How does one build 2.8.0 kernel with a patch applied to it?

bmeeks

@tinfoilmatt said in How does one build 2.8.0 kernel with a patch applied to it?:

@bmeeks Are both Plus and CE built from the same master branch? Is that even possible given the known differences (e.g., QAT support) between Plus and CE?

Not so far as I know. The master branch is the current DEVEL version of the PHP source code for CE. The code for Plus is totally contained on Netgate's private GitLab repo. And just to be clear, there are actually two distinct parts of pfSense. There is a customized FreeBSD kernel that is called FreeBSD-src, and then there is the PHP code piece which is called pfsense. It takes both of these repos to make the whole. Packages for pfSense must be compiled against the same FreeBSD kernel as pfSense is using. That's what is now missing in the public repos -- the customized FreeBSD kernel source code and libraries for CE version 2.8 and higher.

My guess as to why that has been done is that Netgate wishes to protect the new multi-threaded PPPoE kernel driver that Netgate developed. When that merged into CE is when the public FreeBSD-src repo on GitHub stopped being updated. One can hope that once (or if) the new PPPoE kernel driver is contributed and merged upstream in FreeBSD, then there will no longer be a reason to exclude the 2.8.x and higher branches from the public GitHub repo.

Is the GitHub repo master branch simply a mirror of the Redmine repo master branch?

Probably, but I've never cross checked to be sure. But I'm pretty sure both of these repos are still only for CE. And the Redmine one is just the PHP portion. I don't see the FreeBSD-src kernel code.

CE Release version branches will be tagged as follows: RELENG_2_7_2 (for the 2.7.2 version, for example). What has been missing since they were introduced are the RELENG_2_8_0 and RELENG_2_8_1 branches. These are missing in both the pfsense and FreeBSD-src repos.

tinfoilmatt

@bmeeks Knew I was asking one of the right guys! Thanks very much for sharing.

jazzl0ver

@bmeeks pfSense CE was declared as an open source software. Users and contributors rely on that statement when they choose the product, deploy it, and share their time and expertise. Withholding the CE source code breaks that commitment and undermines community trust.

@jimp apologize for asking you directly, but could you please shed some light on this topic?

chrcoluk

@bmeeks From what I can see the head is still being updated publically, its just the branches not public, is that not including the custom pfSense changes then?

Also the problem with keeping it all closed source is of course it means no one in the community can contribute fixes or enhancements on that side of things.

nazar-pc

Lack of any kind of response from Netgate is frustrating as well. The website says "free and open source", but I'm growing increasingly disappointed with the current state of things. From lack of offline installer to lack of source code and build instructions for it.

It is a good software, why doing this to the community?

bmeeks

@chrcoluk said in How does one build 2.8.0 kernel with a patch applied to it?:

@bmeeks From what I can see the head is still being updated publically, its just the branches not public, is that not including the custom pfSense changes then?

Also the problem with keeping it all closed source is of course it means no one in the community can contribute fixes or enhancements on that side of things.

Don't forget there are two parts of pfSense. There is a PHP GUI front-end and that front-end for CE (and only CE) is still available on GitHub. But the really important part of pfSense (the part that does the actual work of being the firewall and routing packets) is a customized FreeBSD kernel and that customized kernel is no longer being actively published on the public GitHub repo (in the FreeBSD-src repo). The last CE release code posted there is for version 2.7.2 (in branch RELENG_2_7_2). A few oddball parts of pfSense are now also included as custom ports in the FreeBSD-ports repo. Nothing involved with pfSense Plus has ever been in the public repos.

If you pay careful attention to the code commits mentioned and reference on the Redmine site you will see commits being made to two different repos. All code updates related to pfSense Plus are commited to a private GitLab repo. pfSense CE things are still committed to the public pfsense repo, but as I mentioned above, these changes are ONLY the PHP parts which by themselves are worthless for building a pfSense kernel.

bmeeks

@nazar-pc said in How does one build 2.8.0 kernel with a patch applied to it?:

It is a good software, why doing this to the community?

Pretty sure it is the natural result of third parties in China and elsewhere around the world basically "stealing" the Netgate shared code and selling hardware with the software preloaded and advertised with the pfSense name for their own financial benefit without any attribution or sharing of revenue with Netgate. If Netgate fails to enforce their trademark (by not actively legally pursuing violators), then they can lose their enforcement rights. But taking legal actions in the countries where the violators reside is not practical (or sometimes even possible), so the next logical thing for a company to do when attempting to protect their software intellectual property from theft is to restrict access to the tools used to "create" it. So, yeah, that does sort of mean that it is no longer fully open source. It's more like partially open source -- the PHP GUI piece of CE is public, but the customized FreeBSD kernel and certain drivers (the new PPPoE kernel driver, for example) are no longer public. That's probably why the new Installer that needs network access was created -- it is likely an attempt to severely crimp the style of those companies that were "stealing" pfSense to preload on their own imitation hardware.

nazar-pc

@bmeeks I'm 99.9% certain that it would not be difficult for those offenders to install pfSense on one machine and then simply clone disk image to as many machines as they want to sell.

While I understand there is a real problem for Netgate as a business, there has to be a better way to do this.

bmeeks

@nazar-pc said in How does one build 2.8.0 kernel with a patch applied to it?:

@bmeeks I'm 99.9% certain that it would not be difficult for those offenders to install pfSense on one machine and then simply clone disk image to as many machines as they want to sell.

While I understand there is a real problem for Netgate as a business, there has to be a better way to do this.

I'm not defending Netgate. I have no horse in the race . Just giving my interpretation of things I've read posted here in the past.

Frankly, if it (Netgate) was my business, I would abandon open source altogether. There is no upside there these days. The majority of the folks who want "free" software and "free" support from open source projects are not likely to ever be paying customers. A tiny handful might convert to paying, but truly it's a small number.

Software developers cost money (they do need to eat and provide for their families, after all), and free open source software pays no bills. I would not be surprised if at some point in the not-too-distant future the other *Sense project also moves more towards the closed-source revenue generating model. Just my opinion. I have no insider info at all.

There was a time in the past when computers were still new and it was exciting to create code as a hobby and share your expertise with the world. But things have changed. Computers are everywhere and in everything now (even home refrigerators) and code writing is a dedicated and skilled occupation that pays big money. That money has to come from somewhere, and that somewhere is selling the generated code. That will eventually put the nail in the coffin for open source free software in my opinion.

nazar-pc

@bmeeks I use Open Source software almost exclusively and donate to a bunch of it on a regular basis. The fact that pfSense was Open Source was a key factor for me when I installed it years ago for the first time.

Current cost of pfSense Plus feels too much for personal use though (IMHO). I'm willing to donate and continue to use pfSense CE, but not quite as much as Plus requires (and honestly I don't need its features, though more frequent security updates and a decent system their notifications would be nice). And there is no option to that. So they both refuse to take my money and refuse to give open the sources of supposedly Open Source project at the same time.

Doesn't make much sense to me to be completely honest

I never used PPPoE and don't care about it, I just want to build the same exact kernel I am already running with a single line config change to enable the kernel module that is already enabled by default in FreeBSD upstream. And I can't.

jazzl0ver

@bmeeks let's not forget that pfsense wasn't created from an empty space. a lot of people work on FreeBSD releases that pfSense built on and "making money someone else's expense" can be "claimed back" to Netgate.

chrcoluk

@bmeeks Yep, in this case I am just talking about the kernel source.

The head for CE kernel is still public from what I can see, its for whatever reason the 2.8.0 and 2.8.1 branches are not.