Re: Some questions about NetBSD

[Stephen Borrill]

On Sun, 12 Aug 2018, Greg Troxel wrote:

Next, I noticed that there was a lot of things installed. For example, I
don't need X11. On Linux, pretty much everything is managed by the
package manager, but pkgsrc only takes care of /usr/pkg.


That's how it is.  Ancient BSD tradition is to have things either in the
base system, or not in the base system (and thus not part of BSD, just
usable with it).  NetBSD continues this, and now X11 is part of the base
system.  Then pkgsrc as you found has a vast number of things in
/usr/pkg on almost all system types (/opt/pkg on Mac, usually).


Q2: How can I uninstall unwanted system sets?

Following up on that, if the core system is not managed by a package
manager...


You can find the list of files in the set, and rm them :-)   Seriously,
that should work.


Specifically you can use /etc/mtree/set.* to determine what is installed 
and what to remove.


I have work-in-progress script I use to manage OS sets:
http://www.netbsd.org/~sborrill/updateos

--
Stephen

Re: Some questions about NetBSD

[maya]

On Sun, Aug 12, 2018 at 10:15:10AM -0400, alec wrote:
> Q3: What happens if a security vulnerability is found in the base
> system? Do I really have to fetch things from CVS and recompile them? Or
> is there some way to get updates?

You can unpack new sets on top of old sets. There's daily builds on:
https://nycdn.netbsd.org/pub/NetBSD-daily

You can cd /; tar xzpf /path/to/set.tgz

It will leave a small amount of things behind, postinstall can collect
them, as long as you keep upgrading.
It isn't safe to run postinstall on a downgrade.

For RPI, your kernel is on another partition and not /netbsd, so it's a
bit more involved, but I think you can mount it with mount -t msdos and
replace it.

Re: Some questions about NetBSD

[Greg Troxel]

Also, you asked about auto-resizing.  If you write the image, and then
mount it on a system before booting it on the RPI, you can look in
/etc/rc.conf and /etc/rc.d and find the resize_root and resize_disklabel
variables and scripts.  You can turn these off before booting.

I'm not sure why you don't want to resize.  You may want to let it
resize the label (to match the actual card) but not root (so that the
remaining space ends up unallocated).  Of course you can do as you want,
and by reading those scripts and changing variables I think it will be
fairly straighforward.


signature.asc
Description: PGP signature

Re: Some questions about NetBSD

[Greg Troxel]

alec  writes:

> I recently saw news about the NetBSD 8.0 release, and I thought it might
> work well for a personal project I've been planning to do, and I've been
> wanting to try something new. I'm a longtime Linux user, but I never
> used BSDs before. I had a spare Raspberry Pi, so I decided to first
> throw NetBSD on it to try it out.

Welcome!

> The first question is about the installation process. I downloaded the
> image [1], dd'd it onto an sdcard and once it started, it automatically
> resized the partition to take up the entire card, rebooted and was ready
> to use.

That is the main plan for the RPI images.

> But, that's not exactly what I want. According to the guide [2], there
> should be an installer where I can configure the partition layout among
> other things. Apparently, ARMv6 does come with an it [3], but not ARMv7.

Many architectures (ports we call them) have an installation mode where
you boot an installation kernel and then run the installer to format the
disk and unpack sets.  On RPI, it's easy to put the uSD card in another
computer and write to it, and I'm not aware of netbooting or booting off
USB.  So the installation methods vary on some ports.

> Q1: Is there an alternative way to install NetBSD? I see that there's
> binary/kernel and binary/sets directories - is it possible to manually
> partition/format the disk, extract those and have it working? Is there
> any guide on how to do it?

Yes, you can do that (from another system).  Basically making partitions
and filesystems and unpacking the sets on the uSD.  There isn't really a
guide as this is typically done rarely by people who understand the fs
layout.

However, the img file you downloaded was created by the build process.
You can check out netbsd sources (the netbsd-8 branch) and run build.sh
(on Linux even) to create a full release, and you can modify how the img
is created.

RPI needs a FAT32 boot partition that uboot can get the kernel from, and
then the NetBSD kernel finds a BSD filesystem for root.

> Next, I noticed that there was a lot of things installed. For example, I
> don't need X11. On Linux, pretty much everything is managed by the
> package manager, but pkgsrc only takes care of /usr/pkg.

That's how it is.  Ancient BSD tradition is to have things either in the
base system, or not in the base system (and thus not part of BSD, just
usable with it).  NetBSD continues this, and now X11 is part of the base
system.  Then pkgsrc as you found has a vast number of things in
/usr/pkg on almost all system types (/opt/pkg on Mac, usually).

> Q2: How can I uninstall unwanted system sets?
>
> Following up on that, if the core system is not managed by a package
> manager...

You can find the list of files in the set, and rm them :-)   Seriously,
that should work.

Or, you can craft a custom img build or installation script that only
installs some sets in the first place.

Or, if you aren't really that short on space, you can choose to let them
sit there instead, which is the easiest path.

> Q3: What happens if a security vulnerability is found in the base
> system? Do I really have to fetch things from CVS and recompile them? Or
> is there some way to get updates?

What I do is to keep sources for the branch, and to do a full release
build, and then to overlay that on the system to update.  While it takes
a bit of crunching, it works well.  Because NetBSD's build process is
essentially always a cross build (even if build host and target are the
same), it's easy to build a RPI release on a fast desktop.

The scripts I used to manage this build and update process are in
pkgsrc/sysutils/etcmanage, and there are other scripts from others.
Note that etcmanage does not yet understand that the rpi kernel is in
/boot/kernel7.img instead of /netbsd, and it's on my todo list to
automate that.

> I see that in security.conf(5) it says it scans pkgs for vulnerabilities
> daily (and I suppose if there are, there would be binary package
> updates), but what about the base system?

There are security advisories, but what I do is update along the stable
branch every month or so.

> And lastly, speaking of pkgsrc, if I try to point it at HTTPS:
>   export 
> PKG_PATH="https://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/earmv7hf/8.0/All;
> it fails.

Thanks for pointing that out.   Just looking at it with firefox, I see
an issue.

Also, pkgsrc has the mode of you compiling things yourself from a
checked-out pkgsrc.  But there are binary packages for some CPU
architectures and OS versions.

> Q4: Is there any signature on the packages to ensure integrity?

(I'll leave that for someone else.)


signature.asc
Description: PGP signature

Some questions about NetBSD

[alec]

Hello

I recently saw news about the NetBSD 8.0 release, and I thought it might
work well for a personal project I've been planning to do, and I've been
wanting to try something new. I'm a longtime Linux user, but I never
used BSDs before. I had a spare Raspberry Pi, so I decided to first
throw NetBSD on it to try it out.

The first question is about the installation process. I downloaded the
image [1], dd'd it onto an sdcard and once it started, it automatically
resized the partition to take up the entire card, rebooted and was ready
to use.

But, that's not exactly what I want. According to the guide [2], there
should be an installer where I can configure the partition layout among
other things. Apparently, ARMv6 does come with an it [3], but not ARMv7.

Q1: Is there an alternative way to install NetBSD? I see that there's
binary/kernel and binary/sets directories - is it possible to manually
partition/format the disk, extract those and have it working? Is there
any guide on how to do it?

Next, I noticed that there was a lot of things installed. For example, I
don't need X11. On Linux, pretty much everything is managed by the
package manager, but pkgsrc only takes care of /usr/pkg.

Q2: How can I uninstall unwanted system sets?

Following up on that, if the core system is not managed by a package
manager...

Q3: What happens if a security vulnerability is found in the base
system? Do I really have to fetch things from CVS and recompile them? Or
is there some way to get updates?

I see that in security.conf(5) it says it scans pkgs for vulnerabilities
daily (and I suppose if there are, there would be binary package
updates), but what about the base system?

And lastly, speaking of pkgsrc, if I try to point it at HTTPS:
  export 
PKG_PATH="https://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/earmv7hf/8.0/All;
it fails.

Q4: Is there any signature on the packages to ensure integrity?

Thanks!


[1] https://ftp.netbsd.org/pub/NetBSD/NetBSD-8.0/evbarm-earmv7hf/binary/gzimg/
[2] https://www.netbsd.org/docs/guide/en/chap-exinst.html
[3] https://ftp.netbsd.org/pub/NetBSD/NetBSD-8.0/evbarm-earmv6hf/binary/gzimg/