Encryption of two disks on the same host
I want to use full disk encryption on all of the disks of a host (two hosts). They can have the same password. How should I do this? 1. A method that I know will work is to make separate CRYPTO discipline softraid devices for each disk, install on one of them; and configure and mount the other disk encryption by calling bioctl rc.local. I would either type the password twice or use a keydisk stored on the first softraid device. 2. I could make a RAID 0 or CONCAT discipline device to combine the two devices and then make a CRYPTO discipline device on top of that, but my reading of the manual pages suggests that I can't install boot(8) on this. 3. Perhaps I could do the option 2 and add a new disk (SD card) that I use just for installing boot(8). (If I'm doing that, I might use the same SD card for both boot and keydisk.) Are there other approaches I should consider? And, if I want to put boot on a separate disk, which question in the installer do I specify that in?
Owner and group of a newly created file
I was just reading about the effect of Set-user-Id and Set-group-Id bits
on file creation, as they seem like they would be useful for me.
Unfortunately, most of the documentation I have managed to find is
related to GNU systems, and this could easily be different in OpenBSD.
https://www.gnu.org/software/coreutils/manual/html_node/Directory-Setuid-and-Setgid.html
It appears that they have no effect on file creation. Rather, they a
only "on execution", as specified in the manual.
https://man.openbsd.org/chmod
FreeBSD similarly seems to ignore these settings.
https://www.freebsd.org/doc/handbook/permissions.html
Perhaps this is why there is only GNU documentation on this feature;
it seems that it does not exist in OpenBSD. Am I correct in my
conclusion that files created in OpenBSD are always owned by the creator
and group-owned by the directory's group? That is, a GNU system would
mimic this behaviour when u-s,g+s (6000) is set on the directory?
Suppose, for example, I run this as root.
mkdir /test
chown root:wheel /test
chmod a+rwx,u-s,g-s /test
And then this as tlevine
touch /test/a
This is the result.
$ ls -lhd /test{,/a}
drwxrwxrwx 2 root wheel 512B Jul 1 12:46 /test
-rw-r--r-- 1 tlevine wheel 0B Jul 1 12:46 /test/a
I repeat the process, except that I set the user and group id this time. As
root,
rm -R /test
mkdir /test
chown root:wheel /test
chmod a+rwx,u-s,g-s /test
As tlevine,
touch /test/a
The resulting /test/a has the same owner and group as before.
$ ls -lhd /test{,/a}
drwsrwsrwx 2 root wheel 512B Jul 1 12:48 /test
-rw-r--r-- 1 tlevine wheel 0B Jul 1 12:48 /test/a
Very conveniently for me, this behaviour (u-s,g+s in GNU) is the mode
that I want. Perhaps this is by design.
Re: New laptop recommendations
I spoke with Todd Weaver at LibrePlanet about running OpenBSD on Purism. I suggested that the company install a bunch of operating systems and post dmesg, but I don't think they have done that yet. If I remember correctly, he also said he would be happy to provide a refurbished laptop to a developer for the purpose of confirming that the hardware works well on OpenBSD.
Why would you use make show rather than make -V in ports?
The normal port Makefile includes this "show" target.
$ grep -A3 ^show: /usr/ports/infrastructure/mk/bsd.port.mk
show:
.for _s in ${show}
@echo ${${_s}:Q}
.endfor
Why would one use it rather than make -V?
