Encryption of two disks on the same host
I want to use full disk encryption on all of the disks of a host (two hosts). They can have the same password. How should I do this? 1. A method that I know will work is to make separate CRYPTO discipline softraid devices for each disk, install on one of them; and configure and mount the other disk encryption by calling bioctl rc.local. I would either type the password twice or use a keydisk stored on the first softraid device. 2. I could make a RAID 0 or CONCAT discipline device to combine the two devices and then make a CRYPTO discipline device on top of that, but my reading of the manual pages suggests that I can't install boot(8) on this. 3. Perhaps I could do the option 2 and add a new disk (SD card) that I use just for installing boot(8). (If I'm doing that, I might use the same SD card for both boot and keydisk.) Are there other approaches I should consider? And, if I want to put boot on a separate disk, which question in the installer do I specify that in?
Owner and group of a newly created file
I was just reading about the effect of Set-user-Id and Set-group-Id bits on file creation, as they seem like they would be useful for me. Unfortunately, most of the documentation I have managed to find is related to GNU systems, and this could easily be different in OpenBSD. https://www.gnu.org/software/coreutils/manual/html_node/Directory-Setuid-and-Setgid.html It appears that they have no effect on file creation. Rather, they a only "on execution", as specified in the manual. https://man.openbsd.org/chmod FreeBSD similarly seems to ignore these settings. https://www.freebsd.org/doc/handbook/permissions.html Perhaps this is why there is only GNU documentation on this feature; it seems that it does not exist in OpenBSD. Am I correct in my conclusion that files created in OpenBSD are always owned by the creator and group-owned by the directory's group? That is, a GNU system would mimic this behaviour when u-s,g+s (6000) is set on the directory? Suppose, for example, I run this as root. mkdir /test chown root:wheel /test chmod a+rwx,u-s,g-s /test And then this as tlevine touch /test/a This is the result. $ ls -lhd /test{,/a} drwxrwxrwx 2 root wheel 512B Jul 1 12:46 /test -rw-r--r-- 1 tlevine wheel 0B Jul 1 12:46 /test/a I repeat the process, except that I set the user and group id this time. As root, rm -R /test mkdir /test chown root:wheel /test chmod a+rwx,u-s,g-s /test As tlevine, touch /test/a The resulting /test/a has the same owner and group as before. $ ls -lhd /test{,/a} drwsrwsrwx 2 root wheel 512B Jul 1 12:48 /test -rw-r--r-- 1 tlevine wheel 0B Jul 1 12:48 /test/a Very conveniently for me, this behaviour (u-s,g+s in GNU) is the mode that I want. Perhaps this is by design.
Re: New laptop recommendations
I spoke with Todd Weaver at LibrePlanet about running OpenBSD on Purism. I suggested that the company install a bunch of operating systems and post dmesg, but I don't think they have done that yet. If I remember correctly, he also said he would be happy to provide a refurbished laptop to a developer for the purpose of confirming that the hardware works well on OpenBSD.
Why would you use make show rather than make -V in ports?
The normal port Makefile includes this "show" target. $ grep -A3 ^show: /usr/ports/infrastructure/mk/bsd.port.mk show: .for _s in ${show} @echo ${${_s}:Q} .endfor Why would one use it rather than make -V?