OPNsense aarch64 firmware repository

Monviech (Cedrik) · May 30, 2024, 08:47:32 PM

I only test the build on amd64 so it would be best to remove www/caddy-custom from the build if it fails. I can't do arm build tests. Sorry for the trouble here.

The binary itself is pretty hard to maintain right now since its in a weird state between some internal golang dependency problems. Im fixing upstream issues here too right now. Hope its in a better more consistent state again soon.

Reference why it happens, bad timing: https://github.com/opnsense/tools/pull/400#issuecomment-2140805870

When OPNsense 24.1.8 got built on wednesday, it was still caddy-2.7.6 and things were fine.
On Thursday/Friday they released new version 2.8.0 and 2.8.1 and I didn't verify the built yet. But since the version is not tagged (like I planned to do once), it pulled latest...

EDIT:

@Maurice

Code Select

config/24.1/make.conf

Code Select

github.com/caddy-dns/rfc2136@6096cd5db964c3f7757986b73ffa0617534497f7

That plugin has a build error with latest caddy version. It caused your build to fail.

EDIT2:

This PR should fix it: https://github.com/opnsense/tools/pull/413

Build works for me.

EDIT3:

Also working on fixing the port itself so it can be fixed upstream:
https://github.com/opnsense/ports/pull/198

rdunkle84 · May 31, 2024, 09:03:54 AM

Quote from: jcook on May 23, 2024, 09:15:00 PM
Quote from: rdunkle84 on February 01, 2024, 05:29:21 PM
OPNsense 24.1 aarch64 .... is working well on Orange Pi 5 Plus.

Would you mind sharing your build or the steps you took? I'm trying to get it working on my OPI5+ as well. Thank you.

The first step is to change the firmware of the OPI5+ to use EDK2 firmware.
https://github.com/edk2-porting/edk2-rk3588
If you do that then you can use the OPNsense images.

Maurice · June 01, 2024, 01:41:53 AM

OPNsense 24.1.8 aarch64 packages and sets released.

Thanks @Monviech, https://github.com/opnsense/tools/pull/413 fixed it.

Maurice · June 19, 2024, 02:39:45 PM

OPNsense 24.1.9 aarch64 packages and sets released.

[Update 2024-06-20]
Hotfix 24.1.9_3 released.

[Update 2024-06-21]
Hotfix 24.1.9_4 released.

Maurice · July 13, 2024, 07:00:43 PM

OPNsense 24.1.10 aarch64 packages and sets released. Includes hotfix 24.1.10_2.

[Update 2024-07-15]
Hotfix 24.1.10_3 released.

Maurice · July 17, 2024, 05:53:13 PM

OPNsense 24.7.r1 aarch64 packages and sets released.

This is mostly a test for my new FreeBSD 14.1 build system. There is no supported upgrade path from 24.1 yet. But if you are in the mood for experiments, you could upgrade manually. Be aware that your config may not be migrated properly, so don't use on production systems:

Code Select


fetch -o /usr/local/etc/pkg/fingerprints/OPNsense/trusted https://opnsense-update.walker.earth/FreeBSD:14:aarch64/24.7/opnsense-update.walker.earth.20240618
opnsense-update -u -a FreeBSD:14:aarch64 -A 24.7 -r 24.7.r1

You're also welcome to test one of the 24.7.r1 VM images from my GitHub.

My 24.7-aarch64 builds use a new signing key. The fingerprint will be included in ~~24.1.11~~ 24.1.10_8. The new public key is:

Code Select

franco · July 17, 2024, 10:12:48 PM

Awesome, thanks for doing this!

Maurice · July 18, 2024, 03:19:16 PM

Having a little side project which requires some attention on a regular basis helps me stay connected to the OPNsense project, even in times when I'm not really active here otherwise.

I don't have any Web server logs enabled, but the repo server's interface statistics currently show about 25 GB upload per month. Not a lot, but at least a few people seem to be using it and I'm not doing this just for myself. 😅

Maurice · July 20, 2024, 11:42:00 PM

OPNsense 24.7.r2 aarch64 packages and sets released.

Maurice · July 26, 2024, 01:17:35 AM

OPNsense 24.7 aarch64 packages and sets released.

[Update 2024-07-27]
Hotfix 24.7_5 released.

[Update 2024-07-29]
Hotfix 24.7_9 released.

The upgrade path from 24.1.x is the same as on amd64 - update to OPNsense 24.1.10_8 (also released today) to unlock the upgrade.

franco · July 26, 2024, 08:13:11 AM

Neat! If you notice I have polished the "aux" set for mirror publication. It may help some people to avoid long build times by caching rust and cmake in particular...

Also hotfix incoming today. Better safe than sorry. :)

Cheers,
Franco

Maurice · July 26, 2024, 10:11:30 AM

Yes, I did notice and published the aux set as well. 8)
Rust is ignored on aarch64 though, so it's just cmake and go.

What would a major release be without a day 2 hotfix! ;D

Cheers
Maurice

franco · July 26, 2024, 10:23:46 AM

Always one step ahead it seems. :)

Time to change the rust/suricata situation maybe?

Cheers,
Franco

Maurice · July 30, 2024, 02:04:50 AM

Hm, what exactly is the current Rust / Suricata situation?

franco · July 30, 2024, 07:39:59 AM

It works without hiccups build-wise on amd64 these days. I think it had trouble building aarch64 which is why we disabled it?

https://github.com/opnsense/core/commit/f098b3a9ba1

Apparently some time ago in 2019 ;)

May have been for 32-bit ARM anyway. It's worth trying it on your end and raise a PR if it works.

Cheers,
Franco

OPNsense aarch64 firmware repository

Monviech (Cedrik)

May 30, 2024, 08:47:32 PM #75 Last Edit: May 31, 2024, 09:47:47 AM by Monviech

rdunkle84

May 31, 2024, 09:03:54 AM #76

Maurice

June 01, 2024, 01:41:53 AM #77

Maurice

June 19, 2024, 02:39:45 PM #78 Last Edit: June 21, 2024, 07:43:48 PM by Maurice

Maurice

July 13, 2024, 07:00:43 PM #79 Last Edit: July 16, 2024, 12:32:34 AM by Maurice

Maurice

July 17, 2024, 05:53:13 PM #80 Last Edit: July 26, 2024, 12:56:56 AM by Maurice

franco

July 17, 2024, 10:12:48 PM #81

Maurice

July 18, 2024, 03:19:16 PM #82

Maurice

July 20, 2024, 11:42:00 PM #83

Maurice

July 26, 2024, 01:17:35 AM #84 Last Edit: July 30, 2024, 01:03:48 AM by Maurice

franco

July 26, 2024, 08:13:11 AM #85

Maurice

July 26, 2024, 10:11:30 AM #86

franco

July 26, 2024, 10:23:46 AM #87

Maurice

July 30, 2024, 02:04:50 AM #88

franco

July 30, 2024, 07:39:59 AM #89