pfSense compile requirements for 3rd party software

encrypt1d · Feb 13, 2022, 5:22 PM

I continued to work on this over the weekend and found an image of FreeBSD which has a closer kernel version - now at 1202505 which is only 1 off from what pkg reports for pfSense 2.5.2 (1202504). That's the Jan 28 2021 snapshot of 12.2 stable. Still unable to find the ISO for the same build pfSense used. It would be good if you guys hosted that somewhere.

Same issue - ioctl runtime errors. It's also worth noting the binary I get is bigger than the one that comes out of the official pfSense repo:

original binary:
-rwxr-xr-x  1 root  wheel  155368 Nov 15 11:52 miniupnpd
built binary after pkg add:
-rwxr-xr-x  1 root  wheel  177000 Feb 13 10:23 miniupnpd

That suggests the compile is using different options I suppose.

bmeeks · Feb 13, 2022, 7:05 PM

@encrypt1d said in pfSense compile requirements for 3rd party software:

I continued to work on this over the weekend and found an image of FreeBSD which has a closer kernel version - now at 1202505 which is only 1 off from what pkg reports for pfSense 2.5.2 (1202504). That's the Jan 28 2021 snapshot of 12.2 stable. Still unable to find the ISO for the same build pfSense used. It would be good if you guys hosted that somewhere.

Same issue - ioctl runtime errors. It's also worth noting the binary I get is bigger than the one that comes out of the official pfSense repo:
original binary:
-rwxr-xr-x  1 root  wheel  155368 Nov 15 11:52 miniupnpd
built binary after pkg add:
-rwxr-xr-x  1 root  wheel  177000 Feb 13 10:23 miniupnpd
That suggests the compile is using different options I suppose.

You need to compare the content of the pf header files in your source tree on the machine where you are executing the build to the same header files listed here: https://github.com/pfsense/FreeBSD-src/tree/RELENG_2_5_2.

Whether or not you have the exact same kernel is not as critical as having the exact same header files in your build environment. My bet is some of the pf-related header files are different in your build environment as compared to the pfSense 2.5.2 build environment.

You should be able to compile the "stock" miniupndpd package from the pfSense ports repository and install and run it without incident on a pfSense 2.5.2 machine. If that is not working, then it most likely is header files that are your problem. You are not compiling a kernel. You are simply compiling a binary executable and perhas a few dependent libraries.

I assume you have actually installed miniupnpd from the SYSTEM > PACKAGE MANAGER screen in pfSense and it works from there. If so, then you should be able to compile the exact same package and have it work. Once you get past that, you can start modifying code. But if you can't get the stock 2.5.2 package to compile and install, then you most likely have header file mismatches.

Don't forget to switch to the proper branch in Git when pulling down files to sync in your local repo.

encrypt1d · Feb 13, 2022, 9:28 PM

@bmeeks

Don't forget to switch to the proper branch in Git when pulling down files to sync in your local repo.

I did a fresh clone, and yep I have done that for both repos, and they both showed this message:

Branch 'RELENG_2_5_2' set up to track remote branch 'RELENG_2_5_2' from 'origin'.

I assume you have actually installed miniupnpd from the SYSTEM > PACKAGE MANAGER screen in pfSense and it works from there

That is correct. No IOTCL errors from the official package.

But if you can't get the stock 2.5.2 package to compile and install, then you most likely have header file mismatches.

I have no issues with compile and install. The service actually does start, but it throws IOCTL errors in the log, and fails to function correctly.

Just be be certain,
I have the FreeBSD-src repo in:

/git/FreeBSD-src

I have the Free-BSD ports repo in:

/git/FreeBSD-ports

Earlier it was mentioned that the src should be in /usr/src, so I created a symbolic link in /usr as follows:

lrwxr-xr-x   1 root  wheel  -    17 Feb 13 15:55 src@ -> /git/FreeBSD-src/

Yet none of my build will function correctly upon starting the service on the firewall. This should just work right?

(pulls out hair)

bmeeks · Feb 14, 2022, 3:21 AM

@encrypt1d said in pfSense compile requirements for 3rd party software:

Earlier it was mentioned that the src should be in /usr/src, so I created a symbolic link in /usr as follows:
lrwxr-xr-x   1 root  wheel  -    17 Feb 13 15:55 src@ -> /git/FreeBSD-src/
Yet none of my build will function correctly upon starting the service on the firewall. This should just work right?

(pulls out hair)

I think your problem is that the include files on your build system do not match those used by pfSense. Let me explain.

The way the pfSense team builds their image is on a custom builder machine. That machine has their customized FreeBSD kernel along with its include files. The packages repository is built within a Poudriere jail on this builder machine. The Poudriere jail installs the pfSense FreeBSD source tree including its header files. Everything happens in that jail. But the key thing here is that pfSense itself (the operating system as it were for pfSense) is built from the FreeBSD source tree. Packages, on the other hand, are built from the source code referenced in the Makefile and the header include files in /usr/include within the Poudriere jail.

But you are building outside of the jail, so the files that actually get used are the local headers (include files, really) installed on YOUR machine. These are in /usr/include. Those are the files I'm betting do not match up with the ones in the pfSense build tree. Don't get too hung up on the /usr/src tree since your build is not really using that. The files in there are for building the kernel, but you are not building the kernel. You are building a package. Packages need to have the correct include files in the /usr/include tree on the box where the packages are being built.

encrypt1d · Feb 14, 2022, 2:12 PM

@bmeeks

Packages need to have the correct include files in the /usr/include tree on the box where the packages are being built.

I tried the following two things based on that advice:

Outright replacement of /usr/include with only the contents of the pfSense
/git/FreeBSD-src/include. This resulting in missing headers, and compile failure.
I set /usr/include set back to original content, then copied contents of the pfSense repo /git/FreeBSD-src/include into /usr/include (effectively a merge over top of the original). This compiles, links, and runs on the firewall, but with the same ioctl errors.
Copied all of the pfSense git repo contents (FreeBSD-src) into /usr. Build works, same ioctl issues.

Am I chasing my tail trying to do this outside a poudriere jail?

bmeeks · Feb 14, 2022, 2:12 PM

@encrypt1d said in pfSense compile requirements for 3rd party software:

@bmeeks

Packages need to have the correct include files in the /usr/include tree on the box where the packages are being built.

I tried the following two things based on that advice:

Outright replacement of /usr/include with only the contents of the pfSense
/git/FreeBSD-src/include. This resulting in missing headers, and compile failure.

I set /usr/include set back to original content, then copied contents of the pfSense repo /git/FreeBSD-src/include into /usr/include (effectively a merge over top of the original). This compiles, links, and runs on the firewall, but with the same ioctl errors.

Copied all of the pfSense git repo contents (FreeBSD-src) into /usr. Build works

Am I chasing my tail trying to do this outside a poudriere jail?

I think your experiement with the header files proves there are some differences in your build environment versus what the pfSense image and package builder uses.

You can create your own pfSense build system. I have one I use when testing my package changes for Snort and Suricata. It won't successfully build a pfSense kernel or install image, but it builds packages just fine that I then install over on my pfSense virtual machine test boxes.

I will give you the overall high-level steps. Warning -- this endeavor is not for everyone! It will very likely take some fiddling around to get things working. There is no great documentation of the steps (at least that I've found).

NOTE: in the steps below I've given the full URL of the repo branch on GitHub. When you actually run the clone command, you will need to use the *.git file instead, then switch to the appropriate branch when building. So https://github.com/pfsense/pfsense.git

Create a new directory on your builder. Clone this GitHub repo into a directory on your builder machine: https://github.com/pfsense/pfsense/tree/RELENG_2_5_2. I chose /usr/home/pfsense for my directory. Change into the directory you created and then clone the repo there. So when the clone completes, if you used my example path, you will have a /usr/home/pfsense/pfsense directory full of the PHP source code and various build configuration things in that last pfsense subdirectory.
Next you need to clone the FreeBSD-ports repo. So using my example path, you would change into the /usr/home/pfsense directory and clone this repo: https://github.com/pfsense/FreeBSD-ports/tree/RELENG_2_5_2. This will create a ports tree of all the pfSense packages in /usr/home/pfsense/FreeBSD-ports.
You now need to create a builder.conf file in the top-level of that final pfsense directory created by the first cloning step. There is a sample conf file there already called builder.conf.sample that you can copy from and customize.
Make sure you are in that final pfsense directory and then issue this command to begin the setup of your builder environment:

./build.sh --setup

Hopefully that runs to a successful completion. If not, you will need to troubleshoot using any error messages that print.

Next you need to run the routine to create the Poudriere jail. This will take a long time depending on your hardware. On my modest virtual machine builders it takes over 4 hours. Here is the command:

./build.sh --setup-poudriere

When that finishes, you should have a functional builder jail environment. To build the initial package tree run:

./build.sh --update-pkg-repo -a amd64.amd64

That will build all the packages for the Intel/AMD architecture and store them in /usr/local/poudriere/packages.

encrypt1d · Feb 14, 2022, 2:11 PM

@bmeeks
I will give it a try, thanks.

bmeeks · Feb 14, 2022, 2:18 PM

@encrypt1d said in pfSense compile requirements for 3rd party software:

@bmeeks
I will give it a try, thanks.

If you get a working stock package builder, then the miniupnpd package should build and install on a pfSense firewall (of the same base pfSense version as the builder where the package was created).

I know that it works, because I build Snort and Suricata binary packages (and the PHP GUI parts as well) in my package builder all the time. I even upload them to a web server that serves as a pkg repository so I can install my packages from SYSTEM > PACKAGE MANAGER in pfSense. I do that by adding an additional repo that references my local web server to the pkg repo configuration. I do that so I can test all phases of my packages including installation, removal, and updating.

encrypt1d · Feb 14, 2022, 3:24 PM

@bmeeks

In the build.conf file,
Should these lines point to the FreeBSD official, or the pfSense version, ie should it be this:

# Define FreeBSD repository, branch and specific commit
export FREEBSD_REPO_BASE=https://github.com/pfsense/FreeBSD-src.git
export FREEBSD_BRANCH=RELENG_2_5_2

or this:

# Define FreeBSD repository, branch and specific commit
export FREEBSD_REPO_BASE=https://github.com/freebsd/freebsd.git
export FREEBSD_BRANCH=stable/10

bmeeks · Feb 14, 2022, 3:32 PM

@encrypt1d said in pfSense compile requirements for 3rd party software:

@bmeeks

In the build.conf file,
Should these lines point to the FreeBSD official, or the pfSense version, ie should it be this:

# Define FreeBSD repository, branch and specific commit
export FREEBSD_REPO_BASE=https://github.com/pfsense/FreeBSD-src.git
export FREEBSD_BRANCH=RELENG_2_5_2

or this:

# Define FreeBSD repository, branch and specific commit
export FREEBSD_REPO_BASE=https://github.com/freebsd/freebsd.git
export FREEBSD_BRANCH=stable/10

The FREEBSD_BRANCH line should point to the pfSense branch. So you have it right in the first example: RELENG_2_5_2.

But as of just a little while ago, that is now RELENG_2_6_0 as they released 2.6.0 CE and 22.01 pfSense Plus this morning. So be careful and keep the branch in the builder synced up with the branch installed on your firewall.

And if you swap branches, you will likely need to rebuild the FreeBSD jail used by Poudriere. Run the shell script with no arguments to see all the command options like this:

./build.sh

One of the options is to update the poudriere jails.

encrypt1d · Feb 14, 2022, 4:37 PM

@bmeeks

Is it a requirement to be running a local repo server?

Seems like it might be - I see in the logs it is trying to access online content to my "nonSense" build. There doesn't seem to be an option to disable that.

pdating nonSense-core repository catalogue...
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-core/meta.txz: Forbidden
repository nonSense-core has no meta file, using default settings
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-core/packagesite.pkg: Forbidden
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-core/packagesite.txz: Forbidden
Unable to update repository nonSense-core
Updating nonSense repository catalogue...
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-nonSense_v2_6_0/meta.txz: Forbidden
repository nonSense has no meta file, using default settings
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-nonSense_v2_6_0/packagesite.pkg: Forbidden
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-nonSense_v2_6_0/packagesite.txz: Forbidden
Unable to update repository nonSense
Error updating repositories!

bmeeks · Feb 14, 2022, 4:49 PM

@encrypt1d said in pfSense compile requirements for 3rd party software:

@bmeeks

Is it a requirement to be running a local repo server?

Seems like it might be - I see in the logs it is trying to access online content to my "nonSense" build. There doesn't seem to be an option to disable that.

pdating nonSense-core repository catalogue...
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-core/meta.txz: Forbidden
repository nonSense-core has no meta file, using default settings
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-core/packagesite.pkg: Forbidden
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-core/packagesite.txz: Forbidden
Unable to update repository nonSense-core
Updating nonSense repository catalogue...
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-nonSense_v2_6_0/meta.txz: Forbidden
repository nonSense has no meta file, using default settings
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-nonSense_v2_6_0/packagesite.pkg: Forbidden
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-nonSense_v2_6_0/packagesite.txz: Forbidden
Unable to update repository nonSense
Error updating repositories!

I think you can just comment out those lines in builder.conf by placing a "#" character at the start of each line. These little issues are what I meant when I said getting a builder configured takes a lot of patience. It is not a simple click, click, done sort of thing.

Here is my builder.conf file from my RELEASE builder. I have two: one for DEVEL and another for RELEASE.

# Define FreeBSD repository, branch and specific commit
export FREEBSD_REPO_BASE=https://github.com/pfsense/FreeBSD-src.git
export FREEBSD_BRANCH="RELENG_2_5_2"
#export GIT_FREEBSD_COSHA1=##HASH##

# Do not clean FreeBSD obj dirs
#export NO_CLEAN_FREEBSD_OBJ=YES

# Do not clean FreeBSD src dir
#export NO_CLEAN_FREEBSD_SRC=YES

# rsync data to upload snapshots
#export RSYNCIP="your.snapshot.server"
#export RSYNCUSER="username"
#export RSYNCPATH="/usr/local/www/snapshots"
#export RSYNCLOGS="/usr/local/www/snapshots/logs"

# rsync data to upload pkg repo
export PKG_RSYNC_HOSTNAME="vm-pfpackages.themeeks.net"
export PKG_RSYNC_USERNAME="root"
export PKG_RSYNC_SSH_PORT="22"
export PKG_RSYNC_DESTDIR="/usr/local/www/apache22/data/packages"

export STAGING_HOSTNAME="pfsense-builder-RELEASE.themeeks.net"

# Set these when doing RELEASE package builds
#export PKG_FINAL_RSYNC_HOSTNAME="vm-pfpackages.themeeks.net"
#export PKG_FINAL_RSYNC_DESTDIR="/usr/local/www/apache22/data/packages"

# pkg repo URL
export PKG_REPO_SERVER_DEVEL="pkg+https://beta.pfsense.org/packages"
export PKG_REPO_SERVER_RELEASE="pkg+https://pkg.pfsense.org"
export PKG_REPO_SERVER_STAGING="pkg+https://pkg.pfsense.org"

# Command used to sign pkg repo
export PKG_REPO_SIGN_KEY="/root/repo.key"
export PKG_REPO_SIGNING_COMMAND="/root/repo_sign.sh ${PKG_REPO_SIGN_KEY}"

# Added for private repo to skip rsync to Netgate RELEASE server
export SKIP_FINAL_RSYNC=YES

# Branch to replace pkg.conf template, defaults to $GIT_REPO_BRANCH_OR_TAG
#export PKG_REPO_BRANCH_DEVEL="BRANCH"
#export PKG_REPO_BRANCH_RELEASE="v2_3_2"

encrypt1d · Feb 14, 2022, 6:11 PM

@bmeeks

getting a builder configured takes a lot of patience. It is not a simple click, click, done sort of thing.

I am committed to getting it to work, and I am very appreciative of all the help.

Indeed I started with all of the repo lines commented out, yet it is still trying to access that online content. No matter what I do in the build.conf file, it tries to access a non-existent repo and then defaults out.

Updating nonSense-core repository catalogue...
pkg: http://release-staging.nyi.netgate.com/ce/packages/nonSense_v2_6_0_amd64-core/meta.txz: Forbidden
repository nonSense-core has no meta file, using default settings

My build.conf is as follows:

export PRODUCT_NAME="nonSense"
#export PRODUCT_URL="https://PRODUCT_URL/"

# Define FreeBSD repository, branch and specific commit
#export FREEBSD_REPO_BASE=https://github.com/freebsd/freebsd.git
#export FREEBSD_BRANCH=stable/10p
#export GIT_FREEBSD_COSHA1=##HASH##
export FREEBSD_REPO_BASE=https://github.com/pfsense/FreeBSD-src.git
export FREEBSD_BRANCH=RELENG_2_5_2

# Do not clean FreeBSD obj dirs
#export NO_CLEAN_FREEBSD_OBJ=YES

# rsync data to upload snapshots
#export RSYNCIP="your.snapshot.server"
#export RSYNCUSER="username"
#export RSYNCPATH="/usr/local/www/snapshots"

# rsync data to upload pkg repo
#export PKG_RSYNC_HOSTNAME="pkg_repo_hostname"
#export PKG_RSYNC_USERNAME="username"
#export PKG_RSYNC_SSH_PORT="22"
#export PKG_RSYNC_DESTDIR="/usr/local/www/beta/packages"
export SKIP_FINAL_RSYNC=YES

# pkg repo URL
#export PKG_REPO_SERVER_DEVEL="pkg+http://packages-beta.netgate.com/packages"
#export PKG_REPO_SERVER_RELEASE="pkg+http://packages.netgate.com"
#export PKG_REPO_SERVER_STAGING="pkg+http://release-staging.netgate.com/ce/packages"
export PKG_REPO_SERVER_DEVEL="pkg+https://beta.pfsense.org/packages"
export PKG_REPO_SERVER_RELEASE="pkg+https://pkg.pfsense.org"
export PKG_REPO_SERVER_STAGING="pkg+https://pkg.pfsense.org"
# Command used to sign pkg repo
export PKG_REPO_SIGN_KEY="/root/repo.key"
export PKG_REPO_SIGNING_COMMAND="/root/repo_sign.sh ${PKG_REPO_SIGN_KEY}"

# Branch to replace pkg.conf template, defaults to $GIT_REPO_BRANCH_OR_TAG
#export PKG_REPO_BRANCH_DEVEL="BRANCH"
#export PKG_REPO_BRANCH_RELEASE="BRANCH"

bmeeks · Feb 14, 2022, 6:22 PM

@encrypt1d:
You may wind up having to edit/modify the shell script code in ./tools/builder_common.sh to get things to work. The code in /builder.sh simply calls functions with ./tools/builder_common.sh to do the actual job you request.

This whole build system is geared towards Netgate building the official images and packages. It really does not work out of the box for other things without editing. It's been a very long time (years) since I set my two boxes up, so I don't recall all the hoops I jumped through. Since then, I've used other commands to stay updated without totally rebuilding my two builder machines.

You can try changing the PRODUCT_NAME to "pfSense" as a test. I think that also means you have to toggle the "Authorized_by_Netgate" switch or else tests in the functions that are called will bail out and print a copyright warning. This logic is all designed to prevent pirates from producing "pfSense" images and then installing and selling them. However, it does cause lots of roadblocks when all you want to do is simply build packages and you have no interest in building a kernel or pfSense install image.

encrypt1d · Feb 15, 2022, 1:58 PM

@bmeeks
Using your tip about the product name really helped eliminate a lot of errors, and I had to comment out two items in the tools/builder_common.sh. One was an imaginary new package it seemed to try and install called <productname>-builder, or in my case pfSense-builder. I commented out the install command. Since I had chosen the pfSense product name it also tried to clone the GNID repo (doesn't seem to exist?), which I don't think I care about, so I commented out those lines too.

The --setup-poudriere option errors out right away, making me think I need to do some setup work on it first. I do have it installed, but made the assumption that the option in the build.sh would do all that for me.

Do I need to do some pre-work on poudriere first?

>>> Operation ./build.sh has started at Sun Feb 13 20:32:13 EST 2022
>>> ERROR: ZFS tank zroot not found, please create it and try again...

bmeeks · Feb 15, 2022, 2:11 PM

@encrypt1d said in pfSense compile requirements for 3rd party software:

@bmeeks
Using your tip about the product name really helped eliminate a lot of errors, and I had to comment out two items in the tools/builder_common.sh. One was an imaginary new package it seemed to try and install called <productname>-builder, or in my case pfSense-builder. I commented out the install command. Since I had chosen the pfSense product name it also tried to clone the GNID repo (doesn't seem to exist?), which I don't think I care about, so I commented out those lines too.

The --setup-poudriere option errors out right away, making me think I need to do some setup work on it first. I do have it installed, but made the assumption that the option in the build.sh would do all that for me.

Do I need to do some pre-work on poudriere first?
>>> Operation ./build.sh has started at Sun Feb 13 20:32:13 EST 2022
>>> ERROR: ZFS tank zroot not found, please create it and try again...

Oh, yes -- forgot to tell you that your builder needs to be running on ZFS because that's what the Poudriere setup expects. So you may need to rebuild your builder machine to use ZFS instead of the default UFS. My two builders are virtual machines on ESXi, and when I created my most recent one for RELEASE package building I had to tear it down and start over because I forgot to use ZFS on the initial FreeBSD install.

But sounds like you found the other gotcha points. The GNID thing is proprietary code, and I commented it out as well. That part of the script is only hit during initial setup or when you run the "--update-sources" subcommand.

encrypt1d · Feb 15, 2022, 2:11 PM

@bmeeks

Cool. I have all the instructions recorded, so a rebuild isn't too big a deal.

encrypt1d · Feb 15, 2022, 4:14 PM

Looking good so far. Now I wait ;)

root@devbox:/build/pfsense # ./build.sh --setup
>>> Operation ./build.sh has started at Tue Feb 15 10:11:28 EST 2022
>>> Obtaining FreeBSD sources (RELENG_2_5_2)...
====>> Cloning git repository https://github.com/pfsense/FreeBSD-src.git (RELENG_2_5_2)
Skipping clone of https://github.com/pfsense/gnid.git
Skipping install of pfSense-builder
>>> Operation ./build.sh has ended at Tue Feb 15 10:25:52 EST 2022
root@devbox:/build/pfsense # ./build.sh --setup-poudriere
>>> Operation ./build.sh has started at Tue Feb 15 10:27:16 EST 2022
>>> Creating ZFS filesystem zroot/poudriere... Done!
>>> Creating poudriere.conf
>>> Creating jail pfSense_v2_5_2_amd64, it may take some time...

encrypt1d · Feb 15, 2022, 5:27 PM

@bmeeks
While that is running, what are the next steps beyond the jail setup in order to build a specific port package?

bmeeks · Feb 15, 2022, 8:29 PM

@encrypt1d said in pfSense compile requirements for 3rd party software:

@bmeeks
While that is running, what are the next steps beyond the jail setup in order to build a specific port package?

I've never found the magic word for building a specific port. That's because the Netgate shell script is geared toward building the whole repository.

However, once you build the first round (which will take quite some time, especially the Rust port), then subsequent rounds will only build the packages that have been changed. Therefore, so long as you don't "refresh" your local Poudriere ports tree, none of the other packages will need to be rebuilt. You can just change your miniupnpd package and then when you run this:

./build.sh --update-pkg-repo -a amd64.amd64

it will only rebuild miniupnpd if that's the only package with a change. For your troubleshooting steps, assuming you will want to rebuild your package several times, you will need to delete the package from /usr/local/poudriere/data/packages/.. so Poudriere will see it missing and build it again. Either that, or in the Makefile for miniupnpd you can increment the version number to signal Poudriere to rebuild the port. In your case bumping the version number in the Makefile might be the fastest method.

Then when you have it working like you want, you can change the version number back to maybe just one past the current one in pfSense, delete the package from the path I mentioned above, then build it one last time.