Tools Repo

jporter

You will first need to execute the ICA/CCA (pick one). If you already have an account on the portal, you can login with it or you will need to create a new account:

https://portal.pfsense.org/members/signup/ICLA (if you're signing as an individual)
https://portal.pfsense.org/members/signup/CCLA (if you're signing on behalf of a corporation)

and then execute the License Agreement:

https://portal.pfsense.org/members/signup/LA

there will a place to put your ssh public key in and, once the sync occurs, you will be able to access the tools repo.

More information about the agreements can be found here: https://www.pfsense.org/about-pfsense/index.html#legal

The git server pulls the keys from the portal system every 5 minutes, so once you have both agreements checked, and your key in you have access.

To build 2.1.X pfSense, use FreeBSD 8.3.
To build 2.2 pfSense use FreeBSD 10.1.

git clone git@github.com:pfsense/pfsense-tools.git

If there are other pointers suggestions you can add them here, and I'll update the post.

zandr

The TLA link says "There are no products available for purchase. Please come back later." Could you provide a link so I can read the TLA before I start agreeing to things?

EDIT: Found the PDF here: https://www.pfsense.org/ESF_Trademark_License_Agreement_v1.1.pdf

jdillard

When setting up the agreement process I had mistakenly called it a Trademark Agreement, when in fact it was not.

The agreement can be found here now: https://www.pfsense.org/ESF_License_Agreement_v1.0.pdf

razzfazz

If you plan to keep making revisions to this document, perhaps the clause in section 7e) that explicitly says "This License may not be modified without the mutual written agreement of the Parties" (i.e., both sides) should be removed? Either way, though, it seems that any changes you made compared to the "TLA" that folks signed already would only affect new signees from this point on, no?

jdillard

@razzfazz:

it seems that any changes you made compared to the "TLA" that folks signed already would only affect new signees from this point on, no?

Correct. I also only made changes to the title and last modified date.

razzfazz

Another note: The required attribution text in section 3b) explicitly says "2014"; that is probably not what you really want folks to keep using moving forward, is it?

msi

The tools repo is under a OpenSSL-like license which is OK to me, but now I have a doubt when it comes to patches to the base system or ports in the case of upstreaming.
(part of the stuff I am interested is going through patches and trying to figure out whether this as possibly of interested in upstream ~ less to care in pfSense)

As I understand the license it's OK for pfSense to take BSD code, integrate and modify with additional terms in this new license: BSD -> pfSense-tools License works.

However I'm twisting my head around this new license when it comes to upstreaming things to a BSD-licensed project such as the base FreeBSD.
In my understanding I'd have to punch a patch for Freebsd in shape and then I'd have to offer it under the OpenSSL-derived license, not BSD)

I'm asking mainly since I really don't want to stand on anyone toe and to properly understand the intentions of this new license.

Grub3

https://portal.pfsense.org/members/signup/ICLA
is unacceptable, as it transfers copyright free developer work to a company without compensation.

This assignment also suggest that pfSense codebase (not pfSense brand) is the ownership of all developers and this is an interesting information, thank you.

As a member of the future developer alliance incorporated under a foundation, we don't recommend signing this agreement.
Please read pfSense Internet neutrality and FreeBSD licence post.

msi

@Grub3: I remember GOOSE as Smartcard vendor, props for that.
However: Although the effective difference is little, there is a difference in legal terms on what you write and what the CLA says:

The CLA doesn't mention copyright ownership, you give them a license to do almost whatever they whish with your code i.e. sublicense etc (you don't give them warranties).
There is a difference between and extensive license that you grant ESF and copyright transfer (the later isn't even possible in some countries ie. most EU countries).

If you contribute to Apache projects you have to sign a their CLA (http://www.apache.org/licenses/icla.txt), beyond s/ESF/Apache Foundation/g is the same as the CLA of pfSense.
Agreed difference: Apache is US-based non-profit 501(3) while ESF is a (for-profit) LLC. 2 widely known OSS projects have a very similar CLA with the entity being a company: Android and Chromium. Another that I know about is Joyent SmartOS.

In comparison Sun (RIP): On a lot of their projects they insisted on copyright assignment which is what allowed Oracle to close back previously open projects without much acknowleding external contributors (think Solaris). I'm definitely not pro-CLA and extensive licensing to an entity (Linux and illumos explicitely share copyrights), but I don't see ESF isn't reinventing the wheel and doing necessarily more evil than others that have CLAs too.

If you aren't OK with the CLA, don't sign it, if you feel to fork, do so by respecting of the terms under which you received the code.

@Grub3:

https://portal.pfsense.org/members/signup/ICLA
is unacceptable, as it transfers copyright free developer work to a company without compensation.

No, it does not.

Grub3

Here are the facts:

https://www.pfsense.org/ESF_Individual_Contributor_License_Agreement_v1.0.pdf

Grant of Copyright License
.Subject to the terms and conditions of this Agreement, You hereby grant to ESF and to recipients of the Work a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and derivative works thereto, including but not limited to combination(s) of Your Contributions with the Work

Your company is asking individual contributor to grant ownership of their code to your company, without compensation other than access to their source code.

pfSense licence agreement is available here:
https://www.pfsense.org/ESF_License_Agreement_v1.0.pdf

Copyright 2014. Electric Sheep Fencing LLC. The pfSense
software is offered under license from Electric Sheep Fencing LLC
(“ESF”)

The ESF licence is a very restrictive licence, including a copyright where your company owns everything and people only have the right to ask for permission.
i.e. there is no freedom to modify the source code, i.e. no copyleft. The problem is that all community is about copyleft, so are killing the community and destroying the project.

You are simply REBRANDING THE WORK OF THE COMMUNITY, putting an Electric Sheep Fencing STICKER on it to pretend it is YOURS.

We would prefer:

Copyright 2014. Electric Sheep Fencing LLC. The pfSense
software is offered under the FreeBSD licence without any limitation.

The difference is that the FreeBSD offers copyleft and the ESF does not.
The FreeBSD would still allow you to make commercial works from pfsense source code.

Grub3

To make a comparision, this repo is like "offering free keys" to a house owner, prevented that "the owner grants you ownership of the house".

cmb

License != ownership. EVERY open source project in proper legal standing does exactly the same as what we're doing. Apache? Yep. Linux? Yep. FreeBSD? Well they will be soon, possibly using our exact CLA.

Nothing about prohibiting modifications is in any way remotely true. You just can't modify it and put our brand on it. You can't do that to any other trademarked open source project either.

grub3's other ignorance addressed in other threads since he's been busy spreading bullshit all over the place.

msi

@cmb: Can you share a clarification on the patches applied to ports and the base system as I mentioned?

It's really just a matter of "I'd like to understand things correctly". I guess that the less patches pfSense has to mangle (8.3 had quite some backports too), the quicker pfSense can stay in sync - and it seems as of currently 2.2 seems to be very closely tracking 10-STABLE.

A couple of patches miss some comments - without that it's pretty difficult if you are not closely related to the code or the author of said patches. ;-)

cmb

There's no issue in including BSD licensed code (and we'll release it as same as it goes upstream and stays closer to the most recent). Things in that regard haven't changed at all. BSD and similar licenses are fine to include. GPL and other more restrictive licenses cannot be, same as before.

Thanks Mathieu, appreciate all your contributions. Sorry your question got lost in the noise from the trolls and/or tinfoil hat crowd.

msi

Thanks Chris, that's what I guessed.

As author of patches and thus copyright holder one can always define the compatible license when passing upstream.
However as contributor I have to stick with the license it comes to me which is the OpenSSL-style license in the top directory.

I don't see an issue for code from pfSense itself, it's only about the bits that pfSense takes from upstream FreeBSD and makes patches for it: base and ports.
With the old license it was simple as it was the same license, now there is a little difference, and if there is something stupid happening I can't take a fix in pfSense and send upstream if I'm not the original author.

I'm not a lawyer so if you tell us that without additional mentionings it's just fine, then I shall stay silent :-)
Otherwise what about clarification in the top-level license or explicit license file or information for pfPorts and patches directories (i.e. ~ "These files are governed by same license as unpatched upstream source.").

@Grub3:

Here are the facts:

https://www.pfsense.org/ESF_Individual_Contributor_License_Agreement_v1.0.pdf

Grant of Copyright License
.Subject to the terms and conditions of this Agreement, You hereby grant to ESF and to recipients of the Work a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and derivative works thereto, including but not limited to combination(s) of Your Contributions with the Work

Your company is asking individual contributor to grant ownership of their code to your company, without compensation other than access to their source code.

You're wallowing in your FUD.

Point in fact, we are not "asking individual contributor to grant ownership of their code".

"ownership" of the copyright on the code would require an assignment, which we are explicitly NOT asking for.

This is about a non-exclusive license.

@Grub3:

pfSense licence agreement is available here:
https://www.pfsense.org/ESF_License_Agreement_v1.0.pdf

Copyright 2014. Electric Sheep Fencing LLC. The pfSense
software is offered under license from Electric Sheep Fencing LLC
(“ESF”)

The ESF licence is a very restrictive licence, including a copyright where your company owns everything and people only have the right to ask for permission.
i.e. there is no freedom to modify the source code, i.e. no copyleft. The problem is that all community is about copyleft, so are killing the community and destroying the project.

Let's take your points in order here:

"a copyright where your company owns everything" – false. just a non-exclusive license to the copyright
"there is no freedom to modify the source code" – 100% false. You just can't call the result pfSense.
"i.e. no copyleft" – Here you are 100% right. There is NO WAY IN HELL we're going to GPL the code.
"The problem is that all community is about copyleft." – You appear to have missed the turn that takes you to the linux village. This is BSD-land.
"so are killing the community and destroying the project." – you offer no proof here.

@Grub3:

You are simply REBRANDING THE WORK OF THE COMMUNITY, putting an Electric Sheep Fencing STICKER on it to pretend it is YOURS.

Seriously? Let's look at some data.

https://forum.pfsense.org/index.php?topic=76140.0

Also, the brand applied is "pfSense", not ESF.

@Grub3:

We would prefer:

Copyright 2014. Electric Sheep Fencing LLC. The pfSense
software is offered under the FreeBSD licence without any limitation.

The difference is that the FreeBSD offers copyleft and the ESF does not.
The FreeBSD would still allow you to make commercial works from pfsense source code.

You would prefer a license which does not exist? There is no such thing as "the FreeBSD license" (or licence). There is a BSD license (several versions exist. Most people know about the 2-clause and 3-clause variants.)

This, along with your call for GPL, and your misunderstanding of the difference between assignment and license, tends to show that you really don't know what you're talking about.

@Grub3:

https://portal.pfsense.org/members/signup/ICLA
is unacceptable, as it transfers copyright free developer work to a company without compensation.

If it was an assignment (which it is not), then yes, it would transfer copyright to ESF. It does not, but rather grants a non-exclusive license.
There is a big difference here.

BTW, your call for GPL est très drôle, parce que le FSF exige assignment (transfer of ownership) of copyright when you contribute to their projects.

Read these and ponder your hero:
http://www.gnu.org/licenses/why-assign.html
http://www.gnu.org/prep/maintain/html_node/Copyright-Papers.html
http://www.fsf.org/licensing/assigning.html

@Grub3:

This assignment also suggest that pfSense codebase (not pfSense brand) is the ownership of all developers and this is an interesting information, thank you.

As a member of the future developer alliance incorporated under a foundation, we don't recommend signing this agreement.
Please read pfSense Internet neutrality and FreeBSD licence post.

You are entitled to your opinions, of course. Even when they're laughably wrong.

BTW, don't post here again on this subject. There is a forum for licensing discussions. Any further postings by you in Development, which are about licensing, will be deleted.

rudivd

hi Jeremy,

You stated that in the https://portal.pfsense.org/ there should be an $0 developer option, for subscribing.
I cannot find it. The subscription form only states $99 and up subscriptions, and I just want to have acces
to the repo.

Rudi

kpa

@rudivd:

hi Jeremy,

You stated that in the https://portal.pfsense.org/ there should be an $0 developer option, for subscribing.
I cannot find it. The subscription form only states $99 and up subscriptions, and I just want to have acces
to the repo.

Rudi

The instructions are quite wrong and incomplete because you can't create an account unless you either subscribe for support or sign the ICLA at the same time. Unfortunately the only piece of information that directs you to the ICLA is here on forums and not on the portal page (you hear me admins?) Go here and fill in the form to sign the ICLA and create your account:

https://portal.pfsense.org/members/signup/ICLA

jdillard

I modified the original post to clear up the instructions.

kpa

Thanks :) Could you also look into adding a link to the ICLA on the portal page?

dreamcat4

I cannot for the life of me get this to work.

@jporter:

If you are being prompted for a password your ssh-key is not working.

This ^^

@jporter:

Check your local ssh-agent and make sure it is running. Check that your ssh public key is valid and correct in your profile. Sometimes cutting and pasting can introduce unwanted whitespace/newlines.

Checked.

@jporter:

DSA Keys longer than 512 characters will ~~fail~~ work in the portal. Keys encoded up to 1024 bytes are ok. Still avoid newlines.

Checked.

@jporter:

If there are other pointers suggestions you can add them here, and I'll update the post.

What is really missing is a full example of all the little steps from scratch. By that, I mean showing the correct sequence of "ssh-agent" commands, and so on for generating a key file. With some kind of example of what the public key should actually look like, once pasted into the web form / input box.

See here for other such guides:

https://confluence.atlassian.com/pages/viewpage.action?pageId=271943168
https://help.github.com/articles/generating-ssh-keys
[EDIT]

https://help.github.com/articles/error-permission-denied-publickey

[EDIT]
On IRC, someone say they signed up long ago with this link, to get LA:

https://portal.pfsense.org/members/signup/la

However that not work anymore. So I wonder it that have anything to do with it. Because my subscription only have ICLA and LA accepted (but not TLA). Many thanks.

EDIT: moderator edit to correct incorrect link

jporter

Fyi there is currently a bug with the tools repo, we are working on it:
https://forum.pfsense.org/index.php?topic=79413.0

tamldt

Hi all!

I try " git clone git@git.pfsense.org:pfsense-tools" but unsucessfull. It ask me type password for git@git.pfsense.org

I think i have mistake about ssh public key.

But my ssh public key (/root/.ssh/id_rsa.pub) and key on https://portal.pfsense.org/members/signup/LA (my profile) are same.

people can help me fix it…!

thanks...!

GruensFroeschli

Open/create ~/.ssh/config in an editor of you choice.
Put stuff there similar to:

Host git.pfsense.org
Hostname git.pfsense.org
User git
IdentityFile /home/me/.ssh/me.privkey

none

Tried this idea, no good here :(

root@pfsense-22:/tmp/git-teste # git clone git@git.pfsense.org:pfsense-tools tools
Cloning into 'tools'...
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

created the config file, and no good. Tried without also, same problem. sometimes I get this error above, other times ask for password.

Key4ce_angelo

Same issue in this thread –> https://forum.pfsense.org/index.php?topic=79413.0

Seems to be a DNS issue ..

git clone git@git.pfsense.org:pfsense-tools tools
Cloning into 'tools'…
Password for git@git.pfense.org:

notice it returns as pfense.org not pfSense.org.
Before I could circumvent this by lookup up git.pfsense.org and simply punching in the IP directly… This obviously shouldnt be working like that... but it did..
Anyway that no longer works.

So I guess we are waiting for someone to fix this in the config.

Please fix this ...
Thanks!

shaqan

Can't be that admins/devs/mods are unaware of the issue. That's just improbable mathematically. Help has been asked in public forums over past 3 weeks quite a lot of times. If one browses forum even by skimming trough the topics, it should be noticeable enough.

Including in topics they have communicated in earlier times (It would show up in "Show new replies to your posts")

EDIT: :)
https://forum.pfsense.org/index.php?topic=79413.0
@bmeeks:

I had some private e-mail communications on Saturday with the maintainer of the Tools repo SSH access. He is aware of the problems and working on it.

Bill

rrouzbeh

i have problem with tools-repo

DNS lookup error: general failure
debug1: Host 'git.pfsense.org' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive
Password for git@git.pfense.org:

send email to coreteam

phil.davis

A few weeks ago pfsense-tools appeared as a private repo on GitHub for me (and presumably for others that were already signed up). Can someone update the instructions here to say where the pfsense-tools repo will be found after you sign up?

wagonza

Yeah that would be nice to have. I unfortunately did not have my GitHub details in there at the time of the announcement but do now.
Unfortunately still don't have access though.

razzfazz

The pfsense-tools repo was showing up for me on GitHub a few weeks back, but now it seems to be gone again?!

phil.davis

@razzfazz:

The pfsense-tools repo was showing up for me on GitHub a few weeks back, but now it seems to be gone again?!

It is still there for me, private repo and updated 7 hours ago, so it is not a general problem - I guess you are special :)

jdillard

@wagonza:

Yeah that would be nice to have. I unfortunately did not have my GitHub details in there at the time of the announcement but do now.
Unfortunately still don't have access though.

You should have received a confirmation email from github to whatever email is in your github account settings.

jdillard

@razzfazz:

The pfsense-tools repo was showing up for me on GitHub a few weeks back, but now it seems to be gone again?!

I see your github user in there, are you looking in the right spot?

wagonza

@jdillard:

You should have received a confirmation email from github to whatever email is in your github account settings.

Nope received nothing. Also double checked mail logs but no email from them.

jdillard

@wagonza:

@jdillard:

You should have received a confirmation email from github to whatever email is in your github account settings.

Nope received nothing. Also double checked mail logs but no email from them.

Did you complete the ICLA/CCLA and LA part?

jdillard

@phil.davis:

A few weeks ago pfsense-tools appeared as a private repo on GitHub for me (and presumably for others that were already signed up). Can someone update the instructions here to say where the pfsense-tools repo will be found after you sign up?

We are going to make a wiki page with the updated information. I'll post here when it is done. thanks for pointing that out Phil.