OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Call For Testing Of OpenBSD Automatic Installation
Contributed by tbert on Tue Jan 14 10:03:51 2014 (GMT)
from the unattended-consequences dept.

As we mentioned previously the OpenBSD developers have been working on adding support for unattended, automatic installation and configuration of the operating system. The new support is still a work in progress and the developers need help from the community to test the new features and report their findings.

If you'd like to help out with the testing, you'll need to be following -current by running snapshots. Information on PXE booting can be found at the "FAQ 6.10 - How do I boot using PXE?" entry as well as the pxeboot(8/i386) and pxeboot(8/amd64) manuals. For instructions, read the "Preparing an unattended installation of OpenBSD" section of the "INSTALL.${arch}" file (e.g. "INSTALL.amd64") found in the same directory as the installation sets. Even if everything works perfectly for you, it's still helpful to report your test results on the tech@ OpenBSD mail lists.

Check below the fold for what a successful install looks like.

[ 6 comments 192d13:23 ago ] (flat) (expanded)

mdocml-1.12.3 Released
Contributed by tbert on Thu Jan 2 06:57:37 2014 (GMT)
from the man-of-docs dept.

Ingo Schwarze (schwarze@) wrote in to tell us about the new release of mdocml (mandoc):

I have just released version 1.12.3 of mdocml = mandoc on

This is a stable maintenance and bugfix release not changing any major functionality or interfaces. All users and downstream distributions are encouraged to upgrade from whatever earlier version they happen to be using.

The two main new features are in mdoc(7) parsing and output: In the SYNOPSIS, function declarations now break the line at better places and indent more nicely. This was accomplished with help from Franco Fichtner (franco@DragonFlyBSD). And mdoc(7) macro arguments now handle the quoting of quote characters correctly, thanks to a patch from Tsugutomo ENAMI (enami@NetBSD). There are several additional bug fixes and tiny new features; for more details, see

[ 0 comments ] (flat) (expanded)

Heads Up: atexit(3) Moved
Contributed by tbert on Wed Jan 1 06:25:06 2014 (GMT)
from the cant-find-the-right-door dept.

Due to internal changes in how atexit(3) is implemented, upgrades from source require a special set of steps:

To support the use of atexit(3) in dynamically loaded shared objects, atexit(3) is now
provided by the C runtime startup files. If you want to upgrade via source you will need
to build and install new C runtime startup files first:

  cd /usr/src/lib/csu
  make clean
  make obj
  make depend
  make install

Now you can follow the standard procedure outlined in release(8).

[ 0 comments ] (flat) (expanded)

Boot-Time Randomness
Contributed by tbert on Mon Dec 30 16:57:31 2013 (GMT)
from the mathematically-impossible-to-guess-what-you-got-for-christmas dept.

Initial support for boot-time availability of high-quality random numbers has been committed:

From: Theo de Raadt 
Subject: Randomization from the bootblocks

Over the holidays I've written code to do something we've
talked about for a long time but never gotten around to.

The bootblocks are now capable of providing entropy to the
kernel very early on.

This requires an upgrade of the bootblocks and at least
/etc/rc (which saves an entropy file for future use).  Some
bootblocks will be able to use machine-dependent features
to improve the entropy even further (for instance using
random instructions or fast-running counters or such).

As a result, the kernel can start using arc4random()
exceedingly early on, even before interrupt entropy is
collected.  The randomization subsystem can hopefully
become simpler due to this early entropy.. there is more
work do here.

At least i386, amd64, macppc, sparc64, hppa, and loongson
are supported.  Hopefully the others are not far behind.

Because many in-kernel consumers of randomness are initialised very early, this means that the in-kernel protections derived from randomness should now be much better.

[ 0 comments ] (flat) (expanded)

Heads Up: i386 moves to PIE
Contributed by tbert on Sun Dec 29 12:53:37 2013 (GMT)
from the cake-is-a-lie dept.

Following up on the commit that enabled the change, Theo de Raadt (deraadt@) wrote in to tech@ with a note concerning care to be taken during upgrades now that i386 runs PIE executables.

From: Theo de Raadt 
Subject: i386 switched to PIE

The i386 architecture has now been switched to PIE.  There is a small
performance hit, but this part of ASLR is valuable combined with
W^X and the stack protector.

This is a non-trivial upgrade, so please be careful.  Check the FAQ
for details or use a snapshot.

As it says in the commit message, special steps are required for upgrading from source, so check the instructions for doing so, if not upgrading via snapshots.

[ 0 comments ] (flat) (expanded)

BSDNow Episode 016: Cryptocrystalline
Contributed by tbert on Tue Dec 24 14:43:36 2013 (GMT)
from the slacking-editors dept.

In BSDNow Episode 016: Cryptocrystalline there is an interview with Damien Miller (djm@ @damienmiller) titled "Cryptography in OpenBSD and OpenSSH" along with an article titled "Secure communications with OpenBSD and OpenVPN" and tutorial about "Full disk encryption in FreeBSD and OpenBSD"

The BSDNow show is recorded live on Wednesdays at 2pm Eastern Standard Time and then the live recording is edited into the video and audio files released the following Friday afternoon. Due to time constraints and live recordings, it's always best to check their website show notes and tutorial pages for updated information. As TJ said, "It's a community-driven project," so if you want to help out, you can send questions, comments, show ideas/topics, or stories you want mentioned on the show to

Available audio and video recordings:
SD Video | HD Video | MP3 Audio | OGG Audio | Youtube | Torrent | iTunes MP3 | Roku

[ 0 comments ] (flat) (expanded)

strlcpy(3) Use in 3rd Party Software
Contributed by tbert on Tue Dec 24 13:03:02 2013 (GMT)
from the decoded-symbols dept.

Theo de Raadt (deraadt@) penned a missive titled "On the matter of strlcpy/strlcat acceptance by industry":

From time to time, there are people who say that strlcpy and strlcat
are stupid.

This is a little frustrating because we just want developers to have
an easier time writing/auditing string code to avoid overflows and
truncations, especially considering so many standard C APIs require
fixed length strings or have other limits, and will in the forceable

You probably all know about the mainstream users of these functions,
like the Linux kernel, or MacOS, or the other BSD's, and Solaris.  But
there are many, many more, and it is time to show the global
strlcpy'ing deniers the reality.

I've collected some statistics to see how much upstream software use
these functions.

The (elided) rest of the message below the fold; the full lists of software can be found at the link to the mailing list archive.

[ 1 comment 1330d14:50 ago ] (flat) (expanded)

OpenSMTP Update(s)
Contributed by tbert on Tue Dec 24 15:33:06 2013 (GMT)
from the stuck-in-the-queue dept.

Gilles Chehade (gilles@) has a recent blog post up about recent and upcoming work on OpenSMTPd, the greatest thing ever to happen to email†.

When I wrote the last blog post, we had just released 5.3.2 which was a minor release that fixed a few non-critical bugs that were reported to us since the first major release a few months earlier.

A while later, we released another minor release, 5.3.3, that also fixed minor bugs and brought some new non-invasive features to deal with common use-cases reported by our increasing user base.

OpenSMTPD 5.3.3 was very stable, it's been running on busy servers at work and we did not experience any bug with it while accepting and routing millions of daily messages with remote hosts on several machines.

It was a nice release for what it's worth :-)

What now ?

Well, we didn't stop hacking on OpenSMTPD and since 5.3.3 we have gone through lots of simplifications and adding new features. There are actually so many changes that a blog post can't possibly go through all of it but I'll discuss some of the most important and visible ones.

We have released new major version 5.4.1 a few days ago, and the features that are described below are all part of it. It is a very good release IMO and you should definitely take time to switch your 5.3.x setups to this new one.

If you hadn't caught it before, his previous update is also worth going through to get a glimpse into how this project has been improving over the last year.

† statement may not be factual

[ 1 comment 1332d22:15 ago ] (flat) (expanded)

OpenBSD ruBSD Talks Online
Contributed by tbert on Mon Dec 23 08:03:36 2013 (GMT)
from the are-you-bsd? dept.

Fresh from a successful tour of the motherland, our fearless OpenBSD devs have placed their ruBSD 2013 talks online:

[ 5 comments 1324d9:10 ago ] (flat) (expanded)

Support OpenBSD!

Donate to OpenBSD

Buy OpenBSD products


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Older Stuff
Wednesday, December 18
05:11 USENIX LISA 2013 Managing Access Using SSH Keys [video] (0)
Tuesday, December 17
08:19 tmpfs Enabled in -current (14)
Friday, December 13
15:04 BSDCan 2014 CFP (0)
Tuesday, December 10
09:39 FuguIta - An OpenBSD 5.4 + Patches LiveCD/LiveUSB (3)
Wednesday, December 04
09:02 ChaCha20 and Poly1305 in OpenSSH (6)
Tuesday, December 03
07:02 BSDNow Episode 013: Bridging the Gap - OpenBSD Router Part 2 (1)
Monday, December 02
07:57 Is Your Stack Protector Working? (7)
Thursday, November 28
02:50 Support For Shared Named Semaphores (0)
02:48 The 2013 Chuck Yerkes Award Goes To... (0)

Older Stuff...
Yesterday's Edition...

OpenBSD Errata

OpenBSD Resources

Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]