NetBSD - A little guide for newcomers


#1

As I was not happy with the sizes of my partitions and had nothing to loose, I’d backed-up my configuration files at github. I’ve decided to do a fresh install of NetBSD 8.0 on my laptop.

When I did this for the first time, I remember I’d to collect bits and pieces from different places, some of which were rather old and outdated. So I’ve decided to write this stuff down and publish it here.
Hope that it helps anyone looking to install and configure NetBSD as a laptop/desktop daily driver, if it helps one single soul, I’d be happy!

I got this old, 2013 laptop without a hard drive, but with a 4GB RAM chip.
How large should the hard drive be?
Looking on the web and asking a few questions, I came to the conclusion that NetBSD wouldn’t require that much for a full install.
So I bought a 30GB SSD for $20 and placed it in this laptop. Then, I installed NetBSD 8.0 from an usb, as described in “The Guide”, https://www.netbsd.org/docs/guide/en/

Choose keyboard -> Install to hard disk -> Full installation -> Use the entire disk
Then set the sizes of the partitions. NetBSD installs software to /usr/pkg, so /usr should be the largest partition on the drive, this is my new partition scheme for the 30GB drive:
/ 3GB
/var 3GB
/usr 16GB
/home 3GB
swap 4GB

When the base install was finished, I choose to let dhcp configure my network connection automatically, set the console keyboard, created a root password and set the root shell to /bin/ksh. As I’m in Europe, I’ve configured the system to use an European mirror for pkgin and I’m currently pulling my packages from ftp.fr.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/8.0/All/

I’ve chosen not to set-up pkgsrc for now. Why? Keep it simple to start with and, to be honest I think a larger hard drive would be handy to build packages from source using pkgsrc, as the build directory needs some space to grow during the building process.
Also, I always choose to add a system user after installing, so that’s what I’ve done this time as well.

After installing and rebooting the system, login as root and…

# pkgin install xinit setxkbmap sudo dbus fam avahi
# pkgin install awesome abiword gimp galculator pcmanfm firefox-62 leafpad vim free tree scrot epdfview gnome-themes-standard gtk2-engines gtk2-engines-murrine mpv gtar htop
# pkgin install cantarell-fonts dejavu-ttf liberation-ttf ubuntu-fonts git-base

I use awesome wm, but obviously you can replace it with whatever wm you prefer. Although, there’s nothing better than awesome :wink:

Next you copy some start up files to /etc/rc.d

# cp /usr/pkg/share/examples/rc.d/dbus /etc/rc.d/
# cp /usr/pkg/share/examples/rc.d/famd /etc/rc.d/
# cp /usr/pkg/share/examples/rc.d/avahidaemon /etc/rc.d/

Add these to /etc/rc.conf with the following:

rpcbind=YES
dbus=YES
famd=YES
avahidaemon=YES

and reboot.

Add an user

useradd -g wheel -G users -s /bin/ksh -c "your real name" -m name
passwd name

Uncomment the following line using visudo to edit the sudoers file.

%wheel ALL=(ALL) ALL

To be able to reboot and shutdown your laptop/desktop without having to enter the sudo password add the following to the file using visudo

# Enable sudo for login 'name'
name ALL=(ALL) NOPASSWD: /sbin/reboot, /sbin/poweroff, /sbin/shutdown

If you prefer, the same is possible to achieve by read drop-in files from /usr/pkg/etc/sudoers.d

Now, if you want to use git, wget and curl check if the mozilla-rootcerts have already been pulled by another package, they should have,

pkigin search mozilla-rootcerts

Now, either run

mozilla-rootcerts install

or as I did instead

pkgin install mozilla-rootcerts-openssl

Reboot, login as the new user and configure your stuff, like .xinitrc, .shrc,…
If you need some clues have a look at my github repo, I’ve all my configuration files there, https://github.com/voidpin/awesome-wm-netbsd
Next time you login, you can issue startx to launch the graphical environment on your install.
Enjoy NetBSD!

:hugs:

gtk-theme: Equilux, https://www.gnome-look.org/p/1182169/
gtk-icon-theme: Orange-Maia, https://www.gnome-look.org/p/1218961/


#2

why would you enable hald though? It’s old, heavy, vulnerable and what else. Is there any package actually still requiring it?
There’s BSD amd for automounting and HEAD has a working autofs/automountd port already

Another thing I’d do on a fresh install is installing Mozilla-signed certificates, otherwise SSL/TLS handshake on encrypted web/ftp pages, will always fail, as it will SSL fingerprint verification while sending mails through(E)SMTPS, fetching files from https mirrors with curl, wget, etc…, cloning/checking-out repos with git or svn respectively.

cd /usr/pkgsrc/security/mozilla-rootcerts
make install clean clean-depends
mozilla-rootcerts install

#3

Ok! I forgot to mention mozilla-certificates…
Those are installed, though :roll_eyes:
As for hald… I’ll remove it and see what happens.
Automount is not something I care about, nothing to loose…
Nice to have you here my friend :hugs:


#4

They’re pulled as dependencies by many packages, but it’s the user to actually put them in place by simply running mozilla-rootcerts install

By the way, it’s good to install sysutils/fam and enabling famd too


#5

First post corrected following your suggestions, thanks!
Changes: removed hal and installed fam
Add a reference to mozilla-rootcerts, although I’ve choose to

pkgin install mozilla-rootcerts-openssl

instead of mozilla-rootcerts install, since this complained with WARNING /etc/openssl/openssl.conf could not be written to. Probably because it doesn’t exist :sweat_smile: Note that the certificates are installed anyway, these are just warnings and not errors.

Anyway, tested and working with git at least. Although, I ran into a strange issue here…

pkgin install git pulls in 27 packages that somehow are not marked as non-removable. If I issue pkgin autoremove it wants to remove 24 orphan dependencies, which obviously will render git unusable.
Wonder if I should report this somewhere… :thinking:

EDIT: Ok, it seams to be an inconsistence. pkgin install git installs 27 packages of which 24 are orphan and will be removed with pkgin autoremove. Why are these not marked as git dependencies? They were just pulled in by the git meta-package!!
Now, if one does pkgin install git-base it pulls a total of 21 packages, git-base itself and 20 dependency packages, and pkgin autoremove now does the correct thing and shows no orphan dependencies found.
The 6 packages missing, remember 21 packages are pulled by git-base and 27 by git, are tcl, tk, git-gitk, git-docs, git-contrib and git itself :open_mouth: …WTFt?! Also it pulls in 27 packages and removes 24, but the other 3 are not in the system anymore :open_mouth: :zipper_mouth_face:
Anyway, git-base has all you need, but I still find all this is a bit f***ed-up. Maybe I should report this at pkgsrc-users or maybe directly at


Wonder what’s best?! :thinking:


#6

Try after doing " cd pkgsrc/pkgtools/pkgin && cvs up -rHEAD && make replace "


#7

Thanks!
If I got it correctly, you mean replacing pkgin from 8.0 with pkgin from current using pkgsrc to fetch current through cvs?
Well, as my SSD is just 30Gb I haven’t set-up pkgsrc… that’s obviously not a problem cause I can manually edit /usr/pkg/etc/pkgin/repositories.conf to point at http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/8.0_current/All/ and run pkgin update && upgrade. In which case, I’ll be fetching directly from the main US repo. Things will be a bit slower, but still menageble.
I still believe this is a bug and I should report it somewhere!?
Or do you mean I should check this with current before filing an issue on github??


#8

I meant check in with -current before reporting PR/issue :slight_smile:


#9

:+1: Ok, will test current first.


#10

Did -current pkgin solved it?


#11

Sorry, didn’t have the time to try it yet :slightly_frowning_face:
I’ll post back as soon as I can, although it will most probably take a few days.

EDIT: I think I’ll leave it like that after all pkgin install git-base solved my issues. git is working as it should and I’ve just re-installed and got everything just as I wanted. Maybe I get back to this on the next release. Hope you understand…
Anyway, I’m on NetBSD to stay :wink:


#12

First post edited once more to add info on how to allow users to reboot and/or shutdown without issuing the sudo password.


#13

Thanks for sharing your configs, I’ll start digging into awesome-wm, taking those as sample :hugs:

Joyent provides pkgsrc packages for Illumos, macOS and Linux only ;). On NetBSD, Minix3, IRIX, DragonflyBSD, MirOS and other common pkgsrc targets, you’re limited to NetBSD official binaries (many, few or none packages are available depending arch; on sgimips and hpcarm for example I ended up compiling from source)

It seems somehow pkg_add post-install transaction failed to register devel/git in package database; be it version or checksum mismatch, be it the fact you hadn’t rebuilt all packages after upgrading from RC2 to 8.0 formal release, you likely had a git executable inside /use/pkg/bin only because git-base had been pulled as a dependency for git, and not because devel/git was actually installed. This turned git-base into a orphan package (set as ‘unkeep’, no packages depending on it), which made it a candidate for autoremoval (alongside all its runtime dependencies).

You have to be really careful with pkgsrc when upgrading NetBSD, or when migrating from a quarterly release to another, from a stable to a current repo, when mixing source-built packages with pre-built binaries…pkg_install doesn’t hold your hand at all, it’s a very essential/minimalist packaging system, doesn’t do much troubleshooting on itself, nor performs through safety checks; on pkgsrc you are the maintainer of your system, and can’t afford being reckless, otherwise you’ll be thrown into a dependency hell (and coming from the very hand-holding Solaris IPS, I went through this too, like probably most users)


#14

Understood, but this was a fresh install and not an upgrade from RC2 to 8.0 formal…
Anyway, thanks for the hint. I’ll keep an eye on these things :slightly_smiling_face:

Searcing for pkgin in pkgsrc.se points to joyent, though. On the other hand pkgin.net points to https://github.com/NetBSDfr/pkgin that apparently has moved to https://gitlab.com/iMil/pkgin, but that’s also not up-to-date. I have pkgin installed and it’s not version 0.9.4 :wink:

Looking through the package trees at the ftp or http sites shows pkgin v0.11.4 or v0.11.6 depending if you pick stable or current. So, where do these come from? pkgsrc.se seems to suggest joyent :thinking:


#15

pkgin.net and and NetBSDfr are both owned by Heitor Emile (iMil, see also his blog), a major NetBSD developer; NetBSDfr is the upstream development platform for pkgin, sailor (NetBSD’s experimental containerization system) and other projects; being not a NetBSD -centric project, I find it normal for pkgsrc binaries to have many mirrors available, as it’s predictable for iMil to point to his own mirror on pkgin’s site.
Yet official binaries for NetBSD are found on cdn.netbsd.org, while binaries for Illumos, macOS and Linux are on pkgsrc.joyent.com; Jonathan Perkin, another major pkgin/pkg_install/pkgsrc dev, former main contributor to pkgsrc on Solaris, now works for Joyent and focuses mainly on Illumos. Official pkgsrc sources, where all packages commits are centrally upstreamed, are located on NetBSD CVS Web; that’s where all binary repos take sources from in order to stay cosistent with one another. pkgsrc.se is an old Sweden project with the purpose of hosting an intuitive database for pkgsrc synced with NetBSD CVS Web: it doesn’t follow binary packages versions from whatever mirror, be it cdn.netbsd, Joyent or NetBSDfr.

If you want latest pkgin and up to date software,unfortunately, building from source is the only way, but remember you cannot mixsources and bins; upgrading pkgin only though is usually feasible and risk-less; Joyent often hosts more up to date packages (they’re rebuilt for every pkgsrc quarterly release and not for every NetBSD version, as illumos is by nature rolling-release, which makes it easier to have up to date software on it)


#16

Thanks for the clarification.
Going forward, it seems the best alternative is to track the binary trees, either at the master site or one of the official mirrors.
I’m planning to use pkgin only, at least for the moment… building from source is a risk when the total size of /usr is 16GB

EDIT: I once had a 32GB building directory on Void, while compilling and building the linux kernel from source. A risk I can’t afford on this SSD…


#17

I’ll add cdn.netbsd.org hosts alternative binaries for Linux (built around Ubuntu and Slackware), and is the official mirror for MirOS and QNX packages (both freezed since a couple of years, as respective projects are discontinued); official binaries for Minix are available on ftp.minix3.org.0I remember there used to be official DragonflyBSD packages too, but now Dragonfly has switched to pkgng


#18

Short update on the original post…
Added links to the gtk-theme and gtk-icon-theme I’m currently using
…just in case anyone would like those :wink: