Feedback on challenges with the pfSense package development process

andrew_cb

I'm posting here, but if pfSense Packages is a better place, feel free to move.

There seem to be challenges with the timeliness and update of existing packages and the adoption of new packages for pfSense. Notably, Zabbix 7.0 was released over five months ago, and the target pfSense release has slipped several times and is now at 25.01. It will likely be several more months before it becomes available.

Third-party packages are a major selling point of pfSense, and the homepage of netgate.com boasts:
"Highly extensible with 3rd party packages to support block lists, content filtering, intrusion prevention, policy-based routing and more".

The significant delays in releasing updated packages are at odds with this.
This isn't an issue of Plus vs. CE - all these delays are all with pfSense Plus, so free vs. paid has no direct influence.

Users compiling and updating packages on their own seems to be a Herculean effort, as demonstrated in this post for compiling miniupnpd:

https://forum.netgate.com/topic/169749/pfsense-compile-requirements-for-3rd-party-software/101

Among the issues:

• complexities with Poudriere jails
• dependencies on private Gitlab files and libraries
• numerous "mystery" values that need to be changed

It boils down to Are packages a core feature of pfSense, and Netgate is committed to keeping them up-to-date, or are packages a burden that gets updated when there's time and users shouldn't depend on them?

Wrapping up, I have the following suggestions for Netgate:

• Commit to release schedules for package updates, e.g. 3 months after a new package version is released upstream.
• Categorize packages into "primary" and "secondary" priority with corresponding schedules so that expectations can be correctly set and development efforts can be prioritized accordingly.
• Introduce voting on packages to help Netgate prioritize package updates.
• Simplify the package development process. The ideal solution would be for Netgate to release package-building environments as VM images.
• Put together a complete guide to the package build process so users can develop packages more easily.
• Address the "mystery" values that need to be changed by documenting the values that need to be changed or by releasing a "clean" version of the code that compiles as CE.

marcosm

Thanks for the constructive feedback.

Regarding the comments:

The significant delays in releasing updated packages are at odds with this.

[...] is committed to keeping them up-to-date [...]

It should be mentioned that the Zabbix 7.0 package was added upstream on June 2024 (after the current stable release of pfSense Plus 24.03). Notably, it's a new package and not simply an update to an existing package. Regarding miniupnpd, that's a system package (similar to unbound) which is handled differently from packages listed in the package manager.

michmoor

@marcosm Marcos, are packages dependent on point releases of pfsense plus?
What constitutes a new package?
Whats a realistic timeframe new packages like Zabbix can be added to the pfsense repo?