pfSense compile requirements for 3rd party software

guiambros

Good news: I was finally able to compile all packages!

Only 1 package failed (pfSense-repoc, which the source is now proprietary), and 2 skipped (pfSense@php82, pfSense-upgrade); 547 compiled successfully.

After sorting out the issue with LIB32 (thanks again @bmeeks!), I kept bumping into an issue with pfSense-pkg-zabbix-[proxy|agent]4, that didn't exist in the Ports repo.

I tried moving to FreeBSD 15.0.dev, which solved the zabbix dependencies, but then the compiled packages didn't run properly in pfSense 2.7.2 (not surprisingly; the packages compiled in 15.0 linked to libraries that didn't exist in 14.0).

After enabling debug (set -x), I finally spotted the problem: the Poudriere jail kept defaulting to devel branch, so it was using zabbix packages that didn't exist in 14.0. Checking the Ports branch downloaded, I confirmed it was devel, and not 2.7.2

The solution was to add POUDRIERE_PORTS_GIT_BRANCH in build.conf. It then changed to the right Ports branch, and properly, and finally the packages as expected.

I was able to change, compile and move miniupnpd to 2.7.2 production, and has been running stable for the last 24h.

Here's my build.conf:

export PRODUCT_NAME="pfSense"
export PRODUCT_URL="https://pfsense.org/"
export FREEBSD_REPO_BASE=https://github.com/pfsense/FreeBSD-src.git
export FREEBSD_BRANCH=RELENG_2_7_2
export DEFAULT_ARCH_LIST="amd64.amd64"
export PKG_REPO_BRANCH_DEVEL="RELENG_2_7_2"
export PKG_REPO_BRANCH_RELEASE="RELENG_2_7_2"
export POUDRIERE_PORTS_GIT_BRANCH="RELENG_2_7_2"

Also adjusted tools/builder_defaults.sh to:

PKG_REPO_BRANCH_DEVEL="v2_7_2"
PKG_REPO_BRANCH_RELEASE="v2_7_2"
PKG_REPO_BRANCH_PREVIOUS="v2_7_1"

All the other instructions above are still valid: e.g., comment out gnid in tools/builder_common.sh, create the file /usr/local/etc/poudriere.d/src.conf with WITHOUT_LIB32=y, etc.

@encrypt1d -- I remember you were also trying to compile miniupnpd. I've been running my modified version, and seems pretty stable so far. In my case I just wanted to fix the logging, removing some useless interface mismatch log spam, and flip some messages from LOG_INFO to LOG_WARNING (so I can audit them if necessary).

This time I took detailed instructions so I can reproduce the build, so lmk if you still have problems compiling it.

Thanks for all the help folks!

ps: of course, all this will be wasted effort once Netgate upgrades to 2.7.3+.

free4

@guiambros said in pfSense compile requirements for 3rd party software:

Using the default devel branch I can finish the poudriere jail, but can't compile packages due to missing pfSense-pkg-zabbix-[agent4|proxy4] pre-reqs. If I use the RELENG_2_7_2 branch, jail creation fails with make[4]: don't know how to make aes-586.S. Stop.

For anyone having this issue, you just need fork the FreeBSD-src then merge this pull request into your branch.

@encrypt1d: it seems Netgate made it (intentionally?) impossible to compile or do anything with CE.

I do not believe this is an intentional sabotage. The commits that led to this issue can be found here and here.

I don't really understand why these commits were made, but I suspect it was because netgate wanted to upgrade OpenSSL to version 3.0.9 on pSense 2.7.2. This version was not yet integrated into FreeBSD 14, hence the custom commits.

As for "netgate made it harder to build pfSense"..yes, possibly, but it's not impossible. See this repo.

Also: WITHOUT_LIB32=y is absolutely not needed to my knowledge. I don't know why people keep referencing it.