Building pfSense - Something basic I'm doing wrong?

kpa

It is not reachable for me. It looks like there's only an IPv6 address for it in DNS, is that right?

drill git.pfmechanics.com ANY
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 36656
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 3 
;; QUESTION SECTION:
;; git.pfmechanics.com. IN      ANY

;; ANSWER SECTION:
git.pfmechanics.com.    3470    IN      AAAA    2610:160:11:10::20

;; AUTHORITY SECTION:
pfmechanics.com.        3470    IN      NS      ns1.pfmechanics.com.
pfmechanics.com.        3470    IN      NS      ns2.pfmechanics.com.
...

Guest

@ermal:

@cyriles:

@ermal :

It's not a personal complain, I respect and appreciate your work.

The problem is that I (and I'm sure I'm not the only one) can't buid my own customised pfSense release anymore.

If I well understood the problem, it's a matter of money (ESF) … I'm ready to subscribe to what is necessary but I think the minimum is to communicate, and here there are no communications at all (the injuries are all but a kind of communication, providing an useless pfsense-repo doesn't help anyone).

If nothing changes, then the only solution for me (and most people) will be to move to another real Open Source solution ... is it the point ?

If so then just tell it and the "non founded accusations" will be over (sorry for my English, I'm French and learnt English by myself).

The Real question is : If you were me (without dept programming skills), what would you do ? Is it fair providing an Open Source firewall solution which can't be customized ?

Please take the time to think about what I wrote (the human way, not the capitalist way), else I won't waste more time answering.

Best regards,

Cyriles

I do not take this personal.
Its just you people complain about things not being open source and than complain that they not work.
If you want open source to fix it yourself have fun its there.

If you want help on thing stop accusing, imagining things and get real.
What you post is you need help and nothing in that is a direct question to what is wrong, you just complain about 'nonclear' things in your mind.

In human way, there have been times when the tools repo has been in very bad shape and no one complained, now that it is in way better position to be understood by general people complains come for policies and not the repository itself.

By the way, I will not answer anything that is not a real question!

Points:

• building a customized release of pfSense software (and then distributing it) is only allowed if you do NOT call the result pfSense, and you must otherwise fully comply with the licenses of pfSense.  This, in part, requires you to state on all marketing materials that your product is derived from pfSense software

• if you need help building pfSense, commercial support is available

• the pfSense repos are not "useless".  We use the same repos that you're attempting to use.

• Ermal has invested a lot of work recently in the '-tools' repo to cut the build time from over 4 hours to under 30 minutes (on our infrastructure, YMMV).

Guest

@kpa:

It is not reachable for me. It looks like there's only an IPv6 address for it in DNS, is that right?

drill git.pfmechanics.com ANY
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 36656
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 3 
;; QUESTION SECTION:
;; git.pfmechanics.com. IN      ANY

;; ANSWER SECTION:
git.pfmechanics.com.    3470    IN      AAAA    2610:160:11:10::20

;; AUTHORITY SECTION:
pfmechanics.com.        3470    IN      NS      ns1.pfmechanics.com.
pfmechanics.com.        3470    IN      NS      ns2.pfmechanics.com.
...

Maybe.  It's difficult for me to tell from here.

Posting to the forum isn't the ideal way to inform.  In this case, I'll forward it on internally, but a more direct communication about these will serve you well.
(We do not constantly monitor the forums.)

Guest

you're using the wrong host

git.pfsense.org has address 208.123.73.74

https://forum.pfsense.org/index.php?topic=76132.0

jporter

Just FYI, I've added the repos to "git.pfsense.org".  The machine "git.pfmechanics.com" is not publicly accessible.

You should be able to clone from the following repo's:
git@git.pfsense.org:bsdinstaller.git
git@git.pfsense.org:pfsense-tools.git
git@git.pfsense.org:xmlrpc-server.git
git@git.pfsense.org:pfsense-packages.git

You will need to still setup a FreeBSD site to pull from.

If there are other bugs in the scripts, best way is to create a bug report in Redmine, and we'll get it addressed.  We're working on ways to speed up builds as gonzopancho noted, part if this is locally mirroring commonly used sources.

eri--

@kpa:

It looks like git.pfmechanics.com is either down can not handle the traffic it is getting. You can override the pfsense repo URL by setting GIT_REPO_PFSENSE to git@github.com:pfsense/pfsense.git but unfortunately the URL for the BSD installer repo is hard coded to git@git.pfmechanics.com:pfsense/bsdinstaller.git.

Fixed, can be overwritten now.

kpa

Thanks, I'll give it a go soon.

cyriles

Hello,

First of all, my apologies if I did wrong assumptions and/or used bad words (I remind you English is not my native language), however the latest posts from that thread are slowly but surely confirming it :

It is still impossible to build anything with the current pfsense-tools repo (FreeBSD 8.3 and 10.0 -> with the most recent ports, that's obvious).

Facts :

1. I'm using pfSense for my own personal usage so why are you still speaking about subscription and copyright ? If it's the only thing which matters for you then let's stop discussing as it's just a waste of time, can't you really guess there are honest people not making profit of pfSense ?! Is it really impossible to get usefull discussions without being subcribed ? (questions have been asked, there are questions for who is open minded).

2. that repo has just been updated today (so I was right while saying it was just a non-updated cloned repo as we can see commits made every days since it has been made public again). Moreover it is now confirmed by developpers that the hardcoded repos are not reachable from non-ESF members (which confirms what I said in my previous posts).

3. the fact you're able to compile with your own machine doens't mean anything, it just means your developpers correctly played with the ports revisions but who could guess which revision has to be downloaded for each port ? That's just impossible … the only solution would be to make public a VMWare image (ready for the builds) or something similar ...

4. you think I'm an idiot, fine ... then just try to install a clean and virgin FreeBSD (8.3 or 10.0, the issue being the same) ... then fetch the most recent ports (I even tried with older ones, just in case the developpers worked on older ones), then clone the pfsense-tools repo you recently made available again and try to build the pfPorts ... as you'll clearly notice there are several important ports which can't be compiled ... I fixed more than half of these failures by doing manual backports (most of the times caused by the NO_STAGE setting), however some can't easily be fixed because it needs PHP 5.5 (php-suhosin for example).

Any developper can easily guess the time I wasted trying to compile and fix things again and again ... that's the main reason of that post.

5. I could continue like that for hours but that's not my point and that would be disrespectfull for the developpers who make a great job and have no links at all with these recent issues.

I'm not here to make war, I'll better choose to stop posting than to continue like that (you make me feel like the bad guy, I'm all but that guy) ... my only point is to be able to compile my own pfSense release (no commercial reasons, I repeat it as I'm sure it will be said again) without having to ask for help (you should respect that, at least I always try to do things by myself without bothering people … it's very rare I make such posts).

I'm sure in other circumstances we would enjoy having a beer together, I'm really sad seeing how things are going as I love the pfSense project (it could become THE reference in the next few years if things are done correctly).

Let's stop this, I'm pretty sure it will generate "hatefull" answers but I had to post my thoughts.

Best regards,

Cyriles

Guest

• The only discussion around subscription is for services in pfSense Gold.  Copyright still holds, but we allow anyone to download the images (thereby making a copy) and run them on their machine.  What we don't allow is that these images are changed (in any way) and then further redistributed.

• i am unsure of the point you're trying to make here.

• i am unsure of the point you're trying to make here.

• I don't think you're an idiot, nor have I asserted that you are an idiot.  Where did this come from?  (Yes, we are moving to PHP 5.5 in pfSense 2.2.)

• i am unsure of the point you're trying to make here.

In terms of being able to compile your own version of pfSense, the rules are as I stated.  You can compile your own, and we want to make sure that is possible.  What we can not allow is for you to compile your own and then distribute it with our marks intact.  I've posted the reasons for this elsewhere.

Thank you for helping find the issues with the repos.  I think people here were very responsive once the issue was identified.

kpa

I got the RELENG_2_2 build working to a point where it can fetch the repositories and apply patches but it failed later on building one of the pfPorts (I think that where it failed but lack of proper status messages left me unsure). Expect a better report and bug reports when I have more time to dig deeper. The build system definitely needs some improvements to be usable for outsiders, it's quite difficult to understand even for me who happens to have quite a bit of experience with FreeBSD's build systems and building everything from source in general.

kpa

Ok I'm back again trying to build RELENG_2_2 for i386. The build started fine but errors in sysutils/squashfs-tools port. The log shows this:

cc -O2 -pipe -fno-strict-aliasing -std=gnu89  -I. -I/usr/local/include -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -DFNM_EXTMATCH
=0 -D_GNU_SOURCE -DCOMP_DEFAULT=\"gzip\" -Wall -DGZIP_SUPPORT -DXZ_SUPPORT -DLZO_SUPPORT  i386 -c -o mksquashfs.o mksquashfs.c
cc -O2 -pipe -fno-strict-aliasing -std=gnu89  -I. -I/usr/local/include -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -DFNM_EXTMATCH
=0 -D_GNU_SOURCE -DCOMP_DEFAULT=\"gzip\" -Wall -DGZIP_SUPPORT -DXZ_SUPPORT -DLZO_SUPPORT  i386 -c -o read_fs.o read_fs.c
cc: cc -O2 -pipe -fno-strict-aliasing -std=gnu89  -I. -I/usr/local/include -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -DFNM_EXTM
ATCH=0 -D_GNU_SOURCE -DCOMP_DEFAULT=\"gzip\" -Wall -DGZIP_SUPPORT -DXZ_SUPPORT -DLZO_SUPPORT  i386 -c -o sort.o sort.c
error: no such file or directory: 'i386'
cc: error: no such file or directory: 'i386'
cc -O2 -pipe -fno-strict-aliasing -std=gnu89  -I. -I/usr/local/include -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -DFNM_EXTMATCH
=0 -D_GNU_SOURCE -DCOMP_DEFAULT=\"gzip\" -Wall -DGZIP_SUPPORT -DXZ_SUPPORT -DLZO_SUPPORT  i386 -c -o swap.o swap.c
gmake[2]: *** [mksquashfs.o] Error 1
gmake[2]: *** Waiting for unfinished jobs....
gmake[2]: *** [read_fs.o] Error 1
cc: error: no such file or directory: 'i386'
cc: error: no such file or directory: 'i386'
gmake[2]: *** [sort.o] Error 1
gmake[2]: *** [swap.o] Error 1
gmake[2]: Leaving directory `/usr/ports/sysutils/squashfs-tools/work/squashfs4.2/squashfs-tools'
===> Compilation failed unexpectedly.
Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
the maintainer.
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/sysutils/squashfs-tools
*** Error code 1

Stop.
make: stopped in /usr/ports/sysutils/pcbsd-utils
Done!

The build continued though after the error with the buildworld part so I didn't stop it yet.

I'm using the most upto date ports tree from the official FreeBSD SVN repository, do I need to use a specific version of the ports tree?

My build host is:

FreeBSD freebsd10.rdnzl.info 10.0-STABLE FreeBSD 10.0-STABLE #2 r266005: Wed May 14 16:42:13 EEST 2014     kimmo@freebsd10.rdnzl.info:/usr/obj/usr/src/sys/VT  i386

(The VT kernel is just GENERIC kernel with the newcons console included so ignore that)

kpa

I was able to work around the error in my previous post by installing sysutils/pcbsd-utils manually before firing up the build.sh again. However this time the buildworld stopped with an error:

--- sbin.depend__D ---
/usr/pfSensesrc/src/sbin/pfctl/pfctl_qstats.c:41:10: fatal error: 'altq/altq_fairq.h' file not found
#include <altq altq_fairq.h="">^
1 error generated.</altq> 

This is bad, very bad. The buildworld that is done with /usr/pfSensesrc sources is not finding its own include files (altq/altq_fairq.h is a pfSense addition and not present on vanilla FreeBSD 10). I am definitely not going to do a manual copy of the missing includes to /usr/include on the build host because that kind of manual step shouldn't be needed when the whole intention of the scripts is to automate the build process.

Here's a suggestion to all of you who are working on the tools repo. Every once in a while do a complete wipe of the build host and reinstall it from scratch using the latest FreeBSD stable/10 snapshot. Re-fetch all the repositories and redo all the configurations. This would reveal any problems that are caused by extra files that exist on the build host and are not present in a clean state when an outsider tries to repeat the build process starting from scratch.

Edit: Redmine ticket opened, https://redmine.pfsense.org/issues/3668.

eri--

Replied on redmine.

kpa

Fair enough. I'll summarize quickly what I have learned so far:

There is no documentation available for using the tools repo so one has trough trial and error and asking around gather the necessary information on how to use it. In my case the missing piece of information was that pfPorts needs to built first before anything else. Building of pfPorts is not done automatically if you just fire up the build script as```
build.sh iso

You need an ultra-clean FreeBSD installation on the build host because the tools want to build everything its way and anything non-standard in terms of configuration trips it very easily.

Building pfSense will "contaminate" your build host with pfSense speficic modifications. This is something I absolutely don't want and I'm now moving to using a jail as the build host.

More to follow later.

none

Hail,

jporter helped me to get the sources, but I can't find a post I had before that would walk through the steps to compile pfsense. I found the kernel dir (my main project), but can't figure out the what is the definitive script to config and build.

I tried the build.sh –configure get me issues:

%./build.sh --configure

You must first run ./set_version.sh !
See http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso for more information.

You can also run ./menu.sh which will assist with the available options

is there a new version of http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso ?

thanks,

none

ps: if I should open new thread, please say. As this is on the subject, I figured here as a right place.

Guest

@kpa:

Fair enough. I'll summarize quickly what I have learned so far:

There is no documentation available for using the tools repo so one has trough trial and error and asking around gather the necessary information on how to use it. In my case the missing piece of information was that pfPorts needs to built first before anything else. Building of pfPorts is not done automatically if you just fire up the build script as```
build.sh iso

You need an ultra-clean FreeBSD installation on the build host because the tools want to build everything its way and anything non-standard in terms of configuration trips it very easily.

Building pfSense will "contaminate" your build host with pfSense speficic modifications. This is something I absolutely don't want and I'm now moving to using a jail as the build host.

More to follow later.

Yes..  We maintain dedicated builders for this reason and more.

There is 10 years of history to deal with in changing things.

bhawk6901

I am trying to build on 8.3. when i run cd /usr/ports/textproc/expat2 && make depends install; i get error as shown in attchment. i have tried 3 different installations for i386 as well as amd64. Plz help on what im doing wrong

bmeeks

@bhawk6901:

I am trying to build on 8.3. when i run cd /usr/ports/textproc/expat2 && make depends install; i get error as shown in attchment. i have tried 3 different installations for i386 as well as amd64. Plz help on what im doing wrong

You have hit the problem with the FreeBSD 8.3 release not being compatible with the newer FreeBSD ports tree.  Changing out the make utility as someone described in a previous post may help.  You can also try this tip I was given and which worked for me:

Ports tree doesn’t support FreeBSD 8.3 anymore, you need to use the stable branch of ports tree called “2014Q2” instead of head. You can get it using:

svn co http://svn.freebsd.org/ports/branches/2014Q2 /usr/ports

This branch won’t have latest version of all ports, it only gets security updates, but the core files (/usr/ports/Mk/*) are still complaint with 8.3.

So to do the above on your builder, first delete the entire existing ports tree with –

rm -rf /usr/ports

– then run this command:

svn co http://svn.freebsd.org/ports/branches/2014Q2 /usr/ports

DO NOT perform a normal ports update in the future or you will break the builder again.  My suggestion would be to abandon building FreeBSD 8.3-based pfSense and use 2.2 instead since it uses the current FreeBSD 10-STABLE.

Bill

bhawk6901

@bmeeks:

@bhawk6901:

I am trying to build on 8.3. when i run cd /usr/ports/textproc/expat2 && make depends install; i get error as shown in attchment. i have tried 3 different installations for i386 as well as amd64. Plz help on what im doing wrong

You have hit the problem with the FreeBSD 8.3 release not being compatible with the newer FreeBSD ports tree.  Changing out the make utility as someone described in a previous post may help.  You can also try this tip I was given and which worked for me:

Ports tree doesn’t support FreeBSD 8.3 anymore, you need to use the stable branch of ports tree called “2014Q2” instead of head. You can get it using:

svn co http://svn.freebsd.org/ports/branches/2014Q2 /usr/ports

This branch won’t have latest version of all ports, it only gets security updates, but the core files (/usr/ports/Mk/*) are still complaint with 8.3.

So to do the above on your builder, first delete the entire existing ports tree with –

rm -rf /usr/ports

– then run this command:

svn co http://svn.freebsd.org/ports/branches/2014Q2 /usr/ports

DO NOT perform a normal ports update in the future or you will break the builder again.  My suggestion would be to abandon building FreeBSD 8.3-based pfSense and use 2.2 instead since it uses the current FreeBSD 10-STABLE.

Bill

Thanks for your reply. I shifted to freebsd10 before you replied. When i apply patches, it fails saying /usr/pfSensesrc/src does not exist.
Kindly guide me further

bmeeks

@bhawk6901:

Thanks for your reply. I shifted to freebsd10 before you replied. When i apply patches, it fails saying /usr/pfSensesrc/src does not exist.
Kindly guide me further

Well, it's been a long time since I set up my builder virtual machine, but I seem to remember having to manually create several directories along the way as I hit various bumps.  As you have seen, the documentation is either missing and/or not updated in some cases.  Try manually creating the directory /usr/pfSensesrc using:

mkdir -p /usr/pfSensesrc

Then try the apply patches step again.  There may well be several directories you will need to manually create as the scripts seem to expect some to exist already, while others it will create if they are missing.

Bill