OpenBSD 4.0 版本:

发布于2006年11月1日
Copyright 1997-2006, Theo de Raadt.
ISBN 0-9731791-8-X
4.0 歌曲: "Humppa Negala"

新特性
如何安装
如何升级
使用 ports 的方法
购买 CD

如何得到此版本的文件:

• 从我们的订购系统中订购。
• 从镜像站点的 FTP 页面 中选择合适的镜像。
• 从镜像站点的 pub/OpenBSD/4.0/ 目录中找寻相关的版本。
• 大致阅览本文件的接下来的部分。
• 阅读 4.0 勘误表获得问题列表和背景。
• 阅读 3.9 与 4.0 之间的详细修改记录。

新特性

以下是仅 OpenBSD 4.0 中新特性和新系统功能的部分列表。更详细的，请参阅有关 4.0 版本的修改记录。

• 新增/扩展的构架平台:
  • OpenBSD/armish.
    用 Redboot 引导的各种基于 ARM 的变体，目前只支持 Thecus N2100 和 IOData HDL-G。
  • OpenBSD/sparc64.
    现在支持基于 UltraSPARC III 的机器!
  • OpenBSD/zaurus.
    支持 Zaurus SL-C3200平台。

• 更新了硬件支持, 包括:
  • New msk(4) driver for Marvell/SysKonnect Yukon-2 Gigabit Ethernet.
  • New bnx(4) driver for Broadcom NetXtreme II Gigabit Ethernet.
  • New xge(4) driver for Neterion Xframe/Xframe II 10Gb Ethernet.
  • New rum(4) driver for Ralink Technology 2nd gen USB IEEE 802.11a/b/g wireless.
  • New acx(4) driver for Texas Instruments ACX100/ACX111 IEEE 802.11a/b/g wireless.
  • New pgt(4) driver for Connexant/Intersil Prism GT Full-MAC IEEE 802.11a/b/g wireless.
  • New uath(4) driver for Atheros USB IEEE 802.11a/b/g wireless.
  • New binary blob free wpi(4) driver for Intel PRO/Wireless 3945ABG IEEE 802.11a/b/g wireless.
  • New arc(4) driver for Areca Technology Corporation SATA RAID; including RAID management via bio(4).
  • New mfi(4) driver for LSI Logic & Dell MegaRAID SAS RAID; including RAID management via bio(4).
  • New azalia(4) driver for generic High Definition Audio.
  • New SD/MMC/SDIO drivers (sdhc(4), sdmmc(4)), currently supporting SD memory cards as fake SCSI sd(4) drives.
  • New udcf(4) driver for Gude ADS Expert mouseCLOCK DCF77/HBG time signal station receivers.
  • New uslcom(4) driver for Silicon Laboratories CP2101/CP2102 based USB serial adapters.
  • New ucycom(4) driver for Cypress microcontroller based USB serial adapters.
  • New uark(4) driver for Arkmicro Technologies ARK3116 based USB serial adapters.
  • New umsm(4) driver for Qualcomm MSM EVDO based modems.
  • New Dallas/Maxim 1-Wire bus support, including:
    • New gpioow(4) driver for 1-Wire bus bit-banging through GPIO pin
    • New onewire(4) 1-Wire bus driver
    • New owid(4) 1-Wire ID family driver
    • New owtemp(4) 1-Wire temperature family driver
  • New isagpio(4) driver for ISA I/O mapped as GPIO.
  • New nmea(4) line discipline for NMEA 0183 (GPS) devices. The new nmeaattach(8) utility can be used to receive NMEA 0183 data and provide the time received as a timedelta sensor to be used by, for example, ntpd(8).
  • New VAX framebuffer drivers:
    • New lcg(4) driver for VAXstation 4000/60 and VLC color frame buffers
    • New lcspx(4) driver for Low-Cost SPX color frame buffers
    • New gpx(4) driver for GPX color frame buffers
    • smg(4) driver for Small Monochrome Graphics frame buffers heavily updated to be a modern wscons(4) driver
  • Support for VAX-based Digital VXT2000 and VXT2000+ terminals.
  • The bge(4) driver supporting newer chipsets, such as the Broadcom BCM5754, BCM5755, BCM5786, and BCM5787.
  • The em(4) driver supporting newer chipsets, such as the Intel ESB2 and ICH8.
  • The nfe(4) driver supporting newer chipsets, such as the NVIDIA MCP61 and MCP65.
  • The re(4) driver supporting newer chipsets, such as the Realtek RT8101E, RT8168, and RT8169SC.
  • The dc(4) driver supporting newer chipsets, such as the ADMtek ADM9511 and ADM9513.
  • The pciide(4) driver supporting newer chipsets, such as:
    • ATI IXP300 SATA, IXP600 IDE
    • Intel 6321ESB IDE/SATA, 82801G SATA, and 82801H SATA
    • IT Express IT8211F IDE
    • NVIDIA MCP61 SATA, MCP65 SATA
    • Promise PDC205xx SATA
    • ServerWorks SATA
    • VIA VT8237A SATA
  • The mpt(4) driver has been replaced with mpi(4), a more stable driver that supports more hardware.
  • The com(4) driver now supports pcmcia and cardbus cards on macppc.
  • Working interrupt routing on Sun Netra t1 105, Ultra 60 and possibly other sparc64 systems.
  • Work around broken VIA and NVIDIA MPBIOSes, fixes interrupt routing with GENERIC.MP on several systems.
  • Initial bio(4) support for Compaq/HP ciss(4) Smart ARRAY 5/6 SAS/SCSI RAID controllers.
  • Improved speed control on some systems:
    • New SpeedStep detection code, also adds support for VIA C7-M, and several newer Pentium M's.
    • Support SpeedStep in rudimentary fashion on most unknown CPU's that advertise the feature.
    • Zaurus can be moved into slower speeds now too.
    • The Pentium 4 Thermal Clock Control driver now supports more CPU's including the Intel Pentium M and Xeon, and provides an estimated performance impact.
    • Numerous improvements to PowerNow K7 and K8 support on i386, and support for K8 was added to amd64.
  • Support for Intel 945G/GM video chipsets (on i386).
  • Support for additional I2C sensors:
    • The adt(4) driver now supports the National Semiconductor LM9600, SMSC EMC6D10x and SMSC SCH5017 chips.
    • The admtemp(4) driver now supports the Analog Devices ADM1023, Genesys Logic GL523SM and Global Mixed-mode Technology G781 chips.

• 新工具:
  • GNU RCS has been replaced with OpenRCS.

• 新功能:
  • IPsec has been greatly improved:
    • ipsecctl(8) has been greatly extended and completely supersedes ipsecadm(8):
      • Lots of documentation improvements (man ipsec.conf)
      • IPv6 support
      • AH support
      • Transport mode support
      • Dynamic IKE support for roaming users
      • USER_FQDN id support
    • sasyncd(8) works much better:
      • communicates with isakmpd(8), telling it to run active or passive depending on the master/slave state of the carp(4) interfaces. This makes IPsec failover setups much more robust.
      • looks at the carp(4) interface group by default to suppress preemption of IPsec traffic during system boot.
    • isakmpd(8) can now be safely configured by ipsecctl(8) on startup.
  • ftp(1) now supports HTTPS.
  • cdio(1) can now perform track-at-once burning and rewritable blanking.
  • spppcontrol(8) and wicontrol(8) functionality has been merged into ifconfig(8).
  • gcc(1) provides a new warning, -Wstack-larger-than-N, to report functions which are too greedy in stack variables, see gcc-local(1) for details.
  • An in-kernel getcwd(3) implementation.
  • A new system call adjfreq(2) to allow ntpd(8) to adjust the tick rate of the system clock automatically.
  • Support for X11 on VAX has been added
  • Virtual Allocation Table (VAT) support for UDF.
  • C99 functions round(3), roundf(3), trunc(3), and truncf(3) have been added to libm, the math library.
  • pf(4) now supports Unicast Reverse Path Forwarding (uRPF) checks for simplified ingress filtering.
  • bpf(4) can now ignore packets based on their direction (inbound/outbound) using the BIOCSDIRFILT ioctl.
  • pdisk(8) can now set up slices on HFS(DPME) partitioned disks on mac68k.
  • New dissectors have been added to tcpdump(8):
    • Cisco's VQP (VLAN Query Protocol)
    • IEEE 802.1AB LLDP (Link Layer Discovery Protocol)
  • trunk(4) now supports the new loadbalance mode to balance outgoing traffic based on hashed protocol header information.
  • bioctl(8) has been extended to provide runtime information on rebuilds, scrubs and initialization.
  • New sysctls to check the system vendor, product, version, serial number, and UUID.
  • Equal cost multipath routing support. Needs to be enabled by a sysctl.
  • Prebind, a secure implementation of prelinking, has been added to ldconfig(8), it speeds up launching of shared binaries. Prebind is compatible with address space randomization, unlike prelink.
  • vnconfig(8) can now use PKCS #5 PBKDF2 to create a more secure key when using encryption.

• 各种改进和代码清理:
  • Much better time keeping for multiprocessor OpenBSD/i386 systems.
  • Much improved implementation of telldir(3) and friends.
  • Replacement of many malloc(3) calls that follow a pattern prone to integer overflow with safer constructs.
  • Improved failover handling in carp(4):
    • Extend the carp protocol with the demotion counter to act smarter on multiple failures.
    • Group failovers now work without carp running preempt mode.
    • Demotion can now be controlled via interface groups.
  • chio(1) is now a useful tool for controlling tape changers.
  • Much improved st(4) device setup, tape handling and error processing.
  • Many dhclient(8) fixes, including 'alias' handling and improved interface initialization.
  • scsi(4) devices detect the correct SCSI version.
  • More umass(4) devices properly detected.
  • Improved detection of fibre channel devices and devices in SCSI enclosures.
  • The new RSSI header has been added to the ieee80211_radiotap(9) framework as a replacement for ANTSIGNAL headers.
  • Many integer type safety cleanups with lint(1).

• 对安装/升级过程的修改
  • Host specific site files add easy customization for individual hosts
  • X Window aperture support, where available, now defaults to off

• New functionality for hostapd(8), the Host Access Point Daemon:
  • IP based roaming to build wireless networks without the requirement of a single broadcast domain.
  • New event rules to match optional elements of radiotap headers: signal percentage, transmit rate and channel frequency.
  • Various bug fixes and improvements.

• OpenSSH 4.4:
  • Conditional configuration in sshd_config(5) using the Match directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met.
  • Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256.
  • Added a ForceCommand directive to sshd_config(5), similar to the command="..." option in ~/.ssh/authorized_keys.
  • Added a PermitOpen directive to sshd_config(5), similar to the permitopen="..." option in authorized_keys, to allow control over the port-forwardings that a user is allowed to establish.
  • Added an ExitOnForwardFailure option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established.
  • Added optional logging of transactions to sftp-server(8).
  • ssh(1) will now record port numbers for hosts stored in ~/.ssh/authorized_keys when a non-standard port has been requested.
  • Extended the sshd_config(5) "SubSystem" directive to allow the specification of commandline arguments.
  • Many manpage fixes and improvements

• OpenBGPD 4.0:
  • new nexthop selection logic ignoring bgpd routes, helps in complex setups with ospfd
  • add a "detailed" show rib view to bgpctl, including communities
  • allow requesting a route refresh from a peer that supports it
  • have bgpd always report back the result of an operation to bgpctl, so the operator can spot errors quicker
  • allow bgpd to manipulate carp demotion counters based on session states, gives even greater failover support
  • support restarting sessions that reached max-prefix after a given time
  • bgpctl can now show all routes received from a neighbor before filters were applied, and routes sent to neighbors
  • assorted fixes and improvements, as usual

• OpenOSPFD 4.0:
  • Track uptime of the daemon itself.
  • Track uptime of all ospf enabled interfaces.
  • Adjust logging behaviour to prevent unwanted logging.
  • Delay LSA updates when removing and adding - prevent flapping.
  • Fix plaintext authentication.
  • Improve the output of 'ospfctl show interfaces'.
  • Support rtlabels when redistributing routes.

• OpenNTPD 4.0:
  • support timedelta sensors, such as DCF77 receivers supported by udcf(4) and GPS receivers supported by nmea(4).
  • Adjust the kernel tick frequency, using adjfreq(2), improving accuracy on many machines.
  • allow for weight to be added to sensors or servers, so that one can weight timedelta sensors higher than ntp peers

• 超过 3700 个 ports，3400 个预编译的包，更好的 package 工具。
• 完全支持通过一个 ssh(1) 连接使用 pkg_add(1)。

• 按照惯例，手册或其它文档也有相应补充和修改。

• 以下是系统内置的外部提供的重要程序:
  • X.Org 6.9.0 (+ patches, and i386 contains XFree86 3.3.6 servers (+ patches) for legacy chipsets not supported by X.Org)
  • Gcc 2.95.3 (+ patches) and 3.3.5 (+ patches)
  • Perl 5.8.8 (+ patches)
  • Apache 1.3.29, mod_ssl 2.8.16, DSO support (+ patches)
  • OpenSSL 0.9.7j (+ patches)
  • Groff 1.15
  • Sendmail 8.13.8, with libmilter
  • Bind 9.3.2-P1 (+ patches)
  • Lynx 2.8.5rel.4 with HTTPS and IPv6 support (+ patches)
  • Sudo 1.6.8p9
  • Ncurses 5.2
  • Latest KAME IPv6
  • Heimdal 0.7.2 (+ patches)
  • Arla 0.35.7
  • Binutils 2.15 (+ patches)
  • Gdb 6.3 (+ patches)

如何安装

如果通过购买的 CD 安装，请按照下述指令操作。使用 FTP(或其它安装方式)安装与之类似；CDROM 中的安装说明， 会让你知道如果使用购买的 CD 安装是多么方便。

• CD1:4.0/i386/INSTALL.i386

• CD2:4.0/amd64/INSTALL.amd64
• CD2:4.0/macppc/INSTALL.macppc

• CD3:4.0/sparc/INSTALL.sparc
• CD3:4.0/sparc64/INSTALL.sparc64

• FTP:.../OpenBSD/4.0/alpha/INSTALL.alpha
• FTP:.../OpenBSD/4.0/armish/INSTALL.armish
• FTP:.../OpenBSD/4.0/cats/INSTALL.cats
• FTP:.../OpenBSD/4.0/hp300/INSTALL.hp300
• FTP:.../OpenBSD/4.0/hppa/INSTALL.hppa
• FTP:.../OpenBSD/4.0/luna88k/INSTALL.luna88k
• FTP:.../OpenBSD/4.0/mac68k/INSTALL.mac68k
• FTP:.../OpenBSD/4.0/mvme68k/INSTALL.mvme68k
• FTP:.../OpenBSD/4.0/mvme88k/INSTALL.mvme88k
• FTP:.../OpenBSD/4.0/sgi/INSTALL.sgi
• FTP:.../OpenBSD/4.0/vax/INSTALL.vax
• FTP:.../OpenBSD/4.0/zaurus/INSTALL.zaurus

快速安装仅适合熟悉 OpenBSD 和"isklabel -E"命令用法的人。如果你根本不懂安装 OpenBSD，请参阅上面罗列的相应 INSTALL.* 文件!

OpenBSD/i386:

设置 BIOS 可以从 CD 启动。OpenBSD/i386 发行版本在 CD1 中。如果你的 BIOS 不支持从 CD 启动，就可能需要制作启动软盘。用 CD1:4.0/i386/floppy40.fs 来制作启动软盘，通过软盘驱动器启动。

使用 CD1:4.0/i386/floppyB40.fs 来制作启动软盘，可以获得更好的 SCSI 支持，或者使用 CD1:4.0/i386/floppyC40.fs 来制作启动软盘， 获得更好的笔记本电脑支持。

如果你不能从 CD 和软盘启动的话，还可以用 PXE 通过网络安装，请参阅 INSTALL.i386 文件。

如果计划让 OpenBSD 与另一操作系统共存，双重启动，请参阅 INSTALL.i386 文件。

在 MS-DOS 环境制作启动软盘，请使用位于 CD1:4.0/tools/rawrite.exe 的“rawrite”工具。在 Unix OS 环境制作启动软盘，请使用 dd(1) 工具。下面是使用 dd(1) 的例子，"device"可以是"floppy"，"rfd0c"，或"rfd0a"。

# dd if=<file> of=/dev/<device> bs=32k

请确保你的软盘无坏道，已经正确格式化。否则很可能会安装失败。 有关制作启动软盘和安装 OpenBSD/i386 的信息请参阅 FAQ 4.3.1。

OpenBSD/amd64:

OpenBSD/amd64 的 4.0 版本在 CD2 中。设置 BIOS 可以从 CD 启动，然后用 CD 启动，开始安装。如果不能从 CD 启动，可以通过制作启动软盘来安装。用 CD2:4.0/amd64/floppy40.fs 来制作启动软盘，然后用软驱来启动。

如果不能从 CD 或软盘启动，可以用 PXE 通过网络来安装，有关信息请参阅 INSTALL.amd64 文件。

如果计划让 OpenBSD 与另一个操作系统共存，双重启动，请参阅 INSTALL.amd64。

OpenBSD/macppc:

将 CD2 放入 CDROM，开机后一直按着 C 键，直到显示器显示 OpenBSD/macppc boot 。

或者在出现 Open Firmware 提示时，输入 boot cd:,ofwboot /4.0/macppc/bsd.rd 。

OpenBSD/sparc:

OpenBSD/sparc的4.0版本在 CD2 中，启动该 CD 时，根据你所用的 ROM 版本， 需用到下面两个命令中的一个：

ok boot cdrom 4.0/sparc/bsd.rd
或
> b sd(0,6,0)4.0/sparc/bsd.rd

如果你的 SPARC 系统没有 CD 驱动器，可以选择通过软盘来启动引导。将 CD3:4.0/sparc/floppy40.fs 写入软盘来制作引导盘。更多的信息请参阅 FAQ 4.3.1。根据 ROM 版本的不同，从软盘启动需要下面两个命令中的一个。

ok boot floppy
或
> b fd()

请确保你的软盘无坏道，已经正确格式化，否则很可能安装失败。

如果你的 SPARC 系统既没有软驱也没有光驱， 你可以通过可引导的磁带或者网络来安装，相关信息请参阅 INSTALL.sparc 文件 。

OpenBSD/sparc64:

将 CD3 放入 CDROM，输入 boot cdrom 。

如果这个没用，或没有光驱，你可以把 CD3:4.0/sparc64/floppy40.fs 或 CD3:4.0/sparc64/floppyB40.fs 写入软盘，用它作为启动盘，输入 boot floppy 来启动。详细内容参阅 INSTALL.sparc64。

请确保你的软盘无坏道，已经正确格式化。否则很可能会安装失败。

你也可以将 CD3:4.0/sparc64/miniroot40.fs 写入磁盘中的 swap 分区， 然后在启动时输入 boot disk:b 。

如果以上都不行，你可以通过网络来启动安装。相关内容在 INSTALL.sparc64 中。

OpenBSD/alpha:

根据你的机器类型，将 FTP:4.0/alpha/floppy40.fs 或 FTP:4.0/alpha/floppyB40.fs 写入软盘，然后在启动时输入 boot dva0 。 详细内容参阅 INSTALL.alpha。

请确保你的软盘无坏道，已经正确格式化。否则很可能会安装失败。

OpenBSD/armish:

连接串口之后，Thecus 能直接通过网络用 tftp 或 http 启动。使用 fconfig 配置网络，重置之后，加载 bsd.rd。详细信息 请参阅 INSTALL.armish 。IOData HDL-G 只能在 EXT2 格式的分区上启动。进入 linux，复制"boot"和"bsd.rd"到 wd0(hda1)， 然后加载和运行 bsd.rd，保留 wd0i(hda1) 上的 EXT2 分区。请参阅 INSTALL.armish 以获得更多信息。

OpenBSD/cats:

有必要的话，将固件驱动升级到最新的 ABLE 1.95，通过 ABLE 支持的设备（例如光驱或已有的 FFS 或 EXT2 分区）来引导 FTP:4.0/cats/bsd.rd安装。

OpenBSD/hp300:

按照 INSTALL.hp300 的相关说明通过网络来启动安装。

OpenBSD/hppa:

按照 INSTALL.hppa 或 hppa 平台的相关说明通过网络来启动安装。

OpenBSD/luna88k:

将 bsd.rd 复制到 Mach 或 UniOS 分区，通过 PROM 启动安装。 你也可以制作可启动磁带来安装。更多信息请参阅 INSTALL.luna88k。

OpenBSD/mac68k:

正常启动 MacOS，将 FTP:4.0/mac68k/utils 下的程序 “BSD/Mac68k Booter” 解压到硬盘。用 bsd.rd 内核文件的位置配置 “BSD/Mac68k Booter”，启动后进入安装程序。更多相关信息请参阅 INSTALL.mac68k。

OpenBSD/mvme68k:

可以制作启动磁带或通过网络来安装。
网络启动需要支持 NIOT 和 NBO 调试命令的 MVME68K BUG 版本。 更多相关信息请参阅 INSTALL.mvme68k。

OpenBSD/mvme88k:

可以制作启动磁带或通过网络来安装。
网络启动需要支持 NIOT 和 NBO 调试命令的 MVME88K BUG 版本。 更多相关信息请参阅 INSTALL.mvme88k。

OpenBSD/sgi:

刻录一张 cd40.iso 的光盘，将其放入光驱中，从系统维护菜单中选择 Install System Software 进行安装。

如果没有光驱，可以通过 DHCP 或 tftp 连接到网络服务器的话，用 bootp()/bsd.rd 来引导启动安装。更多相关信息请参阅 INSTALL.sgi。

OpenBSD/vax:

用 mopbooting 通过网络启动来安装，相关信息请参阅 INSTALL.vax。

OpenBSD/zaurus:

用 Linux 内置的图形化安装程序 ipkg 来安装 openbsd40_arm.ipk 包。 重启之后，即可运行。更多信息请参阅INSTALL.zaurus。

关于源代码的说明:

src.tar.gz 包含的源代码文件开始路径是 /usr/src。 该文件包括除了内核代码之外的所有源代码，内核代码位于单独的档案文件中。 解压方法:

# mkdir -p /usr/src
# cd /usr/src
# tar xvfz /tmp/src.tar.gz

sys.tar.gz 包含的源代码文件路径开始是 /usr/src/sys。 该文件包括了重建内核需要的所有源代码。解压方法:

# mkdir -p /usr/src/sys
# cd /usr/src
# tar xvfz /tmp/sys.tar.gz

这些文件是 CVS 检出格式。可以使用匿名 CVS 服务器基于它们获得最新的版本。基于这些文件更新，比完全重新从 CVS 检出的速度要快得多。

How to upgrade

如果你已经安装了OpenBSD 3.9，不想重新安装，可以在 升级指南中找到升级方法和忠告。

使用 ports 的方法

也提供了 ports 的档案文件。解压方法:

# cd /usr
# tar xvfz /tmp/ports.tar.gz
# cd ports

ports/ 子目录是 OpenBSD ports 树的检出副本。假如你不了解 ports， 请浏览 ports 页面。该文件并非是如何使用 ports 的手册， 它只是 OpenBSD ports 系统用户的初级读本。

ports/ 目录是我们从 CVS(如果你不熟悉 CVS，请参阅手册 cvs(1)) 检出的 ports 副本。与我们的代码一样，ports 也可以通过匿名 CVS 服务器更新。因此，为了确保版本是最新的，必须使 ports/ 在可读写的介质中， 更新的命令是:

# cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_0

[当然，在实际操作时需要将本地目录和服务器名称替换成你的 ports 所在位置和较近的匿名 CVS 服务器。]

注意大部分的 ports 可以通过 FTP 获得预先编译的二进制包。如果发现问题，会为 4.0 版本发布升级包。

如果你有兴趣观察 ports 的变动信息，或者帮助我们，或者只想获得更多的信息， 请加入邮件列表 ports@openbsd.org 。