Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Will manually built/installed packages on OPNsense break with OPNsense updates?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Will manually built/installed packages on OPNsense break with OPNsense updates? (Read 2128 times)
ownerer
Newbie
Posts: 19
Karma: 1
Will manually built/installed packages on OPNsense break with OPNsense updates?
«
on:
October 21, 2020, 09:44:47 am »
Hi,
for a number of reasons that are not important here, I want to run some VMs in Bhyve on my OPNsense box (homelab).
Since setting this up needs to happen outside OPNsense default features, building the libraries from the ports tree etc, my question here becomes: what happens when an OPNsense update is installed? Is there a chance that the Bhyve setup will break somehow, and if so, how likely is that to happen and are there ways to minimize those chances or perhaps avoid that scenario entirely (other than just not doing this kind of thing on an OPNsense box obviously)?
I suppose this question could be generalized to any scenario where one needs/wants to run additional packages that need to be manually built and installed from the ports tree.
PS: I'm aware of the controversy around adding a virtualization layer to a firewall OS, adding tons of libraries, code, and as a consequence potential attack vectors etc
To anyone feeling the need to raise these concerns, I say: duly noted, I appreciate it and I do understand, but this is not the point of this topic
«
Last Edit: October 30, 2020, 06:56:45 am by ownerer
»
Logged
ownerer
Newbie
Posts: 19
Karma: 1
Re: Will manually built/installed packages on OPNsense break with OPNsense updates?
«
Reply #1 on:
October 30, 2020, 06:57:04 am »
Anyone?
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Will manually built/installed packages on OPNsense break with OPNsense updates?
«
Reply #2 on:
October 30, 2020, 01:18:35 pm »
Short answer: yes. Long answer:
FreeBSD has long held the belief that "ports and packages" do not mix and that you should either use binary packages or completely build your software from ports and deal with updates manually. In terms of OPNsense that is not easily possible so in order to make sure your stuff still works:
When installing from the ports tree lock your own packages from the GUI or using pkg-lock to avoid upgrade surprises. If OPNsense updates will not finish for this reason later on, unlock the custom packages and rebuild them cleanly agains the latest ports tree and then lock them again.
Cheers,
Franco
Logged
ownerer
Newbie
Posts: 19
Karma: 1
Re: Will manually built/installed packages on OPNsense break with OPNsense updates?
«
Reply #3 on:
November 01, 2020, 05:22:19 pm »
Hmm, interesting!
I was unaware of the package locking functionality!
I'm not at all well versed in things BSD btw, I'll just mention that too. I'm just tinkering here
So to be clear, in case of Bhyve for example, I would build it from the ports tree and then I should be able to find it in the package list in the OPNsense GUI and lock it there?
I assume this does the same as using pkg-lock, as described in the
manual
?
Just making sure I understand correctly
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Will manually built/installed packages on OPNsense break with OPNsense updates?
«
Reply #4 on:
November 03, 2020, 01:46:55 pm »
Well, bhyve is already installed in the OS (like Hyper-V is installed in Windows).
If you run VMs that is entirely up to you. In this case you can run FreeBSD VMs in there and you have no ports/packages issues whatsover.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Will manually built/installed packages on OPNsense break with OPNsense updates?