Messages

1

24.7 Production Series / Re: 24.7 build process, how to cut some packages for faster building time

« on: September 08, 2024, 07:12:24 pm »

Hint: you only need fingerprints if you want to feed your builds secure updates. You can also avoid fingerprints and adjust the pkg repo config accordingly.


Cheers,
Franco

I wanted to add how I effectively disabled the fingerprint check, since I for one was not able to follow Franco's suggestion immediately.

1. Add URL to content of e.g. sets-24.7.3-aarch64/packages-24.7.3-aarch64.tar as custom mirror under https://opnsense.example.com/ui/core/firmware#settings
2. Login to the shell of your OPNsense instance as root user
3.

Code: [Select]

vi /usr/local/etc/pkg/repos/OPNsense.conf4. signature_type: "fingerprints"→ signature_type: "none"
5. Mind that the OPNsense.conf file would be overwritten any time you change it under https://opnsense.example.com/ui/core/firmware#settings

I can well imagine this is not the most clean way to disable signature verification.

Using the great info every one collected in this thread to setup fingerprints properly for my builds soon. Thanks for taking the time to share it everyone!