A resource for the OpenBSD community

You may have heard already that a fourth edition of The Book of PF was on the way.

It is now shipping, and when author and undeadly.org co-editor Peter Hansteen finally got his author copies, he wrote a blog post titled The Book of PF, 4th Edition: It's Here, It's Real.

Like Peter says in the article, we would like to encourage readers who can afford it, to support the OpenBSD project.

And there are pictures, of the book and the resident philosopher.

Some readers will be aware that Miod Vallat (miod@) has been chronicling some of the more challenging parts of OpenBSD development in his OpenBSD stories collection for a while now.

The latest entry is the full OpenBSD on SGI: a rollercoaster story, which is also available in six parts,

It's a story some thirty years in the making and telling. Enjoy!

A long standing and somewhat odd conflict between two OpenBSD security mechanisms, pledge(2) and unveil(2) has been resolved by eliminating the tmppath promise from what pledge(2) offers.

The commit by Theo de Raadt (deraadt@) comes with an explanation in the commit message, which reads

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2026-02-26 7:42:26
CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/02/26 00:42:26

Modified files:
	sys/sys        : pledge.h 
	sys/kern       : kern_pledge.c 
	lib/libc/sys   : pledge.2 

Log message:
pledge "tmppath" goes away because it sucks.  The history is kind of
sad:  unveil(2) was invented by Bob Beck and myself because a couple
of us struggled and couldn't expand the "tmppath" mechanism to general use.

Dave Voutila (dv@) has continued his work on moving vmd(8) to a multi-process model. (Undeadly first reported on this in 2023.) This time the virtio scsi device has been converted to a subprocess:

CVSROOT:	/cvs
Module name:	src
Changes by:	dv@cvs.openbsd.org	2026/02/22 15:54:54

Modified files:
	usr.sbin/vmd   : vioscsi.c virtio.c virtio.h vmd.c vmd.h 

Log message:
vmd(8): convert virtio scsi device to a subprocess.

Break the virtio scsi device (used as a cd-rom drive) into a
subprocess like the virtio block and network devices. This leaves
only the entropy device (viornd) and vmmci device running in-process
with the vcpus.

ok mlarkin@

Version 0.123 of Game of Trees has been released (and the port updated):

Every OpenBSD admin has booted bsd.rd at least once — to install, upgrade, or rescue a broken system. But few people stop to look at what’s actually inside that file.

In this article over at the OpenBSD Jumpstart site, they take a look at just that.

The contents and format of the bsd.rd ramdisk kernel is shown, so you can understand and customize it for your own needs.

Enjoy!

Version 0.122 of Game of Trees has been released (and the port updated):

Version 0.121 of Game of Trees has been released (and the port updated):