How to build pfSense on FreeBSD V10

shaqan

you can avoid installing OpenSSL ports by using portmaster. It always presents you NCurse based "Option" menu, often you can choose other options instead of using OpenSSL, for example often it allows you choosing GnuTLS instead when some package asks for SSL support.

I did it with the Git. Did'nt install it by pkg install but went to /usr/ports/devel/git, started portmaster in it and laborously avoided choosing OpenSSL port anywhere. OpenSSL is always default choice, so you must be careful.

If the selected options do not play out and fail, you can always go to the folder of failing port and do make config (and make) in it again, and then build the port solo. Then go back to where portmaster failed and start it again. Portmaster jumps over point of previous failure and goes on.
So, step by step you can build necessary packages.

Got stuck with building ipfw-classifyd module though. Whatever I do, I get error. No clue about C so I am unable fixing it myself:S

Overall, 2.2 seems to build quite error free in it's present state

PS. Doing it for my own pleasure and interest, no reason to be afraid of sharing out buildimages..

_Adrian_

Anybody else had any luck with this ??
I've gotten called back in and working 60hour week again :/

shaqan

I managed to built couple of isos and tinker with them. Kept bumping into various issues but it sure was interesting. No time lately.

Btw, at some point found that pfsense-tools had been removed from github. If you happen to have your local backups then better keep'em

phil.davis

New pfSense features are being added to the "hidden" pfSense-tools and then used in the "ordinary" pfSense code. So even if you build from an old copy of pfSense-tools, the compiled "pf" and other utilities will be missing some command line options, conf file features… and so will not work with the PHP code in the main pfSense repo that uses the new features.
2.2 snapshots are now available at http://snapshots.pfsense.org/ - use those and join in the testing and debugging. Then we all benefit from a joint co-ordinated effort.

shaqan

As I understand now you torpedoed the users ability to build from source on purpose? Why, so suddenly?

phil.davis

"you" should refer to Electric Sheep Fencing (ESF) - if you were referring to me in some way, then please understand that I am a private individual and am not part of ESF.
You can read up on recent happenings in this post: https://forum.pfsense.org/index.php?topic=73101.0 and others in the Development forum section.

shaqan

no, did not mean You personally. More general way.

thanks for the link, it did lead me to a answer at
http://lists.pfsense.org/pipermail/dev/2014-February/000520.html

bhawk6901

trying to build 2.2 beta. get the error while building strongswan as shown in attachment

–- kernel_pfkey_plugin.lo ---
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/include -I../../../../src/libstrongswan -I../../../../src/libhydra -I/usr/local/include -O2 -pipe -fno-strict-aliasing -include /usr/ports/security/strongswan/work/strongswan-5.2.0/config.h -MT kernel_pfkey_plugin.lo -MD -MP -MF .deps/kernel_pfkey_plugin.Tpo -c kernel_pfkey_plugin.c  -fPIC -DPIC -o .libs/kernel_pfkey_plugin.o
--- kernel_pfkey_ipsec.lo ---
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/include -I../../../../src/libstrongswan -I../../../../src/libhydra -I/usr/local/include -O2 -pipe -fno-strict-aliasing -include /usr/ports/security/strongswan/work/strongswan-5.2.0/config.h -MT kernel_pfkey_ipsec.lo -MD -MP -MF .deps/kernel_pfkey_ipsec.Tpo -c kernel_pfkey_ipsec.c  -fPIC -DPIC -o .libs/kernel_pfkey_ipsec.o
--- kernel_pfkey_plugin.lo ---
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/include -I../../../../src/libstrongswan -I../../../../src/libhydra -I/usr/local/include -O2 -pipe -fno-strict-aliasing -include /usr/ports/security/strongswan/work/strongswan-5.2.0/config.h -MT kernel_pfkey_plugin.lo -MD -MP -MF .deps/kernel_pfkey_plugin.Tpo -c kernel_pfkey_plugin.c -o kernel_pfkey_plugin.o >/dev/null 2>&1
--- kernel_pfkey_ipsec.lo ---
kernel_pfkey_ipsec.c:829:23: error: use of undeclared identifier 'SADB_X_EALG_AESGCM8'
        {ENCR_AES_GCM_ICV8,            SADB_X_EALG_AESGCM8    },
                                        ^
kernel_pfkey_ipsec.c:830:24: error: use of undeclared identifier 'SADB_X_EALG_AESGCM12'
        {ENCR_AES_GCM_ICV12,            SADB_X_EALG_AESGCM12    },
                                        ^
kernel_pfkey_ipsec.c:831:24: error: use of undeclared identifier 'SADB_X_EALG_AESGCM16'
        {ENCR_AES_GCM_ICV16,            SADB_X_EALG_AESGCM16    },
                                        ^
3 errors generated.
*** [kernel_pfkey_ipsec.lo] Error code 1

make[5]: stopped in /usr/ports/security/strongswan/work/strongswan-5.2.0/src/libhydra/plugins/kernel_pfkey
1 error

make[5]: stopped in /usr/ports/security/strongswan/work/strongswan-5.2.0/src/libhydra/plugins/kernel_pfkey
*** [all-recursive] Error code 1

make[4]: stopped in /usr/ports/security/strongswan/work/strongswan-5.2.0/src/libhydra
1 error
make[4]: stopped in /usr/ports/security/strongswan/work/strongswan-5.2.0/src/libhydra
*** [all-recursive] Error code 1

make[3]: stopped in /usr/ports/security/strongswan/work/strongswan-5.2.0/src
1 error
make[3]: stopped in /usr/ports/security/strongswan/work/strongswan-5.2.0/src
*** [all-recursive] Error code 1
make[2]: stopped in /usr/ports/security/strongswan/work/strongswan-5.2.0
1 error

make[2]: stopped in /usr/ports/security/strongswan/work/strongswan-5.2.0
*** [all] Error code 2
make[1]: stopped in /usr/ports/security/strongswan/work/strongswan-5.2.0
1 error
make[1]: stopped in /usr/ports/security/strongswan/work/strongswan-5.2.0
===> Compilation failed unexpectedly.
Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
the maintainer.
*** Error code 1
Stop.
make: stopped in /usr/ports/security/strongswan

openssl was set to base in make.conf. does it need to be changed to openssl with port?

shaqan

I've got FreeBSD 10.1-BETA2 base system set up, (ports like git, expat2 etc. all installed). Also, following (by now erased) guidelines in old dev wiki (still visible using Internet Archive 'going back in time'). pfsense-tools repo installed (after signing necessary agreements in portal.pfsense.org)

Questions.
-While the April version of the 'pfsense-tools' worked in tcsh shell pretty much out-of-the-box, at some point that code seems to have received major overhaul. Trying to pick some option from (/builder_scripts/scripts/)menu.sh ends invariably with an error 'filename.sh :not found'.
I suspect I would need to add some custom variable to the .tcshrc file.  Could someone 'in the know' help me out?

• Is there going to be another 'dev wiki'? Oriented for development of 3rd party plugins. Present help files seem to be oriented purely for installation and usage of pfSense. Old 'dev help' links still present in 'pfsense-tools' scripts are by now inoperable.

Klaws

I received an error stating "You must upgrade the ports-mgmt/pkg port first."

To solve that issue:

cd /usr/ports/ports-mgmt/pkg  
make  
make reinstall