How to Make a Bootable, Full System OpenBSD 3.2 CDROM
by francisco roque

N.B.: This page is outdated. If i ever get the time, i will rewrite it to use mfs instead of union, possibly even create a Makefile to do all this for you. But for now you'll need to figure out the differences on your own, sorry.

  1. Table of Contents

    1. Table of Contents
    2. Introduction
    3. Necessary Equipment
    4. Instructions
    5. Options
    6. Conclusion
    7. References
    8. Author, Copyright, License


  2. Introduction

    This document will walk you through the steps necessary to create a bootable cd containing a full OpenBSD install. One of the benefits of such a system is that it does not touch the underlying hardware (your hard drives do not get affected), but one of the drawbacks is the lack of writable space (this may also be a benefit). To get around the unwritable space issue, we make use of mfs (memory) and union mounts.


  3. Necessary Equipment

    An i386 computer you can install onto, an i386/OpenBSD computer you can compile on, a computer with a cd burner (these can all be the same computer; used two different ones).

    It is assumed that you know how to read manpages, compile kernels, patch files, and other simple unix tasks.


  4. Instructions

    1. Install OpenBSD onto a system, include all the release set you need in the final system.

    2. Reboot this system at least once, in order to create the ssh keys and other essentials.

    3. Onto this system, add any users your final system needs. Add any packages you want on the final system and modify all applicable files. For example, if the system you will run this cd on has network adapter ne3, then create file /etc/hostname.ne3 with the appropriate directives. Alternatively, write a script to automatically detect such nuances and adapt accordingly.

      Basically, you want to set up the system exactly the way you want the final system running. By doing this on a live system, you can be sure your configuration is actually working, instead of having to burn multiple cds.

    4. Tar up the whole system, transfer it to the machine with the cd burner, and untar it into a working dir:
      tar -zcf - / | ssh you@other-host dd of=/tmp/cdromsystem.tgz
      #on other-host
      mkdir /tmp/cdromsystem/
      tar -zxf /tmp/cdromsystem.tgz -C /tmp/cdromsystem/

    5. Compile a RAMDISK_CD kernel. We need to edit the kernel so as to include union and mfs mounts, and to change the default root partition. You may want to add any drivers not in that kernel, and if you really want to make a lot of changes you will want to remove the ramdisk. However, i prefer to make minimal changes to minimize steps for upgrades.
      Here are a list of minimal steps to take:
      1. Edit src/sys/arch/i386/conf/RAMDISK_CD to comment out the line beginning with config bsd and add the following lines:
        option MFS
        option UNION
        config bsd root on cd0a
        You will probably want to add some other options if you plan on using this cd for firewalling. Here are some to get you started (some are increases to current settings).
        pseudo-device bpfilter	8
        pseudo-device pf	1
        pseudo-device pflog	1
      2. cd into src/distrib/i386/ramdisk_cd
      3. `make`
      4. copy the file obj/cdrom32.fs into the same directory that you untarred the filesystem into.
      Note: you may want to modify the kernel config even more, adding more driver support, more bf's, etc. You may also want to remove the ramdisk kernel to free more space.

    6. We need to modify some files for the cd image.
      1. Modify etc/fstab by removing any lines referring to a drive and adding this instead:
        /dev/cd0a / cd9660 rw 0 0
      2. etc/rc needs a lot of changes. The basis of these changes is to remove fsck's and add a special mount_mfs and mount_union's. We create an initial mfs partition to store changing files, and then union mount that partition with most of the directories in /. Note that /dev and /tmp cannot be union mounted. /mnt is used for the mfs and union mounting /dev produces Bad Results. Also note that you may want to increase/decrease the mfs partition, depending on your needs.

        Here is a diff to etc/rc:

        --- etc/rc    Thu Oct  3 21:33:53 2002
        +++ etc/rc-new   Tue Oct 29 16:36:05 2002
        @@ -72,7 +72,7 @@
                echo "Fast boot: skipping disk checks."
         elif [ $1x = autobootx ]; then
                echo "Automatic boot in progress: starting file system checks."
        -       fsck -p
        +#      fsck -p
                case $? in
        @@ -111,6 +111,15 @@
         mount -uw /            # root on nfs requires this, others aren't hurt
         rm -f /fastboot                # XXX (root now writeable)
        +echo 'mounting mfs union'
        +mount_mfs -s 20000 swap /tmp
        +sleep 2
        +for file in /* ; do
        +       if [ -d $file ]  && [ $file != '/dev' ] && [ $file != '/tmp' ]; then
        +               mount_union /tmp $file;
        +       fi
         # pick up option configuration
         . /etc/rc.conf
        @@ -152,8 +161,8 @@
        -mount /usr >/dev/null 2>&1
        -mount /var >/dev/null 2>&1
        +#mount /usr >/dev/null 2>&1
        +#mount /var >/dev/null 2>&1
         # if there's no /var/db/host.random, make one through /dev/urandom
         if [ ! -f /var/db/host.random ]; then
    7. Create an iso image from the directory with the whole system and the cdrom32.fs image:
      mkisofs -b cdrom32.fs -c boot.catalog -R -v -o image.iso /tmp/cdromsystem/
      Be sure to specify -R and not -r!
      n.b.: since 3.2, mkisofs has been replaced with mkhybrid. the same parameters should work for mkhybrid.

    8. Burn that image to cd. I use cdrecord:
      cdrecord -v speed=40 dev=/dev/rcd0c:0,0,0 -data driveropts=burnproof image.iso

    9. Boot it on a test machine and see if it works. Chances are you will want to tweak the bootup procedure by modifying config files, adding packages, etc. Go at it!


  5. Options

    There is always room for improvement. Here are some optional steps you can take to change the cd.

    • Remove the need to multiple machines.
      You can untar the install sets into a base directory on the machine with the burner. You will need to modify a lot of files/dirs by hand, such as password files, account directories, etc (anything the OpenBSD install script does, plus anything you would do afterward an install) and adding packages/ports will be a little bit more difficult.

    • Reduce the complexity of the boot image.
      There is no need to include the ramdisk in the boot image for the cd. I didn't outline how to remove it because it adds a substantial amount of complexity. Read through the Makefiles to figure this out (may be included here at a later date).

    • Get rid of the /dev error messages.
      Since /dev is not writable, some parts of the boot process will spew out error messages. If you don't like these, remove those parts from /etc/rc or symlink those devices to a writable partition and recreate the devices in that partition.

    • Remove the writability aspect.
      For some applications (such as a firewall-on-cd), it may not be desirable to have writable parts of the filesystem. In this case, you can bypass the additions of mfs and union options to the kernel as well as the changes to /etc/rc that add mount_mfs and mount_union to the system.

    • Reduce the size of the cd.
      All the base i386 install sets (including X) take up about 240mb. Using only the minimal necessary sets (base, bsd, etc) takes up about 100mb. This fits nicely onto a mini-cd but not onto a business-card cd. You can either work your way through removing parts (perl + its libs takes up 30mb!) or use the minimal install files provided by others (Chris Cappucio provides some help).


  6. Conclusion

    You should now have a working OpenBSD system burnt to cd. Depending on your exact application for this cd, you may find it necessary to tweak various aspects. Hopefully there is enough information contained in this doc to get you started.


  7. References

    References from this doc and for more info.

    OpenBSD Install Guide, Building OpenBSD from source

    release(8), mount_mfs(8), mount_union(8), rc(8), fstab(5), tar(1), ssh(1), dd(1), mkisofs(8), cdrecord(2) (part of cdrtools package/port)

    src/distrib/ramdisk/Makefile, src/sys/arch/i386/conf/RAMDISK_CD, /etc/rc

    Other docs of a similar nature:
    A Readonly filesystem on Bootable CD by Marshall Midden - covers a very similar approach for OpenBSD and FreeBSD. i have not encountered the panics and wierd problems with mfs/union mounts that Marshall did, though i was also not able to get /dev union mounted w/o hangs.
    Building a CD Bootable Firewall by Etienne de Bruin - much the same, for FreeBSD.


  8. Author, Copyright, License

    The author of this document is francisco roque, who can be found at

    This document is copyright francisco roque 2002.

    This document is released under BSD style license and may be used in whole or part for anything so long as this section remains intact.

    The author takes no responsibility for damages incurred by following the steps in this document, including but not limited to the loss of data or damage to hardware. Good Luck.