Some months ago I found a post describing how the OpenBSD beople prefer to use chroot. It’s easy enough
to script, and I have, but it’s also hella cool. And working. In this model there are files that you
need from the install media and from the host installation. It’s simple enough. Then copy
your code into that folder structure and launch your main()
from the chroot command.
The darn thing is so simple that it reminded me that even with this level of cruft it can be even easier.
So I decided that if I can statically link my code then I do not need any of the cruft… with a few more
exceptions… depending on the networking and crypto I might need some certs or even resolv.conf
and
possibly timezone
.
Even so it’s still easy peasy.
And there is still more. There are plenty of recipes for OpenBSD VMM. Granted there are resource differences between VMM and chroot and likely at the end of the day it might not matter depending on the model and some compatibility and what guest OS you need your app/service to run on. Cross running OS’ is not difficult if you have the tools in place… In my current arrangement I’m running 5 different brands and each has it’s quirks.
Each has it’s quirks….
ClearLinux
has never failed to reboot after automated patching. I’ve just never noticed. But ongoing
development is a challenge because of their mega packaging.
CentOS
is essentially RedHat enterprise and a lot of commercial businesses use RH so support is a safe bet.
But it is free and so breaking changes is shit you gotta deal with.
Pop\_OS
has tied a number of features together that makes my everyday computers easy to restore after failure
but recently there was a 6-month period where I could not use it reliably as they ot ubuntu introduced a bug and
while there was a patch in the pipeline it took a long time to be promoted.
OpenBSD
is rock solid stable with security and correctness as the number one principal. The second nicest feature is
the number of lines of code… code that does not exist cannot fail. But they are a complicated group to work with
and somewhat slow to adopt ideas (see VMM and jail). Unlike Pop_OS a failure here is not easily recovered except to
start again so I need to keep my files stored on a NAS or version control and I need to script my configuration.
ChromeOS
is mostly a proprietary Linux bundle with Debian bolted on the side for the shell. They are using LXC type
containers for things and it works great. Rebooting is fast, recovery is fast, filesystem is encrypted by default,
if my laptop is stolen I can buy a new one and be running in minutes and not hours. And it’s proof that UI performance
is simple and that I depend on server performance. The challenge is that some features are not as enterprise ready as
they need to be. My company network requires split DNS
and split routing
, however, the Chrome browser, Linux shell,
and Android are somewhat walled off from eachother. There are some non-trivial workarounds but there is no visibility
into it’s inner workings. And then there is a level of secrecy and information sharing that I do not understand yet.
So while this became a comparison post I’m quite satisfied with my latest installation of OpenBSD. I’m further inclined to try my hand at an OpenBSD NAS. While I really like Synology DSM the challenge is that hardware sell is limited. But this is a topic for another day even though it will sound a lot like this post.