OPNsense aarch64 firmware repository

Started by Maurice, September 06, 2023, 07:28:35 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 11 12 13
User actions
November 19, 2025, 10:42:18 PM #180
Hey Franco,

Nice!

I don't use maurice-w/opnsense-core for building OPNsense aarch64. When starting the build process, a script locally injects my fingerprints and custom mirror into opnsense/core and makes a plist-fix.

Your patch to opnsense-bootstrap might motivate me to change this. I'll look into it!

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
November 20, 2025, 12:46:38 AM #181
@franco

Looking better? Want to give it a try? Feedback welcome!

https://github.com/opnsense/core/compare/stable/25.7...maurice-w:opnsense-core:stable/25.7
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
November 20, 2025, 06:08:36 PM #182
Thanks, this works nicely. Now I can get the fingerprints back if I install a development version from our repo. This is still not optimal but it helps and I'll keep pondering about it. I also pushed the man page update for the opnsense-bootstrap change.

FWIW, I don't think you strictly need to change opnsense.xml as your inject the correct mirror into the configuration as it seems. But I was wondering where it reads the default from anyway which is the OPNsense.conf file so I think you don't even need to do that and "(default)" should just work.

Maybe we can hide the other repositories for aarch64 on opnsense.xml but I'm not sure yet.


Cheers,
Franco
November 20, 2025, 07:06:14 PM #183
I was indeed wondering which mirror gets used with the default "(default)" setting. That's kind of obfuscated. 😅 But I eventually figured out that opnsense-update reads the "url" value from repos/OPNsense.conf, which does get set to CORE_PACKAGESITE at build time.

Until now, I didn't modify CORE_PACKAGESITE, hence I had to inject my mirror into config.xml.sample. Starting with 25.7.8 I will stop doing this since it's no longer necessary with the correct CORE_PACKAGESITE.

Modifying repositories/opnsense.xml isn't really necessary, correct. I just thought it would make sense to remove the amd64 mirrors while I'm at it.
Going forward, it might make sense to add an "architecture" property to each mirror in repositories/opnsense.xml. Mirrors could offer a single or multiple architectures. The GUI then could only display the mirrors which offer the system's architecture.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
November 20, 2025, 07:58:34 PM #184
That makes sense then. Happy to see this progress.  :)

We could indeed annotate the mirrors with the architectures, but keep in mind when we would add an architecture then these mirrors are invalid until declared otherwise in a release. Perhaps a minor thing, but it indicates manual maintenance which may not be worth the effort.


Cheers,
Franco
November 26, 2025, 08:10:33 PM #185 Last Edit: Today at 12:16:23 AM by Maurice Reason: opnsense-update 25.7.8_1
OPNsense 25.7.8 aarch64 packages and sets released.

[Update 2025-11-27]
opnsense-update 25.7.8_1 released.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
November 26, 2025, 08:34:30 PM #186
@Franco Changing the CORE_PACKAGESITE worked, but it has a side effect - changelogs and bogons can't be downloaded anymore.

We had a similar issue before (there is no aarch64 path on pkg.opnsense.org); you then hardcoded amd64 for downloading these:
https://github.com/opnsense/core/commit/f35db24e

But later, you replaced the hardcoded pkg.opnsense.org with opnsense-update -X:
https://github.com/opnsense/core/commit/b8b3da07

Result after changing CORE_PACKAGESITE:
Fetching changelog information, please wait... fetch: https://opnsense-update.walker.earth/FreeBSD:14:amd64/25.7/sets/changelog.txz: Not Found

Ideas?
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
November 26, 2025, 09:23:01 PM #187
If it's pinning the architecture we can also pin the hostname then. BRB!
November 26, 2025, 09:27:16 PM #188
Hrm, maybe we should remove the "pin" feature and default to your server... would you mind syncing bogons.txz and changelog.txz plus sigs to your server?


Cheers,
Franco
November 26, 2025, 09:52:21 PM #189
Sure, done! That was one of the options we discussed back then.
How often do the bogons get updated? I'd probably just update them along with the changelog.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
November 26, 2025, 10:31:46 PM #190
There's no strict science behind it. Best to pull them once a day if that's ok for you.

Let me remove the pin thing.
November 26, 2025, 10:35:34 PM #191
https://github.com/opnsense/update/commit/4a0f4301adb9a

If you weave that into opnsense-update package with a revision change it should work again :)


Cheers,
Franco
Today at 12:10:29 AM #192
Done, works! Thanks a lot!

https://opnsense-update.walker.earth/FreeBSD:14:aarch64/25.7/latest/All/opnsense-update-25.7.8_1.pkg

And I created a cron job on the server for fetching the bogons daily.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Today at 12:54:08 PM #193
Great, thanks for doing this.


Cheers,
Franco
Print
Go Up Pages 1 ... 11 12 13
User actions