How do I install packages manually ?


  • I'm sorry for my bad english and I am also inexperienced in pfsense.

    Usually there are some packages I have installed by running these commands.

    pkg install php72-mysqli php72-pdo_mysql php72-soap mysql57-server....

    but sometimes when the versions update or the is not internet, it doesn't work for me.

    How do I install packages manually ? Can I download these packages to the computer and then install from there?

    Thanks for answers


  • @canernecocaner said in How do I install packages manually ?:

    I'm sorry for my bad english and I am also inexperienced in pfsense.

    Usually there are some packages I have installed by running these commands.

    pkg install php72-mysqli php72-pdo_mysql php72-soap mysql57-server....

    but sometimes when the versions update or the is not internet, it doesn't work for me.

    How do I install packages manually ? Can I download these packages to the computer and then install from there?

    Thanks for answers

    Installing these packages on your firewall is a very bad idea! They will create a lot of potential security vulnerabilities. It will increase what security experts call the "attack surfaces" on your firewall. That older MySQL57 ecosystem is out of support and has open vulnerabilities the last time I checked, so you really don't want that version.

    Another issue is that these packages will want to load additional shared libraries they are dependent on. Those libraries may or may not be compatible with other more critical pfSense needs. Thus you run the real chance of totally breaking the firewall.

    You should install packages like this on another separate box or a separate virtual machine. That is the best solution.

    To answer your question directly, yes you can copy the package files over to your firewall and install locally using the pkg utility. However, back to those shared library dependencies I mentioned earlier. It is highly likely a lot of back and forth trial and error will be required as each time you install a package it will want to pull down its dependencies. Those dependencies will likely, in turn, want to pull down their dependencies and off you go down into the rabbit hole.

    It is really just better all around to set up either a separate physical bare-metal machine to be a database server, or create a separate FreeBSD virtual machine for the database server role. You can then use other third party tools such as Graylog, filebeat, etc., to send pfSense log data over to the MySQL database server (assuming that you are wanting to send pfSense logs into a database). If you just want a MySQL database server for some other reason, then for sure you should be putting that on a separate machine and NOT on your firewall!


  • @bmeeks

    Thank you very much for your answer.
    I understood the warnings and vulnerabilities.
    But I use pfsense for the hotspot.(I'm recording local users' internet access)
    There is another firewall in front of the pfsense, for security purposes.
    The subject I still don't know is this;

    Where,why can I download these packages (with additional shared libraries they are dependent on) from any windows computer and then transfer,install them to pfsense?

    Thanks


  • @canernecocaner said in How do I install packages manually ?:

    @bmeeks

    Thank you very much for your answer.
    I understood the warnings and vulnerabilities.
    But I use pfsense for the hotspot.(I'm recording local users' internet access)
    There is another firewall in front of the pfsense, for security purposes.
    The subject I still don't know is this;

    Where,why can I download these packages (with additional shared libraries they are dependent on) from any windows computer and then transfer,install them to pfsense?

    Thanks

    You will need to locate a repository that keeps pre-compiled pkg format *.txz archives of the programs you want to install. That repository will also have to be the same FreeBSD version as your pfSense firewall. Currently the pfSense-2.4.5_p1 release is based on FreeBSD-11.3/STABLE. It may prove difficult to find an 11.3/STABLE public repository of compiled packages. You can use the built-in pfSense package repository as the pkg utility on the firewall is pre-configured to point there. However, that repository may not have all of the packages you want or need. That's because it is geared to supporting only what pfSense and its officially supported packages require.

    Another option is create a FreeBSD-11.3/STABLE virtual machine, download and install the portsnap FreeBSD ports tree, and then compile the packages you need yourself into the required *.txz format for later transfer over to pfSense and then manual installation there. However, by the time you go to this much trouble you may as well just install the mysql DB server on that FreeBSD virtual machine (back to my original suggestion).

    This is "hard" because it is not a good thing to do, and few if any folks try it. Otherwise there would be a ton of "how-to" links on the web and everyone would have all kinds of other software applications running on their firewalls.

    I seriously doubt you will find an easy "click here, click there and presto it's done" way to do what you desire.

    Instead of trying to install all this on a pfSense machine, why not use the bare metal hardware running pfSense to run a hypervisor like Proxmox, ESXi, Hyper-V, etc.? Then on the hypervisor you can create a pfSense virtual machine for the Captive Portal function, then create a separate FreeBSD-11.3/RELEASE virtual machine and install the mysql stuff there. Easy-peasy to do that without needing to transfer files around, compile packages yourself, or try to find a compatible public repository of pre-compiled packages.