{"id":15148719,"url":"https://github.com/ajacoutot/aws-openbsd","last_synced_at":"2025-07-05T09:35:48.918Z","repository":{"id":151262795,"uuid":"47893269","full_name":"ajacoutot/aws-openbsd","owner":"ajacoutot","description":"AWS OpenBSD image builder (AMI) and cloud-init replacement","archived":false,"fork":false,"pushed_at":"2023-08-27T14:46:17.000Z","size":159,"stargazers_count":184,"open_issues_count":0,"forks_count":47,"subscribers_count":27,"default_branch":"master","last_synced_at":"2025-05-20T12:07:23.882Z","etag":null,"topics":["aws","cloud-init","openbsd"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ajacoutot.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2015-12-12T20:22:54.000Z","updated_at":"2025-04-07T19:05:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"d4112d1f-458c-442d-95f1-14984d30846b","html_url":"https://github.com/ajacoutot/aws-openbsd","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ajacoutot/aws-openbsd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajacoutot%2Faws-openbsd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajacoutot%2Faws-openbsd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajacoutot%2Faws-openbsd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajacoutot%2Faws-openbsd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ajacoutot","download_url":"https://codeload.github.com/ajacoutot/aws-openbsd/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajacoutot%2Faws-openbsd/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263719468,"owners_count":23501049,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloud-init","openbsd"],"created_at":"2024-09-26T13:22:04.454Z","updated_at":"2025-07-05T09:35:48.877Z","avatar_url":"https://github.com/ajacoutot.png","language":"Shell","funding_links":[],"categories":["Hosting","Third Party repositories"],"sub_categories":["Related projects"],"readme":"# AWS-OpenBSD\n\nAWS playground for OpenBSD kids. \nRunning whatever is in this repo will propably end up destroying a kitten factory.\n\n## Prerequisites for obsd-img-builder.sh (OpenBSD AMI builder)\n\n* shell access to OpenBSD current \u003e6.5 with vmm(4) support and Internet access\n* 3.5GB of free space in ${TMPDIR}\n* *awscli* and *vmdktool* packages installed\n* AWS IAM user with enough permissions (AmazonEC2FullAccess, AmazonS3FullAccess, IAMFullAccess)\n * AWS environment variables properly set (when not use root's awscli configuration):\n * *AWS_CONFIG_FILE*\n * *AWS_DEFAULT_PROFILE* (when not using the *default* profile)\n * *AWS_SHARED_CREDENTIALS_FILE*\n\n## Script usage\n\n```\nusage: obsd-img-builder.sh\n -a \"architecture\" -- default to \"amd64\"\n -d \"description\" -- AMI description; defaults to \"openbsd-$release-$timestamp\"\n -i \"path to RAW image\" -- use image at path instead of creating one\n -m \"install mirror\" -- defaults to installurl(5) or \"https://cdn.openbsd.org/pub/OpenBSD\"\n -n -- only create a RAW image (don't convert to an AMI nor push to AWS)\n -r \"release\" -- e.g \"6.5\"; default to \"snapshots\"\n -s \"image size in GB\" -- default to \"12\"\n```\n\n## TODO\n\n* arm64 support\n* MP support\n\n### Misc\n\n### KARL (kernel address randomized link)\n\nWhile a newly built image/AMI will contain a randomized kernel, it is advised\nto add user-data at first boot that will reboot the instance once the first\nrandomization is done. This is so that every instance will indeed run a\ndifferent relinked kernel.\n\n### ENI hotplug\n\n```\n# cat \u003c\u003c-'EOF' \u003e/etc/hotplug/attach\n#!/bin/sh\n\ncase $1 in\n\t3) echo \"!/sbin/dhclient -i routers $2\" \u003e/etc/hostname.$2\n\t\t/bin/sh /etc/netstart $i\n\t\t;;\nesac\nEOF\n# chmod 0555 /etc/hotplug/attach\n# rcctl enable hotplugd \u0026\u0026 rcctl start hotplugd\n```\n\n### Build sample output\n\n```\n# export AWS_CONFIG_FILE=/home/myuser/.aws/config\n# export AWS_DEFAULT_PROFILE=builder\n# export AWS_SHARED_CREDENTIALS_FILE=/home/myuser/.aws/credentials\n```\n\n```\n# ./obsd-img-builder.sh \n================================================================================\n| creating install.site\n================================================================================\n================================================================================\n| creating sd1 and storing siteXX.tgz\n================================================================================\nvmctl: raw imagefile created\nWriting MBR at offset 0.\nLabel editor (enter '?' for help at any prompt)\n\u003e offset: [128] size: [2096972] FS type: [4.2BSD] \u003e \u003e No label changes.\n/dev/rvnd0a: 1023.9MB in 2096960 sectors of 512 bytes\n6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each\nsuper-block backups (for fsck -b #) at:\n 32, 414688, 829344, 1244000, 1658656, 2073312,\n================================================================================\n| creating auto_install.conf\n================================================================================\n================================================================================\n| creating modified bsd.rd for autoinstall\n================================================================================\nSHA256.sig 100% |******************************************************| 2141 00:00 \nbsd.rd 100% |******************************************************| 9971 KB 00:01 \nchecking signature: /etc/signify/openbsd-65-base.pub\n================================================================================\n| starting autoinstall inside vmm(4)\n================================================================================\nvmctl: raw imagefile created\nConnected to /dev/ttyp5 (speed 115200)\nCopyright (c) 1982, 1986, 1989, 1991, 1993\n\tThe Regents of the University of California. All rights reserved.\nCopyright (c) 1995-2019 OpenBSD. All rights reserved. https://www.OpenBSD.org\n\nOpenBSD 6.5-beta (RAMDISK_CD) #783: Thu Mar 21 21:42:12 MDT 2019\n deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD\nreal mem = 520093696 (496MB)\navail mem = 500412416 (477MB)\nmainbus0 at root\nbios0 at mainbus0\nacpi at bios0 not configured\ncpu0 at mainbus0: (uniprocessor)\ncpu0: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2295.72 MHz, 06-3d-04\ncpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,RDSEED,ADX,SMAP,MELTDOWN\ncpu0: 256KB 64b/line 8-way L2 cache\npvbus0 at mainbus0: OpenBSD\npci0 at mainbus0 bus 0\npchb0 at pci0 dev 0 function 0 \"OpenBSD VMM Host\" rev 0x00\nvirtio0 at pci0 dev 1 function 0 \"Qumranet Virtio RNG\" rev 0x00\nviornd0 at virtio0\nvirtio0: irq 3\nvirtio1 at pci0 dev 2 function 0 \"Qumranet Virtio Network\" rev 0x00\nvio0 at virtio1: address fe:e1:bb:d1:44:83\nvirtio1: irq 5\nvirtio2 at pci0 dev 3 function 0 \"Qumranet Virtio Storage\" rev 0x00\nvioblk0 at virtio2\nscsibus0 at vioblk0: 2 targets\nsd0 at scsibus0 targ 0 lun 0: \u003cVirtIO, Block Device, \u003e SCSI3 0/direct fixed\nsd0: 12288MB, 512 bytes/sector, 25165824 sectors\nvirtio2: irq 6\nvirtio3 at pci0 dev 4 function 0 \"Qumranet Virtio Storage\" rev 0x00\nvioblk1 at virtio3\nscsibus1 at vioblk1: 2 targets\nsd1 at scsibus1 targ 0 lun 0: \u003cVirtIO, Block Device, \u003e SCSI3 0/direct fixed\nsd1: 1024MB, 512 bytes/sector, 2097152 sectors\nvirtio3: irq 7\nvirtio4 at pci0 dev 5 function 0 \"OpenBSD VMM Control\" rev 0x00\nvmmci0 at virtio4\nvirtio4: irq 9\nisa0 at mainbus0\ncom0 at isa0 port 0x3f8/8 irq 4: ns16450, no fifo\ncom0: console\nsoftraid0 at root\nscsibus2 at softraid0: 256 targets\nroot on rd0a swap on rd0b dump on rd0b\nerase ^?, werase ^W, kill ^U, intr ^C, status ^T\n\nWelcome to the OpenBSD/amd64 6.5 installation program.\nStarting non-interactive mode in 5 seconds...\n(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? waiting for vm openbsd-current-amd64-20190322T091544Z: \nPerforming non-interactive install...\nTerminal type? [vt220] vt220\nSystem hostname? (short form, e.g. 'foo') openbsd\n\nAvailable network interfaces are: vio0 vlan0.\nWhich network interface do you wish to configure? (or 'done') [vio0] vio0\nIPv4 address for vio0? (or 'dhcp' or 'none') [dhcp] dhcp\nIPv6 address for vio0? (or 'autoconf' or 'none') [none] none\nAvailable network interfaces are: vio0 vlan0.\nWhich network interface do you wish to configure? (or 'done') [done] done\nDNS domain name? (e.g. 'example.com') [my.domain] my.domain\nUsing DNS nameservers at 100.64.11.2\n\nPassword for root account? \u003cprovided\u003e\nPublic ssh key for root account? [none] none\nStart sshd(8) by default? [yes] yes\nChange the default console to com0? [yes] yes\nAvailable speeds are: 9600 19200 38400 57600 115200.\nWhich speed should com0 use? (or 'done') [115200] 115200\nSetup a user? (enter a lower-case loginname, or 'no') [no] ec2-user\nFull name for user ec2-user? [ec2-user] EC2 Default User\nPassword for user ec2-user? \u003cprovided\u003e\nPublic ssh key for user ec2-user [none] none\nWARNING: root is targeted by password guessing attacks, pubkeys are safer.\nAllow root ssh login? (yes, no, prohibit-password) [no] no\nWhat timezone are you in? ('?' for list) [UTC] UTC\n\nAvailable disks are: sd0 sd1.\nWhich disk is the root disk? ('?' for details) [sd0] sd0\nNo valid MBR or GPT.\nUse (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole] whole\nSetting OpenBSD MBR partition to whole sd0...done.\nURL to autopartitioning template for disklabel? [none] none\nThe auto-allocated layout for sd0 is:\n# size offset fstype [fsize bsize cpg]\n a: 255.1M 64 4.2BSD 2048 16384 1 # /\n b: 290.2M 522496 swap \n c: 12288.0M 0 unused \n d: 288.2M 1116832 4.2BSD 2048 16384 1 # /tmp\n e: 353.2M 1706976 4.2BSD 2048 16384 1 # /var\n f: 1005.1M 2430432 4.2BSD 2048 16384 1 # /usr\n g: 447.0M 4488864 4.2BSD 2048 16384 1 # /usr/X11R6\n h: 1339.3M 5404416 4.2BSD 2048 16384 1 # /usr/local\n i: 1342.0M 8147296 4.2BSD 2048 16384 1 # /usr/src\n j: 5204.1M 10895776 4.2BSD 2048 16384 1 # /usr/obj\n k: 1759.8M 21553728 4.2BSD 2048 16384 1 # /home\nUse (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] a\nnewfs: reduced number of fragments per cylinder group from 32648 to 32512 to enlarge last cylinder group\n/dev/rsd0a: 255.1MB in 522432 sectors of 512 bytes\n5 cylinder groups of 63.50MB, 4064 blocks, 8192 inodes each\n/dev/rsd0k: 1759.8MB in 3604032 sectors of 512 bytes\n9 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each\nnewfs: reduced number of fragments per cylinder group from 36880 to 36728 to enlarge last cylinder group\n/dev/rsd0d: 288.2MB in 590144 sectors of 512 bytes\n5 cylinder groups of 71.73MB, 4591 blocks, 9216 inodes each\n/dev/rsd0f: 1005.1MB in 2058432 sectors of 512 bytes\n5 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each\nnewfs: reduced number of fragments per cylinder group from 57216 to 56992 to enlarge last cylinder group\n/dev/rsd0g: 447.0MB in 915552 sectors of 512 bytes\n5 cylinder groups of 111.31MB, 7124 blocks, 14336 inodes each\n/dev/rsd0h: 1339.3MB in 2742880 sectors of 512 bytes\n7 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each\n/dev/rsd0j: 5204.1MB in 10657952 sectors of 512 bytes\n26 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each\n/dev/rsd0i: 1342.0MB in 2748480 sectors of 512 bytes\n7 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each\n/dev/rsd0e: 353.2MB in 723456 sectors of 512 bytes\n4 cylinder groups of 88.31MB, 5652 blocks, 11392 inodes each\nAvailable disks are: sd1.\nWhich disk do you wish to initialize? (or 'done') [done] done\n/dev/sd0a (9861f4b2a79df4f4.a) on /mnt type ffs (rw, asynchronous, local)\n/dev/sd0k (9861f4b2a79df4f4.k) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid)\n/dev/sd0d (9861f4b2a79df4f4.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid)\n/dev/sd0f (9861f4b2a79df4f4.f) on /mnt/usr type ffs (rw, asynchronous, local, nodev)\n/dev/sd0g (9861f4b2a79df4f4.g) on /mnt/usr/X11R6 type ffs (rw, asynchronous, local, nodev)\n/dev/sd0h (9861f4b2a79df4f4.h) on /mnt/usr/local type ffs (rw, asynchronous, local, nodev)\n/dev/sd0j (9861f4b2a79df4f4.j) on /mnt/usr/obj type ffs (rw, asynchronous, local, nodev, nosuid)\n/dev/sd0i (9861f4b2a79df4f4.i) on /mnt/usr/src type ffs (rw, asynchronous, local, nodev, nosuid)\n/dev/sd0e (9861f4b2a79df4f4.e) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)\n\nLet's install the sets!\nLocation of sets? (disk http or 'done') [disk] http\nHTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none\nHTTP Server? (hostname, list#, 'done' or '?') [cdn.openbsd.org] cdn.openbsd.org\nServer directory? [pub/OpenBSD/snapshots/amd64] pub/OpenBSD/snapshots/amd64\n\nSelect sets by entering a set name, a file name pattern or 'all'. De-select\nsets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.\n [X] bsd [X] comp65.tgz [X] xbase65.tgz [X] xserv65.tgz\n [X] bsd.rd [X] man65.tgz [X] xshare65.tgz\n [X] base65.tgz [X] game65.tgz [X] xfont65.tgz\nSet name(s)? (or 'abort' or 'done') [done] done\nGet/Verify SHA256.sig 100% |**************************| 2141 00:00 \nSignature Verified\nGet/Verify bsd 100% |**************************| 15492 KB 00:02 \nGet/Verify bsd.rd 100% |**************************| 9971 KB 00:01 \nGet/Verify base65.tgz 100% |**************************| 191 MB 00:27 \nGet/Verify comp65.tgz 100% |**************************| 93001 KB 00:12 \nGet/Verify man65.tgz 100% |**************************| 7383 KB 00:01 \nGet/Verify game65.tgz 100% |**************************| 2740 KB 00:00 \nGet/Verify xbase65.tgz 100% |**************************| 20664 KB 00:03 \nGet/Verify xshare65.tgz 100% |**************************| 4448 KB 00:01 \nGet/Verify xfont65.tgz 100% |**************************| 39342 KB 00:05 \nGet/Verify xserv65.tgz 100% |**************************| 16684 KB 00:02 \nInstalling bsd 100% |**************************| 15492 KB 00:00 \nInstalling bsd.rd 100% |**************************| 9971 KB 00:00 \nInstalling base65.tgz 100% |**************************| 191 MB 00:18 \nExtracting etc.tgz 100% |**************************| 256 KB 00:00 \nInstalling comp65.tgz 100% |**************************| 93001 KB 00:14 \nInstalling man65.tgz 100% |**************************| 7383 KB 00:01 \nInstalling game65.tgz 100% |**************************| 2740 KB 00:00 \nInstalling xbase65.tgz 100% |**************************| 20664 KB 00:02 \nExtracting xetc.tgz 100% |**************************| 6935 00:00 \nInstalling xshare65.tgz 100% |**************************| 4448 KB 00:01 \nInstalling xfont65.tgz 100% |**************************| 39342 KB 00:03 \nInstalling xserv65.tgz 100% |**************************| 16684 KB 00:01 \nLocation of sets? (disk http or 'done') [done] disk\nIs the disk partition already mounted? [yes] no\nAvailable disks are: sd0 sd1.\nWhich disk contains the install media? (or 'done') [sd1] sd1\nPathname to the sets? (or 'done') [6.5/amd64] 6.5/amd64\nINSTALL.amd64 not found. Use sets found here anyway? [no] yes\n\nSelect sets by entering a set name, a file name pattern or 'all'. De-select\nsets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.\n [ ] site65.tgz\nSet name(s)? (or 'abort' or 'done') [done] site*\n [X] site65.tgz\nSet name(s)? (or 'abort' or 'done') [done] done\nDirectory does not contain SHA256.sig. Continue without verification? [no] yes\nInstalling site65.tgz 100% |**************************| 372 00:00 \nLocation of sets? (disk http or 'done') [done] done\nSaving configuration files... done.\nMaking all device nodes... done.\nRelinking to create unique kernel... done.\n\nCONGRATULATIONS! Your OpenBSD install has been successfully completed!\n\nWhen you login to your new system the first time, please read your mail\nusing the 'mail' command.\n\nsyncing disks... done\nvmmci0: powerdown\nrebooting...\nterminated vm 11\n stopping vm openbsd-current-amd64-20190322T091544Z: forced to terminate vm 11\n\n[SIGTERM]\n================================================================================\n| creating IAM role\n================================================================================\n{\n \"Role\": {\n \"AssumeRolePolicyDocument\": {\n \"Version\": \"2012-10-17\", \n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\", \n \"Effect\": \"Allow\", \n \"Condition\": {\n \"StringEquals\": {\n \"sts:Externalid\": \"vmimport\"\n }\n }, \n \"Principal\": {\n \"Service\": \"vmie.amazonaws.com\"\n }\n }\n ]\n }, \n \"RoleId\": \"AROAJ724UC5U3JGJ5EZ7C\", \n \"CreateDate\": \"2019-03-22T09:18:45Z\", \n \"RoleName\": \"openbsd-current-amd64-20190322T091544Z\", \n \"Path\": \"/\", \n \"Arn\": \"arn:aws:iam::360116137065:role/openbsd-current-amd64-20190322T091544Z\"\n }\n}\n================================================================================\n| converting image to stream-based VMDK\n================================================================================\n================================================================================\n| uploading image to S3\n================================================================================\n{\n \"Location\": \"http://openbsd-current-amd64-20190322t091544z-29476.s3.amazonaws.com/\"\n}\nupload: ./openbsd-current-amd64-20190322T091544Z.vmdk to s3://openbsd-current-amd64-20190322t091544z-29476/openbsd-current-amd64-20190322T091544Z.vmdk\n================================================================================\n| converting VMDK to snapshot\n================================================================================\n Progress: None%\n================================================================================\n| removing bucket openbsd-current-amd64-20190322t091544z-29476\n================================================================================\ndelete: s3://openbsd-current-amd64-20190322t091544z-29476/openbsd-current-amd64-20190322T091544Z.vmdk\nremove_bucket: openbsd-current-amd64-20190322t091544z-29476\n================================================================================\n| registering AMI\n================================================================================\n{\n \"ImageId\": \"ami-0d1cf7bb6f969621f\"\n}\n================================================================================\n| removing IAM role\n================================================================================\n================================================================================\n| work directory: /tmp/aws-ami.p0MJZxjBcr\n================================================================================\n```\n\nInstanciate the AMI and connect to it using SSH:\n\n```\n$ ssh ec2-user@${IPADDR}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fajacoutot%2Faws-openbsd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fajacoutot%2Faws-openbsd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fajacoutot%2Faws-openbsd/lists"}