Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GUIDE: Creating a chroot (to make drivers/packages etc.) on a working system

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    4 Posts 2 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      ben_uk
      last edited by

      I was trying to upgrade the igb driver and needed an environment to compile the driver in on FreeBSD. So on my existing pfsense box, I just make a chroot and built the driver in there.

      Here's how it was done.

      
mkdir -p /mnt/data/freebsd
mkdir /freebsd
mount_nullfs /mnt/data/freebsd /freebsd
mkdir /freebsd/chroot
cd /freebsd
/usr/local/bin/rsync -av ftp-archive.freebsd.org::FreeBSD-Archive/old-releases/amd64/8.1-RELEASE/base/ 8.1-RELEASE_amd64_base
cat 8.1-RELEASE_amd64_base/base.?? | tar --unlink -xpzvf - -C chroot
cp /etc/resolv.conf chroot/etc/
cp /etc/localtime chroot/etc/
mount -t devfs devfs chroot/dev/
chroot chroot/ freebsd-update fetch install

      Now the chroot is made and populated, enter the chroot

      
chroot /freebsd/chroot/ tcsh

      Then install the source tree, as per http://www.cyberciti.biz/faq/freebsd-install-kernel-source-code/

      (install src > base and sys, be sure to set the configure>options kernel name to not nclude -p6 at the end)

      Use ftp://ftp-archive.freebsd.org///mirror/FreeBSD-Archive/old-releases/amd64/ as the FTP location when it asks

      
sysinstall

      Then do what you want from there. Here's how I compiled the igb driver,

      
mkdir -p /usr/src/igb
cd /usr/src/igb
setenv PACKAGESITE http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-8.1-release/Latest/
pkg_add -r wget
/usr/local/bin/wget http://downloadmirror.intel.com/15815/eng/igb-2.2.3.tar.gz
tar xvf igb-2.2.3.tar.gz
cd igb-2.2.3/src
make
make install

      Then I exited the chroot and copied the driver into place,

      
exit
cp chroot/usr/src/igb/igb-2.2.3/src/if_igb.ko /boot/kernel
kldload /boot/kernel/if_igb.ko
echo 'if_igb_load="YES"' >> /boot/loader.conf.local

      I hope that helps anyone else looking to do the same.

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        And it's all a colossally bad idea to do on the firewall. We don't include compiler tools for a reason, it's a security risk that isn't mitigated in any way by a chroot.

        Setting up a VM is free and easy these days, just grab virtualbox or similar and install from an iso in there, then compile and copy to the firewall.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B Offline
          ben_uk
          last edited by

          @jimp:

          And it's all a colossally bad idea to do on the firewall.

          Care to elaborate why?

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            It's been discussed many times here on the forum, list, etc. It's a security risk, and also unnecessary bloat. If you need more detail than that, search around on here and it'll turn up.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.