💾 Archived View for mizik.eu › blog › openbsd-review-by-gentoo-user › index.gmi captured on 2024-12-17 at 09:41:49. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-02-05)
-=-=-=-=-=-=-
OpenBSD review by Gentoo Linux user - Marián Mižik
2021-03-29 | 10 minutes reading | tags: OpenBSD
I was never really a distrohopper, I use to stick with things that work for me. I need to use my system most of the day and squeeze maximum from it both in work and during personal free time, because I don't have much to spare. Most of the time, the only reason why I change things is to further minimalize and optimize my workflow. But there is one exception. I always loved OpendBSD and I was coming back to it every couple of years since I switched from Windows to Linux. I got that feeling, that OpenBSD is the right system for me, but it never showed up that way during the practical usage :D So every now and then I install it and try to emulate my current personal workflow on it. You know, just to reevaluate the state of progress and usability. Everytime until now I decided to stay with Gentoo/Linux because of so many missing things. So how does OpenBSD (version 6.8 as current stable) feel in hands of Gentoo Linux oldtimer in 2021?
Installation is text based and straightforward. The are only three things you need to understand as a Linux user during the installation process.
1. Concept of partitioning (whole partition structure will be made inside one partition)
2. If you are about to use tool that sounds familiar (e.g. fdisk), always check man pages, because it may behave differently (main purpose is the same, but flags, params, output may be different)
3. Default automatic partitioning scheme creates very small partitions, so don't forget to resize them proportionaly to the size of your available disk space.
This time I had problems with getting network up for some reason. I was installing on laptop and I was aware of the fact, that I won't have the wifi drivers available during the installation. But the installation failed to work with cable connection too. I had to drop to root console during the installation and run dhclient manually. Besides that, everything went smoothly and most of the default options were good for me as usual.
Result of the default installation is a full featured desktop with X, graphical login and window manager (you will most likely replace the default wm though). I went for my standard choice dwm and my default set of tools and apps. I wanted to get it done as soon as possible, so I skipped compiling everything from ports as a Gentoo user would do and I used binary packages. Everything was playing nicely together. You can see from all the details, that it is finetuned as a whole, not only independent set of pieces that you can combine to your needs. Everything is runnning fine and even dark GTK theme is applied on all places. Man pages are awesome and in many cases better than on Linux. However, I haven't found the community very helpful if you are asking questions out of scope of the standard FAQ or core system and tools (i used mainly the freenode's #openbsd IRC channel). I was missing practical examples in manual pages as much as I do in Linux man pages though. There is also a little
for people coming from Linux. Nice and nifty detail is, that BSD ifconfig can handle both wep and wpa, so you won't need wpa_supplicant most of the times and it gives you the signal strength status too!
OpenBSD is somewhat more familiar to a Gentoo user than to a traditional Linux distro user. There is a make config (mk.conf), ability to install from sources, package flavours and subpackages (gentoo use flags) and so on. But if you stay with binary packages, you will feel moreless home also with the standard linux/unix knowledge.
Last couple of times I was testing OBSD, it was on my longtime workhorse Thinkpad X230, but this time I used my work laptop as a primary device and its X1C6 (X1 Carbon Gen.6) which is a 4 core device with very fast nvme disk. This is probably the reason why OpenBSD feels brutally slugish this time. Linux is able to get much more from the HW specs than OpenBSD and it is very visible in every aspect of the device use. Boot takes ages, ports compilation takes ages, application starts takes ages, video doesn't run smoothly for FHD resolution and above, sound plays behind the video and so on. I have applied every possible optimisation I found on the internet:
1. enabled soft updates for filesystem
2. noatime where possible
3. remaped /tmp and home cache dirs as ramdisks
4. reconfigured syscfg limits to higher values
5. apmd (power management) set to auto (also tried max performance)
Looks like some of it is unability to use multiple cores correctly, another is prehistoric filesystem and third one is security measures applied by default. But for example, I run Firefox with Firejail on Gentoo. Such setup should be close to what OpenBSD applies on Firefox by default (pledge, unveil and chroot) and the performance difference is still huge. When I tried to ask, I only got some stupid default answers like: "If you don't like it, don't use it", or: "It is still fast enough", or: "It is a bit slower because it is very very secure".
I already mentioned prehistoric UFS (FFS) filesystem. You also can feel how smaller the dev count is behind OBSD on how many packages there are and how fast the updates arrive. You will find out, that default gcc version is ancient 4.2.1 (afaik licencing issues), but you can install less ancient 8.4.0 as egcc package. On the other hand, you can achieve setups suitable for most standard usecases.
Neither performance nor old stuff broke my effort. I was able to setup my full personal workflow. It is very minimalistic though, mostly
and TUI apps like ranger, profanity, irssi, mocp, some of my own TUI tools and so on. I realised how much more minimalistic my personal setup is compared to 3-4 years ago when I tried last time. I failed with work workflow setup though, but this time, it was a hard battle. OpenBSD already has up to date Java SDKs in the packages! It even has IntelliJIdea and other tools which does not support BSDs by default and therefore you must rely on someones porting effort. So this time I was able to setup my Python related environments, my Java related environments and my Cordova/Ionic setup too. Unfortunatelly, there is no support for Android, Dart, Flutter and some other frameworks I need on daily basis for my work. But even if I was able to set it up, I am not sure if I would justify the amount of compilation performance downgrade.
So there you go, in most cases you will find out, that you can not just pull something from github, compile it and run. You need to tinker with makefiles, search internet for compilation errors and debug the issues. And I shouldn't forget the completely missing support for bluetooth. I don't really care about this one, but it can be a dealbreaker for someone else.
Let's talk about something positive now! OpenBSD is slick. That means less attack surface and lots of legacy code removed. If you stick with the default services like httpd, smtpd, relayd and so on, you will get small, simple, hardened and battletested pieces from which you can build very secure result. Most of the core software and services are patched with Pledge and Unveil, which you can very vaguely compare to SELinux or AppArmor, but Pledge/Unveil are very simple and compiled into the software. You can rely on strong randomization builtin throughout the system. Xorg is running rootless with privelege separation code. Mainstream browsers and popular apps are pledged and unveiled too as mentioned in previous paragraphs.
I failed again. But this time I tinkered with it for almost a month and used it as my daily driver for personal usage throughout it. I spent much more time learning and trying and became much more convinced, that I would be happy to use this OS as my primary driver. Therefore I decided to at least migrate my personal Linux server to OpenBSD to stay in touch with this OS. I migrated postfix email server to smtpd, nginx based web server setup to httpd and relayd, iptables firewall and my custom scripts to PF and everything else I had on the Linux machine. And it was a success! I tried to do it in as much "OpenBSD way" as possible. I had to change many configurations because I used some of the features that were not supported by the core services, but at the end, I am very happy owner of a full featured OBSD server installation that was able to suit all my needs. It is definitely great option for a secure rocksteady and hardened server setup, where most of the daemons and services are chooted by default and secured via pledge and unveil to provide maximum security with minimum effort.
Will I ever switch from Gentoo to OpenBSD on my desktop and laptop? Not very likely. I like the Gentoo approach to ports more than the OBSD one and I value my time too much to battle with my OS everytime it gets into my way because I am using something that is not supported or thinked of by most of the people creating software worldwide. But never say never, Linux is getting bloated more and more and one day, it may be less effort to have OBSD as a main minimalistic OS than Linux.
2024 Marian Mizik | License: CC BY-NC-SA 4.0 | marian at mizik dot sk | marian_mizik@bsd.network (mastodon)