OPNsense aarch64 firmware repository

[Monviech (Cedrik)]

I only test the build on amd64 so it would be best to remove www/caddy-custom from the build if it fails. I can't do arm build tests. Sorry for the trouble here.

The binary itself is pretty hard to maintain right now since its in a weird state between some internal golang dependency problems. Im fixing upstream issues here too right now. Hope its in a better more consistent state again soon.

Reference why it happens, bad timing: https://github.com/opnsense/tools/pull/400#issuecomment-2140805870

When OPNsense 24.1.8 got built on wednesday, it was still caddy-2.7.6 and things were fine.
On Thursday/Friday they released new version 2.8.0 and 2.8.1 and I didn't verify the built yet. But since the version is not tagged (like I planned to do once), it pulled latest...

EDIT:

@Maurice

Code: [Select]

config/24.1/make.conf

Code: [Select]

github.com/caddy-dns/rfc2136@6096cd5db964c3f7757986b73ffa0617534497f7
That plugin has a build error with latest caddy version. It caused your build to fail.

EDIT2:

This PR should fix it: https://github.com/opnsense/tools/pull/413

Build works for me.

EDIT3:

Also working on fixing the port itself so it can be fixed upstream:
https://github.com/opnsense/ports/pull/198

[rdunkle84]

OPNsense 24.1 aarch64 ....  is working well on Orange Pi 5 Plus.

Would you mind sharing your build or the steps you took? I'm trying to get it working on my OPI5+ as well. Thank you.

The first step is to change the firmware of the OPI5+ to use EDK2 firmware.
https://github.com/edk2-porting/edk2-rk3588
If you do that then you can use the OPNsense images.

[Maurice]

OPNsense 24.1.8 aarch64 packages and sets released.

Thanks @Monviech, https://github.com/opnsense/tools/pull/413 fixed it.

[Maurice]

OPNsense 24.1.9 aarch64 packages and sets released.

[Update 2024-06-20]
Hotfix 24.1.9_3 released.

[Update 2024-06-21]
Hotfix 24.1.9_4 released.

[Maurice]

OPNsense 24.1.10 aarch64 packages and sets released. Includes hotfix 24.1.10_2.

[Update 2024-07-15]
Hotfix 24.1.10_3 released.

[Maurice]

OPNsense 24.7.r1 aarch64 packages and sets released.

This is mostly a test for my new FreeBSD 14.1 build system. There is no supported upgrade path from 24.1 yet. But if you are in the mood for experiments, you could upgrade manually. Be aware that your config may not be migrated properly, so don't use on production systems:

Code: [Select]

fetch -o /usr/local/etc/pkg/fingerprints/OPNsense/trusted https://opnsense-update.walker.earth/FreeBSD:14:aarch64/24.7/opnsense-update.walker.earth.20240618
opnsense-update -u -a FreeBSD:14:aarch64 -A 24.7 -r 24.7.r1

You're also welcome to test one of the 24.7.r1 VM images from my GitHub.

My 24.7-aarch64 builds use a new signing key. The fingerprint will be included in 24.1.11 24.1.10_8. The new public key is:

Code: [Select]

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4cUzCC7UMWhUHzpl7Fvd
DkiOvs7LN1HqX44O41A7OoGgJNm+AV52YZPvorr7PUbJrqtY4kuYiWUuNSvKtVOa
r7Er8TT+GVor6Gtc+WqvcKzRywi7UkXXAkFz1TfSQXzaGgY21B0NPqoi8+1nUsh/
FegPaoEXRWInq6DcZLckOpXHBYf9MucreD+yIEHrIgHkWnklsc78fY6NGHwLSaT6
38nV5knkC8LB5S2PzapEql7Dz7Cvk30MNY2NQ6xiaZr0Mf5C5clnumm3xBWsK+cl
TaSzJCND7F5rHbmom9zNkrqb5yMAoYyX8wD79FjJPgFT/cW+q2uhX3+UPMWCRKTN
JKR4NuHopTc69VX9Dft1ytGOSs9HbASrHOnHytintRz2dyYeVwFbj2dughEvkcBI
UPLklQyVykZDjV5mVDtL9JSbkLINztXy1/fgZqsWpMOdZ+CgShyxyvcER+4aSTKf
/mc7aR6T3cOICPPInck1pct1mXrW2PS1cKH7+98FmzQ1F2otOWsY6hd3+P2KT9rY
QOwQs38BObYPQz/UZiGbqX3f3Y+cyFtbdQl0Es/hQWh9qxsh3m3hQx0av1bbp7i5
CUgjVcP5wN5YeuE01mzu2rXND5ho2khilE6IaS9dVOKYndL//AOZyyOJQUtJdaFb
XTY8nWldWbn2nNFyMODtFxMCAwEAAQ==
-----END PUBLIC KEY-----


[franco]

Awesome, thanks for doing this!

[Maurice]

Having a little side project which requires some attention on a regular basis helps me stay connected to the OPNsense project, even in times when I'm not really active here otherwise.

I don't have any Web server logs enabled, but the repo server's interface statistics currently show about 25 GB upload per month. Not a lot, but at least a few people seem to be using it and I'm not doing this just for myself. 😅

[Maurice]

OPNsense 24.7.r2 aarch64 packages and sets released.

[Maurice]

OPNsense 24.7 aarch64 packages and sets released.

[Update 2024-07-27]
Hotfix 24.7_5 released.

[Update 2024-07-29]
Hotfix 24.7_9 released.

The upgrade path from 24.1.x is the same as on amd64 - update to OPNsense 24.1.10_8 (also released today) to unlock the upgrade.

[franco]

Neat! If you notice I have polished the "aux" set for mirror publication. It may help some people to avoid long build times by caching rust and cmake in particular...

Also hotfix incoming today. Better safe than sorry.


Cheers,
Franco

[Maurice]

Yes, I did notice and published the aux set as well.
Rust is ignored on aarch64 though, so it's just cmake and go.

What would a major release be without a day 2 hotfix!

Cheers
Maurice

[franco]

Always one step ahead it seems.

Time to change the rust/suricata situation maybe?


Cheers,
Franco

[Maurice]

Hm, what exactly is the current Rust / Suricata situation?

[franco]

It works without hiccups build-wise on amd64 these days. I think it had trouble building aarch64 which is why we disabled it?

https://github.com/opnsense/core/commit/f098b3a9ba1

Apparently some time ago in 2019

May have been for 32-bit ARM anyway. It's worth trying it on your end and raise a PR if it works.


Cheers,
Franco