 Better? Okay, same, again, anyway, you will learn to appreciate that the, this question here, set up a user, do you want to disable this as HD root logins? And of course it defaults to yes. And we're all in good, and well, there's a magic trick here that I actually managed to figure out that we're in Europe and Sofia. Next up finds you whatever your root disk is. If you have several disks, it will find them. You may have to muck around with the F disk at some point if you have several disks to start with. This is a very simple one. One tip here, you could, you can choose here, whether you want disk UIDs, which are fairly long strings, unique identifiers for your disks, which also becomes part of the partition name for your FS tab. You want this, but you can choose no here and go with the old-fashioned WD0A and so forth. Which of course risks that whenever you put another disk in, well, the numbering might change and you don't want that. You really, really want the UIDs. Next question here is, well, where it gets scary, at least if you're multi-booting, do you use the whole disk or edit the MBR? You could edit the MBR, this drops you into the F disk, but this is the only disk in this virtual machine, so we'll skip the MBR editing. Well, let's have a look. It looks like this. What we could do here, basically we have four partitions and if this was not your boot disk, you would want to zero out the three non-zero ones. But we do not want this and we use the whole disk and it comes up with a default partitioning system scheme. Now, if you notice the command points, you have a small root partition, you have something like temp where you will not, where the mount options will include no execute, no device and so forth and it tries to make a sensible choice for how much space you actually want to use and fairly, well, actually fairly minimal amounts of space and whatever is left over after the reasonable amount of space for your system is automatically suggested to go to your home partition. Your home directories will be created. You can play with this, you can go ahead and edit, but again, just to demonstrate that we can, I don't know, BST install is almost all pressing enter. We just go for the automatic layout and now it creates the file systems and we go to, finally we're starting to really install all the other sets. Now, here you could, if you have your sets in a different location, you can even install off the local hard disk. Well, on a new install, that probably is not an option, but for upgrading. Whenever I myself tend to go snapshot to snapshot and I just download the sets, boot off the BZRD install from the local disk and just works. We can walk through that later, but here we go from the CD set. There's a default for the path on the CD and this is where we, it makes an intelligent choice here that to, well, since the default QMU virtual machine is not a multiprocessor machine, it does not want to install the BSDMP, which is multi-processor kernel. The rest of the sets, rest of the sets at once. You will notice, well, this is actually slightly past five, six, but you will notice that there is no X sets here. There's only X sets. We'll get back to that. But anyway, we go install. Yes, you will perhaps have this problem. The directory does not contain the signature. Continue with that verification. On a new install, hopefully you've verified your sets anyway, so we can just go ahead and install. This will take a couple of minutes. QMU, unfortunately, is not a high performance solution. There was some talk about OpenBSD and Beehive. I don't think anybody's working on that at the moment. Anyway, from here on, the installing OpenBSD, you can safely go with the defaults. Basically, enter, enter, enter through your install. After this, you will need to type reboot and you'll be bleeding into the system. We can take a peak round. Yes. QMU, you could do that. As long as whatever you put on your flash drive, this has been verified. In that case, you could probably do an auto install. It sounds like an environment that's really ripe for an auto install. Just have your response file ready, which we could take a peak at. QMU, I think it's a good question. QMU, I think it's a good question. QMU, I think it's a good question. QMU, I think it's a good question. You can have a look at your response file ready. We could take a peek of that. While this completes, that's in the other presentation. For your auto install, you have something like, what we would do is put up put up in your dhdp.conf, assuming you already have a working server here. Basically, what you put in here, of course, the Ethernet address of the thing, the IP address is supposed to have a file name with auto install that will do the install sequence. If it's auto upgraded, it will do an upgrade on an existing system. And you would have this response file like something, okay, your system, host name, password, which is the encrypted version of the password. And well, basically your questions and the matching answers. And I think we can actually run that demo here. You know, our regular install has almost finished. Yes, so this is what an install looks like. This is an MP4, so this is actually cheating. This is all. There might be some small differences. Basically, this is the boot, and pretty soon you will see the automatic, okay, it waits for a few seconds for whether you choose to, yeah, so I think the timeout is, yeah, the time is five seconds for, and it just retrieves the information and goes through all the partitioning and so forth in really high tempo here. And we have here in contrast to what we had earlier, this one has the signature file. It actually starts by verifying the sets. And the first step is verification, the next step is installation. Yeah, I managed to put that in. Also, part of it is probably because that disk was fairly small. So there's a limit here. I forget which limit it is, but if the disk is really small, it won't offer that. 11 partitions. It won't just, okay, go root, swap, whatever. So I think you should be able to, I think you probably should be able to specify, I forget the details, sorry, but yeah, you should be able to specify a, did we stop something? No, okay, it just takes a little time. And of course, this went with the default, default choice of the sets. So we get even the games, stuff like Beastie Tetris. And this will conclude as, yeah, this is almost done anyway. It will, much like the one in the background here, well, yes. What this will do is, not to say it saves the configuration files. And as we know it's in the background here, this one is also, it also boots into the newly installed system. So, and basically, if you have a number of systems you want to install automatically, this is the way you do it. Now if we return to, yes, for manual install, well, this is where it stops, where you actually need to enter reboot. And we will have a version 5.6 system. Yeah, and the O install is apparently unrepeated in the background. I think we'll just kill that. Now this is what a regular boot looks like. Yeah, and it will list things like PF is enabled, PF is actually enabled before the network is configured, which is one thing that, well, free BC users will perhaps find a little strange, but what happens is when PF is enabled to this real stage, it also loads a default rule set that will be in place in case you fucked up your real PF.conf. So you can log in and fix things. So, and yeah, well, you can see the, here, well, it generates the host keys. This is the first boot. So, yeah, actually a current, it's about a day after it was cut, but I overslept that day or something. The binary is called the same, but in 5.6 it is Libre SSL, but the file names didn't change. Now, back when I started using OpenBSD, I was really impressed by how tight a system was, like little ads, and everything had a man page and so forth. What happens in OpenBSD 5.6 is that ads is actually a lot smaller. What happened is that a lot of the config files that used to be here for non-default services were simply moved to its examples. So if you happen to, let's have a look at the examples. If you don't run BGP, you don't want BGP.conf anyway, but you have an example here. Please, we can start by copying that back and editing and so forth, or you can just read this as documentation. So, basically, your system got a lot less messy, well, even less messy in OpenBSD 5.6, compared to earlier. Now, on an upgrade, you might see a lot of things lying around anyway, but now at least you know you can remove them, stuff you don't. And I suspect when the actual release happens, there will be a documentation on the web on exactly which files to remove if you're going for pristine system. Now, that's for a clean install. If we're interested, we could go for an upgrade from some earlier version, or, well, or I could start listening to your questions. Again, the form of the session is, yeah, let's start and start demo here. Yes, one thing I did not mention is that the installer used to be done before consoles could be the FTP or HTTP. For various reasons, we are dropping HTTP works just well. And we do have a very nice FTP proxy for PFR walls, but you can't really rely on that being in place. So HTTP generally works. And if you're running a mirror, well, this one, that's the thing you need to worry about. So, let's starting with 5.6, we only have, actually, that was 5.5. So, for anyone coming from the Linux world, OpenBSD, well, basically, there are not a lot of, well, there are fewer knobs to twiddle and OpenBSD and several other operating systems. Once you do twiddle, you put in your rc.conf.local, because rc.conf is defaults file. So, if you look at the pristine system here, rc.conf.local is, well, all of 12 bytes. And this is slow. And it says, well, basically, it says we enable the NTPD. And it has no flags, it just runs with defaults. You would rc.conf, as I said, on OpenBSD is defaults, much like freeBSDs as defaults, rc.conf. Same thing, only we, our convention is, well, it's, that ammunition did not used to be that, that's strict, but, well, people have been known to edit this, and this is a really bad idea, because this file will be overwritten next time you upgrade. It comes out of the base sets, or it used to be the S sets. So, this is the format, and this is now a really simple file, either. There are basically three things you can do with each setting. You can disable, disable stuff with no. Anything that is not no, including, well, if it's empty, it's enable, enable a demon, but run with whatever defaults. Or alternatively, you can put sort of flags and quotes here. So, much the same as on freeBSD, but you cannot put commands or scripts here. That would be for your rc.conf local, for example. No, rc local, rc.conf local is basically just an extension of, or actually overrides rc.conf. And again, one thing we do not put in the, in contrast with, with freeBSD, we did not put the network interface configuration in rc.conf. It actually goes in hostname.notinterfacename files, much like, you know, traditionals, laris, and a few others. And of course, well, anything you put in your ads directory for sub-rectees, as you want them, config files for various demons. And really important here, on openBC, everything has a man page. Everything has a man page, and usually, usually has readable. So, if you were a little braver, you would just dive into the man pages and skip my tutorial. But anyway, so basically, something, yeah, one thing that's good to know is we have a specific setting, package scripts. Packages are, anything installed by the package system, or our demons known, installed by the package system, generally are started by a some script in src.d, named, same as demon. So, and the ones you want to start automatically on boot, you put in the package scripts variable. And here is for a mail server, I am running, it starts xm, because I do not like send mail, and OpenSMTP wasn't quite ready yet. Spam is in clamd, fresh clam, and grayscanner. Grayscanner is a program that runs in tandem with openBC spamd. If you don't, if you haven't sampled spamd yet, well, and you're running in the mail server, you're really missing out. And, yeah, for your local, you can actually actually let local exists if you have stuff that doesn't fit in the more modern version of how to do things. Yes, things that are good to know is that the base demons are generally prevent separated, so, and some of them are in charoute, so that, well, the practical upshot of this is that your, it's password, and it's groups, it's group file on a typical OpenBC system is a little more crowded than, yeah, these, basically everything runs as its own user with a specific set of permissions, and usually a home directory that's not really usable. And most of them will not have a, well, most of them will have a non-interactive shell as well. So, yeah, that's me at the bottom there. Which is, you know, bending the traditional Unix Unix permissions system to do your well even without the, what do I call it, role-based, this is close to role-based access control as you get using using Unix permissions. So, and, well, one thing that's important to remember is that, well, well, one thing that always trips up Linux users coming to OpenBSD is that bin, bin SH is not bash. On OpenBSD it's the post-main-born shell. And the one thing that will get you roundly ridiculed in OpenBSD is changing root shell to bash. Don't do that, don't do that, because, well, or some, well, system scripts have not been extensively tested using bash. So, well, it's likely that things will break. And of course, for your basic environment, you want an editor. If you want to X, there is one. We have a real VI, and we have MG, which is a strange animal. That's an E-max clone. That's actually just an editor. I, yeah, and when I grew up with E-max, we'll be quite happy with MG. But, you know, it's just an editor, not that, not that big monster. But a new E-max is available through the package system if you want that. If you want to read email with your edited text editor, you can. So, yes. Yes, our, our locale support, yes, unfortunately, unfortunately, locale support is, has been a mostly stopped work in progress for quite a while. But again, once you're in X, that's, it's generally, generally better to take care of. So, but yes, on the, even Norwegians like, like myself, we do not. This is supposed to be an O slash, and this is AE, actually, the AE ligature actually becomes AE on the shell here. So, that, that is a remaining problem. So, basically, UTF-8 is not told yet. It's, it's been a set of work in progress for quite a while. It's possible that work is stopped and might be restarted if somebody steps up. It's, the thing is with Unicode support, it's a fairly large set of code that needs to be verified to actually work. So, it's a lot of work involved. So, and polluting the, well, it has been referred to as polluting the, the base system. So, what's the question over here? Now, once you've, once you've installed your 5.6 release, well, there is already a patch for OpenBST 5.6. Yes, wondering why the built-in paid fix for several popular network adapters. This one, well, the recommended way to do, to go is really, what I tend to do when I want to run stable systems is maintain a stable checkout of the, let's check out those of the stable source tree. Where it's basically pick the mirror nearest to you network-wise. You'll find a final list of mirrors via this, via the add-on CVS page on OpenBST.org for, well, for most people in Europe, EU, the EU mirror will work. This one says CA because, well, the previous presentation was given in Canada. And a good thing here is that if you check out a, the, the stable tree, you probably will notice that the same files that are referenced in the, in the patch file in the ARATA, well, will be like this change when you do the checkout. But you can, what we should do anyway is when, when there is a ARATA out, I'll fetch the file anyway or just at least look at it. And you can go from here. This is basically a diff. And it's also got the, now it looks like the signature here is a separate file. But anyway, you go by the, whatever it says on top of the, top of the patch. So here's the, apply the, the patch. And you actually apply the patch by running a signify command that verifies that the patch is, is real one and then runs, runs patch. And using, using the actual patch here, you can fairly easily eyeball whether the, whether the relevant files have been changed. And again, go and build your kernel. And again, if you maintain a lot of systems, you might want to actually build local releases. It's a little more involved, but the release, the man release page is actually quite complete. Another thing, if you want to, if you want more literature on the current feeding of OpenBSD, Michael Lucas' absolute OpenBSD second edition is a really good book about OpenBSD. It's now a couple of versions old, so it doesn't, he doesn't have signify, for example, and the, and the PF part is missing the new queuing system. But you know, the book is really worth, worth getting. Are we, are they setting up coffee out there? Yes, okay. So maybe we should break for coffee. And I'll promise I'll turn on the microphone afterwards.