OpenBSD 5.5
To be released May 1, 2014
Copyright 1997-2014, Theo de Raadt.
ISBN 978-0-9881561-3-5
5.5 Song: "Wrap in Time"
- Order a CDROM from our ordering system.
- See the information on The FTP page for
a list of mirror machines.
- Go to the pub/OpenBSD/5.5/ directory on
one of the mirror sites.
- Briefly read the rest of this document.
- Have a look at The 5.5 Errata page for a list
of bugs and workarounds.
- See a detailed log of changes between the
5.4 and 5.5 releases.
All applicable copyrights and credits can be found in the applicable
file sources found in the files src.tar.gz, sys.tar.gz,
xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
distribution files used to build packages from the ports.tar.gz file
are not included on the CDROM because of lack of space.
What's New
This is a partial list of new features and systems included in OpenBSD 5.5.
For a comprehensive list, see the changelog leading
to 5.5.
- time_t is now 64 bits on all platforms.
- From OpenBSD 5.5 onwards, OpenBSD is year 2038 ready and will run well beyond Tue Jan 19 03:14:07 2038 UTC.
- The entire source tree (kernel, libraries, and userland programs) has been carefully and comprehensively audited to support 64-bit time_t.
- Userland programs that were changed include
arp(8),
bgpd(8),
calendar(8),
cron(8),
find(1),
fsck_ffs(8),
ifconfig(8),
ksh(1),
ld(1),
ld.so(1),
netstat(1),
pfctl(8),
ping(8),
rtadvd(8),
ssh(1),
tar(1),
tmux(1),
top(1),
and many others, including games!
- Removed time_t from network, on-disk, and database formats.
- Removed as many (time_t) casts as possible.
- Format strings were converted to use %lld and (long long) casts.
- Uses of timeval were converted to timespec where possible.
- Parts of the system that could not use 64-bit time_t were converted to use unsigned 32-bit instead, so they are good till the year 2106.
- Numerous ports throughout the ports tree received time_t fixes.
- Releases and packages are now cryptographically signed with the
signify(1) utility.
- The installer will verify all sets before installing.
- Installing without verification works, but is discouraged.
- Users are advised to verify the installer (bsd.rd, install55.iso, etc.)
ahead of time using the
signify(1) tool if available.
- pkg_add(1) now trusts signed packages only by default.
- Installer improvements:
- The installer now supports a scriptable
auto-installation
method that enables unattended installation and upgrades using a response file.
- Disk images which can be written to a USB flash drive
(miniroot55.fs [bsd.rd only] and install55.fs [bsd.rd + unsigned sets])
are now provided for amd64 and i386.
- Rewritten
installboot(8)
utility aiming for a unified implementation across platforms (currently
used by amd64 and i386 only).
- The installer now parses nwid's with embedded blanks correctly.
- New/extended platforms:
- Improved hardware support, including:
- New vmx(4)
driver for VMware VMXNET3 Virtual Interface Controller devices.
- New vmwpvs(4)
driver for VMware Paravirtual SCSI.
- New vioscsi(4)
driver for VirtIO SCSI adapters.
- New viornd(4)
driver for VirtIO random number devices.
- New ubcmtp(4)
driver for Broadcom multi-touch trackpads found on newer Apple MacBook,
MacBook Pro, and MacBook Air laptops.
- New ugold(4)
driver for TEMPer gold HID thermometers.
- New ugl(4)
driver for Genesys Logic based USB host-to-host adapters.
- New qla(4) driver for Qlogic fibre channel HBAs.
- radeondrm(4)
has been overhauled, including:
- New port of the Radeon code in Linux 3.8.13.19.
- Support for Kernel Mode Setting (KMS) including support for
additional output types such as DisplayPort.
- wsdisplay(4)
now attaches to
radeondrm(4)
and provides a framebuffer console.
- inteldrm(4)
has been updated to Linux 3.8.13.19 notably bringing Haswell stability fixes.
- Support for Intel 8 Series Ethernet with i217/i218 PHYs, and
i210/i211/i354 has been added to
em(4).
- Support for Intel Centrino Wireless-N 2200, 2230 and 105/135 has been added to
iwn(4).
- Support for Areca ARC-1880, ARC-1882, ARC-1883, ARC-1223, ARC-1214, ARC-1264, ARC-1284 has been added to
arc(4).
- Support for Elantech v2 touchpads in pms(4) has been fixed.
- Support for 802.11a (5Ghz) has been added to wpi(4).
- Workarounds for firmware stability issues have been added to
wpi(4),
iwi(4), and
iwn(4).
- Support for RT3572 chips has been added to the
ral(4) driver.
- Support for RTL8106E chips has been added to the
re(4) driver.
- Support for RTS5229 card readers has been added to rtsx(4).
- Support for Microsoft XBox 360 controllers has been added to the uhid(4) driver.
- Support for CoreChip RD9700 USB Ethernet devices has been added to the udav(4) driver.
- Further reliability improvements regarding suspend/resume and hibernation.
- Enabled IPv6 transmit TCP/UDP checksum offload in
jme(4).
- Generic network stack improvements:
- Added vxlan(4)
a virtual extensible local area network tunnel interface.
- pflow(4)
sends 64 bit time values for pflowproto 10. The changed templates /
flows for pflowproto 10 are now parseable by existing receivers.
- Continued improvement of the checksum offload framework to streamline
the calculation of TCP, UDP, ICMP, and ICMPv6 checksums.
- Enabled IPv6 routing domain support.
- Routing daemons and other userland network improvements:
- The popa3d POP3 server has been removed.
- Added ntpctl(8)
a program to control the Network Time Protocol daemon.
- slowcgi(8)
now works with a high number of concurrent connections.
- The inetd-based identd has been replaced by a new libevent-based
identd(8).
- tcpdump(8)
can now detect bad ICMP and ICMPv6 checksums when used with the -v flag.
- Added rdomain support to IPv6 configuration tools
ndp(8),
rtsold(8),
ping6(8), and
traceroute6(8).
- pf(4) improvements:
- New queueing system with new syntax.
- The "received-on" parameter can now be used with the "any" keyword to
match any existing interface except loopback ones.
- The block policy in the default pf.conf(5) is now "block return".
- dhcpd(8) and dhclient(8) improvements:
- no longer create a route to the bound address via 127.0.0.1.
- the options 'dhcp-lease-time', 'dhcp-rebinding-time', and 'dhcp-renewal-time' can now be configured in dhclient.conf(5).
- 'next-server' (a.k.a. siaddr) info now saved in lease files.
- fall back to broadcasting when unicast renewal fails, as specified in
RFC 2131 and friends.
- fix various problems in communications between privileged and non-privileged processes.
- fix many abuses of memcpy.
- stop pretending we still support FDDI or token ring hardware types.
- fix classless static routes option handling and add syntax to parse human readable forms.
- fix 'effective' lease created by '-L' to have correct address, 'next_server', 'timestamp', and 'resolv_conf' fields.
- fix handling of non-printable characters in lease file strings.
- fix many edge cases in config file and lease parsing and ensure error messages refer to correct position in erroneous line.
- dhclient.conf(5) can now override anything in an offer or saved lease when creating the effective lease, in particular 'fixed-address', 'next-server', 'filename' and 'server-name'.
- fix parsing of dhclient.conf(5) statements 'fixed-address' and
'next-server'.
- log failures to fchmod() or fchown() files being written.
- create lease files with permissions 0640.
- fix possible failure to write resolv.conf(5) when -L is used.
- 'send dhcp-client-identifier "";' in dhclient.conf(5) will result in no 'dhcp-client-identifier' (option 61) being sent.
- OpenSMTPD 5.4.2 (includes changes to 5.4.1):
- Introduce initial support for DSN extension:
- NOTIFY=SUCCESS, NOTIFY=FAILURE, NOTIFY=DELAY, NOTIFY=NEVER
- RET=HDRS, RET=FULL
- Introduce initial support for ENHANCEDSTATUSCODES extension:
- smtp process returns Enhanced Status Codes for most commands.
- other processes now have an API to return more precise codes ...
- ... which will be improved further with each version.
- Improved smtpctl(8):
- sendmail mode now supports DSN parameters
- Can now pause/resume a source address -> destination domain route.
- Can now display status of processes with smtpctl show status.
- show relays: displays list of currently active relays.
- show routes: displays status of routes currently known by smtpd.
- show hosts: displays list of known remote MX.
- show hoststats: display status of last delivery for active domains.
- resume route: resumes route temporarily disable by the MTA.
- pause/resume envelope: allows pausing individual envelopes.
- pause/resume message: allows pausing individual messages.
- encrypt: allows generating credentials suitable for authentication.
- show message/envelope is now compression/encryption aware.
- Introduced SNI support.
- Improved configuration file:
- Removed last known ambiguity in grammar.
- Much simpler configuration for TLS-enabled hosts.
- Most parameters are now swappable in listen and accept rules.
- Conditions may be negated (ie: accept from ! <trusted> ...)
- Forward-only rules can be declared to impose ~/.forward files.
- New "recipient" keyword allows accept rule to provide a whitelist.
- Sender and recipient tables accept wildcard in their domains.
- TLS generic improvements:
- Support for TLS Perfect Forward Secrecy.
- Support for providing custom CA certificate.
- MTA improvements:
- mta may now require remote hosts to present valid certificates.
- Always attempt TLS before falling back to plaintext.
- Always present certificate if one is available.
- AUTH LOGIN now supported.
- mta can now specify a EHLO-hostname when relaying.
- SMTP server improvements:
- inet4-only and inet6-only listeners are now possible.
- Listeners may now hide the From part in a Received-line.
- Listeners may require clients to provide a valid certificate.
- Banner hostname can now be dynamically fetched from a table.
- Queue improvements:
- Introduce an envelope cache in the queue to improve disk-IO pattern.
- Documentation:
- table(5) describes format for static, file and db backends.
- sendmail(8) describes our "sendmail" interface.
- Reduced memory-usage in both general and stressed cases.
- OpenSMTPD now automagically upgrades queue if format changes!
- Support Qmail-like "sticky home".
- Support for authenticating users from a credentials table.
- Introduce passwd(5) table backend for user and credentials lookup.
- Expansion variables in ~/.forward now supports modifiers.
- Much more efficient scheduler!
- Many documentation fixes and improvements.
- And a lot of minor bug-fixes and internal cleanup!
- Security improvements:
- Position-independent executables (PIE) are now used by default on i386.
- The arc4random(3)
functions now use the ChaCha20 cipher.
- The kernel random number system is initially seeded by the bootloader,
providing better random very early.
- Kernel stack protector is also seeded via the same mechanism, providing
protection earlier.
- -Wbounded is now enabled in GCC by default.
- Added explicit_bzero(3).
- Performance improvements:
- Relations between the buffer cache and swap daemon have been improved.
- Threading improvements:
- Interprocess semaphores via sem_open(3).
- Running threaded processes under a debugger no longer causes panics.
- SIGPROF and SIGVTALRM are now reliably delivered to the thread that was running when they were triggered.
- Thread stacks now have a random bias.
- fork(2) no longer changes the pthread_t of the forking thread in the child.
- Signaling races eliminated from pthread_kill(3) and pthread_cancel(3).
- Assorted improvements:
- New in-memory file system, tmpfs.
- Many fuse(4) improvements and stability fixes.
- Added POSIX required nl(1) utility.
- OpenBSD/vax has switched to GCC 3.
- Replaced getdirentries(2) with getdents(2), vastly improving the performance and memory usage of telldir(3).
- amd64 and i386 now use the MWAIT instruction for their idle loop where available to reduce latency.
- Added support for CLOCK_UPTIME.
- Added tcgetsid(3).
- clock_t is now a 64 bit type, so it no longer wraps around in only 248 days.
- ino_t is now a 64 bit type, mostly to support large NFS filesystems.
- Corrected handling of UTIME_OMIT.
- pax(1) now sets the mode and timestamps correctly on symlinks, and makes hardlinks to symlinks when requested.
- Corrected handling of shared-library destructors when libc is statically linked.
- Corrected various disk drivers to handle non-512-byte sectors and disk sizes greater than 32-bits.
- Corrected growfs(8) to handle non-512-byte sectors and disk sizes greater than 32-bits.
- All CIRCLEQ uses replaced with TAILQ.
- Preserve and honour changes to the OpenBSD bounds in a disklabel.
- fdisk(8) now always writes a good signature when MBR is written to disk.
- disklabel(8) now writes the disklabel to the correct location on non-512-byte sector devices.
- Fix athn(4) tick calculations to eliminate excessive timeouts.
- Allow disklabel(8) to set any partition, including 'C', to type UNUSED.
- New sha512(1) tool to calculate and verify the SHA-512 checksums of files.
- sha256(1) and related tools
(cksum(1),
md5(1),
sha1(1), and
sha512(1))
now support a new -h flag to place the checksum into a specified hash file instead of stdout.
- sha256(1) and related tools now support a new -C flag that allows the verification of selected files in a checklist.
- sha256(1) and related tools will now print MISSING if they encounter non-existent files in a checklist.
- i386 and amd64 platforms can now boot from keydisk-based softraid(4) crypto volumes.
- Allow softraid(4) to work with partitions larger than 2TB.
- Removed experimental RAID 4 support from softraid(4).
- Added experimental support for rebuilding RAID 5 softraid(4) volumes. Lots of testing is still required and there is missing functionality, such as the ability to resume a partially completed rebuild. bioctl(8) refuses to create RAID 5 volumes unless recompiled with -DRAID5.
- The uhts(4) driver has been merged into
ums(4).
- OpenSSH 6.6 (including changes to 6.5, a feature-focused release):
- Security:
- sshd(8):
when using environment passing with a
sshd_config(5)
AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
be tricked into accepting any enviornment variable that contains the
characters before the wildcard character.
- New/changed features:
- ssh(1),
sshd(8):
Add support for key exchange using elliptic-curve Diffie Hellman
in Daniel Bernstein's Curve25519. This key exchange method is
the default when both the client and server support it.
- ssh(1),
sshd(8):
Add support for ED25519 as a public key type. ED25519 is
a elliptic curve signature scheme that offers better security than
ECDSA and DSA and good performance. It may be used for
both user and host keys.
- Add a new private key format that uses a bcrypt KDF to better
protect keys at rest. This format is used unconditionally for
ED25519 keys, but may be requested when generating or saving
existing keys of other types via the -o
ssh-keygen(1)
option. We intend to make the new format the default in the near
future. Details of the new format are in the PROTOCOL.key
file.
- ssh(1),
sshd(8):
Add a new transport cipher "chacha20-poly1305@openssh.com" that
combines Daniel Bernstein's ChaCha20 stream cipher and
Poly1305 MAC to build an authenticated encryption mode. Details
are in the PROTOCOL.chacha20poly1305 file.
- ssh(1),
sshd(8):
Refuse RSA keys from old proprietary clients and servers that
use the obsolete RSA+MD5 signature scheme. It will still be
possible to connect with these clients/servers but only DSA keys
will be accepted, and OpenSSH will refuse connection entirely in a
future release.
- ssh(1),
sshd(8):
Refuse old proprietary clients and servers that use a weaker key
exchange hash calculation.
- ssh(1):
Increase the size of the Diffie-Hellman groups requested for
each symmetric key size. New values from NIST Special Publication
800-57 with the upper limit specified by RFC 4419.
- ssh(1),
ssh-agent(1):
Support PKCS#11 tokens that only provide X.509 certs
instead of raw public keys. (requested as bz#1908)
- ssh(1):
Add a
ssh_config(5)
Match keyword that allows conditional configuration to be
applied by matching on hostname, user and result of
arbitrary commands.
- ssh(1):
Add support for client-side hostname canonicalisation using a
set of DNS suffixes and rules in
ssh_config(5).
This allows unqualified names to be canonicalised to fully-qualified
domain names to eliminate ambiguity when looking up keys in
known_hosts or checking host certificate names.
- sftp-server(8):
Add the ability to whitelist and/or blacklist sftp protocol requests by
name.
- sftp-server(8):
Add a sftp "fsync@openssh.com" to support calling
fsync(2)
on an open file handle.
- sshd(8):
Add a
ssh_config(5)
PermitTTY to disallow TTY allocation, mirroring the
longstanding no-pty authorized_keys option.
- ssh(1):
Add a
ssh_config(5)
ProxyUseFDPass option that supports the use of
ProxyCommands that establish a connection and then pass a
connected file descriptor back to
ssh(1).
This allows the ProxyCommand to exit rather than staying
around to transfer data.
- ssh(1),
sshd(8):
this release removes the J-PAKE authentication code. This code
was experimental, never enabled and had been unmaintained for some
time.
- ssh(1):
when processing Match blocks, skip 'exec' clauses
other clauses predicates failed to match.
- ssh(1):
if hostname canonicalisation is enabled and results in the destination
hostname being changed, then re-parse
ssh_config(5)
files using the new destination hostname. This gives 'Host'
and 'Match' directives that use the expanded hostname a chance
to be applied.
- The following significant bugs have been fixed in this release:
- ssh(1),
sshd(8):
Fix potential stack exhaustion caused by nested certificates.
- ssh(1):
make BindAddress work with UsePrivilegedPort.
(bz#1211)
- sftp(1):
fix the progress meter for resumed transfer. (bz#2137)
- ssh-add(1):
do not request smartcard PIN when removing keys from
ssh-agent(1).
(bz#2187)
- sshd(8):
fix re-exec fallback when original
sshd(8)
binary cannot be executed. (bz#2139)
- ssh-keygen(1):
Make relative-specified certificate expiry times relative to current
time and not the validity start time.
- sshd(8):
fix AuthorizedKeysCommand inside a Match block.
(bz#2161)
- sftp(1):
symlinking a file would incorrectly canonicalise the target path.
(bz#2129)
- ssh-agent(1):
fix a use-after-free in the PKCS#11 agent helper executable.
(bz#2175)
- sshd(8):
Improve logging of sessions to include the user name, remote
host and port, the session type (shell, command,
etc.) and allocated TTY (if any).
- sshd(8):
tell the client (via a debug message) when their preferred listen
address has been overridden by the server's GatewayPorts
setting. (bz#1297)
- sshd(8):
include report port in bad protocol banner message. (bz#2162)
- sftp(1):
fix memory leak in error path in do_readdir(). (bz#2163)
- sftp(1):
don't leak file descriptor on error. (bz#2171)
- sshd(8):
include the local address and port in "Connection
from ..." message. (only shown at loglevel>=verbose)
- ssh(1):
avoid spurious "getsockname failed: Bad file descriptor" in
ssh -W. (bz#2200, debian#738692)
- sshd(8):
allow the
shutdown(2)
syscall in seccomp-bpf and systrace sandbox modes, as it is reachable
if the connection is terminated during the pre-auth phase.
- ssh(1),
sshd(8):
fix unsigned overflow that in SSH protocol 1 bignum parsing.
Minimum key length checks render this bug unexploitable to compromise
SSH 1 sessions.
- sshd_config(5)
clarify behaviour of a keyword that appears in multiple matching
Match blocks. (bz#2184)
- ssh(1):
avoid unnecessary hostname lookups when canonicalisation is disabled.
(bz#2205)
- sshd(8):
avoid sandbox violation crashes in GSSAPI code by caching the supported
list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107)
- ssh(1):
fix possible crashes in SOCKS4 parsing caused by assumption that the
SOCKS username is nul-terminated.
- ssh(1):
fix regression for UsePrivilegedPort=yes when
BindAddress is not specified.
- ssh(1),
sshd(8):
fix memory leak in ECDSA signature verification.
- ssh(1):
fix matching of 'Host' directives in
ssh_config(5)
files to be case-insensitive again. (regression in 6.5)
- Ports and packages:
- Over 8,700 ports.
- Major overhaul of the package tools resulting in much better memory usage.
- pkg_add(1) now trusts signed packages only by default.
- The build process now allows some limited capability for building
conflicting packages, yielding kde4 packages as a result, along with kde3.
- Many pre-built packages for each architecture:
- i386: 8468
- sparc64: 7969
- alpha: 6199
- m68k: XXXX
|
- sh: XXXX
- amd64: 8534
- powerpc: 8057
- m88k: XXXX
|
- sparc: 4681
- arm: XXXX
- hppa: 6549
|
- vax: XXXX
- mips64: 4726
- mips64el: 6730
|
- Some highlights:
- GNOME 3.10.2
- KDE 3.5.10
- KDE 4.11.5
- Xfce 4.10
- MySQL 5.1.73
- PostgreSQL 9.3.2
- Postfix 2.11.0
- OpenLDAP 2.3.43 and 2.4.38
- Mozilla Firefox 24.3 and 26.0
- Mozilla Thunderbird 24.3.0
- GHC 7.6.3
- LibreOffice 4.1.4.2
- Emacs 21.4 and 24.3
- Vim 7.4.135
- PHP 5.3.28 and 5.4.24
- Python 2.7.6 and 3.3.2
- Ruby 1.8.7.374, 1.9.3.484, 2.0.0.353 and 2.1.0
- Tcl/Tk 8.5.15 and 8.6.1
- JDK 1.6.0.32 and 1.7.0.21
- Mono 2.10.9
- Chromium 32.0.1700.102
- Groff 1.22.2
- Go 1.2
- GCC 4.6.4 and 4.8.2
- LLVM/Clang 3.3
- Node.js 0.10.24
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
- Xenocara (based on X.Org 7.7 with xserver 1.14.5 + patches,
freetype 2.5.2, fontconfig 2.10.91, Mesa 9.2.5, xterm 301,
xkeyboard-config 2.10.1 and more)
- Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
- Perl 5.16.3 (+ patches)
- Our improved and secured version of Apache 1.3, with
SSL/TLS and DSO support
- Nginx 1.4.4 (+ patches)
- OpenSSL 1.0.1c (+ patches)
- SQLite 3.8.0.2 (+ patches)
- Sendmail 8.14.8, with libmilter
- Bind 9.4.2-P2 (+ patches)
- NSD 4.0.1
- Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
- Sudo 1.7.2p8
- Ncurses 5.7
- Heimdal 1.5.2 (+ patches)
- Binutils 2.15 (+ patches)
- Gdb 6.3 (+ patches)
- Less 444 (+ patches)
- Awk Aug 10, 2011 version
How to install
Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an FTP (or other style
of) install are very similar; the CDROM instructions are left intact
so that you can see how much easier it would have been if you had
purchased a CDROM instead.
Please refer to the following files on the three CDROMs or FTP mirror for
extensive details on how to install OpenBSD 5.5 on your machine:
Quick installer information for people familiar with OpenBSD, and the
use of the "disklabel -E" command. If you are at all confused when
installing OpenBSD, read the relevant INSTALL.* file as listed above!
OpenBSD/i386:
Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
release is on CD1. If your BIOS does not support booting from CD, you will need
to create a boot floppy to install from. To create a boot floppy write
CD1:5.5/i386/floppy55.fs to a floppy and boot via the floppy drive.
Use CD1:5.5/i386/floppyB55.fs instead for greater SCSI controller
support, or CD1:5.5/i386/floppyC55.fs for better laptop support.
If you can't boot from a CD or a floppy disk,
you can install across the network using PXE as described in
the included INSTALL.i386 document.
If you are planning on dual booting OpenBSD with another OS, you will need to
read INSTALL.i386.
To make a boot floppy under MS-DOS, use the "rawrite" utility located
at CD1:5.5/tools/rawrite.exe. To make the boot floppy under a Unix OS,
use the
dd(1)
utility. The following is an example usage of
dd(1),
where the device could be "floppy", "rfd0c", or
"rfd0a".
# dd if=<file> of=/dev/<device> bs=32k
Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
your install will most likely fail. For more information on creating a boot
floppy and installing OpenBSD/i386 please refer to
FAQ 4.3.2.
OpenBSD/amd64:
The 5.5 release of OpenBSD/amd64 is located on CD2.
Boot from the CD to begin the install - you may need to adjust
your BIOS options first.
If you can't boot from the CD, you can create a boot floppy to install from.
To do this, write CD2:5.5/amd64/floppy55.fs to a floppy, then
boot from the floppy drive.
If you can't boot from a CD or a floppy disk,
you can install across the network using PXE as described in the included
INSTALL.amd64 document.
If you are planning to dual boot OpenBSD with another OS, you will need to
read INSTALL.amd64.
OpenBSD/macppc:
Burn the image from the FTP site to a CDROM, and power on your machine
while holding down the C key until the display turns on and
shows OpenBSD/macppc boot.
Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot
/5.5/macppc/bsd.rd
OpenBSD/sparc64:
Put CD3 in your CDROM drive and type boot cdrom.
If this doesn't work, or if you don't have a CDROM drive, you can write
CD3:5.5/sparc64/floppy55.fs or CD3:5.5/sparc64/floppyB55.fs
(depending on your machine) to a floppy and boot it with boot
floppy. Refer to INSTALL.sparc64 for details.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
You can also write CD3:5.5/sparc64/miniroot55.fs to the swap partition on
the disk and boot with boot disk:b.
If nothing works, you can boot over the network as described in INSTALL.sparc64.
OpenBSD/alpha:
Write FTP:5.5/alpha/floppy55.fs or
FTP:5.5/alpha/floppyB55.fs (depending on your machine) to a diskette and
enter boot dva0. Refer to INSTALL.alpha for more details.
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
OpenBSD/armish:
After connecting a serial port, Thecus can boot directly from the network
either tftp or http. Configure the network using fconfig, reset,
then load bsd.rd, see INSTALL.armish for specific details.
IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
More details are available in INSTALL.armish.
OpenBSD/hp300:
OpenBSD/hppa:
OpenBSD/landisk:
Write miniroot55.fs to the start of the CF
or disk, and boot normally.
OpenBSD/loongson:
Write miniroot55.fs to a USB stick and boot bsd.rd from it
or boot bsd.rd via tftp.
Refer to the instructions in INSTALL.loongson for more details.
OpenBSD/luna88k:
Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
from the PROM, and the bsd.rd from the bootloader.
Refer to the instructions in INSTALL.luna88k for more details.
OpenBSD/mvme68k:
You can create a bootable installation tape or boot over the network.
The network boot requires a MVME68K BUG version that supports the NIOT
and NBO debugger commands. Follow the instructions in INSTALL.mvme68k
for more details.
OpenBSD/mvme88k:
You can create a bootable installation tape or boot over the network.
The network boot requires a MVME88K BUG version that supports the NIOT
and NBO debugger commands. Follow the instructions in INSTALL.mvme88k
for more details.
OpenBSD/octeon:
After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
Refer to the instructions in INSTALL.octeon for more details.
OpenBSD/sgi:
To install, burn cd55.iso on a CD-R, put it in the CD drive of your
machine and select Install System Software from the System Maintenance
menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
CD-ROM, and need a proper invocation from the PROM prompt.
Refer to the instructions in INSTALL.sgi for more details.
If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
system type. Refer to the instructions in INSTALL.sgi for more details.
OpenBSD/socppc:
After connecting a serial port, boot over the network via DHCP/tftp.
Refer to the instructions in INSTALL.socppc for more details.
OpenBSD/sparc:
Boot from one of the provided install ISO images, using one of the two
commands listed below, depending on the version of your ROM.
ok boot cdrom 5.5/sparc/bsd.rd
or
> b sd(0,6,0)5.5/sparc/bsd.rd
If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
To do so you need to write floppy55.fs to a floppy.
For more information see FAQ 4.3.2.
To boot from the floppy use one of the two commands listed below,
depending on the version of your ROM.
ok boot floppy
or
> b fd()
Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
will most likely fail.
If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
setup a bootable tape, or install via network, as told in the
INSTALL.sparc file.
OpenBSD/vax:
Boot over the network via mopbooting as described in INSTALL.vax.
OpenBSD/zaurus:
Using the Linux built-in graphical ipkg installer, install the
openbsd55_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
for a few important details.
Notes about the source code:
src.tar.gz contains a source archive starting at /usr/src. This file
contains everything you need except for the kernel sources, which are
in a separate archive. To extract:
# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz
sys.tar.gz contains a source archive starting at /usr/src/sys.
This file contains all the kernel sources you need to rebuild kernels.
To extract:
# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz
Both of these trees are a regular CVS checkout. Using these trees it
is possible to get a head-start on using the anoncvs servers as
described here.
Using these files
results in a much faster initial CVS update than you could expect from
a fresh checkout of the full OpenBSD source tree.
How to upgrade
If you already have an OpenBSD 5.4 system, and do not want to reinstall,
upgrade instructions and advice can be found in the
Upgrade Guide.
Ports Tree
A ports tree archive is also provided. To extract:
# cd /usr
# tar xvfz /tmp/ports.tar.gz
The ports/ subdirectory is a checkout of the OpenBSD ports tree. Go
read the ports page
if you know nothing about ports
at this point. This text is not a manual of how to use ports.
Rather, it is a set of notes meant to kickstart the user on the
OpenBSD ports system.
The ports/ directory represents a CVS (see the manpage for
cvs(1) if
you aren't familiar with CVS) checkout of our ports. As with our complete
source tree, our ports tree is available via
AnonCVS.
So, in order to keep current with it, you must make the ports/ tree
available on a read-write medium and update the tree with a command
like:
# cd /usr/ports
# cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_5
[Of course, you must replace the server name here with a nearby anoncvs
server.]
Note that most ports are available as packages through FTP. Updated
packages for the 5.5 release will be made available if problems arise.
If you're interested in seeing a port added, would like to help out, or just
would like to know more, the mailing list
ports@openbsd.org is a good place to know.