Author: Jem Matzan
OpenBSD is a complete, relatively small-footprint, Unix-derived operating system. Originally forked from NetBSD in 1996, the project has suffered only one remote security flaw in the default installation in more than eight years. Obviously the development team can’t guarantee the security of every one of the 3,000 ported applications, but there is a significant effort to ensure that there are no security flaws or other serious code-related problems in the Ports tree.
OpenBSD includes software for running all manner of servers: Web, email, proxy, DHCP, DNS, NFS, LDAP, and others. The Ports tree and package database (which consists of precompiled and tested programs from Ports) contain enough desktop applications to make OpenBSD 3.7 into a decent desktop system as well.
Daily insecurity reports are sent to the root user’s mailbox each morning with a summary of important files that have possibly dangerous permissions, and a list of changes to the /etc/group, /etc/passwd, and /etc/shells files, making security auditing an easy task.
One thing you won’t get with OpenBSD 3.7, as in previous releases, is proprietary or restrictively licensed drivers or programs. In fact you won’t even find Apache 2, because its license is more restrictive than its predecessor. OpenBSD 3.7 includes a heavily modified version of Apache 1.3.29 instead.
What’s new in 3.7
Most notable in the 3.7 release is the addition of a dozen new hardware drivers, mostly for wireless network cards. Two new ports of the operating system have been designed for the Sharp Zaurus GNU/Linux-based PDA, and several 64-bit MIPS-based computers from SGI.
Spamtrapping has been added to the spamd program, further assisting in junk email filtering by blacklisting hosts that send email to spamtrap addresses.
Most of the changes to OpenBSD 3.7 involve technologies related to networking or network services. The special edition of Apache in the base system has gone through a code cleanup. The Network Time Daemon can now set the time on its own at startup, as opposed to having to run a command to do it. The Border Gateway Protocol Daemon and the OpenBSD Packet Filter have also been updated with new features and technology. If you’re interested, you can examine a complete changelog.
Using OpenBSD 3.7
One of the great things about OpenBSD is that in each new release the structure and configuration of the base system rarely sees significant deviation from previous releases. This makes upgrading a breeze, because you don’t usually have to modify your configuration files. The exception is if you wish to add options and rules for new functions of existing technologies, or if you need to take out a script or hack that a program now automates on its own. Upgrading from OpenBSD 3.6 to 3.7 required no changes to my Web server configuration or system configuration files (/etc/shells, /etc/passwd, /etc/rc.conf, and so forth).
I installed OpenBSD 3.6 for AMD64 on a computer using an Athlon 64 4000+ processor and an MSI K8T Neo2-FIR motherboard, then upgraded to 3.7 after configuring my system. I also did a from-scratch installation of OpenBSD 3.7 to see if there was any change in functionality. The only serious problem I ran into was with the Promise 20579 onboard Serial ATA RAID controller — the OpenBSD installer could not recognize any disks connected to it. The remedy was to connect my hard drive to the other onboard SATA controller, the VIA VT8237. After my first boot into the installed system, I checked the output of dmesg to see if the Promise controller was recognized at all. While the vendor name and device type were correctly detected, OpenBSD 3.7 couldn’t figure out what model it was. The onboard VIA FireWire chip was also detected but not properly configured. The onboard VIA sound chip worked perfectly with no extra configuration needed.
The OpenBSD team recommends using packages instead of the Ports tree. Installing a program from Ports is far more convenient than looking up a package name, however. On the AMD64 edition of OpenBSD 3.7, GNOME 2.8.1 and KDE 3.3.2 both failed to compile on my test machine for different reasons, but the packages installed without any trouble.
If I had a recommendation for the OpenBSD developers, it would be to simplify package names so that they may be more easily installed. As it is currently, to install a program you must specify the full path to the package, including the “alphabet soup” version number that follows it and the .tbz extension. It would be much more convenient to type pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/3.7/packages/amd64/xmms.tbz than the specific version of XMMS, as in pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/3.7/packages/amd64/xmms-1.2.0p10.tbz. Even more convenient would be name resolution for packages, which is how FreeBSD does it: pkg_add -v xmms. Since each release only includes one version of every package, version conflicts shouldn’t be a problem.
OpenBSD 3.7 does have a better package manager than 3.6 did: it now offers a sort of “portupgrade” functionality through the new -r switch. I didn’t have any problems with it, but I had few packages installed. Most of the programs that I had installed on my OpenBSD 3.6 machine were done from the Ports tree. There is still no equivalent to the portupgrade command on FreeBSD, which determines which programs from Ports are installed and out of date, then recompiles them with the updated code and installs them. The man page for pkg_add warns that the new -r function hasn’t been thoroughly tested and may break a working system.
Conclusions
Overall, OpenBSD 3.7 is a great release. I discovered no major bugs, everything that should work did work, and a feature that I’d been hoping to see — the upgrade function of pkg_add — has been implemented.
The theme of the OpenBSD 3.7 CD set is The Wizard of Oz, and the cute little CD jacket cartoon strip shows the OpenBSD mascot and friends on a journey to achieve better wireless card drivers. Their adventure takes them to the Emerald City to meet the great and powerful Wizard of OS himself — an effigy of a crown-wearing penguin. The man behind the curtain turns out to be a Richard Stallman-like character with GNU horns. The characters are disappointed because the Wizard ends up being “all talk — no action!” So they decide to code the wireless driver by reverse-engineering the device. I don’t know that the GNU and Linux projects are “all talk and no action,” but OpenBSD certainly does “walk the walk.” It shows in the latest release, and I look forward to seeing what new drivers and features appear in 3.8. It’s only six months away.
| Purpose | Server operating system |
| Manufacturer | The OpenBSD Project |
| Architectures | i386, AMD64/EM64T, SPARC, SPARC64, Alpha, HP300, HPPA, Mac68k, MacPPC, mvme68k, mvme88k, luna88k, VAX, MIPS, Zaurus |
| License | BSD |
| Market | Servers of all kinds, for home, office, or enterprise; security-minded desktop users and sysadmins |
| Price (retail) | $45 for a 3-CD set. Click here to buy it directly from the OpenBSD site. Can be installed over FTP for free |
| Previous version | 3.6 |
| Product Web site | Click here |
Category:
- BSD
