Examining OpenBSD from the point of view of a Linux user
Free Cousin
Veteran Linux users and administrators are likely to have heard of the BSD family of operating systems. However, the BSDs remain a mystery to many in the Linux community. With the upcoming release of OpenBSD 7.0, it is time to throw some light on this little gem.
Linux is the most popular Free and Open Source (FOSS) operating system, but it isn't the only alternative. Many FOSS operating systems are too niche to serve as a true alternative to Linux – you would not use Minix or FreeDOS for the same things you use Linux for. However, the BSD operating systems are a powerful family that is worth considering for tasks usually assigned to Linux.
It is said that Linux users have a poorer understanding of BSD than BSD users have of Linux. Given that both BSD and Linux are closely related to Unix, it is not surprising to learn that using one does not feel very different from using the other. They have similar userspace tools, you may install (mostly) the same utilities on each, and they are both built around free software. On the other hand, once you dive a little deeper into the systems, differences start surfacing.
OpenBSD 7.0 is slated for release in 2021, so it is a good time to take a look at OpenBSD as an example of what the BSD family has to offer.
A Brief History
The original Berkeley Software Distribution (BSD) was created as a set of add-ons to Version 6 Unix rather than as a whole operating system. BSD would eventually become an operating system of its own, but up to version 4.4, BSD was based on proprietary Unix code belonging to AT&T.
In 1991, Net/2 (Networking Tape/2), a BSD distribution with all the proprietary AT&T code stripped out, was released. Net/2 was based on BSD 4.4, although it wasn't a full operating system yet because it lacked some critical components. The BSDi corporation took code from Net/2 and created 386BSD. Sadly, AT&T sued BSDi over copyright and trademark infringement. Although the lawsuit was settled in favor of BSDi, the fact their legitimacy was in question slowed development of 386BSD and its descendants and diverted a lot of attention towards Linux. (Many believe the main reason Linux is more popular than any OS from the BSD family is because of AT&T's lawsuit.)
The NetBSD project was founded by four developers who were frustrated by with pace and philosophy of 386BSD development. The developers forked the 386BSD code to launch a project that would emphasize the compact and correct code favored by the BSDs to this day. One of the NetBSD cofounders, Theo de Raadt, was later asked to resign from his position as a NetBSD leader due to conflicts with mailing list members. De Raadt launched OpenBSD in 1995 as a hostile fork of NetBSD.
OpenBSD Releases and Branches
OpenBSD [1] gets a new release every six months. Every release is supported with bug fixes and security patches for a whole year. Keep in mind that this applies only to the core system. The ports tree and package repositories receive fixes for the most recent release only.
Since the OpenBSD source code is managed by a CVS repository, the developers think of the release process in terms of branches. All the new, experimental, and exciting features are incorporated into the -current
branch. When the time comes to make a new release, if -current
is deemed stable enough, it is tagged as a -release
, and OpenBSD -stable
is branched out (Figure 1).
The -stable
branch features the code of the corresponding release (for example, OpenBSD 6.9). This branch gets patches and security fixes as needed, but it is guaranteed not to receive updates that may cause breakage. Meanwhile, the developers keep working on -current
in preparation for the next release.
OpenBSD is very conservative regarding changes. Therefore, upgrading from one release to another is rarely troublesome. Most changes are done under the hood rather than on areas regular users are likely to pay attention to. Therefore, running one release does not feel much different from running any other. This continuity is considered an advantage by many, because you can learn OpenBSD just once and be confident you won't have to relearn it every now and then.
Cathedral vs. Bazaar
A subtle difference between OpenBSD and any Linux distribution arises from their different development models. Eric Steven Raymond explained this difference in his book: The Cathedral and the Bazaar [2]. Linux distributions are put together following the Bazaar model: They pick many components from different vendors – such as the Linux kernel, Xorg, and Gnome – make packages out of them, and ship them as a unified software distribution. Hence, Linux distributions are built from a big sum of small add-ons that are mostly sourced from third parties.
OpenBSD (and the other BSDs, for that matter) follows the Cathedral model. The OpenBSD team develops the operating system code in its own house. The software that forms the core of the system is built from the ground up to fit OpenBSD's needs. When a new version of OpenBSD is released, it is shipped as a whole block instead or a sum of independent packages. This means the core software is tailored specifically to the operating system. It is true that many components are sourced from third parties (OpenBSD has Perl as a core component, for example), but most of the time, these are forked or heavily adapted versions rather than the original thing. An interesting side effect of the Cathedral model is that the documentation for the operating system is kept in one place. If you want to find the documentation for a component in a Linux distribution, you need to track down the developer of the original component and find the documentation on the developer's site, whereas in the OpenBSD world, you head straight to the project's website or man pages [3].
Not many machines are useful if they run the core operating system only, so OpenBSD has a ports tree that allows you to install third-party software (see the box entitled "Packages and Ports"). What this means in practice is that every OpenBSD install will use the same core but will have a different set of packages installed on top of it by the user. The base and the ports tree are considered to be at a different level and are administrated by different tools. This means that if you are developing a third-party package, you can count of every OpenBSD install having the same set of core utilities and libraries – for a given release, at least. See the box entitled "What? No Copyleft?" for more on the differences between Linux and BSD.
Packages and Ports
OpenBSD users add third-party software to their system using one of either the ports tree [4] or a package repository [5].
Linux users who have experience with Gentoo will already know how ports work. In a nutshell, a ports tree is a set of scripts that can be used to build packages automatically from source code. OpenBSD offers a ports tree, which is recommended for advanced users only. With it, an OpenBSD administrator can instruct the operating system to download, compile, package, and install a piece of software for which a port exists, alongside all its dependencies. An advantage of this approach is that each package can be customized and patched to the administrator's requirements.
The ports system is beautifully built, and OpenBSD ships software to deploy a packaging cluster in order to build massive amounts of packages in parallel…using multiple computers! In OpenBSD's style, the process is mighty secure: The code that downloads the source code that will be compiled runs at a privilege level that is different from the software that will make the packages, which in turn has yet another privilege level from the software that installs packages.
Since compiling software from ports can be time consuming and not fit for every user, OpenBSD offers a repository of prebuilt packages. In fact, the goal of the ports tree is building this repository. Packages can be installed with the pkg_add
utility, which supports dependency resolution and signature verification for downloads.
What? No Copyleft?
Parts of this sidebar originally appeared in the July 2017 issue of Linux Magazine.
One important difference between Linux and the BSDs is the license. Although both Linux and the BSDs meet the definition of free software, the different licenses come with very different contexts for development.
Most Linux users associate free software with the "copyleft" protection embodied in the GNU Public License (GPL), which ensures that source code, including all modifications, must be shared with the community when the software is distributed. The BSD license does not require downstream sharing of the source code, and in fact, it allows a user who modifies the code to re-license it later with a non-free license. Linux proponents are often shocked to learn that free software components developed under a permissive license are sometimes taken out of open source and incorporated into proprietary programs, but the BSD community actually sees this permissiveness as a benefit.
The BSD Advantages page of the FreeBSD website cites an Apache project document to describe the advantages of permissive licenses. "This type of license is ideal for promoting the use of a reference body of code that implements a protocol for common service…many of us wanted to see HTTP survive and become a true multiparty standard, and we would not have minded in the slightest if Microsoft or Netscape chose to incorporate our HTTP engine or any other component of our code into their products, if it helped further the goal of keeping HTTP common."
The GPL adds some legal complications that make it more complicated to integrate with other software. According to the FreeBSD project, "Developers tend to find the BSD license attractive as it keeps legal issues out of the way and lets them do whatever they want with the code. In contrast, those who expect others to evolve the code, or who do not expect to make a living from their work associated with the system (such as government employees), find the GPL attractive, because it forces code developed by others to be given to them and keeps their employer from retaining copyright and thus potentially 'burying' or orphaning the software. If you want to force your competitors to help you, the GPL is attractive."
Through the years, code from the permissive BSD projects has made its way into many proprietary systems. MacOS and Solaris are both originally based on BSD code. Microsoft reportedly integrated BSD's TCP/IP implementation into Windows. The copyleft viewpoint would regard these code appropriations as a loss for the community. Permissive proponents see it differently: by making it easy to adapt and integrate these components with other systems, they are spreading the benefits of free-software-based community development to a wider audience. Apple thus became invested in Unix, and Microsoft became a proponent of standards-based TCP/IP networking, rather than having to force the world to use its outdated proprietary protocols such as NetBEUI and its in-house, reverse-engineered version of the Novell NetWare protocols.
The GPL lends itself to large projects that keep the community working together on a single code base. Permissive licenses are better suited for smaller, collaborative projects that serve as a core or incubator for a larger ecosystem that might include proprietary implementations.
The copyleft protection of the GPL allowed Linux to become bigger and more popular than any of the permissively licensed BSD variants. However, BSD, with its permissive license and easy integration, played a role in spreading the gospel of Unix and standards-based programming to build the world in which Linux could flourish.
Buy this article as PDF
(incl. VAT)