OpenBSD Journal

Since ourprevious report,there has been significant progress on support for riscv64:

Sven G is back with another tale of using a Raspberry Pi in his garage:

Frederic Cambus (fcambus@) hasbloggedabout the recent history and current state of toolchains on OpenBSD.It provides a good explanation of how and why things got to where they stand.

The OpenBSD project has releasedOpenBSD 6.9, the project's 50th release. As usual the release page offers highlights, installation and upgrade instructions as well as links to other resources such as the detailed changelog.Notable improvements include, but are not limited to

With the followingcommit,Dale Rahn (drahn@)imported initial support for the64-bitRISC-Varchitecture:

We received a contribution from Sven G, about checking the temperature in the garage where his dog sleeps with OpenBSD:

Dr. Brian Robert Callahan (bcallah@)blogged about his work in getting D compiler(s) working under OpenBSD.The first paragraph reads:

Hoping to be able to make a conference in Vienna in September (and doing it digitally if not), the EuroBSDCon is now accepting submissions for presentations and tutorials.

In a recent blog post, OpenBSD developer Solène Rapenne (solene@) offers an over view of the security features offered by a default OpenBSD installation. The first paragraph of the introduction reads,

With the followingcommit,Florian Obser (florian@) importeddhcpleased(8),DHCP daemon to acquire IPv4 address leasesfrom servers, plusdhcpleasectl(8),a utility to control the daemon:

With the followingcommit,Florian Obser (florian@) importedresolvd(8),a daemon for handling nameserver configuration:

In this commit, David Gwynne (dlg@) adds a new veb(4) driver to the tree. David's goal is to replace the old bridge(4) driver:Read more…

Mark Kettenis (kettenis@) isteasingOpenBSD booting multi-user on Apple M1 hardware:

Recent noteworthy things commited to -current and not previously reported include:

You may have missed the event during the weekend, but with this commit, OpenBSD -current turned 6.9-beta.The commit message reads,Read more…

Does your pf configuration have route-to rules? If so, you need to consider the implications of this commit by David Gwynne (dlg@) carefully.

OpenBSD has managed to drop KDE3 and KDE4 in the6.8 -> 6.9 release cycle. Thatmakes me very happy because it was a big piece of workand long discussions.This of course brings questions:Kde Plasma 5 package missing.After half a year of work, I managed to successfullyupdate the Qt5stack to the last LTS version 5.15.2.On the whole, the most work was updatingQtWebengine. What a monster! With my CPU power at home,I can build it 1-2times a day which makes testing a little bit annoyingand time intensive.But today we can be happy about an up-to-date KDE stack in OpenBSD.Currently - at the end of January - our stack is very up-to-date:

With the followingcommit,Thomas Frohwein (thfr@)added a joystick/gamecontroller driver to -current:

IntroductionPf-badhostis a very practical, robust, stable and lightweight security script for network servers.It's compatible with BSD based operating systems such as {Open,Free,Net,Dragonfly}BSD and MacOS. It prevents potentially-bad IP addresses that could possibly attack your servers (and waste your bandwidth and fill your logfiles), by blocking all those IPs contacting your server, and therefore it makes your server network/resources lighter and the logs of important services running on your server become simpler, more readable and efficient.Read more…

OpenBSD developer Vadim Zhukov (zhukov@)has added preliminary OpenBSD support toOpen Broadcaster Software (OBS) Studio release26.1.0and later. The changes come as part of an ongoing collaboration between the upstreamOBSproject and OpenBSD developers.Preliminary OpenBSD support was added in two commits.Oneintroducedsndio(7) support.This adds a sndio plugin which Zhukov advises will provide more reliable, lower latency audio mixing than the ffmpeg plugin for OpenBSD users.The otherprovides basic support such as help evaluating OpenBSD-specific filesystem paths.A link to the release waspostedon Reddit, with a title claiming full OpenBSD support.Bryan Steele (brynet@) was quick to provide helpful context in acomment:

With the followingcommit,Marcus Glocker (mglocker@)added an enhanced privacy control for video recording:

Undeadly.org co-editor Peter Hansteen writes in, saying,

Solène Rapenne (solene@) has written ablog entryon the software system underlying the building of -stable packages:

On its 25 birthday,the OpenBSD project has releasedOpenBSD 6.8,the 49 release.The new release comes with a large number of improvements and debuts a new architecture, OpenBSD/powerpc64, running on the POWER9 family of processors. The full list of changes can be found in the announcement and on the release page. Some highlights:

IntroductionHitherto, releases of thefwobacsoftware (which underliesUndeadly)have been unsigned.This is overdue for change, so for the latest release [version 1.7], we are providing a digital signature.As signing is being performed manually, why not employ an additional [hardware] factor?signify(1)does not support the use of FIDO authenticators.However, recent versions ofOpenSSH do support signingusing the [under-appreciated]-Y sign option ofssh-keygen(1),and with the recent addition of FIDO authenticator support to OpenSSH[as reported previously],we have a means (using tools in base OpenBSD) of using a hardware factor when signing files.Read more…

Todd Mortimer (mortimer@) hascommittedRETGUARD(seepreviouscoverage)for the macppc (powerpc) and powerpc64 platforms:

Ingo (schwarze@) writes in about a side project he's been working on to do his own accounting:

Fresh off the k2k20 hackathon, Rafael Sadowski (rsadowski@)writes in:

The fourth report from k2k20 comes from Florian Obser (florian@), who worked mostly on DNS related things:

Our next k2k20 report comes from Klemens Nanni (kn@):

Fresh off the just-finished k2k20 hackathon, here is a report from Bob Beck(beck@):

Thek2k20 hackathonconcluded recently, and we are please to havereceived a report from Martijn van Duren (martijn@):

Withthis commit,Martijn van Duren (martijn@)addedlogin_ldap(8)to -current:

Theo (deraadt@) has just committed the crank to 6.8-beta to CVS

Frederic Cambus (fcambus@) has published an article on his blog about the work that has been done to improve the text-console experience on OpenBSD. Well worth a read if, as a proper UNIX-sysadmin, you enjoy working in a text-only environment; but also if you spend most of your time in X!

More than six years ago,LibreSSL was forked fromOpenSSL, and almost two years ago,i explained the status of LibreSSL documentation duringEuroBSDCon2018 in Bucuresti.So it seems providing an update might be in order.Read more…

Withthis commitand several more, Patrick Wildt (patrick@)upgraded -current to version 10.0.0 of LLVM:

In this commit, Paul Irofti (pirofti@) added support for reading timecounters in userland without making a syscall.Read more…

Since we reported the first bits of powerpc64 support going into the tree on 16 May, work has progressed at a steady pace, resulting in snapshots now being available for this platform.So, if you have a POWER9 system idling around, go to your nearestmirrorand fetch this snapshot. Keep in mind that as this is still very early days, very little handholding is available - you are basically on your own.Read more…

In the followingcommit(and a bunch of others), David Gwynne (dlg@) imported most of the code submitted recently by Jason A. Donenfeld and Matt Dunwoodie to allow you to use WireGuard natively on OpenBSD:Read more…

Wesley Mouedine Assaby who runs the OpenBSD Jumpstart webpage with hints and tips for beginners about OpenBSD in general has produced a visualization of how PCs boot into OpenBSD.Read more…

I presented a talk on how I used OpenBGPd as a control plane for my ISP. I cover areas such as Routing fundamentals, a lightning introduction to BGP. An interesting aspect of the design is how the OpenBSD / OpenBGPdis used to control the routing information in my ISP yet theforwarding of packets is offloaded to hardware Layer 3 switches. I also outline my favourite new feature of OpenBGPd max prefix outwhich I'm sure will save my blushes if/when I fat finger my Prefix filters(although if my hair cut is anything to go by it is clear I have no shame anyway!).You can check out the talk here!Tom would welcome comments and feedback on the talk.I hope the talk will help others in deploying OpenBGPd and OpenBSD in their networks.I would also suggest that those interested in learning more about OpenBGPdcheck out Peter Hessler's Tutorial on OpenBGPd which served as anessential aid in getting comfortable in configuring BGP on OpenBSD / OpenBGPd.Peter usually runs the Tutorial in advance of BSD Conferences.I would like to give a big shout out to the people who write thecode in OpenBSD and OpenBGPd, and that your effort makes my life runningmy network and ISP easier.A huge word of thanks is due to Dan Langielle and theBSDCAN2020 Volunteers who organised the virtualBSDCAN 2020 conference this yearin quite difficult circumstances.

Jonathan Gray (jsg@) has just committed an update to theDRM code to the tree.This update brings support for newer AMD and Intel graphics parts.

Otto Moerbeek (otto@)posted to misc@a useful summary of the state of play of FFS2in the 6.7 release (and, to some extent, -current).In his mail, Otto clarifies some things about the latest release:

In a commit touching quite a few files, Theo recently renamed the installation images from installXX.fs to installXX.img:

The OpenBSD project has released OpenBSD 6.7, marking the 48th release of our favorite operating system. The announcement message and the release page both have detailed information.These are some highlights of the improvements in the present release:

In a set of commits to the tree on Saturday, Mark Kettenis (kettenis@) added the early beginnings of support for the 64-bit PowerPC platform:

After our article on TLS 1.3 server support in LibreSSL, we have decided to upgrade the machine running the undeadly website to newer LibreSSL.Since earlier today the site supports TLS 1.3. Undeadly still gets an A+ on Qualys' SSL Labs.

In a post to the ports@ mailing list, Landry Breuil (landry@) shared some of his notes on using qemu guest agent on OpenBSD kvm/qemu guests. He made a few enhancements for Undeadly:Read more…

In a post to tech@,Matt Dunwoodieannouncedthe availability of aWireGuard[VPN]patchset for OpenBSD: