[OBSOLETE] How to test the development version

Started by franco, August 03, 2016, 08:34:16 AM

Previous topic - Next topic
Print
Go Down Pages1 2 3 ... 6
User actions
August 03, 2016, 08:34:16 AM Last Edit: May 03, 2018, 05:39:29 PM by franco
Hello everyone,

The development package is available now for the upcoming 17.1 and updated alongside each stable release. You can read about its most prominent changes here:

https://forum.opnsense.org/index.php?topic=3478.0

With 16.7.1 and up, it's possible to switch to the development version by invoking this command on a shell:

# opnsense-update -t opnsense-devel

Switching back to the release version is done by typing the following instead:

# opnsense-update -t opnsense

On top of using the opnsense-devel package, it's now (as of 16.7.10) possible to upgrade to the next FreeBSD 11.0 underneath as well by invoking the console menu item 12, typing "17.1.b" at the prompt.

THERE IS NO SAFE WAY TO UNDO THIS, PLEASE MAKE SURE YOU BACK UP YOUR CONFIGS, SNAPSHOT YOUR VMS AND/OR USE APPROPRIATE TEST SETUPS.

FURTHERMORE, THE UPDATE SETS ARE UPDATED INFREQUENTLY UNTIL THE RELEASE CANDIDATE PHASE IS REACHED.

It's possible to move back to the stock 16.7, but newer files can linger in the file system preventing the downgrade or proper operation thereof.

# opnsense-update -ur 16.7
# /usr/local/etc/rc.reboot

Switching the top package is also required for using the upgrade mechanism from the git repository to get even newer changes:

# opnsense-code core
# cd /usr/core
# git pull
# opnsense-update -t opnsense-devel
# make upgrade CORE_ABI=17.1


Cheers,
Franco
August 11, 2016, 09:01:48 PM #1
Quote
# pkg install git
# cd /usr
# git clone https://github.com/opnsense/core
# cd core
# make package-keywords
# opnsense -t opnsense-devel
# make upgrade

small typo

Quote
...
#opnsense-update -t opnsense-devel
...

cheers till
August 12, 2016, 07:06:45 AM #2
Nice catch, sorry, fixed now. :)
October 13, 2016, 11:10:52 PM #3
If we upgrade our opnsense like that will be opnsense beta version of 17 ? Can we use multiwan with Squid Proxy ?
October 14, 2016, 09:24:27 AM #4
Not yet, I'm still working on patches with FreeBSD.
October 29, 2016, 04:32:23 PM #5
Hey everyone,

I've put up instructions for upgrading into the FreeBSD 11.0 sets above, but please be aware that 17.1 is currently ALPHA status and anything can happen there.


Cheers,
Franco
October 29, 2016, 05:50:33 PM #6
@franco: Is the wireless code ready for 11?
October 29, 2016, 06:01:18 PM #7
Quote from: franco on October 29, 2016, 04:32:23 PM
Hey everyone,

I've put up instructions for upgrading into the FreeBSD 11.0 sets above, but please be aware that 17.1 is currently ALPHA status and anything can happen there.


Cheers,
Franco

I will give it a go... try my luck!


October 29, 2016, 06:31:29 PM #8
Wireless code is not adapted, but that may be a thing for the brave to look into. The packages on the mirrors are a full batch, you can install git, vim-lite, php-xdebug and so forth...

Two amd64 images here as well just for fun:

https://pkg.opnsense.org/snapshots/OPNsense-17.1.a-OpenSSL-cdrom-amd64.iso.bz2
https://pkg.opnsense.org/snapshots/OPNsense-17.1.a-OpenSSL-serial-amd64.img.bz2

Cheers,
Franco
October 29, 2016, 07:13:03 PM #9
One big piece to note is that both base (the underlying operating system itself) and ports (the third-party packages, like Suricata) are all compiled as Position-Independent Executables (PIEs). That means that every application has ASLR fully applied to it.

OPNsense 16.7.7 has PIE applied to base only. PIEified ports will launch with 17.1. Really good stuff to see.

I'm hoping to land SEGVGUARD in time for 17.1. SEGVGUARD provides ASLR bruteforce protection.
October 29, 2016, 09:14:39 PM #10
Quote from: lattera on October 29, 2016, 07:13:03 PM
One big piece to note is that both base (the underlying operating system itself) and ports (the third-party packages, like Suricata) are all compiled as Position-Independent Executables (PIEs). That means that every application has ASLR fully applied to it.

OPNsense 16.7.7 has PIE applied to base only. PIEified ports will launch with 17.1. Really good stuff to see.

I'm hoping to land SEGVGUARD in time for 17.1. SEGVGUARD provides ASLR bruteforce protection.


I followed the update procedure, does this look right?

OPNsense 17.1.a_549-amd64?
FreeBSD 11.0-RELEASE-p2?
OpenSSL 1.0.2j 26 Sep 2016?


Also, why is it i can never install Opnsense via USB with any USB installation method via Rufus it always fails.  I'm only ever able to re-install Opnsense via cdrom which is a right pain cos all my cd's are scratched to **** so my install takes like 20minutes via DVD due to read errors..  ;D LOL

USB install works fine with that other sense router software, is their anything i can do about that?  I've got like 2 rusty old DVD's left and im pretty sure they're unusable now..   ;D
October 29, 2016, 11:31:59 PM #11
Are you using a USB 3.0 stick? Those *might* cause problems on some hardware.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
October 30, 2016, 10:41:50 AM #12
Quote from: SOUK on October 29, 2016, 09:14:39 PMI followed the update procedure, does this look right?

OPNsense 17.1.a_549-amd64?
FreeBSD 11.0-RELEASE-p2?
OpenSSL 1.0.2j 26 Sep 2016?

Yes, looks good.

Quote from: SOUK on October 29, 2016, 09:14:39 PM
Also, why is it i can never install Opnsense via USB with any USB installation method via Rufus it always fails.  I'm only ever able to re-install Opnsense via cdrom which is a right pain cos all my cd's are scratched to **** so my install takes like 20minutes via DVD due to read errors..  ;D LOL

Windows has a bug reading GPT, that's why Rufus can/won't always work correctly. https://github.com/pbatard/rufus/wiki/FAQ#problematic-images

Any Unix works here, I really don't know what else to say. GPT has been a standard for over a decade, and just last week I flashed a memstick that would later not work on a windows pc, because it wasn't MBR...

Quote from: SOUK on October 29, 2016, 09:14:39 PM
USB install works fine with that other sense router software, is their anything i can do about that?  I've got like 2 rusty old DVD's left and im pretty sure they're unusable now..   ;D

In pfSense, there is no GPT or UEFI. I will be happy to see them switch, which either shows we're not doing the best work we could or that they run into the very same issue. I'm ok with both outcomes. ;)


Cheers,
Franco
November 04, 2016, 05:08:43 PM #13
QuoteIn pfSense, there is no GPT or UEFI. I will be happy to see them switch, which either shows we're not doing the best work we could or that they run into the very same issue. I'm ok with both outcomes. ;)

This specific forum is about alfa version right? of course pfsense have a GPT UEFI compatible version is alpha and i have installed my home router and works great (on a GPT ), on virtualbox have a GPT and UEHI working to.

But i'm not here to defend pfsense. I like OpnSense interface way better and i'm study if i will make the transition for me and for my clients. Write now i need to see if i have the same services/features (snort/suricata, freeradius, squid, VPNs, traffic shaper - HFSC or equivalent ) and working ok. But i ended with a repository problem after trying de opnsense-devel. Versions    OPNsense 17.1.a_531-amd64 - FreeBSD 11.0-RELEASE-p2 -
OpenSSL 1.0.2j 26 Sep 2016. Can i do something to solve this rep problem?
November 04, 2016, 05:24:59 PM #14 Last Edit: November 04, 2016, 07:54:01 PM by mais_um
Trying redoing this and stuck on "make package-keyords" the output gives "make: don't know how to make package-keyords. stop" sounds missing some tool.

Edit: nothing like installing everything again.
Print
Go Up Pages1 2 3 ... 6
User actions