OpenBSD in an Air-Gapped System

Aug 12, 2023 15:08

Recently I had the displeasure of working again within an air-gapped system. The main obstacle I usually have with these systems is that it’s very easy to mirror a complete packages repository but a lot harder to mirror only a specific set of packages and their dependencies. About a year ago I had to figure out how to do it with OpenBSD, but recently I had to do it again and completely forgot how to do it. So in order to not make the same mistake twice, here is how to do it properly with OpenBSD.

Retrieving The Packages

So first we need to download the packages we want, we can find a list of mirrors at the official mirrors page. All of the required packages are there but of course we don’t want to manually resolve dependencies so we will use pkg_add instead. We can use pkg_add with the -n flag to execute a dry-run, meaning it will resolve dependencies but won’t actually install anything. To actually save the resolved packages, we will set an environment variable, PKG_CACHE, to a directory where all the packages will be saved. So if for example we want to download python3 and all of its dependencies we will execute the following command:

PKG_CACHE=/path/to/cache pkg_add -n python3

After running the command, you should see a list of .tgz files at the provided PKG_CACHE directory. Each air-gapped system have a different way of getting files into it so in the next section I’m going to assume you have them in your air-gapped system.

Install The Packages

To install the packages we will, again, use pkg_add. This time instead of specifying PKG_CACHE we will use the complementary PKG_PATH environment variable. Assuming you’ve put your packages at /path/to/pkgs and you want to install python3, the command will look like so:

PKG_PATH=/path/tp/pkgs pkg_add python3

That’s it, python3 will be installed on your air-gapped system.

Automating The Packages Retrieval

Since you work in an air-gapped system, you might not have the necessary OpenBSD installation to download the packages in the first place. Sadly, to my knowledge you must use pkg_add to resolve dependencies. Luckily, there are cloud providers that can help you with that, I’ve personally used Hetzner which let you install OpenBSD on their cloud offerings. You can also use SourceHut’s CI to automate it completely.