BSDHowTo.ch
| How To... | Why not..? | Scripts | Patches | |
Last update: 2020-06-01
What sounds like a good idea at first will take revenge on you sooner or later. The mean thing is that, long after the installation of the system, something might break and you won't even be able to figure out that a missing installation set is the reason for this. Spare yourself the hassle and follow the sane defaults of OpenBSD by installing all the sets on every system.
During the installation of OpenBSD you get to choose which sets you want to install on the new system. By default all the sets are selected for installation. This choice might give you the idea to remove some unneeded sets from the selection for various reasons:
| Set name | Excuse |
|---|---|
gameXY.tgz |
Console games, really? Common, its 2020… |
compXY.tgz |
Development tools on a firewall are dangerous |
manXY.tgz |
I don't read man pages anyway, that's what the web is for |
x*.tgz |
This machine doesn't even have a display |
Ever looked at the games that come with OpenBSD? You should really give them a chance. Why not play a round of tetris(6) in another tmux(1) pane while you wait for that slow download to finish? Another classic UNIX tool that is part of the game set: fortune(6). Don't miss out on that one if you like to get the true UNIX experience from your favorite operating system.
If you consider the above sentence true then you should probably not run a firewall outside of an isolated lab environment. Once some bad person has managed to execute commands on your firewall your security measures have failed big time. At this point it doesn't matter if there are dev tools on the machine or not. You don't gain any security at all by not installing the comp set on your machines.
The big advantage of the man pages, beside being excellent documentation for the system, is that they are available offline. Even if the Internet is down because you broke the configuration of your router you can still find help and support in the man pages. Unless you refused to install the man set of course. There are other situations you might not think of now that will let you swear about yourself for not installing the man pages. Imagine a data center with tight security that prevents access to the Internet from the inside. You stand there at 2am trying to fix the one crucial server that drives the business of your employer and you can't remember that keyword in the config file…
This one I did myself in the past. When I installed OpenBSD on my first ALIX board I thought: “There is no VGA connector, only a serial console. Why should I install X on it?“ Just to find out later that the installation of some package fails because one of its dependencies actually requires some lib from X11. Yes, there is software out there that depends on X11 libs although it runs on the command line. Beside dependencies you can still install any software that requires a graphical display on a machine that lacks such a display. X11 comes with a network protocol that lets you run the software on one machine while displaying the output on the display of another machine. I can start a xterm(1) on my APU board and let it use the X11 server running on my desktop machine.
That might actually be the only reason for not installing some sets that
is halfway acceptable. But only if your machine is one of the kind that
don't offer you any chance to increase the disk space, e. g. some
embedded device that doesn't support USB sticks. But chances are high
that you are capable of fixing any problems that might arise from missing
sets yourself. Else you would probably not bother running OpenBSD on
such a device.
For all the other devices: Go get some bigger storage device for your
machine or use a newer machine. The storage you can buy for most machines
is nowadays big enough to install OpenBSD with all sets on it and still
have enough space in /home. If your machine is so old that you can’t
buy a fitting storage device for it it is probably not worth the effort.
sysupgrade(8) makes it really hard for you to exclude sets. And the developers will not change that. Even some of the most convinced advocates of excluding sets stopped doing that after the introduction of sysupgrade(8). If you have installed all the sets as you should upgrading your system with sysupgrade(8) becomes a no-brainer. If this still doesn't convince you you must be some kind of masochist.
Installing all the sets of OpenBSD does not only spare you headaches, it makes the future upgrade of the system as easy as an upgrade can be. You follow the sane defaults that the developers have established. Your system doesn't become less secure just because you install some games or development tools. Why bother yourself with some home brew solution if you can just go for the default and be happy with it?