Openbsd

OpenBSD is a standalone project, a branch of NetBSD that arose in late 1995 as a result of a split in the development team. Theo de Raadt , one of the four founders of NetBSD, was forced to leave the project after a confrontation over the further development of the operating system ^[23] . Taking the NetBSD source tree as a basis and remaking it in accordance with his vision, he created his own project - OpenBSD, into which, after it, some other NetBSD developers also moved on.

OpenBSD releases new versions ( releases ) every six months: tentatively on May 1 and November 1 ^[24] . Currently, 15 different platforms and architectures are supported, including popular i386- compatible computers, M68k , UltraSPARC , DEC Alpha , AMD64 , Sharp Zaurus and others ^{[25] [26] [27]} . Over 9,500 packages of software are available for installation through a standard port engine. ^[28]

Between releases there is a regular release of snapshots , formed in the same way as releases. Snapshots basically correspond to the current state of the source tree, but sometimes additional changes are made that require testing.

Each release is accompanied by a comic strip and at least one song ^[29] . The songs talk about the process of creating releases, about disputes and conflicts that have arisen over the past 6 months, but most often the theme of the songs is the news of the corresponding release. Until 2016, releases were released on CD-ROM . Starting with version 6.1, releases are released only on the Internet, and on the CD-ROM exactly one copy is put up for auction ^[30] .

Installing OpenBSD is normally possible in many ways, including: from a CD , from a USB flash drive, from a floppy disk , and also over the network using PXE . ^[31] Due to limitations of individual hardware platforms, some installation methods may not be available.

Releases, including snapshots, are signed by the signify utility of its own design. Separate keys are signed: 1) the base system; 2) third-party packages with equipment firmware ; 3) all other third-party packages. Each new release is signed with a new key, and the public key for the next release is delivered already with the previous release.

OpenBSD is one of the few popular modern general-purpose operating systems that does not have a full-time graphical and / or localized installer . The regular installer is a large shell script with the ability to automatically install . ^[32]

The most popular (although by no means the only) application of OpenBSD is network security systems ( firewalls ). To a large extent, this is facilitated by subsidiary projects developed in parallel:

• Packet Filter (PF) is a firewall with a built-in ALTQ queuing platform that replaces Darren Reed 's popular IPFilter in OpenBSD after many years of disagreement over the license ^{[33] [34]} . PF was highly appreciated and adopted by the developers of the parallel projects NetBSD ^[35] and FreeBSD ^[36] .
• OpenSSH is the most common open source implementation of SSH ^[37] .
• OpenNTPD - daemon for time synchronization via NTP ; can work as a server ^{[38] [39] [40]} .
• OpenOSPFD - implementation of the dynamic routing protocol OSPF (local routing).
• OpenBGPD is an implementation of the dynamic routing protocol BGP (global routing) ^[41] .
• OpenCVS - (in development and debugging; currently only part is used - OpenRCS) - a simpler and more secure CVS implementation than that developed under GNU ^[42] .
• OpenSMTPD is an implementation of the SMTP protocol ^[43] .
• OpenIKED is an implementation of the IKEv2 protocol, which is one of the main components of IPSec VPN ^[44] .
• LibreSSL is a fork of OpenSSL that provides compatibility with the parent project, but is systematically audited as part of OpenBSD.
• sndio is a sound server .

Individual OpenBSD developments did not become separate projects, but are used as compact, easier-to-audit substitutes for external alternatives, for example:

• doas is an alternative to sudo .
• signify is an alternative to the openssl utility that implements individual functions inherent in OpenSSL .
• vmm - own mechanism of (para-) virtualization .

OpenBSD differs from other free BSD systems in its development system. No code can enter the system from outside by accident; Any changes are reviewed by those responsible for the relevant part of the system. Any error found in one place causes a review of all similar code.

OpenBSD pays great attention to quality documentation. Any error in the man page is considered serious and immediately corrected. Much attention is also paid to the simplicity and clarity of the code - since the developers reasonably believe that the simpler the code, the less likely it is to miss an error.

OpenBSD developers categorically reject the use of any proprietary code in the system. Repeatedly, parts of the operating system were excluded from the repository due to licensing problems:

• IPFilter - Darren Reed's original license had a number of serious limitations, for example, it did not allow code modification. And in addition to fixing bugs, third-party programs in OpenBSD undergo tuning - changing defaults, prohibiting unsafe modes, etc. For some time IP Filter had a compromise license, but the author returned to the original wording, and starting with release 3.0, OpenBSD has become its own firewall Packet Filter
• XFree86 - due to a license change, it has been replaced by X.Org .
• OpenBSD (unlike the most common free systems today - Linux and FreeBSD , not to mention "half-open" systems like OpenSolaris ) does not use drivers with " blobs " - compiled object modules with undisclosed source code. In addition to proprietary execution, such drivers are positioned as potentially dangerous (especially in a system with a monolithic kernel , which is OpenBSD), since they also cannot be verified and necessary modifications. However, binary firmware is included in the system if they allow free distribution, since they are executed not on the central processor , but on the equipment itself.
• With rare exceptions, programs with licenses that do not allow distribution in the form of source codes and in binary (compiled) form are not included (or deleted) in the tree of ported programs (ports).

OpenBSD is being developed using CVS . To partially compensate for the inconvenience of using a centralized file version control system, the cvsync network of mirrors is supported . At the same time, there is openbsd-wip - a semi-official tree of ports under development located on GitHub . GitHub also has mirrors for CVS repositories. ^[45]

Native APIs

The following technologies are actively used in the OpenBSD code base. The project website maintains a detailed list with the authors.

• BSD Authentication - API for authentication ; originally developed as part of the BSDi project, is currently only supported in OpenBSD.
• imsg ^[46] - API for programs with separation of privileges between processes, used in many subprojects of OpenBSD.
• pledge ^[47] / unveil ^[48] - a mechanism of self-restriction by the processes of their capabilities, similar in spirit to Seccomp .
• strlcat / strlcpy - widely used outside the OpenBSD API for working with C-strings , helping to avoid buffer overflow problems typical for strcat / strcpy .

In 2003, funding from DARPA was discontinued. ^[49] The main source of funds for supporting the life of the project is individual donations; both in cash and in the form of equipment or transport tickets for developers.

On April 26, 2007, a non-profit organization , the OpenBSD Foundation (OpenBSD Foundation) , was created to solve the problem of donations from legal entities. ^[50] Unlike many other similar organizations, the OpenBSD Foundation does not affect the decisions made by the project and, with a separate exception ^[51] , does not act on its behalf.

On January 17, 2014, the project was in danger of being closed due to the fact that Theo de Raadt, who uses the huge “iron zoo” for OpenBSD at home, has accumulated significant electricity debts equivalent to $ 20,000, in connection with which he published a letter asking for help ^{[52] [53]} . A sponsor from among the Bitcoin- rich was found literally 2 days immediately after the link was published on the IRC channel #bitcoin-assets . Romanian businessman Mircea Popescu said that he was ready to donate all the necessary amount at once ^{[54] [55] [56]} .

At the moment, it is the OpenBSD Foundation that financially supports the project infrastructure, as well as the holding of hackathons.

• Comparison of operating systems of the BSD family

• openbsd.org - official OpenBSD website
• Undeadly - The Official OpenBSD Developer Blog and More
• OpenBSD News on Linux.org.ru

Additional Information

• OpenBSD Source Search
• Sqlports- based OpenBSD Port Finder with Dependency Details
• Search OpenBSD Ports Based on CVS Change History