Purely based upon the way that I wish to use my SL-C3000 I have given OpenBSD a try several times since it was first released. Now, a couple of months into the release of OpenBSD 3.8 I felt that the -current fork of OpenBSD was again worth a try.
Within this posting I will recount useful setup details that I found for the initial setup of the environment.
During this posting I also give some configuration hints that suggest settings in some of the main configuration files for OpenBSD, one in particular will weaken OpenBSD default security, some may have other security implications that I either do not know or do not care about. If you wish to research and comment on these setting changes then I am keen to have any feedback that you may have; I simply want to say that my setting changes don't represent OpenBSD 'ultra secure defaults'. The original installation settings represent the official settings
The Installation
----------------
This time I decided to use the entire 4Gb hard drive of the SL-C3000 for OpenBSD, leaving a 128Mb partition for swap. I accomplished this with a modified initrd.bin/linux kernel combination that hopefully I can soon post for download.
With this combination I was actually able to allow OpenBSD to automatically create the fdisk partition by saying 'yes' to 'use the whole disk' this created one primary partition table entry in partition slot 4 and built a default disk label using the whole disk.
In the disklabel editor I simply removed and recreated wd0a using 7738281 blocks leaving 262144 blocks (128Mb) free for wd0b which I created as a swap partition.
During the installation I chose to use ftp to install the package sets and used my Senao Wifi card for this purpose which was recognised as wi0.
<HINT>during setup of the card you will be asked if you wish to perform any manual configuration, selecting this option drops you to a shell prompt and from there you may use ifconfig to temporarily specify the access point name and key. Later on we shall show how to keep that information so that it is available when the card is configured during boot etc. name and key may be specified using the following command (assuming wi0 is your interface).
ifconfig wi0 nwid myaccesspoint nwkey mytextkey
(you can specify a hex key using 0x as a prefix).
</HINT>
Post Installation Steps
-----------------------
*Setting up the Wifi card properly*
Post installation I booted the system and it came up without the Wifi card configured for address but with no access point details.
Card settings on OpenBSD are stored in the file /etc/hostname.<if> where <if> is the name of your interface. So for me the file /etc/hostname.wi0 controlled the card settings.
This file contains at this stage (by default) the parameters to provide the basic configuration to the card and looks a little like this.
inet 10.255.38.2 0xffff0000 NONE
<HINT>Almost ALL standard configuration files on OpenBSD are documented in the man pages, they are really worth installing. man hostname.if will give a description of this file we are updating</HINT>
The parameters shown in this file represent the address (10.255.38.2), the subnet mask (0xffff0000) and the broadcast address which hasn't been specified.
You may add the nwid and nwkey (and other parameters) to this file, however, ensure that you specify a broadcast address if you do this.
An example of this file in its configured state is..
inet 10.255.38.2 255.255.0.0 10.255.255.255 nwid myaccesspoint nwkey mytextkey
(note that you can use decimal subnet mask representation as well as hex)
*Getting hotplug to handle the card*
At this stage a reboot will cause the card to become active. Also issuing the following command
sh /etc/netstart
will cause the interface to be made active.
If you remove the WLAN card, however, though and re-insert it there is nothing at this stage to tell OpenBSD to start the WLAN card. If you do this at this stage you can reconfigure the WLAN card by running /etc/netstart (note it isn't flagged +x so run it using sh /etc/netstart).
To handle hotplug of the card we must enable hotplugd, OpenBSD uses a fairly monolithic startup script to start most services and it takes the instruction to start these services from a file called /etc/rc.conf.
Open this file and search for the line hotplugd_flags. By default this will look like this...
hotplugd_flags=NO # for normal use: ""
As suggested change this line to look like this..
hotplugd_flags="" # for normal use: ""
This will cause the hotplug daemon to start on system boot.
We must now create a script for hotplug to run in order to start the wireless interface, check the hotplugd man page for more details, here is the script that I created (/etc/hotplug/attach).
#!/bin/sh
DEVCLASS=$1
DEVNAME=$2
case $DEVCLASS in
3)
# Network device
sh /etc/netstart
;;
esac
Once this is in place and hotplugd is started (either by reboot or simply running hotplugd) the system will detect a network card insert and use the main network startup script to configure that card.
*Running apmd*
APM stub features are built into the Zaurus kernel and on recent -current snapshots allow suspend/resume by pressing the power button even while not running XWindows (apm control can also be issued).
If, however, like me you wish to monitor the battery status of the device then you must run apmd.
You can run apmd from the console to start it immediately and then set the apmd_flags in rc.conf to allow apmd to start on boot.
Once running apm status can be gained using the apm command (see man page). This will allow any graphical battery management applets that you have to also display battery status
*Encrypted Swapfile*
By default OpenBSD encrypts the swap partition writes to protect you from a hackers ability to dump the contents of swap partition and gain sensitive information from the paged state of programs that have been running.
This option should be left enabled if you are concerned about such levels of security - you should also seek advice on other settings that I have mentioned if you are concerned to this level.
Swap file encryption will potentially harm our performance during large compilations so if you wish this may be turned off by setting a kernel flag.
Kernel flags are set in a file called /etc/sysctl.conf. Look for the flag vm.swapencrypt.enable and set according to your wishes. Reboot once you have made changes to this file. (see man pages for sysctl and sysctl.conf)
*xdm, a graphical login should you wish it*
xdm is a login manager for X systems allowing remote logins and local startup of X servers etc., completely unconfigured it can be a difficult learning curve to the new initiate.
The OpenBSD distribution comes with xdm installed and more importantly well configured
Reasons that you may wish to run xdm.
a. Pretty login straight into a windowed environment.
b. If you do manage to crash the X server and the text console doesn't reappear then xdm will start again allowing another graphical login
Reasons that you may not want to run xdm.
a. You want to login to a non graphical environment.
b. You want every last tiny bit of ram for some application or large compilation etc. (xdm memory footprint is about 3Mb whilst running on the Zaurus).
You may use xdm as your login manager so that you login straight into an X session by doing the following.
1. edit /etc/rc.conf and set xdm_flags=""
2. importantly edit /etc/ttys and comment out (place # in front of) the ttyC1 line.
It is important to comment out the getty spawn line on the console as mentioned otherwise a getty will spawn on the frame buffer that xdm is using and this will cause xdm to lose keyboard focus. It is not an utter disaster if this occurs because you can login from that getty and make the adjustment (in text mode) then reboot.
*Oh yes, one last thing*
You are running a proper distribution of BSD here, this is no cut down distribution so create yourself a NON root user using adduser and start using it instead of logging in as root every time
