planetofidiots.com | weblog


OpenBSD

1.0 WTF

I've installed OpenBSD 4.0 -beta 4.1 -beta 4.3 snapshot on a Sharp Zaurus C3200, and things are going well...very well. Started z-ing with the C860 sometime in 2005, tried a bunch of different ROMs, lived with pdaXrom for a long time. I submit OpenBSD as the possible best-choice for your Z (presuming, of course, that you are a total maniac person). This guide is really for me (can't retain this stuff without notes), but I'm hoping it's assistive for others as well. Suggestions and corrections welcome, leave word at my blog. The following info-sources are very useful (some necessary):

If you are a zaurus user looking into OpenBSD for the first time, I recommend building an "initiation box" on x86 first, and spending a chunk of time learning "the OpenBSD way". Worth it? Heh. You're kidding, right?

[TOC]

1.1 News

May 12, 2009 - Yes, things in zaurus world have slowed down a bit...netbooks are taking over. And that's a good thing. The Zaurus was and still is an excellent niche player, however! My c860 is in critical use daily as the brains behind our X10 home control system (far easier to deal with than a microcontroller, costs almost nothing to run 24 hours a day, extreme reliability...go ahead and buy one!), the 3200 works perfectly as a high security micro-laptop, and will find strange utility in the lab for years to come. Long live the Z!

[TOC]

1.2 Installation

If you're new to this, we install linux first, and ultimately use it as a bootloader only, just to get OpenBSD initialized. Read INSTALL.zaurus from the relevant OpenBSD release (although it has a bunch of boilerplate in it that can be confusing, like how to install "from tape"). Consult www.openbsd.org and zobsd forum. Here's the linux distro you'll need (choose the relevant file for your Z):


SL-C1000-Qtopia-1.23-lite-1539311005.zip
SL-C1000-Qtopia-1.23-lite-1539311005.md5

SL-C3100-Qtopia-1.23-lite-1539311005.zip
SL-C3100-Qtopia-1.23-lite-1539311005.md5

SL-C3200-Qtopia-1.23-lite-1654160506.zip
SL-C3200-Qtopia-1.23-lite-1654160506.md5

Follow the installation instructions included in the Qtopia (Cacko) rom zip file. You should have a CF or SD card loaded with installation files, be sure to include the following on the card (from your chosen OpenBSD mirror, using the proper version or snapshot), so we can boot the OpenBSD installer:

zbsdmod.o
bsd.rd

I experience an oddity during boot sequence of Qtopia, don't know if it's particular to the 3200 or not:

mount: Mounting /dev/hdc1 on /hdd1 failed: Invalid Argument
HDD1 error!!

It seems rather horrible and I was greatly distressed by it, but you can use ctl-C to exit that loop and continue on to normal booting, no harm at all. WEIRD. On Qtopia desktop, skip setting the date (it doesn't matter unless you want to play with Qtopia, which I don't recommend cause it is very buggy to me, even the date control app), go directly to terminal (in the top application-menu section). Copy needed files to the internal disk (change path as needed for SD card):

$ cp /mnt/cf/zbsdmod.o ~/
$ cp /mnt/cf/bsd.rd ~/

Eject the CF memory card and insert your CF Network card (unless you're using your SD card and already have the network card installed, or perhaps you want to use the USB connector for network access (which I have not tried) -- In any case, you need internet-access capability at this point). Boot the installer:

$ cd ~
$ su
# insmod zbsdmod.o
# cp bsd.rd /proc/zboot

Begin the OpenBSD installation process. Use "whole disc" when asked. For general OpenBSD partition info, read this, keeping in mind it is not a "zaurus guide" per se. From the manual:

"One big / partition and swap may be easiest until you know how much space you need.
By doing this you will be sacrificing some of the default security features of OpenBSD
that require separate filesystems for /, /tmp, /var, /usr and /home."

My partition scheme (I use 6 parts for reasons stated above, feel absolutely free to use one large / partition plus swap (or any variation that suits your world)):

NOTE: Running 4.3 snapshot with 6-partition scheme,
having no issues with suspend and wake, using "# zzz -S" (lidsuspend does not work, however).

/dev/wd0a 200M /
/dev/wd0b 128M swap (256 if you want to compile big ones like ruby, etc)
/dev/wd0d 200M /tmp
/dev/wd0e 3.5G /usr
/dev/wd0f 300M /var
/dev/wd0g (remaining) /home

/usr likes to be at least 2G (if you aren't going to install much stuff it could be as small as 1G). If you want more /home, take it from /usr. SD support appears to be imminent if not stable, so a modest initial /home is fine by me.

During network setup, available interfaces should include your CF LAN card (mine is ne0), and the USB net driver cdcef0. If you aren't using the USB net driver, it is safe to skip configuring it.

There are three kinds of installation outlined here: One is for users who intend to build their own ports (which is what I do), and the others are for those who just want to use pre-built packages. If you've never built software from source, this might not be the best platform to learn on, you should just use packages.

At the prompt to select mirrors/sources for installation files, choose your preferred "Location ID" (server url), then the "Server Directory" -- this is where you choose whether to run the stable release, or a development snapshot.


For those who primarily wish to use pre-built Packages from planetofidiots.com (this site!), which is highly recommended:


At the prompt to select mirrors/sources for installation files, set "Location ID" (server url) to "www.planetofidiots.com" (without the quotes), then set "Server Directory" to "pub/OpenBSD/snapshots/zaurus" (again, without the quotes). Enable fetching of all installation files (base, etc, bsd, all of them). The benefit here is that you'll be using a "synchronized installation" -- the base snapshot installation will match the pre-built ports found on this site.


For those desiring a default stable release (boring!):


At the prompt to select mirrors/sources for installation files, set "Location ID" (server url) to your preferred mirror, then set "Server Directory" to the default provided. Enable fetching of all installation files (base, etc, bsd, all of them). You should get your packages from the stable 4.3 tree provided at any obsd or alternate mirror of your choice. Mixing stable installations with current packages (and vice versa) will likely create problems.


For those who wish primarily to roll their own Ports:


I use snapshots over stable for the Z. Understand the risks of stable vs. Takes about 20 minutes to re-install openBSD, and anyone wacky enough to be considering this is clearly ready for adventure! Go for the snapshot.


[TOC]

1.3 Afterboot

By all means start here.

Some tweaks to tune the installation:

Set date and time:

# date -h
# date 200805290900
Add the following to ~/.kshrc:

# alias vi='/usr/local/bin/vim' # uncomment this after you install vim

export PS1='\u@\h \w # '
export PKG_PATH="http://www.planetofidiots.com/pub/OpenBSD/snapshots/packages/zaurus"

(makes a decent prompt, sets our package source path)

Add the following to ~/.profile to enable the ~/.kshrc file (good time to add dirs to the default PATH if you need to):

ENV=$HOME/.kshrc
export ENV
PATH=$PATH:/usr/local/sbin:/usrlocal/bin
export PATH

Re-login to activate changes. After creating user account(s), you may want to copy the above shell edits and files to any new ~/.

Add the following to /etc/rc.conf.local (overrides individual settings in default /etc/rc.conf):

shlib_dirs=/usr/local/lib
pf=YES
apmd_flags=""

Read man atactl and add this to /etc/rc.local if you like:

atactl /dev/wd0 writecacheenable && echo ' atactl write-cache enabled'

Edit /etc/motd to change the default (verbose) login message. You must have 2 blank lines at the top of the page before your modifications, or your mods will be overwritten next boot.

I use the following /etc/sysctl.conf entries (some of them trade system security for speed):

ddb.panic=1
vm.swapencrypt.enable=0
kern.usercrypto=0
machdep.apmwarn=10
machdep.maxspeed=520
machdep.lidsuspend=0

Yep, machdep.lidsuspend=0. Lidsuspend resumes with a black/blank screen for me, now only using # zzz -S to initiate suspend mode. Beware machdep.maxspeed=520. I had some periodic crashes that seemed to go away after setting this to machdep.maxspeed=450. These settings are good to have in a menu or macro; button for fast, button for normal speed, switch em as you need to.

Thank Andy for this as well (malloc tuning, see man malloc):

# ln -s 'azjgpHR' /etc/malloc.conf

My /etc/fstab looks like this:

/dev/wd0a / ffs rw,noatime,softdep 1 1
/dev/wd0g /home ffs rw,nodev,nosuid,noatime,softdep 1 2
/dev/wd0d /tmp ffs rw,nodev,nosuid,noatime,softdep 1 2
/dev/wd0e /usr ffs rw,nodev,noatime,softdep 1 2
/dev/wd0f /var ffs rw,nodev,nosuid,noatime,softdep 1 2

NOTE: Leave off the softdep unless you use 6 partitions. noatime and softdep will help out with performance issues (in a big way).

Add your everyday user with # adduser. Add your user to the wheel group. Use # visudo to set sudo up for yourself.

Update locate database:

# /usr/libexec/locate.updatedb

Optional Mail Configuration:

# chsh

Change the Full Name entry so system mail doesn't come from the default "Charlie Root".

# cd ~
# echo "you@localmail.com" > .forward

Forward all root-bound system mail to your local mail account/server (potential security issue...but then so is not getting those emails. You'll work it out!).

# vi /etc/mail/localhost.cf
DSmail.localsmtp.com

Edit sendmail SmartHost to relay any zaurus mail to your local mail server. Characters after the DS should be your smtp server (do not add a space after DS). That should do it, but there is a more formally-correct M4 method (details found here).

Restart sendmail after making changes.


[TOC]

1.4 Packages

Yes I will now offer 4.3-beta packages to you. 4.1-beta packages are no longer available here. Your mileage may vary. Using all of these packages will save you at least 3 continuous weeks of compiling-time! More packages are being added, possibly even as you read this. Since I'm not getting rid of my Z anytime soon, I may well keep this repository somewhat current. Unless...an iPhone openMokoPhone...does something...

Install these packages using PKG_PATH="http://www.planetofidiots.com/pub/OpenBSD/snapshots/packages/zaurus"

(this is already set if you used the set-up guide above:)
# export PKG_PATH="http://www.planetofidiots.com/pub/OpenBSD/snapshots/packages/zaurus"
(verify it worked:)
# env | grep PKG_PATH
# pkg_add gimp

Package descriptions can be found here: http://openports.se/

[TOC]

1.5 Ports

By all means start here: ports(7).

Create an NFS server on BSD or Linux, export the following, be sure to change the 192.168.1 subnet to whatever subnet you use. (I use the /share/zaurus/bu folder to rsync from the z for general backup purposes):

(bsd style /etc/exports)
on bsd server:
/share/zaurus/bu -maproot=root -network=192.168.1 -mask=255.255.255.0
/share/zaurus/usr/obj -maproot=root -network=192.168.1 -mask=255.255.255.0
/share/zaurus/usr/ports -maproot=root -network=192.168.1 -mask=255.255.255.0
/share/zaurus/usr/src -maproot=root -network=192.168.1 -mask=255.255.255.0
/share/zaurus/usr/XF4 -maproot=root -network=192.168.1 -mask=255.255.255.0
(linux style /etc/exports)
on linux server:
/share/zaurus/bu 192.168.1.0/255.255.255.0(no_subtree_check,no_root_squash,rw)
/share/zaurus/usr/obj 192.168.1.0/255.255.255.0(no_subtree_check,no_root_squash,rw)
/share/zaurus/usr/ports 192.168.1.0/255.255.255.0(no_subtree_check,no_root_squash,rw)
/share/zaurus/usr/src 192.168.1.0/255.255.255.0(no_subtree_check,no_root_squash,rw)
/share/zaurus/usr/XF4 192.168.1.0/255.255.255.0(no_subtree_check,no_root_squash,rw)

The above dirs are hosted remotely for performance and conservation reasons. The obj folder will fill during build processes. You can skip the src and XF4 exports, they're needed when you want to rebuild or upgrade your system in place.

Add the NFS mounts to zaurus /etc/fstab (replace "server1" with the name of your server):

server1:/share/zaurus/bu /mnt/bu nfs rw,noauto,soft 0 0
server1:/share/zaurus/usr/obj /usr/obj nfs rw,noauto,soft 0 0
server1:/share/zaurus/usr/ports /usr/ports nfs rw,noauto,soft 0 0
server1:/share/zaurus/usr/src /usr/src nfs rw,noauto,soft 0 0
server1:/share/zaurus/usr/XF4 /usr/XF4 nfs rw,noauto,soft 0 0

Create folders for NFS to attach to:

# mkdir /mnt/bu
# mkdir /usr/ports
# mkdir /usr/XF4

Some large packages may fail if there's not enough memory available. Create more swap by adding a swap-file: http://www.openbsd.org/faq/faq14.html#SwapFile . This creates and enables a 128MB swap file:

# dd if=/dev/zero of=/home/swap bs=1k count=131072
# chmod 600 /home/swap
# swapctl -a -p 10 /home/swap
# swapctl -l

Start NFS server, mount NFS shares on the z.

Prepare to download current ports.tar.gz from an OpenBSD mirror, and untar (WARNING: Do Not mix arbitrary ports releases with obsd installations, things will break horribly. You MUST fetch the ports file that is released for your chosen install, which means you cannot "go back" and install ports for a snapshot release for an installation done months ago. Be sure to grab the ports file at installation time):

(if using bsd NFS, fetch and un-tar on the NFS server, much much faster than doing it on the z)
on bsd server:
# cd /share/zaurus/usr
# lynx www.openbsd.org
(find pub/OpenBSD/snapshots/ports.tar.gz)
# tar xzf ports.tar.gz -C /share/zaurus/usr
# rm ports.tar.gz
(if using linux NFS, fetch/un-tar on the z, avoiding possible differences betw tars)
on zaurus:
# cd /usr
# lynx www.openbsd.org
(find pub/OpenBSD/snapshots/ports.tar.gz at some mirror)
# tar xzf ports.tar.gz -C /usr
# rm ports.tar.gz

Turn off the backlight if you're doing some extended port-building. NOTE: don't turn off the backlight unless you're using ssh. You won't be able to turn it back on from the Z.

# wsconsctl display.backlight=0
(off)
# wsconsctl display.backlight=100
(on)

Add the following to ~/.kshrc:

export CPPFLAGS=""
export CFLAGS="-mcpu=xscale -mtune=xscale -O2"
export CXXFLAGS="-mcpu=xscale -mtune=xscale -O2"
export CVSROOT="http://some/mirror"
export REPORT_PROBLEM_LOGFILE="/var/log/port_problems.log"

(sets testFile.write("\timportant compile-time options for our processor) Add "-pipe" to C or CXX flags if you like. Re-login to activate changes. Run # env to verify that the c flags are there.


To view available flavor settings (list generated in batch-mode format):

# cat /usr/ports/INDEX|awk -F"|" '{print $2}' |grep ','|grep -v ',-' |less

Then perhaps do the Batch Mode port-build thing:

# cd /usr/ports
# vi mypackages.txt
misc/screen
net/psi
net/nmap,no_x11
www/bluefish
# make install REPORT_PROBLEM=true SUBDIRLIST=/usr/ports/mypackages.txt
or
# make package REPORT_PROBLEM=true SUBDIRLIST=/usr/ports/mypackages.txt
(to create packages and NOT install)

Et Voila. Speed Metal.


The first port I build is always screen. For those who don't use screen, start using screen. Here's a nice screenrc to get you goin. Save to ~/.screenrc.

As you can imagine, compiling for days on end (or even /at all/) generates significantly greater quantities of heat than the zaurus was designed to dissipate. I put an icepack under a towel, and set the Z on that, for the long burns.

[TOC]

1.6 Window Manager

The Zaurus is not "fast" by desktop standards. One must decide how much waiting is tolerable when launching a window manager, desktop apps, or simply moving windows around on the screen. I choose as-fast-as-possible over pretty (with extreme prejudice), and tend to avoid icon usage. After some research, my preference order is:

NOTE: My fvwm desktop was appearing as black text on black background, a colorspace-default problem of some sort. This fixed it:

# ln -s /usr/X11R6/share/X11/rgb.txt /usr/X11R6/lib/X11/

I'm going to recommend trying my fvwm2 setup, because of many comfort-tweaks having accumulated over a few years of using the Z. You need to use my .xinitrc, and .Xresources, and fvwm2rc (save under ~/.fvwm/.fvwm2rc ), and a few very simple utility scripts for everything to work. Ok you can skip the scripts, but they do stuff like pipe netstat into head so you can see the routing table easily on the small screen. "Handy".

Edit ~/.xinitrc :

#!/bin/sh

if [ -f $HOME/.Xresources ]; then
        xrdb -merge $HOME/.Xresources
fi

#startfluxbox
exec fvwm2
fvwm-themes-start
#ratpoison
#exec dwm
#exec ion3

Edit ~/.Xresources :

xterm*Background: black
xterm*Foreground: green
xterm*font: 7x14
xterm*saveLines: 2000
xterm-stat*Background: blue4
xterm-stat*Foreground: gray95
xterm-stat*font: 7x14
xterm-stat*saveLines: 2000
xterm-tmp*Background: blue4
xterm-tmp*Foreground: gray95
xterm-tmp*font: 7x14
xterm-tmp*saveLines: 2000
xterm-tmp*toolBar: false
xterm-tmp*scrollBar: false
*.fullScreen:true
*.grabKeyboard:true
*.desktop.translations: #override\n\
	CtrlBackSpace: ShowPopup()

Obligatory FVWM2 Screenshots and conf.

If I can avoid using X on a Z, I do (about 70% of time). It can be surprising to find how rich a console toolset can be after spending too much time on a desktop. screen, mutt, links, pork, irssi, snownews, many many more...

BROWSERS: Well, it ain't pretty. Firefox is just too slow, it's cute on the z, but really, forget it unless you're doing online banking or something that needs every browser function at once. These are good: [dillo links+ elinks links konqueror-embedded]. I like to think of it in the unix way -- maybe all you need is a small tool to do the task at hand; use a terminal browser when that will suffice, use dillo when you need to see images, use konq-e for pages with some scripting, firefox when you must.


Utility scripts that live in /usr/local/sbin and are called from my .fvwm2rc conf file...One of the cool things about these scripts is invoking them from a menu, where the menu fires an xterm pointed at one of these scripts. The "sleep" command allows the xterm to work almost like a pop up, you click the menu item, and xterm pops up showing you the data you're after, then disappears after 5 seconds. When operating with a stylus, this reduces the amount of input required. One click gets you what you want, and you can move on to the next thing without cleaning up after yourself (having to precisely aim the stylus at a window-close button thats only a few pixels wide, in a moving vehicle for instance).


Mac address psuedo-randomizer. If you visit the same public wifi hotspots every day, you may not want admins generating profiles on you. Run this before attaching to a network. 00:1e:52 is the first half of an Apple mac address, you could change that to some other wifi card manufacturer prefix, perhaps using a site like http://www.coffer.com/mac_find/. Save to /usr/local/sbin/macRandReset.sh

#!/bin/sh

echo " ";
echo -n "Old mac address: ";
ifconfig wi0|grep lladdr|awk '{print $2}'
echo " ";

MAC=`echo $RANDOM | openssl md5 | sed 's/\(..\)/\1:/g' | cut -b -8|awk '{print "00:1e:52:"$1}'`

echo -n "New semi-random mac address is "
echo $MAC
echo "setting wi0 nwid id to xxx (pseudo-reset)..."
ifconfig wi0 0.0.0.0 nwid xxx lladdr $MAC
ifconfig wi0
sleep 5

This just chops off the less-interesting part of netstat -rn, so it's easier to view on the small screen. Save to /usr/local/sbin/netst.sh

#!/bin/sh

netstat -rn|awk /Internet:/,/Internet6/|grep -v Internet
sleep 5

Convenient view of ps -ax (menu accessible, rather than having to type). Save to /usr/local/sbin/psax.sh

#!/bin/sh

ps -ax|less

Convenient launching of dstumbler. Save to /usr/local/sbin/stumble.sh

#!/bin/sh

dstumbler wi0 -o -m0
[TOC]

1.7 Network

By all means start here: man ifconfig. Especially check out the 802.11 stuff. And install the bsd-airtools if you wifi, dstumbler kicks ass.

Use this /etc/pf.conf for super-basic (but totally rockin) initial firewall coverage (presumes a wireless interface and allowance for external ssh access).

# /etc/pf.conf

ext_if="wi0"

set skip on lo

scrub in

rdr pass on $ext_if proto tcp to port ftp -> 127.0.0.1 port 8021

anchor "ftp-proxy/*"
block in
pass out keep state

antispoof quick for { lo }

pass in on $ext_if proto tcp to ($ext_if) port ssh keep state

Treat this shell script as an example. Switches between a CF lan and Wifi card.


#!/bin/sh
# Network configuration utility.
# Each configuration uses it's own pf.conf in this example, edit to taste.

lan=ne0
wifi=wi0

case $1 in
homewifi)
# this is for a static (non-dhcp) access point
echo "Switching to homewifi..."
ifconfig $lan down
# activate wifi
ifconfig $wifi up
# set IP address info, replace "somestation" with your target AP name, set channel (chan)
ifconfig $wifi 10.6.0.12 netmask 255.255.255.0 \
	broadcast 10.6.0.255 \
	nwid "somestation" \
	chan 3 \
	txpower 10000
# load your AP/network-specific firewall
pfctl -f /etc/pf.conf.homewifi
# set the nameserver
echo "Setting nameserver..."
echo "nameserver 192.168.80.140" > /etc/resolv.conf
echo "domain zoox.web" >> /etc/resolv.conf
cat /etc/resolv.conf
#set the route
echo "Setting route..."
route add default 10.6.0.1
echo "Done."
;;

dhcp1)
# this is for a dhcp wifi access point
echo "Switching to dhcp1..."
ifconfig $lan down
# activate wifi
ifconfig $wifi up
# replace "somestation" with your target AP name, set channel (chan)
ifconfig $wifi nwid "somestation" chan 3 txpower 10000
# load your AP/network-specific firewall
pfctl -f /etc/pf.conf.dhcp1
dhclient -d $wifi
echo "DHCP-assigned nameserver(s):"
cat /etc/resolv.conf
echo "Done."
;;

homelan)
echo "Switching to homelan..."
ifconfig $wifi down
ifconfig $lan up
ifconfig $lan 192.168.80.20 netmask 255.255.255.0 broadcast 192.168.80.255
pfctl -f /etc/pf.conf.homelan
echo "Setting nameserver..."
echo "nameserver 192.168.80.140" > /etc/resolv.conf
echo "domain zoox.web" >> /etc/resolv.conf
cat /etc/resolv.conf
echo "Setting route..."
route add default 192.168.80.1
echo "done."
;;

*)
echo "args: [homewifi|dhcp1|homelan]"
;;
esac
[TOC]

1.8 VPN/VNC

Perhaps you'd prefer not to pass cleartext passwords and communications through unfriendly subnets while working on the road. Setting up a VPN server at home allows for an encrypted channel from wherever you are, to your home network. Using this tunnel as the default route in your remote device shields your personal network traffic from the intermediate snooping, archiving, and reporting prevalent in our corporate configurations. OpenVPN setup is outside the scope of this guide, but I recommend adding it to the stack.


The combination of openVPN (or SSH as an alternative) and tightVNC is where things start to get interesting: A box on your lan (or better, dmz) can serve a desktop out to your zaurus (or laptop, etc) through an encrypted tunnel. You've got a linux box in your dmz, running vncserver at 640x480. Log into the VPN from the road, launch vncviewer on the Z, bingo -- fullscreen desktop, which is actually running on a 2.5ghz linux box, exported (in a lightweight manner) to your zaurus. Firefox and Thunderbird aren't really problems anymore. Even openoffice...

Server:
$ vncserver -geometry 640x480 -depth 16
(play around with depth to control bandwidth consumption)

Client (zaurus):
$ vi .Xresources

*.desktop.translations: #override\n\
   	Ctrl<Key>BackSpace: ShowPopup()
*.grabKeyboard: true

$ chmod 644 .Xresources
$ vi .xinitrc

if [ -f $HOME/.Xresources ]; then
	xrdb -merge $HOME/.Xresources
fi

Some handy commands:
$ xrdb -merge .Xresources (to add changes after editing)
$ xrdb -load .Xresources (to reload completely after editing)
$ xrdb -query (see what resource directives are active)

After launching vncviewer, use ctl-backspace to show a popup menu which has some necessary controls, like fullscreen toggle, copy buffer handling, etc. The edits in .Xresources and .xinitrc are additive, not meant to replace whatever you may already have in them. All the syntax in the translation line is correct, copy as you see it.

[TOC]

1.9 Upgrade

I don't upgrade the Z, and it doesn't really seem worth the effort, imho. Takes weeks to compile everything I need and get it all running smoothly. Ain't doin that more than 2x a year, which is the release schedule anyway, so, no point really (speaking only for myself, as always). I say blow it away and re-install (instead of upgrade), as a rule, on all unix systems if you have reasonable option to do so.

[TOC]

1.10 Links

[TOC]

planetofidiots.com