Messages

Hi guys,

thanks for the help here. it worked just fine, I can build images and update them with no need to a full reinstall :)

I created some simple and not best written scripts to automate this process as a guide for any new comers.

Its available here: https://github.com/matheusber/opnsense

Thanks again for the help.

Franco, what is the process to add new devices?

Thanks again :)

none

PS: if changing the thread subject would help in people finding this repo building, its fine by me ;)

Hello friend!

  I have a NanoPi R5S and trying to build OPNsense, I followed the construction files that you made available on github and managed to reach the final step and generate the OPNsense IMG, but when writing to the SDCARD with win32diskimage it does not initialize on the NanoPI R5S, it would have Any steps I missed? Could you provide a working image for the NanoPi R5S that you managed to build?
I'm starting to study OPNsense Tools on github to understand how the build works.

Hi tax, sorry for the delay here. Which R5S conf you used? There are two: R5S.conf and R5S_SD.conf. The first just makes an image for R5S that is able to run it using both re nic's (I use the realtek-kmod198 port), and shoud be flashed to an USB media.

If you use R5S_SD.conf, that creates an image for sdcard media. I got it to work but had the unhappy news that not all sdcard are good for it. I myself got one Sandisk 32GB that won't boot opnsense ever, just boot code loops; Same image on a Kingston and Lexar, both 32GB, it all works great. I guess my Sandisk may not be from Sandisk :(

If your issue is on using R5S_SD.conf, then tell here I can try to help you.

The issue I'm working now is that sometimes /boot/loader.conf.local vanishes, and we get to loose both realtek 2.5Gbps nic's.

none

As a small update I took it off in ports.conf and so far no problem about it. the net/mrt is not building yet, and even changing version to build 24.7.3 it keeps failing.

So now I am looking for building logs. If I issue "make" in the net/mtr port directory, it builds fine. I even let it built there so it may take it from there, but didn't work :(

I am now looking for the building logs to try to find out how to fix this. If anyone have any hints :)

none

Hi,

I am trying to build 24.7.4 for arm here and this port kind of is not letting me do that. I installed a fresh 14.1 for it on rpi5, and I got this error:

Code Select Expand

===>   urwfonts-1.0_8 depends on executable: fc-cache - found
===>   Returning to build of urwfonts-1.0_8
===>   urwfonts-1.0_8 depends on executable: mkfontscale - not found
[20240920043050] ===> License MIT accepted by the user
===>   mkfontscale-1.2.3 depends on file: /usr/local/sbin/pkg - found
[20240920043050] => mkfontscale-1.2.3.tar.xz doesn't seem to exist in /usr/ports/distfiles/xorg/app.
[20240920043050] => Attempting to fetch https://xorg.freedesktop.org/releases/individual/app/mkfontscale-1.2.3.tar.xz
mkfontscale-1.2.3.tar.xz                               142 kB  306 kBps    01s
[20240920043052] ===> Fetching all distfiles required by mkfontscale-1.2.3 for building
[20240920043052] ===> Extracting for mkfontscale-1.2.3
[20240920043052] => SHA256 Checksum OK for xorg/app/mkfontscale-1.2.3.tar.xz.
[20240920043052] ===> Patching for mkfontscale-1.2.3
===>   mkfontscale-1.2.3 depends on package: pkgconf>=1.3.0_1 - not found
===>   Installing existing package /.pkg-cache/All/pkgconf-2.3.0,1.pkg
Installing pkgconf-2.3.0,1...
Extracting pkgconf-2.3.0,1: 100%
===>   mkfontscale-1.2.3 depends on package: pkgconf>=1.3.0_1 - found
===>   Returning to build of mkfontscale-1.2.3
===>   mkfontscale-1.2.3 depends on package: xorgproto>=0 - not found
===>   mkfontscale-1.2.3 depends on package: xorgproto>=0 - not found
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/x11-fonts/mkfontscale
*** Error code 1

Stop.
make: stopped in /usr/ports/x11-fonts/urwfonts
[20240920043054] ===> Cleaning for mkfontscale-1.2.3
[20240920043054] ===> Cleaning for xorgproto-2024.1
[20240920043054] ===> Cleaning for xorg-macros-1.19.3
[20240920043055] ===> Cleaning for urwfonts-1.0_8
pdating database digests format: 100%
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 7 packages:

Installed packages to be REMOVED:
        brotli: 1.1.0,1
        expat: 2.6.2
        fontconfig: 2.15.0_3,1
        freetype2: 2.13.2
        pkg: 1.19.2_1
        pkgconf: 2.3.0,1
        png: 1.6.43

Number of packages to be removed: 7

The operation will free 21 MiB.
[1/7] Deinstalling fontconfig-2.15.0_3,1...
[1/7] Deleting files for fontconfig-2.15.0_3,1: 100%
[2/7] Deinstalling freetype2-2.13.2...
[2/7] Deleting files for freetype2-2.13.2: 100%
[3/7] Deinstalling pkg-1.19.2_1...
[3/7] Deleting files for pkg-1.19.2_1: 100%
[4/7] Deinstalling png-1.6.43...
[4/7] Deleting files for png-1.6.43: 100%
[5/7] Deinstalling brotli-1.1.0,1...
[5/7] Deleting files for brotli-1.1.0,1: 100%
[6/7] Deinstalling pkgconf-2.3.0,1...
[6/7] Deleting files for pkgconf-2.3.0,1: 100%
[7/7] Deinstalling expat-2.6.2...
[7/7] Deleting files for expat-2.6.2: 100%
Creating repository in /usr/obj/usr/tools/config/24.7/aarch64/.pkg-new/: 100%
Packing files for repository: 100%
>>> Removing packages set
>>> Creating package mirror set for 24.7.4-aarch64... done
-rw-r--r--  1 root wheel  807M Sep 20 01:32 packages-24.7.4-aarch64.tar
>>> ERROR: The build encountered fatal issues!
>>> Aborted version 0.95_2 for net/mtr (mtr)
>>> Aborted version 1.0_8 for x11-fonts/urwfonts (urwfonts)
*** Error code 1

Stop.
make: stopped in /usr/tools/


So I tried it again, and same error, same place. To make it short, I reinstalled 3 times the rpi5, using different disks and soruces, same error.
So today I tried to figure it out if I could just not build this package, and I saw in freshports.org that it is needed for two deleted ports:

This port is required by:
for Run
Deleted ports which required this port:

net/ntop*
www/trac-graphviz*

and the ntop opnsense uses is ntopng.

I will try to build packages again and take urwfonts out of the list, but it got me to think if maybe it should not be there, listed on the ports.conf file, hence this post here.

none

Hi,

I built arm64 image for R5S here. I now get this error and cannot find its source. I have 24.7 images that have not this issue.

HTTPS: Could not open file or uri for loading certificate from /var/etc/cert.pem
002021C7872D0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
002021C7872D0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/var/etc/cert.pem)
Unable to load certificate

I tried to make update and build 24.7.1, got this error. Then I deleted all and tried again. Same error. I installed a 14.1R from scratch, same error. Now I have no ideas.

I began to use fingerprint and singing on the build process but cannot tell if this is the culprit.

If anyone has any clues :)

none

Hi,

the issue you have is over amd64 images you downloaded on the opnsense site? I have issues like this, but on arm64 images I built.

Hi guys,

thanks for the help here. it worked just fine, I can build images and update them with no need to a full reinstall :)

I created some simple and not best written scripts to automate this process as a guide for any new comers.

Its available here: https://github.com/matheusber/opnsense

Thanks again for the help.

Franco, what is the process to add new devices?

Thanks again :)

none

PS: if changing the thread subject would help in people finding this repo building, its fine by me ;)

You need to create a key pair before building the sets:

Code Select Expand


cd /usr/tools/
openssl genrsa -out config/24.7/repo.key 4096
openssl rsa -pubout -in config/24.7/repo.key -out config/24.7/repo.pub
make fingerprint


Save the fingerprint to a file. On the machines which are supposed to use the repository for installing updates and plugins, place this file in /usr/local/etc/pkg/fingerprints/OPNsense/trusted.
You can optionally inject the fingerprint file into the OPNsense package during the build process (see my last comment in the thread you linked to). This is useful if your images are used on many systems because you then don't have to manually copy the fingerprint to each machine.

Cheers
Maurice

Thanks Maurice. Do I need to recompile it all so it is signed? If it all needs to be recompiled, I will use for now the way franco said and next build I will add the fingerprint :)

Thanks you both, again ;)

none

Hello and thanks for you both, Maurice and franco. I kinda created a directory that replicates the files I saw on Maurice's server. That is done, but my opnsense won't use it, complaints about:

pkg: No signature found

and in the end I get the message:

The repository has no fingerprint.

That got me blocked :(

I am now searching the web about how to create the .sig files for the sets and the fingerprint for the server.

I found this thread here: https://forum.opnsense.org/index.php?topic=37702.0, but so far I am yet to solve this:

Code Select Expand

root@rpi5:/usr/tools # make fingerprint
>>> Executing build step fingerprint on 24.7
root@rpi5:/usr/tools #


The thread suggests it would echo on stdout some code to redirect. Here there is no code :(

Thanks for all the help.

none

If you're okay with not building everything from source, you could prefetch the packages set from my aarch64 repo:

# make prefetch-packages SETTINGS=24.7 VERSION=24.7.r2 MIRRORS=https://opnsense-update.walker.earth

Cheers
Maurice

Hi Maurice,

thanks for the help :)

I can use it now, thanks :)

But as my goal is to build image for the Nanopi R5S, I plan on having it all here. Furthermore, can you point me where I can learn on how to set this kind of repository? I have more then one opnsense on arm64 here, and I build things from time to time.

Thanks :)

none

Hi,

I am trying to build opnsense 24.7 for a Nanopi R5S and I need another aarch64 box for it (tried on amd64, always had trouble). So the less packages I have to build, the better.

So I did this:

Code Select Expand

root@R4S_imagem:/usr/tools/config/24.7 # cat ports.conf | grep "^#"
#ORIGIN                                         IGNORE
#emulators/virtualbox-ose-additions-nox11       arm,aarch64
#net-mgmt/zabbix5-agent                         arm
#net-mgmt/zabbix5-proxy                         arm
#net-mgmt/zabbix6-agent                         arm
#net-mgmt/zabbix6-proxy                         arm
#net-mgmt/zabbix64-agent                                arm
#net-mgmt/zabbix64-proxy                                arm
#net-mgmt/zabbix7-agent                         arm
#net-mgmt/zabbix7-proxy                         arm
#net/asterisk18                                 arm
#net/bird2                                      arm
#net/frr8                                       arm
#net/haproxy28                                  arm
#net/ntopng                                     arm
#net/siproxd                                    arm
#opnsense/py-haproxy-cli                                arm
#security/clamav                                        arm
#security/suricata                              arm
#security/tor                                   arm
#sysutils/apcupsd                               arm
#sysutils/munin-node                            arm
#sysutils/nut                                   arm,aarch64
#www/sarg                                       arm


the plugins.conf is also edited:

Code Select Expand


root@R4S_imagem:/usr/tools/config/24.7 # cat plugins.conf | grep "^#"
#ORIGIN                                         IGNORE
#net-mgmt/zabbix-agent@zabbix5                  arm
#net-mgmt/zabbix-agent@zabbix6                  arm
#net-mgmt/zabbix-agent@zabbix64                 arm
#net-mgmt/zabbix-agent@zabbix7                  arm
#net-mgmt/zabbix-proxy@zabbix5                  arm
#net-mgmt/zabbix-proxy@zabbix6                  arm
#net-mgmt/zabbix-proxy@zabbix64                 arm
#net-mgmt/zabbix-proxy@zabbix7                  arm
#net/frr                                                arm
#net/haproxy                                    arm
#net/ntopng                                     arm
#net/realtek-re
#net/siproxd                                    arm
#security/clamav                                        arm
#security/tor                                   arm
#sysutils/apcupsd                               arm
#sysutils/apuled                                        arm
#sysutils/munin-node                            arm
#sysutils/nut                                   arm,aarch64
#sysutils/virtualbox                            arm,aarch64
#sysutils/vmware                                        arm
#sysutils/xen                                   arm,aarch64
#www/web-proxy-sso                              arm


but I keep seeing this kind of error:

Code Select Expand


nstalling zip-3.0_2...
Extracting zip-3.0_2: 100%
Installing py311-duckdb-1.0.0...
`-- Installing py311-pandas-2.0.3_2,1...
|   `-- Installing py311-numpy-1.25.0_7,1...
|   `-- Extracting py311-numpy-1.25.0_7,1: 100%
|   `-- Installing py311-numexpr-2.10.1...
|   `-- Extracting py311-numexpr-2.10.1: 100%
|   `-- Installing py311-bottleneck-1.3.8_1...
|   `-- Extracting py311-bottleneck-1.3.8_1: 100%
|   `-- Installing py311-tzdata-2024.1...
|   `-- Extracting py311-tzdata-2024.1: 100%
|   `-- Installing py311-pytz-2024.1,1...
|   `-- Extracting py311-pytz-2024.1,1: 100%
|   `-- Installing py311-python-dateutil-2.9.0...
|   | `-- Installing py311-six-1.16.0_1...
|   | `-- Extracting py311-six-1.16.0_1: 100%
|   `-- Extracting py311-python-dateutil-2.9.0: 100%
`-- Extracting py311-pandas-2.0.3_2,1: 100%
Extracting py311-duckdb-1.0.0: 100%
=====
Message from py311-pandas-2.0.3_2,1:

--
Install math/py-statsmodels to enable parts of pandas.stats.
Install devel/py-xarray to enable the to_xarray() function.
Installing py311-numpy-1.25.0_7,1...
the most recent version of py311-numpy-1.25.0_7,1 is already installed
Installing py311-pandas-2.0.3_2,1...
the most recent version of py311-pandas-2.0.3_2,1 is already installed
Could not find package: suricata
*** Error code 1

Stop.
make: stopped in /usr/tools/


Can I not build all ports there so it can be faster? How can I do it? :)

Thanks,

none

Hi, thanks for the reply. The first I had it unchecked, but will sure check the latter. Thanks!

Hi,

just installed 23.7 and it is still in the test phase, so the networks are all using private address. I created a rule for web access and ssh from "outside", that is my home network. I am using another notebook on the LAN side of opnsense to test. I disabled the "Block private addresses", but it is still not working.

ssh and https to the gui won't work. And I know its the firewall, if i issue pfctl -d all works. Can is there another thing I must disable for it to work? Even a pass all from any to any won't do it. I am blind here.

thanks,

none

Just for the record, I tried using external monitors through VGA or HDMI. Still no luck :(

Does opnsense is not built with the FreeBSD console options for that? The kernel modules loaded show no green or screensaver modules.

Thanks,

none

Hi,

I am using an old notebook and the screen is on all the time. I am looking on how I can make it turn off after some time. I looked for it on google and could not find any hints on how to do it on opnSense.

Is there how to make it turn off after some time?

I tried changing the console type, no go here :(

thanks,

none

Unfortunately, I don't have any advice to offer but I'd definitely be interested in whatever you find.

I'd also be curious if there was a way to make OPNSense always output video even if there isn't a display detected.  That way I don't have to reboot it if I need to connect a monitor. :)

would closing the lid solve this?

The problem with closing the lid is that some machines are designed so that keeping the lid open helps with cooling.  When you close it that can cause problems.

Closing the lid really would not be my first choice, due to heat. I live in a really warm place. But would easy the pain here, but no go :(

About the always present console, I got few issues using VGA monitors, machines that have HDMI I got some issues like yours.

none

Hi, unfortunately not. The light is still on.

Thanks,

none