alec <alecm%gmx.com@localhost> writes: > I recently saw news about the NetBSD 8.0 release, and I thought it might > work well for a personal project I've been planning to do, and I've been > wanting to try something new. I'm a longtime Linux user, but I never > used BSDs before. I had a spare Raspberry Pi, so I decided to first > throw NetBSD on it to try it out. Welcome! > The first question is about the installation process. I downloaded the > image [1], dd'd it onto an sdcard and once it started, it automatically > resized the partition to take up the entire card, rebooted and was ready > to use. That is the main plan for the RPI images. > But, that's not exactly what I want. According to the guide [2], there > should be an installer where I can configure the partition layout among > other things. Apparently, ARMv6 does come with an it [3], but not ARMv7. Many architectures (ports we call them) have an installation mode where you boot an installation kernel and then run the installer to format the disk and unpack sets. On RPI, it's easy to put the uSD card in another computer and write to it, and I'm not aware of netbooting or booting off USB. So the installation methods vary on some ports. > Q1: Is there an alternative way to install NetBSD? I see that there's > binary/kernel and binary/sets directories - is it possible to manually > partition/format the disk, extract those and have it working? Is there > any guide on how to do it? Yes, you can do that (from another system). Basically making partitions and filesystems and unpacking the sets on the uSD. There isn't really a guide as this is typically done rarely by people who understand the fs layout. However, the img file you downloaded was created by the build process. You can check out netbsd sources (the netbsd-8 branch) and run build.sh (on Linux even) to create a full release, and you can modify how the img is created. RPI needs a FAT32 boot partition that uboot can get the kernel from, and then the NetBSD kernel finds a BSD filesystem for root. > Next, I noticed that there was a lot of things installed. For example, I > don't need X11. On Linux, pretty much everything is managed by the > package manager, but pkgsrc only takes care of /usr/pkg. That's how it is. Ancient BSD tradition is to have things either in the base system, or not in the base system (and thus not part of BSD, just usable with it). NetBSD continues this, and now X11 is part of the base system. Then pkgsrc as you found has a vast number of things in /usr/pkg on almost all system types (/opt/pkg on Mac, usually). > Q2: How can I uninstall unwanted system sets? > > Following up on that, if the core system is not managed by a package > manager... You can find the list of files in the set, and rm them :-) Seriously, that should work. Or, you can craft a custom img build or installation script that only installs some sets in the first place. Or, if you aren't really that short on space, you can choose to let them sit there instead, which is the easiest path. > Q3: What happens if a security vulnerability is found in the base > system? Do I really have to fetch things from CVS and recompile them? Or > is there some way to get updates? What I do is to keep sources for the branch, and to do a full release build, and then to overlay that on the system to update. While it takes a bit of crunching, it works well. Because NetBSD's build process is essentially always a cross build (even if build host and target are the same), it's easy to build a RPI release on a fast desktop. The scripts I used to manage this build and update process are in pkgsrc/sysutils/etcmanage, and there are other scripts from others. Note that etcmanage does not yet understand that the rpi kernel is in /boot/kernel7.img instead of /netbsd, and it's on my todo list to automate that. > I see that in security.conf(5) it says it scans pkgs for vulnerabilities > daily (and I suppose if there are, there would be binary package > updates), but what about the base system? There are security advisories, but what I do is update along the stable branch every month or so. > And lastly, speaking of pkgsrc, if I try to point it at HTTPS: > export PKG_PATH="https://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/earmv7hf/8.0/All"; > it fails. Thanks for pointing that out. Just looking at it with firefox, I see an issue. Also, pkgsrc has the mode of you compiling things yourself from a checked-out pkgsrc. But there are binary packages for some CPU architectures and OS versions. > Q4: Is there any signature on the packages to ensure integrity? (I'll leave that for someone else.)
Attachment:
signature.asc
Description: PGP signature