboot?
= reboot
Post Installation
Unplug USB drive with the installer and boot OpenBSD from the target drive. Login as a regular user and run this command in xterm(1) to switch to root.
su
Copy
run syspatch(8):
syspatch
...
Relinking to create unique kernel... done.
Copy
If your wired internet is working you should run these commands to update and get your wifi working if it isn’t already:
pkg_add -Uu
Copy
sysmerge -d
Copy
fw_update
Copy
What if my WiFi card won’t work without firmware and I don’t have a wired connection?
The fw_update man page mentions the fw_update -p
flag. You could technically download the WiFi firmware from OpenBSD’s archive on another computer, copy it to a usb stick, mount it on OpenBSD and then run fw_update -p path_to_firmware
, but I haven’t tested this myself.
Backup & Update fstab(5) to add noatime:
cp /etc/fstab /etc/fstab.bak
sed -i 's/rw/rw,noatime/' /etc/fstab
Copy
Backup & Update login.conf(5) to increase memory limits:
cp /etc/login.conf /etc/login.conf.bak
sed -i 's/datasize-cur=768M/datasize-cur=4096M/' /etc/login.conf
sed -i 's/datasize-max=768M/datasize-max=4096M/' /etc/login.conf
Copy
Enable apmd(8):
rcctl enable apmd
rcctl set apmd flags -A -z 7
rcctl start apmd
Copy
Add your username /etc/doas.conf
:
echo 'permit username' > /etc/doas.conf
Copy
Install Xfce & Firefox
See OpenBSD FAQ - Package Management
Software that isn’t included in the OpenBSD base is ported to OpenBSD by volunteers in the ports team. The pkg_add
command is used to install pre-compiled binary packages. There is dependency tracking and packages can be updated using pkg_add -u
and deleted using the pkg_delete
command.
OpenBSD has a global mirror system that is accessed through a content delivery network and the address of the package repository is written to /etc/installurl
during installation.
The command below installs xfce, nano and firefox:
pkg_add xfce xfce-extras nano firefox
Copy
Optional Install xfce4-power-manager for laptop batteries
pkg_add xfce4-power-manager upower
Copy
Edit/Create the .xsession
file
nano /home/username/.xsession
Copy
and add
exec startxfce4
Copy
It is recommended to add the user to these groups, you can see more about them in the handbook
usermod -G operator username
usermod -G staff username
usermod -G games username
Copy
FAQ
I cannot ping urls but I can ping IPs outside my network
Add nameservers to your resolv.conf
i.e. Google’s DNS
Your resolv.conf should at minimum look like this
nameserver 8.8.8.8
nameserver 8.8.4.4
lookup file bind
Copy
Replace Google’s DNS with your ISP’s or whichever you might prefer.
…aaand you’re done, reboot and login as a regular user.