Table of Contents
Subsequent sections of this guide will entail installing various bits of third-party software in order to augment the router's functionality. Much of this software will be available through the OpenBSD Ports Collection and package repositories.
This section describes how to configure your system to install software from both the OpenBSD binary package repositories and the ports tree. Readers already familiar with OpenBSD system administration may wish to skip over this section.
OpenBSD packages are bundles of pre-compiled third party
software. There are made available on OpenBSD FTP and HTTP mirrors,
organized by OpenBSD version and machine architecture. For i386
machines like the ALIX, the relevant mirror directory is
/pub/OpenBSD/4.8/packages/i386/.
To use a package repository, set the environment variable
PKG_PATH to a URL pointing to your favorite repository. A
full list of repository mirrors can be found here:
http://www.openbsd.org/ftp.html
You'll probably want to put this in your shell's startup script, so this gets set automatically when you log in:
# PKG_PATH="ftp://ftp3.usa.openbsd.org/pub/OpenBSD/4.8/packages/i386/" # export PKG_PATH
Now you can use the pkg_add(1) command to add new packages to your system from the mirror, e.g.:
# pkg_add -r pftop
A list of all currently installed packages can be obtained with the pkg_info(1) command. Note that this list will include software installed from the ports tree, as well: when you build and install a port, you are actually creating a package which is then installed on your system; see Section 6.2, “OpenBSD ports” for details. This has the nice result that you can upgrade an application that was installed from the ports tree to a newer version from a package repository, or vice-versa.
Refer to the packages(7) man page for more information about installing, updating, and removing OpenBSD package.
The OpenBSD Ports Collection provides an easy, uniform way to configure, build, and install third-party open source applications on your OpenBSD system. Each "port" consists of a directory with (among other things) any operating system-specific patches for the application, and a Makefile whose default target will automatically download the software's source code, verify the download against known checksums, apply the patches, and the compile the software into a binary package – after recursively doing the same for any missing prerequisites. The compiled binary package can then be installed by running make install in the port directory.
Ports are organized in a directory hierarchy called the "ports tree." A copy of this tree must be installed on your system in order to build ports.
Like the rest of the OpenBSD project, the OpenBSD Ports tree is maintained in a public CVS repository. It can be obtained and updated via CVS checkouts, or by downloading tarballs of CVS snapshots from an FTP or HTTP mirror. However, the former option is terribly slow, and the latter doesn't lend itself well to keeping your copy of the tree up-to-date.
Instead we can use CVSup protocol to quickly check out and update the entire Ports tree from any of the public OpenBSD CVSup servers, which are listed here:
http://www.openbsd.org/cvsup.html#CVSROOT
First you'll need the cvsup(1) program, which is not included in the OpenBSD base system. It is available as a binary package, however:
# pkg_add -r cvsup-16.1hp2-no_x11
Next, create a file /etc/cvsup-file-ports
with the following configuration, substituting any CVSup
mirror of your choice for
cvsup.no.openbsd.org:
# Defaults that apply to all the collections *default release=cvs *default delete use-rel-suffix *default umask=001 *default host=cvsup.no.openbsd.org *default base=/usr *default prefix=/usr *default tag=OPENBSD_4_8 *default compress OpenBSD-ports #OpenBSD-all #OpenBSD-src #OpenBSD-www #OpenBSD-x11 #OpenBSD-xenocara
Now you can use cvsup(1) to fetch and install the tree:
# cvsup -g -L 2 /etc/cvsup-file-ports
Downloading the entire tree will take a while, but subsequent updates (performed using the same command as shown above) will be quick.
In most cases, to install software from the Ports tree you need
only change to its directory under /usr/ports
and make install it. For example, supposing that
you want to install Bash, you would perform the following:
# cd /usr/ports/shells/bash # make && make install
And the software will be automatically downloaded, patched,
configured, compiled, and then installed into the
/usr/local hierarchy. This overview barely
scratches the surface of the Ports Collection's capabilities,
however; for more information, including how to specify custom Port
build options, refer to the ports(7) man
page.
While OpenBSD's package repositories and Ports tree are extremely useful, there are some shortcomings to be aware of when using them:
The package repositories do not contain all the software and all the possible combinations of build options to be found in the Ports Collection. Also, the package repositories may not be as up-to-date as the latest checkout of the Ports tree.
Software in the package repositories is not cryptographically signed. In addition to the trustworthiness of the third-party software itself, you must also consider the security of the package mirror itself.[5]
Likewise, the Ports tree mirrors are not signed. However, MD5 and SHA1 hashes of ports' source distributions are included in the Ports tree, so assuming you have a genuine copy of the Ports tree there is little risk of installing compromised third-party packages.
[5] This is not merely a theoretical risk. In August 2007, five of the core Ubuntu Linux FTP mirrors had to be taken offline when they were found to have been compromised. Ubuntu users were never in any danger from this, however, because the packages in Ubuntu's apt repositories are cryptographically signed.