English Forums > Tutorials and FAQs
OPNsense aarch64 firmware repository
Maurice:
Hello all,
After testing OPNsense on ARM64 (aarch64) virtual machines for some time, I've decided to make my firmware repository public. It can be used for installing updates and plugins on existing OPNsense aarch64 systems as well as for quickly building aarch64 images. Updates typically get published the day after the official amd64 updates.
https://opnsense-update.walker.earth
Configure OPNsense to use the repository for updates and plugins
* Add the fingerprint to OPNsense:
fetch -o /usr/local/etc/pkg/fingerprints/OPNsense/trusted https://opnsense-update.walker.earth/FreeBSD:13:aarch64/24.1/opnsense-update.walker.earth.20240113
* Change the firmware mirror:
'System: Firmware: Settings'
Mirror (custom)
https://opnsense-update.walker.earth
Build aarch64 images
* Follow the instructions on https://github.com/opnsense/tools
* Before invoking make arm or make vm, prefetch the sets:
make prefetch-base,kernel,packages MIRRORS=https://opnsense-update.walker.earthFor building VM images, my fork of the OPNsense tools allows configuring the default console. Sample VM images are available in the releases section.
None of this is supported by Deciso or the OPNsense core team! Use at your own risk.
Thanks to everyone who contributed to OPNsense-aarch64. I only use the tools others have created.
Cheers
Maurice
The public key for my 24.1-aarch64 packages and sets is:
--- Code: --------BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzMwX5pdTxFltQrLqv+rj
jictq2E0TqB3kCrsE4wZ2z7CxuXwqxNrv5Y/847MDWfycyPgxyZx5Iuu/5LapiT4
ilVXkx4hmrrdmpXYiUYgXpMXtRPtbYHIje0QN8YJI5lV1qFLErhkuhr5Ch1o3BYS
Schiq+f9D2/RQtgNp6wySV8wgsoE+71G1z4jJMNQK5Rhnz5s9LRtXLWepevsyYB2
nDBqtLIVckGvM/0ivZtTBj+AHkwRUoN5dBIXJigdU6VXnOJQMSWyNC7c1AwzEp5p
1vyKQVAcuK8Y8424SA1CgqxlKb/Z7s5SIn35DLuQd1JcoxYUKBvykzEJQksL6IsO
Of2KJcVn05l5YbyX3UorNam4De003Gx0UWRDFHRBzASVDktihfanWqyDvNty6/ob
yfhRj6rE9cAXKOYBkckTa0B/G4Fw1Qx2GX9oX6ZAqUphfmaBpBnGOt8nQ+8BxMtm
1J2kH4NQ3uOwxWJPkHx08JzPrAxhtFjjvSsQLYULEWM9yA/+nw3HyhDmOtTCbhMQ
o4qq5FV+g7T8g14jLx+ZkPA+W+ax+n46p3ujv2v4U3x5aZtBTGeBV7TadVwikqJ2
d5lSJU0O0F7pCYqwtPkOacK2w/BeYOwpLTXpBY5JlwC+f5kTKs/7gzc4FY3gfgGe
tsY4Z1KlXUh6KTBDhkKk2y0CAwEAAQ==
-----END PUBLIC KEY-----
--- End code ---
franco:
Nice. Thanks for your work!
Only for reference: what's your update strategy? Providing snapshots (time frame?) or follow stable releases?
Cheers,
Franco
Maurice:
The plan is to follow stable releases. So far I've released packages and sets matching the 23.7, 23.7.1, 23.7.2 and 23.7.3 tags. When you release an official update, I fire up my build system and set the VERSION accordingly.
Not entirely sure how to deal with hotfixes yet. My 23.7.3 packages do include the hotfixed os-wireguard 2.0_2, but the 23.7.1 packages do not include opnsense 23.7.1_3.
Cheers
Maurice
franco:
Hotfixes are tricky indeed as they leave the basic formula of building what is tagged.
I wouldn't worry too much about these if you don't happen to be able to pick them up right away (build delay). Following releases sounds like a working strategy for everyone using this. :)
Snapshots are handy too, but too many surprises on updates.
I also see you don't publish development packages (EXTRABRANCH=master). The feature formerly known as "rewind" doesn't like this anyway. It's almost like snapshot releases inside the stable releases so not needed as well.
Cheers,
Franco
Monviech:
Did you get any experience with the performance of a Raspberry Pi 4?
I'm kinda curious since I have a few CM4 with waveshare boards, some with pcie nvme or with pcie 2 Nics. But if you already made some tests yourself it would be nice to know what to expect.
I'll definitely try to build it and implement your firmware repo for tests, thank you.
Navigation
[0] Message Index
[#] Next page
Go to full version