├── config └── 25.7 │ ├── kernel.default │ ├── skim.conf │ ├── build.conf │ ├── aux.conf │ ├── kernel.debug │ ├── src.conf │ ├── SMP-ARM │ ├── SMP │ ├── plugins.conf │ ├── extras.conf │ ├── make.conf │ ├── ports.conf │ └── base.obsolete.amd64 ├── .gitignore ├── scripts ├── pkg_fingerprint.sh ├── pkg_sign.sh └── parse_ports_log.py ├── device ├── A10.conf ├── ARM64.conf ├── R4S.conf ├── ROCKPRO64.conf └── RPI.conf ├── LICENSE ├── composite ├── pkgver.sh ├── distribution.sh ├── factory.sh ├── watch.sh ├── custom.sh ├── hotfix.sh └── nightly.sh ├── Makefile └── README.md /config/25.7/kernel.default: -------------------------------------------------------------------------------- 1 | # included from kernel.default 2 | nomakeoptions DEBUG 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /config/*/build.conf.local 2 | /config/*/plugins.conf.local 3 | /config/*/repo.key 4 | /config/*/repo.pub 5 | -------------------------------------------------------------------------------- /config/25.7/skim.conf: -------------------------------------------------------------------------------- 1 | devel/boost-all 2 | net/dhcp6 3 | ports-mgmt/portlint 4 | security/krb5 5 | security/vuxml 6 | www/caddy 7 | -------------------------------------------------------------------------------- /config/25.7/build.conf: -------------------------------------------------------------------------------- 1 | APACHE?= 24 2 | LUA?= 5.4 3 | OS?= 14.3 4 | PERL?= 5.42 5 | PHP?= 83 6 | PYTHON?= 311 7 | RUBY?= 33 8 | SSL?= openssl 9 | -------------------------------------------------------------------------------- /config/25.7/aux.conf: -------------------------------------------------------------------------------- 1 | #ORIGIN IGNORE 2 | devel/binutils 3 | devel/cmake-core 4 | lang/go120 5 | lang/go121 6 | lang/go122 7 | lang/go123 8 | lang/go124 9 | lang/rust 10 | -------------------------------------------------------------------------------- /scripts/pkg_fingerprint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | PUBKEY=${1} 4 | 5 | if [ -n "${PUBKEY}" -a -f "${PUBKEY}" ]; then 6 | echo "function: \"sha256\"" 7 | echo "fingerprint: \"$(sha256 -q ${PUBKEY})\"" 8 | fi 9 | -------------------------------------------------------------------------------- /scripts/pkg_sign.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | PUBKEY=${1} 4 | PRIVKEY=${2} 5 | 6 | read -t 30 SUM 7 | [ -z "${SUM}" ] && exit 1 8 | echo SIGNATURE 9 | echo -n ${SUM} | openssl dgst -sign "${PRIVKEY}" -sha256 -binary 10 | echo 11 | echo CERT 12 | cat "${PUBKEY}" 13 | echo END 14 | -------------------------------------------------------------------------------- /config/25.7/kernel.debug: -------------------------------------------------------------------------------- 1 | # included from kernel.debug 2 | makeoptions DEBUG=-g 3 | makeoptions WITH_CTF=1 4 | options INVARIANTS 5 | options INVARIANT_SUPPORT 6 | options KASSERT_PANIC_OPTIONAL 7 | options KDTRACE_HOOKS 8 | options KDTRACE_FRAME 9 | options DDB_CTF 10 | #options KASAN # heavy network performance degradation 11 | -------------------------------------------------------------------------------- /device/A10.conf: -------------------------------------------------------------------------------- 1 | # https://www.deciso.com/netboard-a10/ 2 | 3 | serial_hook() 4 | { 5 | # We do not require any custom hooks for the A10, but for 6 | # the sake of demonstration, we keep this little stub. :) 7 | 8 | : # prevent syntax error 9 | } 10 | 11 | # unset this for generic device handling, i.e. no device suffix 12 | unset PRODUCT_DEVICE 13 | -------------------------------------------------------------------------------- /device/ARM64.conf: -------------------------------------------------------------------------------- 1 | # for generic ARM64 machine 2 | # such as qemu & ESXi virtual machines 3 | 4 | export PRODUCT_KERNEL=SMP-ARM 5 | export PRODUCT_TARGET=arm64 6 | export PRODUCT_ARCH=aarch64 7 | export PRODUCT_WANTS_CROSS="aarch64-binutils qemu-user-static" 8 | 9 | # unset this for generic device handling, i.e. no device suffix 10 | unset PRODUCT_DEVICE 11 | 12 | arm_install_uboot() 13 | { 14 | } 15 | -------------------------------------------------------------------------------- /device/R4S.conf: -------------------------------------------------------------------------------- 1 | # FriendlyARM NanoPi-R4S (4GB/LPDDR4) 2 | # https://wiki.friendlyarm.com/wiki/index.php/NanoPi_R4S 3 | 4 | export MAKE_ARGS_DEV=" 5 | UBLDR_LOADADDR=0x42000000 6 | " 7 | 8 | export PRODUCT_KERNEL=SMP-ARM 9 | export PRODUCT_TARGET=arm64 10 | export PRODUCT_ARCH=aarch64 11 | export PRODUCT_WANTS="u-boot-nanopi-r4s" 12 | export PRODUCT_WANTS_CROSS="aarch64-binutils qemu-user-static" 13 | export PRODUCT_COMSPEED=1500000 14 | 15 | export ARM_FAT_SIZE="32m -b 16m" 16 | 17 | export ARM_UBOOT_DIR="/usr/local/share/u-boot/u-boot-nanopi-r4s" 18 | 19 | arm_install_uboot() 20 | { 21 | sysctl kern.geom.debugflags=0x10 22 | dd if=${ARM_UBOOT_DIR}/idbloader.img of=/dev/${DEV} seek=64 bs=512 conv=sync 23 | dd if=${ARM_UBOOT_DIR}/u-boot.itb of=/dev/${DEV} seek=16384 bs=512 conv=sync 24 | sysctl kern.geom.debugflags=0x0 25 | } 26 | -------------------------------------------------------------------------------- /device/ROCKPRO64.conf: -------------------------------------------------------------------------------- 1 | # Pine64 RockPro64 (4GB/LPDDR4) 2 | # https://wiki.pine64.org/wiki/ROCKPro64 3 | 4 | export MAKE_ARGS_DEV=" 5 | UBLDR_LOADADDR=0x42000000 6 | " 7 | 8 | export PRODUCT_KERNEL=SMP-ARM 9 | export PRODUCT_TARGET=arm64 10 | export PRODUCT_ARCH=aarch64 11 | export PRODUCT_WANTS="u-boot-rockpro64" 12 | export PRODUCT_WANTS_CROSS="aarch64-binutils qemu-user-static" 13 | export PRODUCT_COMSPEED=1500000 14 | 15 | export ARM_FAT_SIZE="32m -b 16m" 16 | 17 | export ARM_UBOOT_DIR="/usr/local/share/u-boot/u-boot-rockpro64" 18 | 19 | arm_install_uboot() 20 | { 21 | sysctl kern.geom.debugflags=0x10 22 | dd if=${ARM_UBOOT_DIR}/idbloader.img of=/dev/${DEV} seek=64 bs=512 conv=sync 23 | dd if=${ARM_UBOOT_DIR}/u-boot.itb of=/dev/${DEV} seek=16384 bs=512 conv=sync 24 | cp -pr ${STAGEDIR}/boot/dtb ${STAGEDIR}/boot/msdos 25 | sysctl kern.geom.debugflags=0x0 26 | } 27 | -------------------------------------------------------------------------------- /config/25.7/src.conf: -------------------------------------------------------------------------------- 1 | WITHOUT_ASSERT_DEBUG=yes 2 | WITHOUT_ATM=yes 3 | WITHOUT_AUDIT=yes 4 | WITHOUT_AUTHPF=yes 5 | WITHOUT_CALENDAR=yes 6 | WITHOUT_CLANG_FULL=yes 7 | WITHOUT_CLEAN=yes 8 | WITHOUT_DICT=yes 9 | WITHOUT_EXAMPLES=yes 10 | WITHOUT_FREEBSD_UPDATE=yes 11 | WITHOUT_GAMES=yes 12 | WITHOUT_HTML=yes 13 | WITHOUT_IPFILTER=yes 14 | WITHOUT_KERBEROS=yes 15 | WITHOUT_LIB32=yes 16 | WITHOUT_MAIL=yes 17 | WITHOUT_NCP=yes 18 | WITHOUT_NIS=yes 19 | WITHOUT_NLS=yes 20 | WITHOUT_NLS_CATALOGS=yes 21 | WITHOUT_NS_CACHING=yes 22 | WITHOUT_NTP=yes 23 | WITHOUT_OFED=yes 24 | WITHOUT_OPENSSH=yes 25 | WITHOUT_PC_SYSINSTALL=yes 26 | WITHOUT_PORTSNAP=yes 27 | WITHOUT_PROFILE=yes 28 | WITHOUT_QUOTAS=yes 29 | WITHOUT_RESCUE=yes 30 | WITHOUT_SETUID_LOGIN=yes 31 | WITHOUT_SHAREDOCS=yes 32 | WITHOUT_SVN=yes 33 | WITHOUT_SVNLITE=yes 34 | WITHOUT_TALK=yes 35 | WITHOUT_TESTS=yes 36 | WITHOUT_UNBOUND=yes 37 | WITH_TESTS_SUPPORT=yes 38 | -------------------------------------------------------------------------------- /config/25.7/SMP-ARM: -------------------------------------------------------------------------------- 1 | include GENERIC 2 | 3 | ident SMP 4 | 5 | %%DEBUG%% 6 | 7 | options DDB 8 | options GEOM_BDE 9 | options GEOM_ELI 10 | options GEOM_MIRROR 11 | options IPFIREWALL_DEFAULT_TO_ACCEPT 12 | options IPFIREWALL_VERBOSE 13 | options IPSTEALTH 14 | options MROUTING 15 | options PPS_SYNC 16 | options RSS 17 | options TCP_SIGNATURE 18 | 19 | # Additional built-in devices 20 | #device bwi 21 | device bwn 22 | #device rum 23 | #device run 24 | device u3g 25 | device uark 26 | #device uath 27 | device uftdi 28 | device umct 29 | device umodem 30 | #device upgt 31 | device uplcom 32 | #device ural 33 | #device urtw 34 | device uvisor 35 | device uvscom 36 | #device zyd 37 | 38 | # Wireless features 39 | device wlan_acl 40 | device wlan_xauth 41 | 42 | # Not all architectures have a consistent GENERIC 43 | device netmap 44 | 45 | # Crashes when added to loader.conf 46 | #device speaker 47 | 48 | # ARM specific 49 | device ucom 50 | device usb 51 | -------------------------------------------------------------------------------- /config/25.7/SMP: -------------------------------------------------------------------------------- 1 | include GENERIC 2 | 3 | ident SMP 4 | 5 | %%DEBUG%% 6 | 7 | options DDB 8 | options GEOM_BDE 9 | options GEOM_ELI 10 | options GEOM_MIRROR 11 | options GEOM_UZIP 12 | options IPFIREWALL_DEFAULT_TO_ACCEPT 13 | options IPFIREWALL_VERBOSE 14 | options IPSTEALTH 15 | options MROUTING 16 | options PPS_SYNC 17 | options RSS 18 | options TCP_SIGNATURE 19 | 20 | # Additional built-in devices 21 | device bwi 22 | device bwn 23 | device rum 24 | device run 25 | device u3g 26 | device uark 27 | device uath 28 | device uftdi 29 | device umct 30 | device umodem 31 | device upgt 32 | device uplcom 33 | device ural 34 | device urtw 35 | device uvisor 36 | device uvscom 37 | device zyd 38 | 39 | # Wireless features 40 | device wlan_acl 41 | device wlan_xauth 42 | 43 | # Not all architectures have a consistent GENERIC 44 | device netmap 45 | 46 | # Crashes when added to loader.conf 47 | device speaker 48 | 49 | # Broken and not needed 50 | nodevice agp # agp_close() panic with zpool-import 51 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014-2025 Franco Fichtner 2 | Copyright (c) 2015-2017 The FreeBSD Foundation 3 | Copyright (c) 2004-2011 Scott Ullrich 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 20 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 23 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 25 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | -------------------------------------------------------------------------------- /device/RPI.conf: -------------------------------------------------------------------------------- 1 | # https://www.raspberrypi.org/products/raspberry-pi-3-model-b/ 2 | # https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/ 3 | # https://www.raspberrypi.com/products/compute-module-3/ 4 | # https://www.raspberrypi.com/products/raspberry-pi-4-model-b/ 5 | # https://www.raspberrypi.com/products/compute-module-4-io-board/ 6 | # https://www.raspberrypi.com/products/compute-module-4/ 7 | # https://www.raspberrypi.com/products/compute-module-4s/ 8 | 9 | export MAKE_ARGS_DEV=" 10 | UBLDR_LOADADDR=0x42000000 11 | " 12 | 13 | export PRODUCT_KERNEL=SMP-ARM 14 | export PRODUCT_TARGET=arm64 15 | export PRODUCT_ARCH=aarch64 16 | export PRODUCT_WANTS="u-boot-rpi4 rpi-firmware" 17 | export PRODUCT_WANTS_CROSS="aarch64-binutils qemu-user-static" 18 | 19 | export ARM_FIRMWARE_DIR="/usr/local/share/rpi-firmware" 20 | export ARM_UBOOT_DIR="/usr/local/share/u-boot/u-boot-rpi4" 21 | 22 | arm_install_uboot() 23 | { 24 | cp -p ${ARM_FIRMWARE_DIR}/LICENCE.broadcom ${STAGEDIR}/boot/msdos 25 | cp -p ${ARM_FIRMWARE_DIR}/armstub8*.bin ${STAGEDIR}/boot/msdos 26 | cp -p ${ARM_FIRMWARE_DIR}/bcm2710-rpi-3-b*.dtb ${STAGEDIR}/boot/msdos 27 | cp -p ${ARM_FIRMWARE_DIR}/bcm2710-rpi-cm*.dtb ${STAGEDIR}/boot/msdos 28 | cp -p ${ARM_FIRMWARE_DIR}/bcm2711-rpi-4-b.dtb ${STAGEDIR}/boot/msdos 29 | cp -p ${ARM_FIRMWARE_DIR}/bcm2711-rpi-cm*.dtb ${STAGEDIR}/boot/msdos 30 | cp -p ${ARM_FIRMWARE_DIR}/bootcode.bin ${STAGEDIR}/boot/msdos 31 | cp -p ${ARM_FIRMWARE_DIR}/config_rpi3.txt ${STAGEDIR}/boot/msdos 32 | cp -p ${ARM_FIRMWARE_DIR}/config_rpi4.txt ${STAGEDIR}/boot/msdos 33 | cp -p ${ARM_FIRMWARE_DIR}/fixup*.dat ${STAGEDIR}/boot/msdos 34 | cp -p ${ARM_FIRMWARE_DIR}/start*.elf ${STAGEDIR}/boot/msdos 35 | cp -pr ${ARM_FIRMWARE_DIR}/overlays ${STAGEDIR}/boot/msdos/overlays 36 | cp -pr ${STAGEDIR}/boot/dtb ${STAGEDIR}/boot/msdos/dtb 37 | cp -p ${ARM_UBOOT_DIR}/README ${STAGEDIR}/boot/msdos 38 | cp -p ${ARM_UBOOT_DIR}/u-boot.bin ${STAGEDIR}/boot/msdos 39 | } 40 | -------------------------------------------------------------------------------- /composite/pkgver.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2025 Franco Fichtner 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions 7 | # are met: 8 | # 9 | # 1. Redistributions of source code must retain the above copyright 10 | # notice, this list of conditions and the following disclaimer. 11 | # 12 | # 2. Redistributions in binary form must reproduce the above copyright 13 | # notice, this list of conditions and the following disclaimer in the 14 | # documentation and/or other materials provided with the distribution. 15 | # 16 | # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 | # SUCH DAMAGE. 27 | 28 | set -e 29 | 30 | VERSIONS=$(make list-packages | grep All/ | sort) 31 | TARGETS=$(echo ${1} | tr ',' ' ') 32 | 33 | for TARGET in ${TARGETS}; do 34 | RESULT=$(echo "${VERSIONS}" | (grep -i "/${TARGET}-[0-9]" || true)) 35 | if [ -z "${RESULT}" ]; then 36 | echo "${TARGET}: N/A" 37 | else 38 | RESULT=${RESULT##*-} 39 | echo "${TARGET}:" ${RESULT%.pkg} 40 | fi 41 | done 42 | 43 | if [ -z ${TARGET} ]; then 44 | for RESULT in ${VERSIONS}; do 45 | RESULT=${RESULT#./All/} 46 | TARGET=${RESULT%-*} 47 | RESULT=${RESULT##*-} 48 | echo "${TARGET}:" ${RESULT%.pkg} 49 | done 50 | fi 51 | -------------------------------------------------------------------------------- /composite/distribution.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2021-2022 Franco Fichtner 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions 7 | # are met: 8 | # 9 | # 1. Redistributions of source code must retain the above copyright 10 | # notice, this list of conditions and the following disclaimer. 11 | # 12 | # 2. Redistributions in binary form must reproduce the above copyright 13 | # notice, this list of conditions and the following disclaimer in the 14 | # documentation and/or other materials provided with the distribution. 15 | # 16 | # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 | # SUCH DAMAGE. 27 | 28 | eval "$(make print-PRODUCT_ARCH,PRODUCT_CORE,SETSDIR)" 29 | 30 | PACKAGESET=$(find ${SETSDIR} -name "packages-*-${PRODUCT_ARCH}.tar") 31 | 32 | if [ ! -f "${PACKAGESET}" ]; then 33 | echo ">>> Cannot continue without packages set" 34 | exit 1 35 | fi 36 | 37 | COREFILE=$(tar -tf ${PACKAGESET} | grep -x "\./All/${PRODUCT_CORE}-[0-9].*\.pkg") 38 | 39 | if [ -z "${COREFILE}" ]; then 40 | echo ">>> Cannot continue without core package: ${PRODUCT_CORE}" 41 | exit 1 42 | fi 43 | 44 | COREFILE=$(basename ${COREFILE%%.pkg}) 45 | COREFILE=$(basename ${COREFILE%%_*}) 46 | 47 | make clean-obj,release,images release VERSION=${COREFILE##*-} 48 | -------------------------------------------------------------------------------- /composite/factory.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2022 Franco Fichtner 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions 7 | # are met: 8 | # 9 | # 1. Redistributions of source code must retain the above copyright 10 | # notice, this list of conditions and the following disclaimer. 11 | # 12 | # 2. Redistributions in binary form must reproduce the above copyright 13 | # notice, this list of conditions and the following disclaimer in the 14 | # documentation and/or other materials provided with the distribution. 15 | # 16 | # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 | # SUCH DAMAGE. 27 | 28 | eval "$(make print-PRODUCT_ARCH,PRODUCT_CORE,PRODUCT_ZFS,SETSDIR)" 29 | 30 | PACKAGESET=$(find ${SETSDIR} -name "packages-*-${PRODUCT_ARCH}.tar") 31 | 32 | if [ ! -f "${PACKAGESET}" ]; then 33 | echo ">>> Cannot continue without packages set" 34 | exit 1 35 | fi 36 | 37 | COREFILE=$(tar -tf ${PACKAGESET} | grep -x "\./All/${PRODUCT_CORE}-[0-9].*\.pkg") 38 | 39 | if [ -z "${COREFILE}" ]; then 40 | echo ">>> Cannot continue without core package: ${PRODUCT_CORE}" 41 | exit 1 42 | fi 43 | 44 | COREFILE=$(basename ${COREFILE%%.pkg}) 45 | 46 | FS=ufs 47 | if [ -n "${PRODUCT_ZFS}" ]; then 48 | FS=zfs 49 | fi 50 | 51 | make vm-raw,4G,never,serial compress-vm VERSION=${COREFILE##*-}-${FS} 52 | -------------------------------------------------------------------------------- /composite/watch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2022-2023 Franco Fichtner 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions 7 | # are met: 8 | # 9 | # 1. Redistributions of source code must retain the above copyright 10 | # notice, this list of conditions and the following disclaimer. 11 | # 12 | # 2. Redistributions in binary form must reproduce the above copyright 13 | # notice, this list of conditions and the following disclaimer in the 14 | # documentation and/or other materials provided with the distribution. 15 | # 16 | # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 | # SUCH DAMAGE. 27 | 28 | eval "$(make print-LOGSDIR)" 29 | 30 | CURRENTDIR=$(find -s ${LOGSDIR} -type d -depth 1 \! -name latest | tail -n1) 31 | LOGSTEP=${1} 32 | 33 | if [ -z "${CURRENTDIR}" ]; then 34 | echo "No logs were found" 35 | return 36 | fi 37 | 38 | if [ -z "${LOGSTEP}" ]; then 39 | echo nightly build $(basename ${CURRENTDIR}) 40 | echo ========================== 41 | for CURRENTLOG in $(find -s ${CURRENTDIR} -name "??-*.log"); do 42 | CURRENTRET=running 43 | if [ -f ${CURRENTLOG}.ok ]; then 44 | CURRENTRET=ok 45 | elif [ -f ${CURRENTLOG}.err ]; then 46 | CURRENTRET=error 47 | fi 48 | CURRENTLOG=${CURRENTLOG#"${CURRENTDIR}/"} 49 | CURRENTLOG=${CURRENTLOG%.log} 50 | CURRENTLOG=${CURRENTLOG#*-} 51 | echo ${CURRENTLOG}: ${CURRENTRET} 52 | done 53 | else 54 | for CURRENTLOG in $(find ${CURRENTDIR} -name "??-${LOGSTEP}.log"); do 55 | if [ -f ${CURRENTLOG}.ok -o -f ${CURRENTLOG}.err ]; then 56 | less ${CURRENTLOG} 57 | else 58 | tail -f ${CURRENTLOG} 59 | fi 60 | break 61 | done 62 | fi 63 | -------------------------------------------------------------------------------- /config/25.7/plugins.conf: -------------------------------------------------------------------------------- 1 | #ORIGIN IGNORE 2 | benchmarks/iperf 3 | databases/redis 4 | devel/debug 5 | devel/grid_example 6 | devel/helloworld 7 | dns/bind 8 | dns/ddclient 9 | dns/dnscrypt-proxy 10 | dns/rfc2136 11 | emulators/qemu-guest-agent 12 | ftp/tftp 13 | mail/postfix 14 | mail/rspamd 15 | misc/theme-advanced 16 | misc/theme-cicada 17 | misc/theme-rebellion 18 | misc/theme-tukan 19 | misc/theme-vicuna 20 | net-mgmt/collectd 21 | net-mgmt/lldpd 22 | net-mgmt/net-snmp 23 | net-mgmt/netdata 24 | net-mgmt/nrpe 25 | net-mgmt/telegraf 26 | net-mgmt/zabbix-agent@zabbix6 27 | net-mgmt/zabbix-agent@zabbix7 28 | net-mgmt/zabbix-agent@zabbix72 29 | net-mgmt/zabbix-agent@zabbix74 30 | net-mgmt/zabbix-proxy@zabbix6 31 | net-mgmt/zabbix-proxy@zabbix7 32 | net-mgmt/zabbix-proxy@zabbix72 33 | net-mgmt/zabbix-proxy@zabbix74 34 | net/chrony 35 | net/freeradius 36 | net/frr 37 | net/ftp-proxy 38 | net/google-cloud-sdk 39 | net/haproxy 40 | net/igmp-proxy 41 | net/mdns-repeater 42 | net/ndproxy 43 | net/ntopng 44 | net/radsecproxy 45 | net/realtek-re 46 | net/relayd 47 | net/shadowsocks 48 | net/siproxd 49 | net/sslh 50 | net/tayga 51 | net/turnserver 52 | net/udpbroadcastrelay 53 | net/upnp 54 | net/vnstat 55 | net/wol 56 | net/zerotier 57 | security/acme-client 58 | security/clamav 59 | security/crowdsec 60 | security/etpro-telemetry 61 | security/intrusion-detection-content-et-open 62 | security/intrusion-detection-content-et-pro 63 | security/intrusion-detection-content-pt-open 64 | security/intrusion-detection-content-snort-vrt 65 | security/maltrail 66 | security/netbird 67 | security/openconnect 68 | security/openvpn-legacy 69 | security/strongswan-legacy 70 | security/stunnel 71 | security/tailscale 72 | security/tinc 73 | security/tor 74 | security/wazuh-agent 75 | sysutils/apcupsd 76 | sysutils/apuled 77 | sysutils/beats 78 | sysutils/cpu-microcode@amd aarch64 79 | sysutils/cpu-microcode@intel aarch64 80 | sysutils/dec-hw aarch64 81 | sysutils/dmidecode 82 | sysutils/gdrive-backup 83 | sysutils/git-backup 84 | sysutils/hw-probe 85 | sysutils/lcdproc-sdeclcd aarch64 86 | sysutils/munin-node 87 | sysutils/nextcloud-backup 88 | sysutils/node_exporter 89 | sysutils/nut aarch64 90 | sysutils/puppet-agent 91 | sysutils/sftp-backup 92 | sysutils/smart 93 | sysutils/virtualbox aarch64 94 | sysutils/vmware 95 | sysutils/xen aarch64 96 | vendor/sunnyvalley aarch64 97 | www/c-icap 98 | www/cache 99 | www/caddy 100 | www/nginx 101 | www/OPNProxy 102 | www/squid 103 | www/web-proxy-sso 104 | -------------------------------------------------------------------------------- /composite/custom.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2023 Franco Fichtner 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions 7 | # are met: 8 | # 9 | # 1. Redistributions of source code must retain the above copyright 10 | # notice, this list of conditions and the following disclaimer. 11 | # 12 | # 2. Redistributions in binary form must reproduce the above copyright 13 | # notice, this list of conditions and the following disclaimer in the 14 | # documentation and/or other materials provided with the distribution. 15 | # 16 | # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 | # SUCH DAMAGE. 27 | 28 | IMAGE=${1} 29 | 30 | set -e 31 | 32 | eval "$(make print-PLUGINSDIR,PLUGINSENV)" 33 | 34 | # handle path-based plugins as custom install for target image 35 | MISSING= 36 | PLUGINS= 37 | PRESENT= 38 | 39 | if [ -n "${ADDITIONS}" ]; then 40 | for ADDITION in ${ADDITIONS}; do 41 | if [ -z "${ADDITION##*/*}" ]; then 42 | MISSING="${MISSING} ${ADDITION}" 43 | else 44 | PRESENT="${PRESENT} ${ADDITION}" 45 | fi 46 | done 47 | fi 48 | 49 | if [ -z "${IMAGE}" ]; then 50 | echo ">>> Cannot continue without image target" 51 | exit 1 52 | fi 53 | 54 | ADDITIONS=${PRESENT} 55 | 56 | # assume master branch use but provide stable package (PLUGIN_DEVEL empty) 57 | export PLUGINSBRANCH=master 58 | export EXTRABRANCH= 59 | make update-plugins 60 | 61 | for PLUGIN in ${MISSING}; do 62 | if [ ! -d ${PLUGINSDIR}/${PLUGIN} ]; then 63 | echo ">>> Cannot continue without missing plugin ${PLUGIN}" 64 | exit 1 65 | fi 66 | 67 | # remove previous iterations of the same plugin to be fail-safe 68 | NAME=$(make -C ${PLUGINSDIR}/${PLUGIN} PLUGIN_DEVEL= -v PLUGIN_PKGNAME) 69 | make plugins-${NAME} PLUGINSLIST="${PLUGIN}" PLUGINSENV="${PLUGINSENV} PLUGIN_DEVEL=" 70 | 71 | ADDITIONS="${ADDITIONS} ${NAME}" 72 | PLUGINS="${PLUGINS} ${PLUGIN}" 73 | done 74 | 75 | make clean-${IMAGE} ${IMAGE} ADDITIONS="${ADDITIONS}" 76 | -------------------------------------------------------------------------------- /scripts/parse_ports_log.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3.7 2 | import collections 3 | import argparse 4 | from datetime import datetime 5 | 6 | 7 | def log_reader(filename): 8 | with open(filename ,'rb') as f_in: 9 | for line in f_in: 10 | line = line.decode() 11 | if len(line) >= 22 and line[0] == '[' and line[15] == ']' and line[1:15].isdigit() \ 12 | and line[17:21] == '===>' and line.find(' for ') > -1: 13 | if line.strip().endswith('for building'): 14 | continue 15 | log_rec = collections.namedtuple('record', ['stage', 'package', 'timestamp', 'ts_epoch']) 16 | log_rec.stage = line[22:].split()[0] 17 | log_rec.package = line.split(' for ')[-1].split()[0] 18 | log_rec.timestamp = datetime(*map(lambda x: int(x), ( 19 | line[1:5], line[5:7], line[7:9], line[9:11], line[11:13], line[13:15] 20 | ))) 21 | log_rec.ts_epoch = float(log_rec.timestamp.strftime("%s")) 22 | 23 | yield log_rec 24 | 25 | 26 | parser = argparse.ArgumentParser() 27 | parser.add_argument('filename', help='ports build log filename') 28 | parser.add_argument('--steps', help='show build steps', action="store_true", default=False) 29 | args = parser.parse_args() 30 | 31 | stats = dict() 32 | prev_rec = collections.namedtuple('record', ['stage', 'package', 'timestamp', 'ts_epoch']) 33 | for record in log_reader(args.filename): 34 | if (prev_rec.stage != record.stage or prev_rec.package != record.package) and type(prev_rec.ts_epoch) == float: 35 | if prev_rec.package not in stats: 36 | stats[prev_rec.package] = dict() 37 | stats[prev_rec.package]['__total__'] = 0.0 38 | if prev_rec.stage not in stats[prev_rec.package]: 39 | stats[prev_rec.package][prev_rec.stage] = {'count': 0, 'total_time': 0.0} 40 | 41 | stats[prev_rec.package][prev_rec.stage]['total_time'] += (record.ts_epoch - prev_rec.ts_epoch) 42 | stats[prev_rec.package][prev_rec.stage]['count'] += 1 43 | stats[prev_rec.package]['__total__'] += (record.ts_epoch - prev_rec.ts_epoch) 44 | 45 | prev_rec = record 46 | 47 | total_time = 0.0 48 | for item in sorted(stats.items(), key=lambda x: x[1]['__total__']): 49 | package = item[0] 50 | for stage in sorted(item[1]): 51 | if type(stats[package][stage]) == dict and args.steps: 52 | print ("%-40s %-5.0f seconds [execs : %d]" % ( 53 | "%s[%s]" % (package, stage), 54 | stats[package][stage]['total_time'], 55 | stats[package][stage]['count'] 56 | )) 57 | print ("%-40s %-5.0f seconds" % (package, stats[package]['__total__'])) 58 | total_time += stats[package]['__total__'] 59 | 60 | print ("%-40s %-5.0f seconds" % ("*", total_time)) 61 | -------------------------------------------------------------------------------- /config/25.7/extras.conf: -------------------------------------------------------------------------------- 1 | loader_conf_fixup() 2 | { 3 | # XXX core package needs a little help here... 4 | if [ -f ${1}/usr/local/etc/rc.loader ]; then 5 | chroot ${1} /usr/local/etc/rc.loader 6 | fi 7 | 8 | cat >> ${1}/boot/loader.conf << EOF 9 | kern.cam.boot_delay="10000" 10 | EOF 11 | 12 | if [ "${PRODUCT_SUFFIX}" = "-business" ]; then 13 | cat > ${1}/tmp/mirror.xml << EOF 14 | 15 | https://opnsense-update.deciso.com/FILL-IN-YOUR-LICENSE-HERE 16 | 17 | EOF 18 | sed -i '' -e "//r ${1}/tmp/mirror.xml" ${1}${CONFIG_XML} 19 | rm ${1}/tmp/mirror.xml 20 | fi 21 | } 22 | 23 | arm_hook() 24 | { 25 | loader_conf_fixup ${1} 26 | 27 | cat > ${1}/tmp/arm.xml << EOF 28 | 29 | 30 | ${PRODUCT_COMSPEED} 31 | video 32 | serial 33 | EOF 34 | sed -i '' -e "//r ${1}/tmp/arm.xml" ${1}${CONFIG_XML} 35 | rm ${1}/tmp/arm.xml 36 | 37 | sed -i '' -e '//,/<\/rrd>/d' ${1}${CONFIG_XML} 38 | 39 | echo "-S${PRODUCT_COMSPEED} -D" > ${1}/boot.config 40 | 41 | cat >> ${1}/boot/loader.conf << EOF 42 | beastie_disable="YES" 43 | verbose_loading="YES" 44 | comconsole_speed="${PRODUCT_COMSPEED}" 45 | console="comconsole,vidconsole" 46 | boot_multicons="YES" 47 | boot_serial="YES" 48 | usb_load="YES" 49 | ugen_load="YES" 50 | uhid_load="YES" 51 | ukbd_load="YES" 52 | umass_load="YES" 53 | EOF 54 | 55 | touch ${1}/.probe.for.growfs 56 | } 57 | 58 | dvd_hook() 59 | { 60 | loader_conf_fixup ${1} 61 | } 62 | 63 | nano_hook() 64 | { 65 | loader_conf_fixup ${1} 66 | 67 | cat > ${1}/tmp/nano.xml << EOF 68 | 69 | 70 | ${PRODUCT_COMSPEED} 71 | serial 72 | video 73 | EOF 74 | sed -i '' -e "//r ${1}/tmp/nano.xml" ${1}${CONFIG_XML} 75 | rm ${1}/tmp/nano.xml 76 | 77 | sed -i '' -e "//,/<\/rrd>/d" ${1}${CONFIG_XML} 78 | 79 | echo "-S${PRODUCT_COMSPEED} -h -D" > ${1}/boot.config 80 | 81 | cat >> ${1}/boot/loader.conf << EOF 82 | comconsole_speed="${PRODUCT_COMSPEED}" 83 | console="comconsole,vidconsole" 84 | boot_multicons="YES" 85 | boot_serial="YES" 86 | EOF 87 | 88 | touch ${1}/.probe.for.growfs 89 | } 90 | 91 | serial_hook() 92 | { 93 | loader_conf_fixup ${1} 94 | 95 | cat > ${1}/tmp/serial.xml << EOF 96 | ${PRODUCT_COMSPEED} 97 | serial 98 | EOF 99 | sed -i '' -e "//r ${1}/tmp/serial.xml" ${1}${CONFIG_XML} 100 | rm ${1}/tmp/serial.xml 101 | 102 | echo "-S${PRODUCT_COMSPEED} -h" > ${1}/boot.config 103 | 104 | cat >> ${1}/boot/loader.conf << EOF 105 | comconsole_speed="${PRODUCT_COMSPEED}" 106 | console="comconsole" 107 | boot_serial="YES" 108 | EOF 109 | } 110 | 111 | vga_hook() 112 | { 113 | loader_conf_fixup ${1} 114 | } 115 | 116 | vm_hook() 117 | { 118 | loader_conf_fixup ${1} 119 | 120 | touch ${1}/.probe.for.growfs 121 | } 122 | -------------------------------------------------------------------------------- /composite/hotfix.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2017-2024 Franco Fichtner 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions 7 | # are met: 8 | # 9 | # 1. Redistributions of source code must retain the above copyright 10 | # notice, this list of conditions and the following disclaimer. 11 | # 12 | # 2. Redistributions in binary form must reproduce the above copyright 13 | # notice, this list of conditions and the following disclaimer in the 14 | # documentation and/or other materials provided with the distribution. 15 | # 16 | # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 | # SUCH DAMAGE. 27 | 28 | TARGET=${1} 29 | MSGS= 30 | 31 | set -e 32 | 33 | run_stage() 34 | { 35 | STAGE=${1} 36 | ARGS=${2} 37 | ENV=${3} 38 | 39 | if [ -z "${ARGS}" ]; then 40 | return 41 | fi 42 | 43 | make ${STAGE}-${ARGS} PORTSENV="${ENV}" 44 | 45 | if [ -s ${STAGEDIR}/.pkg-msg ]; then 46 | MSGS="${MSGS}$(cat ${STAGEDIR}/.pkg-msg) 47 | " 48 | fi 49 | } 50 | 51 | eval "$(make print-PRODUCT_CORES,PRODUCT_PLUGINS,STAGEDIR)" 52 | 53 | if [ -z "${TARGET}" ]; then 54 | # run everything except ports in hotfix mode 55 | for STAGE in plugins core packages; do 56 | run_stage ${STAGE} hotfix 57 | done 58 | elif [ "${TARGET}" = "plugins" -o "${TARGET}" = "core" -o \ 59 | "${TARGET}" = "ports" ]; then 60 | if [ "${TARGET}" != "ports" ]; then 61 | # force a full rebuild of non-ports 62 | run_stage clean ${TARGET} 63 | fi 64 | 65 | run_stage ${TARGET} hotfix "MISMATCH=no ${PORTSENV}" 66 | 67 | # do not immediately echo what was being printed 68 | MSGS= 69 | else 70 | ARG_PORTS= 71 | ARG_PLUGINS= 72 | ARG_CORE= 73 | 74 | # figure out which stage a package belongs to 75 | for PACKAGE in $(echo ${TARGET} | tr ',' ' '); do 76 | if [ -z "${PRODUCT_CORES%%*"${PACKAGE}"*}" ]; then 77 | if [ -n "${ARG_CORE}" ]; then 78 | ARG_CORE="${ARG_CORE}," 79 | fi 80 | ARG_CORE="${ARG_CORE}${PACKAGE}" 81 | elif [ "${PRODUCT_PLUGINS}" = "${PACKAGE%%-*}-*" ]; then 82 | if [ -n "${ARG_PLUGINS}" ]; then 83 | ARG_PLUGINS="${ARG_PLUGINS}," 84 | fi 85 | ARG_PLUGINS="${ARG_PLUGINS}${PACKAGE}" 86 | else 87 | if [ -n "${ARG_PORTS}" ]; then 88 | ARG_PORTS="${ARG_PORTS}," 89 | fi 90 | ARG_PORTS="${ARG_PORTS}${PACKAGE}" 91 | fi 92 | done 93 | 94 | # run all stages required for this hotfix run 95 | run_stage ports "${ARG_PORTS}" "DEPEND=no PRUNE=no ${PORTSENV}" 96 | run_stage plugins "${ARG_PLUGINS}" 97 | run_stage core "${ARG_CORE}" 98 | run_stage packages hotfix 99 | fi 100 | 101 | if [ -n "${MSGS}" ]; then 102 | echo "==============================================================" 103 | echo ">>> WARNING: The hotfixing provided additional info." 104 | echo -n "${MSGS}" 105 | fi 106 | -------------------------------------------------------------------------------- /config/25.7/make.conf: -------------------------------------------------------------------------------- 1 | # stand-alone glue for dependency detection 2 | 3 | _PRODUCT_ARCH!= uname -p 4 | PRODUCT_ARCH?= ${_PRODUCT_ARCH} 5 | 6 | PRODUCT_PHPBIN?= /usr/local/bin/php 7 | .if exists(${PRODUCT_PHPBIN}) 8 | _PRODUCT_PHP!= ${PRODUCT_PHPBIN} -v 9 | PRODUCT_PHP?= ${_PRODUCT_PHP:[2]:S/./ /g:[1..2]:tW:S/ //} 10 | .endif 11 | 12 | # fallbacks for standard builds using opnsense-code 13 | 14 | PRODUCT_APACHE?= %%APACHE%% 15 | PRODUCT_LUA?= %%LUA%% 16 | PRODUCT_PERL?= %%PERL%% 17 | PRODUCT_PHP?= %%PHP%% 18 | PRODUCT_PYTHON?= %%PYTHON%% 19 | PRODUCT_RUBY?= %%RUBY%% 20 | PRODUCT_SSL?= %%SSL%% 21 | 22 | PRODUCT_GSSAPI?= GSSAPI_MIT 23 | 24 | # global options 25 | 26 | OPTIONS_SET= MONPLUGINS 27 | OPTIONS_UNSET= DBUS DOCS EXAMPLES GCC GSSAPI_BASE NAGPLUGINS \ 28 | NLS OPENGL WAYLAND X11 29 | DEFAULT_VERSIONS= apache=${PRODUCT_APACHE:C/^./&./} 30 | DEFAULT_VERSIONS+= lua=${PRODUCT_LUA} 31 | DEFAULT_VERSIONS+= perl5=${PRODUCT_PERL} 32 | DEFAULT_VERSIONS+= php=${PRODUCT_PHP} 33 | DEFAULT_VERSIONS+= python3=${PRODUCT_PYTHON:C/^./&./} 34 | DEFAULT_VERSIONS+= python=${PRODUCT_PYTHON:C/^./&./} 35 | DEFAULT_VERSIONS+= ruby=${PRODUCT_RUBY:C/^./&./} 36 | DEFAULT_VERSIONS+= ssl=${PRODUCT_SSL} 37 | SRC_BASE= %%SRCDIR%% 38 | ALLOW_UNSUPPORTED_SYSTEM=why not 39 | WARNING_WAIT= 0 # no time 40 | WRKDIRPREFIX= /usr/obj 41 | PACKAGE_BUILDING= yes 42 | FORCE_PACKAGE= yes 43 | #DEVELOPER= yes 44 | BATCH= yes 45 | 46 | # per-port options 47 | databases_rrdtool_UNSET= DEJAVU GRAPH 48 | databases_sqlite3_SET= DQS 49 | devel_git_UNSET= GITWEB SEND_EMAIL SUBTREE 50 | dns_getdns_SET= LIBEV LIBEVENT LIBUV 51 | dns_unbound_SET= PYTHON 52 | ftp_curl_SET= GSSAPI_NONE 53 | ftp_curl_UNSET= LIBSSH2 TLS_SRP 54 | graphics_graphviz_UNSET= XPM DIGCOLA IPSEPCOLA ICONV PANGOCAIRO 55 | mail_postfix_SET= LDAP SASL SASLKMIT 56 | mail_postfix_UNSET= BLACKLISTD 57 | mail_rspamd_SET= HYPERSCAN 58 | math_py-numpy_SET= NOBLAS 59 | math_py-numpy_UNSET= FORTRAN OPENBLAS SUITESPARSE 60 | net_freeradius3_SET= LDAP MITKRB_PORT MYSQL SQLITE3 61 | net_freeradius3_UNSET= HEIMDAL 62 | net_frr10_SET= MULTIPATH SNMP 63 | net_haproxy30_SET= LUA # PROMEX 64 | net_miniupnpd_SET= CHECK_PORTINUSE 65 | net_openldap26-client_SET= GSSAPI 66 | net_openldap26-server_SET= GSSAPI 67 | net_openldap26-server_UNSET= SMBPWD 68 | net_turnserver_UNSET= MYSQL PGSQL REDIS SQLITE 69 | net_vnstat_UNSET= GUI 70 | net-mgmt_flowd_UNSET= PERL 71 | net-mgmt_zabbix6-proxy_SET= SQLITE 72 | net-mgmt_zabbix6-proxy_UNSET= MYSQL 73 | net-mgmt_zabbix7-proxy_SET= SQLITE 74 | net-mgmt_zabbix7-proxy_UNSET= MYSQL 75 | net-mgmt_zabbix72-proxy_SET= SQLITE 76 | net-mgmt_zabbix72-proxy_UNSET= MYSQL 77 | net-mgmt_zabbix74-proxy_SET= SQLITE 78 | net-mgmt_zabbix74-proxy_UNSET= MYSQL 79 | security_acme.sh_SET= BINDTOOLS EXAMPLES 80 | security_autossh_SET= SSH_PORTABLE 81 | security_ca_root_nss_UNSET= ETCSYMLINK 82 | security_crowdsec_SET= FIREWALL_BOUNCER 83 | security_cyrus-sasl2-gssapi_SET=${PRODUCT_GSSAPI} 84 | security_libssh_SET= ${PRODUCT_GSSAPI} 85 | security_openconnect_UNSET= GSSAPI 86 | security_openssl_SET= LEGACY 87 | security_strongswan_SET= EAPRADIUS XAUTH 88 | security_stunnel_SET= TLS_LOG_IDENT 89 | security_suricata_SET= HYPERSCAN NSS 90 | security_tor_UNSET= MANPAGES 91 | sysutils_msktutil_SET= ${PRODUCT_GSSAPI} 92 | www_lighttpd_UNSET= LUA 93 | www_neon_UNSET= GSSAPI 94 | www_nginx_SET= BROTLI HEADERS_MORE MAIL_IMAP MAIL_POP3 NAXSI NJS VTS 95 | www_squid_SET= AUTH_LDAP AUTH_SASL NO_FORGERY5 ${PRODUCT_GSSAPI} TP_PF 96 | www_squid_UNSET= AUTH_NIS TP_IPFW 97 | www_webgrind_SET= CALLGRAPH 98 | 99 | # for www/caddy-custom 100 | CADDY_CUSTOM_PLUGINS= github.com/caddyserver/ntlm-transport \ 101 | github.com/mholt/caddy-dynamicdns \ 102 | github.com/mholt/caddy-l4 \ 103 | github.com/mholt/caddy-ratelimit \ 104 | github.com/caddy-dns/cloudflare 105 | -------------------------------------------------------------------------------- /composite/nightly.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2017-2025 Franco Fichtner 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions 7 | # are met: 8 | # 9 | # 1. Redistributions of source code must retain the above copyright 10 | # notice, this list of conditions and the following disclaimer. 11 | # 12 | # 2. Redistributions in binary form must reproduce the above copyright 13 | # notice, this list of conditions and the following disclaimer in the 14 | # documentation and/or other materials provided with the distribution. 15 | # 16 | # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 | # SUCH DAMAGE. 27 | 28 | CLEAN=packages 29 | CONTINUE= 30 | STAGENUM=0 31 | 32 | if [ -n "${1}" ]; then 33 | CLEAN=hotfix 34 | CONTINUE=-nightly 35 | PORTSENV="MISMATCH=no" 36 | fi 37 | 38 | # Stage 1 involves basic builds and preparation, reset progress for stage 2 39 | STAGE1=${STAGE1:-"clean-obj update info base kernel xtools distfiles clean-${CLEAN}"} 40 | 41 | # Stage 2 centers around ports, packages and QA for partial or full rebuild 42 | STAGE2=${STAGE2:-"obsolete options ports plugins core audit test clean-obj"} 43 | 44 | # Do not error out on these optional targets 45 | NOERROR=${NOERROR:-"distfiles obsolete options audit test"} 46 | 47 | # Number of error lines to log separately 48 | LINES=${LINES:-400} 49 | 50 | eval "$(make print-LOGSDIR,PRODUCT_ARCH,PRODUCT_VERSION,STAGEDIR,TARGETDIRPREFIX)" 51 | 52 | for RECYCLE in $(cd ${LOGSDIR}; find . -name "[0-9]*" -type f | \ 53 | sort -r | tail -n +7); do 54 | (cd ${LOGSDIR}; rm ${RECYCLE}) 55 | done 56 | 57 | mkdir -p ${LOGSDIR}/${PRODUCT_VERSION} 58 | 59 | for STAGE in ${STAGE1}; do 60 | STAGENUM=$(expr ${STAGENUM} + 1) 61 | LOG="${LOGSDIR}/${PRODUCT_VERSION}/$(printf %02d ${STAGENUM})-${STAGE}.log" 62 | 63 | # do not force rebuilds by design 64 | (time make ${STAGE} 2>&1 || touch ${LOG}.err) > ${LOG} 65 | if [ -f ${LOG}.err ]; then 66 | echo ">>> Stage ${STAGE} was aborted due to an error, last ${LINES} lines as follows:" > ${LOG}.err 67 | tail -n ${LINES} ${LOG} >> ${LOG}.err 68 | 69 | if [ -z "${NOERROR%%*"${STAGE}"*}" ]; then 70 | # continue during opportunistic stages 71 | continue 72 | fi 73 | 74 | STAGE2= 75 | break 76 | else 77 | tail -n ${LINES} ${LOG} >> ${LOG}.ok 78 | fi 79 | done 80 | 81 | for STAGE in ${STAGE2}; do 82 | STAGENUM=$(expr ${STAGENUM} + 1) 83 | LOG="${LOGSDIR}/${PRODUCT_VERSION}/$(printf %02d ${STAGENUM})-${STAGE}.log" 84 | 85 | # do not force rebuilds only if requested by user 86 | (time make ${STAGE}${CONTINUE} PORTSENV=${PORTSENV} 2>&1 || \ 87 | touch ${LOG}.err) > ${LOG} 88 | if [ -f ${LOG}.err ]; then 89 | echo ">>> Stage ${STAGE} was aborted due to an error, last ${LINES} lines as follows:" > ${LOG}.err 90 | tail -n ${LINES} ${LOG} >> ${LOG}.err 91 | 92 | if [ -z "${NOERROR%%*"${STAGE}"*}" ]; then 93 | # continue during opportunistic stages 94 | continue 95 | fi 96 | 97 | break 98 | else 99 | tail -n ${LINES} ${LOG} >> ${LOG}.ok 100 | fi 101 | done 102 | 103 | (make watch 2>&1) > ${LOGSDIR}/${PRODUCT_VERSION}/watch.log 104 | 105 | tar -C ${TARGETDIRPREFIX} -cJf \ 106 | ${LOGSDIR}/${PRODUCT_VERSION}-${PRODUCT_ARCH}.txz \ 107 | ${LOGSDIR##${TARGETDIRPREFIX}/}/${PRODUCT_VERSION} 108 | 109 | rm -rf ${LOGSDIR}/latest 110 | mv ${LOGSDIR}/${PRODUCT_VERSION} ${LOGSDIR}/latest 111 | 112 | (make upload-log SERVER=${SERVER} UPLOADDIR=${UPLOADDIR} \ 113 | VERSION=${PRODUCT_VERSION} 2>&1) > /dev/null 114 | -------------------------------------------------------------------------------- /config/25.7/ports.conf: -------------------------------------------------------------------------------- 1 | #ORIGIN IGNORE 2 | archivers/php${PRODUCT_PHP}-zlib 3 | archivers/snappy 4 | archivers/zip 5 | audio/beep aarch64 6 | benchmarks/iperf3 7 | benchmarks/stress-ng 8 | comms/gnokii 9 | converters/base64 10 | converters/php${PRODUCT_PHP}-mbstring 11 | databases/hiredis 12 | databases/p5-DBD-Pg 13 | databases/p5-DBD-Sybase 14 | databases/pecl-mongodb 15 | databases/php${PRODUCT_PHP}-mysqli 16 | databases/php${PRODUCT_PHP}-sqlite3 17 | math/py-bottleneck@py${PRODUCT_PYTHON} # XXX unbreak py-duckdb 18 | databases/py-duckdb@py${PRODUCT_PYTHON} 19 | databases/py-redis@py${PRODUCT_PYTHON} 20 | databases/py-sqlite3@py${PRODUCT_PYTHON} 21 | databases/py-pymongo 22 | databases/redis72 23 | databases/rrdtool 24 | devel/arcanist@php${PRODUCT_PHP} 25 | devel/automake 26 | devel/bison 27 | devel/gdb 28 | devel/gettext 29 | devel/gettext-runtime 30 | devel/gettext-tools 31 | devel/git 32 | devel/gmake 33 | devel/libtool 34 | devel/ninja 35 | devel/p5-File-Slurp 36 | devel/p5-Locale-Maketext-Lexicon 37 | devel/patch 38 | devel/pear-PHP_CodeSniffer@php${PRODUCT_PHP} 39 | devel/pecl-xdebug 40 | devel/php${PRODUCT_PHP}-gettext 41 | devel/php${PRODUCT_PHP}-pcntl 42 | devel/phpunit9@php${PRODUCT_PHP} 43 | devel/pkgconf 44 | devel/py-Jinja2@py${PRODUCT_PYTHON} 45 | devel/py-awscli 46 | devel/py-pycodestyle@py${PRODUCT_PYTHON} 47 | devel/py-pytest@py${PRODUCT_PYTHON} 48 | devel/py-setuptools@py${PRODUCT_PYTHON} 49 | devel/py-ujson@py${PRODUCT_PYTHON} 50 | devel/scons 51 | dns/bind-tools 52 | dns/bind920 53 | dns/ddclient 54 | dns/dnscrypt-proxy2 55 | dns/dnsmasq 56 | dns/getdns 57 | www/py-beautifulsoup@py${PRODUCT_PYTHON} # XXX unbreak py-dns-lexicon 58 | dns/py-dns-lexicon@py${PRODUCT_PYTHON} 59 | dns/py-dnspython@py${PRODUCT_PYTHON} 60 | dns/unbound 61 | editors/emacs@nox 62 | editors/joe 63 | editors/nano 64 | editors/vim 65 | emulators/open-vm-tools@nox11 66 | emulators/qemu@guestagent 67 | emulators/virtualbox-ose-additions-nox11 aarch64 68 | ftp/curl 69 | ftp/php${PRODUCT_PHP}-curl 70 | ftp/tftp-hpa 71 | ftp/uftp 72 | ftp/wget 73 | lang/perl${PRODUCT_PERL} 74 | lang/php${PRODUCT_PHP} 75 | lang/python${PRODUCT_PYTHON} 76 | lang/ruby${PRODUCT_RUBY} 77 | mail/pecl-mailparse 78 | mail/phpmailer 79 | mail/postfix 80 | mail/rspamd 81 | mail/smtp-cli 82 | math/php${PRODUCT_PHP}-bcmath 83 | misc/getopt 84 | misc/gnu-watch 85 | misc/help2man 86 | misc/mc 87 | net-mgmt/bwm-ng 88 | net-mgmt/check_mk_agent 89 | net-mgmt/choparp 90 | net-mgmt/collectd5 91 | net-mgmt/flowd 92 | net-mgmt/icinga2 93 | net-mgmt/iftop 94 | net-mgmt/lldpd 95 | net-mgmt/net-snmp 96 | net-mgmt/netdata 97 | net-mgmt/nrpe 98 | net-mgmt/p5-FusionInventory-Agent 99 | net-mgmt/py-opn-cli 100 | net-mgmt/telegraf 101 | net-mgmt/xymon-client 102 | net-mgmt/yaf 103 | net-mgmt/zabbix6-agent 104 | net-mgmt/zabbix6-proxy 105 | net-mgmt/zabbix7-agent 106 | net-mgmt/zabbix7-proxy 107 | net-mgmt/zabbix72-agent 108 | net-mgmt/zabbix72-proxy 109 | net-mgmt/zabbix74-agent 110 | net-mgmt/zabbix74-proxy 111 | net/addrwatch 112 | net/bird2 113 | net/chrony 114 | net/dpinger 115 | net/freeradius3 116 | net/frr10-pythontools 117 | net/google-cloud-sdk 118 | net/haproxy30 119 | net/hostapd 120 | net/igmpproxy 121 | net/isc-dhcp44-server 122 | net/kea 123 | net/lua-luasocket 124 | net/mdns-repeater 125 | net/miniupnpd 126 | net/mosquitto 127 | net/mpd5 128 | net/mtr@nox11 129 | net/ndproxy 130 | net/ntopng 131 | net/ntp 132 | net/ocserv 133 | net/openldap26-client 134 | net/openldap26-server 135 | net/p5-Net-SIP 136 | net/pecl-radius 137 | net/php${PRODUCT_PHP}-ldap 138 | net/php${PRODUCT_PHP}-soap 139 | net/php${PRODUCT_PHP}-sockets 140 | net/pimd 141 | net/py-ldap3@py${PRODUCT_PYTHON} 142 | net/py-netaddr@py${PRODUCT_PYTHON} 143 | net/py-speedtest-cli@py${PRODUCT_PYTHON} 144 | net/radsecproxy 145 | net/radvd 146 | net/realtek-re-kmod 147 | net/relayd 148 | net/rsync 149 | net/samplicator 150 | net/scapy 151 | net/shadowsocks-rust 152 | net/siproxd 153 | net/sslh 154 | net/tayga 155 | net/turnserver 156 | net/udpbroadcastrelay 157 | net/vnstat 158 | net/wifi-firmware-kmod aarch64 159 | net/wol 160 | net/zerotier 161 | opnsense/cpustats 162 | opnsense/dhcp6c 163 | opnsense/dhcrelay 164 | opnsense/filterlog 165 | opnsense/google-api-php-client@php${PRODUCT_PHP} 166 | opnsense/ifinfo 167 | opnsense/installer 168 | opnsense/lang 169 | opnsense/mod_proxy_msrpc 170 | opnsense/netmap-bridge 171 | opnsense/pam 172 | opnsense/phpseclib@php${PRODUCT_PHP} 173 | opnsense/py-haproxy-cli 174 | opnsense/update 175 | ports-mgmt/pkg 176 | print/cups 177 | print/texinfo 178 | security/${PRODUCT_SSL} 179 | security/acme.sh 180 | security/autossh 181 | security/ca_root_nss 182 | security/clamav 183 | security/crowdsec 184 | security/cyrus-sasl2-gssapi 185 | security/gnupg 186 | security/maltrail 187 | security/netbird 188 | security/nmap 189 | security/openconnect 190 | security/openssh-portable 191 | security/openvpn 192 | security/pear-Crypt_CHAP@php${PRODUCT_PHP} 193 | security/php${PRODUCT_PHP}-filter 194 | security/py-fail2ban@py${PRODUCT_PYTHON} 195 | security/py-vici@py${PRODUCT_PYTHON} 196 | security/snuffleupagus@php${PRODUCT_PHP} 197 | security/sslproxy 198 | security/sslscan 199 | security/strongswan 200 | security/stunnel 201 | security/sudo 202 | security/suricata 203 | security/tailscale 204 | security/tinc 205 | security/tor 206 | security/wazuh-agent 207 | security/wpa_supplicant 208 | security/xray-core 209 | security/yara 210 | sysutils/ansible@py${PRODUCT_PYTHON} 211 | sysutils/apcupsd 212 | sysutils/azure-agent 213 | sysutils/bastille 214 | sysutils/beats8 215 | sysutils/burp 216 | sysutils/cciss_vol_status 217 | sysutils/cpu-microcode-amd aarch64 218 | sysutils/cpu-microcode-intel aarch64 219 | sysutils/dmidecode 220 | sysutils/ethname 221 | sysutils/flashrom aarch64 222 | sysutils/flock 223 | sysutils/freecolor 224 | sysutils/freeipmi aarch64 225 | sysutils/hw-probe 226 | sysutils/iohyve 227 | sysutils/lcdproc aarch64 228 | sysutils/logrotate 229 | sysutils/lsof 230 | sysutils/monit 231 | sysutils/msktutil 232 | sysutils/multitail 233 | sysutils/munin-node 234 | sysutils/node_exporter 235 | sysutils/nut aarch64 236 | sysutils/pftop 237 | sysutils/pstree 238 | sysutils/puppet8 239 | sysutils/screen 240 | sysutils/smartmontools 241 | sysutils/superiotool aarch64 242 | sysutils/sysinfo 243 | sysutils/syslog-ng 244 | sysutils/tmux 245 | sysutils/usb_modeswitch 246 | sysutils/virt-what 247 | sysutils/x86info aarch64 248 | sysutils/xe-guest-utilities aarch64 249 | textproc/jq 250 | textproc/minify 251 | textproc/php${PRODUCT_PHP}-ctype 252 | textproc/php${PRODUCT_PHP}-dom 253 | textproc/php${PRODUCT_PHP}-simplexml 254 | textproc/php${PRODUCT_PHP}-xml 255 | textproc/py-jq@py${PRODUCT_PYTHON} 256 | www/apache${PRODUCT_APACHE} 257 | www/c-icap 258 | www/c-icap-modules 259 | www/caddy-custom 260 | www/icapeg 261 | www/lighttpd 262 | www/mod_auth_openidc 263 | www/mod_security 264 | www/nginx 265 | www/phalcon@php${PRODUCT_PHP} 266 | www/php${PRODUCT_PHP}-opcache 267 | www/php${PRODUCT_PHP}-session 268 | www/privoxy 269 | www/py-boto3@py${PRODUCT_PYTHON} 270 | www/py-requests@py${PRODUCT_PYTHON} 271 | www/sarg 272 | www/squid 273 | www/squid-langpack 274 | www/webgrind 275 | x11-fonts/urwfonts 276 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015-2025 Franco Fichtner 2 | # 3 | # Redistribution and use in source and binary forms, with or without 4 | # modification, are permitted provided that the following conditions 5 | # are met: 6 | # 7 | # 1. Redistributions of source code must retain the above copyright 8 | # notice, this list of conditions and the following disclaimer. 9 | # 10 | # 2. Redistributions in binary form must reproduce the above copyright 11 | # notice, this list of conditions and the following disclaimer in the 12 | # documentation and/or other materials provided with the distribution. 13 | # 14 | # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | # SUCH DAMAGE. 25 | 26 | STEPS= audit arm base boot chroot clean clone compress confirm \ 27 | connect core distfiles download dvd fingerprint info \ 28 | kernel list make.conf nano obsolete options packages \ 29 | plugins ports prefetch print rebase release rename \ 30 | serial sign skim sync test tests update upload \ 31 | verify vga vm xtools 32 | SCRIPTS= custom distribution factory hotfix nightly pkgver watch 33 | 34 | .PHONY: ${STEPS} ${SCRIPTS} 35 | 36 | PAGER?= less 37 | 38 | .MAKE.JOB.PREFIX?= # tampers with some of our make invokes 39 | 40 | all: 41 | @cat ${.CURDIR}/README.md | ${PAGER} 42 | 43 | updateportsref: 44 | @make -C ${.CURDIR} update-portsref 45 | 46 | skim: updateportsref 47 | 48 | lint-steps: 49 | .for STEP in common ${STEPS} 50 | @sh -n ${.CURDIR}/build/${STEP}.sh 51 | .endfor 52 | 53 | lint-composite: 54 | .for SCRIPT in ${SCRIPTS} 55 | @sh -n ${.CURDIR}/composite/${SCRIPT}.sh 56 | .endfor 57 | 58 | lint: lint-steps lint-composite 59 | 60 | # Special vars to load early build.conf settings: 61 | 62 | ROOTDIR?= /usr 63 | 64 | TOOLSDIR?= ${ROOTDIR}/tools 65 | TOOLSBRANCH?= master 66 | 67 | _OS!= uname -r 68 | _OS:= ${_OS:C/-.*//} 69 | 70 | .if defined(CONFIGDIR) 71 | _CONFIGDIR= ${CONFIGDIR} 72 | .elif defined(SETTINGS) 73 | _CONFIGDIR= ${TOOLSDIR}/config/${SETTINGS} 74 | .elif !defined(CONFIGDIR) 75 | __CONFIGDIR!= find -s ${TOOLSDIR}/config -name "build.conf" -type f 76 | .for DIR in ${__CONFIGDIR} 77 | . if exists(${DIR}) && empty(_CONFIGDIR) 78 | _CONFIGOS!= grep '^OS?*=' ${DIR} 79 | . if ${_CONFIGOS:[2]} == ${_OS} 80 | _CONFIGDIR= ${DIR:C/\/build\.conf$//} 81 | . endif 82 | . endif 83 | .endfor 84 | .endif 85 | 86 | .if empty(_CONFIGDIR) 87 | .error Found no configuration matching OS version "${_OS}" 88 | .endif 89 | 90 | .-include "${_CONFIGDIR}/build.conf.local" 91 | .include "${_CONFIGDIR}/build.conf" 92 | 93 | _ARCH!= uname -p 94 | _VERSION!= date '+%Y%m%d%H%M' 95 | 96 | # Bootstrap the build options if not set: 97 | 98 | ABI?= ${_CONFIGDIR:C/^.*\///} 99 | ADDITIONS?= # empty 100 | ARCH?= ${_ARCH} 101 | COMSPEED?= 115200 102 | DEBUG?= # empty 103 | DEVICE?= A10 104 | KERNEL?= SMP 105 | NAME?= OPNsense 106 | SUFFIX?= # empty 107 | TESTS?= # empty 108 | TYPE?= ${NAME:tl} 109 | UEFI?= arm dvd serial vga vm 110 | VERSION?= ${_VERSION} 111 | ZFS?= # empty 112 | 113 | GITBASE?= https://github.com/opnsense 114 | MIRRORS?= https://opnsense.c0urier.net \ 115 | https://mirrors.nycbug.org/pub/opnsense \ 116 | https://mirror.wdc1.us.leaseweb.net/opnsense \ 117 | https://mirror.sfo12.us.leaseweb.net/opnsense \ 118 | https://mirror.fra10.de.leaseweb.net/opnsense \ 119 | https://mirror.ams1.nl.leaseweb.net/opnsense 120 | SERVER?= user@does.not.exist 121 | UPLOADDIR?= . 122 | 123 | STAGEDIRPREFIX?=/usr/obj 124 | 125 | EXTRABRANCH?= # empty 126 | 127 | COREBRANCH?= stable/${ABI} 128 | COREVERSION?= # empty 129 | COREDIR?= ${ROOTDIR}/core 130 | COREENV?= CORE_PHP=${PHP} CORE_ABI=${ABI} CORE_PYTHON=${PYTHON} 131 | 132 | PLUGINSBRANCH?= stable/${ABI} 133 | PLUGINSDIR?= ${ROOTDIR}/plugins 134 | PLUGINSENV?= PLUGIN_PHP=${PHP} PLUGIN_ABI=${ABI} PLUGIN_PYTHON=${PYTHON} 135 | 136 | PORTSBRANCH?= master 137 | PORTSDIR?= ${ROOTDIR}/ports 138 | PORTSENV?= # empty 139 | 140 | PORTSREFURL?= https://git.FreeBSD.org/ports.git 141 | PORTSREFDIR?= ${ROOTDIR}/freebsd-ports 142 | PORTSREFBRANCH?=main 143 | 144 | SRCBRANCH?= stable/${ABI} 145 | SRCDIR?= ${ROOTDIR}/src 146 | 147 | # A couple of meta-targets for easy use and ordering: 148 | 149 | kernel ports distfiles: base 150 | .if !empty(TESTS) 151 | base: tests 152 | .endif 153 | audit plugins: ports 154 | core: plugins 155 | packages test: core 156 | arm dvd nano serial vga vm: kernel core 157 | sets: kernel distfiles packages 158 | images: dvd nano serial vga vm 159 | release: dvd nano serial vga 160 | 161 | # Expand target arguments for the script append: 162 | 163 | .for TARGET in ${.TARGETS} 164 | _TARGET= ${TARGET:C/\-.*//} 165 | .if ${_TARGET} != ${TARGET} 166 | .if ${SCRIPTS:M${_TARGET}} 167 | ${_TARGET}_ARGS+= ${TARGET:C/^[^\-]*(\-|\$)//} 168 | .else 169 | ${_TARGET}_ARGS+= ${TARGET:C/^[^\-]*(\-|\$)//:S/,/ /g} 170 | .endif 171 | ${TARGET}: ${_TARGET} 172 | .endif 173 | .endfor 174 | 175 | .if "${VERBOSE}" != "" 176 | VERBOSE_FLAGS= -x 177 | .else 178 | VERBOSE_HIDDEN= @ 179 | .endif 180 | 181 | .for _VERSION in ABI APACHE DEBUG LUA PERL PHP PYTHON RUBY SSL VERSION ZFS 182 | VERSIONS+= PRODUCT_${_VERSION}=${${_VERSION}} 183 | .endfor 184 | 185 | # Expand build steps to launch into the selected 186 | # script with the proper build options set: 187 | 188 | .for STEP in ${STEPS} 189 | ${STEP}: lint-steps 190 | @echo ">>> Executing build step ${STEP} on ${_CONFIGDIR:C/.*\///}" >&2 191 | ${VERBOSE_HIDDEN} cd ${.CURDIR}/build && \ 192 | sh ${VERBOSE_FLAGS} ./${.TARGET}.sh -a ${ARCH} -F ${KERNEL} \ 193 | -n ${NAME} -v "${VERSIONS}" -s ${_CONFIGDIR} \ 194 | -S ${SRCDIR} -P ${PORTSDIR} -p ${PLUGINSDIR} -T ${TOOLSDIR} \ 195 | -C ${COREDIR} -R ${PORTSREFDIR} -t ${TYPE} -k "${PRIVKEY}" \ 196 | -K "${PUBKEY}" -l "${SIGNCHK}" -L "${SIGNCMD}" -d ${DEVICE} \ 197 | -m ${MIRRORS:Ox:[1]} -o "${STAGEDIRPREFIX}" -c ${COMSPEED} \ 198 | -b ${SRCBRANCH} -B ${PORTSBRANCH} -e ${PLUGINSBRANCH} \ 199 | -g ${TOOLSBRANCH} -E ${COREBRANCH} -G ${PORTSREFBRANCH} \ 200 | -H "${COREENV}" -u "${UEFI:tl}" -U "${SUFFIX}" \ 201 | -V "${ADDITIONS}" -O "${GITBASE}" -r "${SERVER}" \ 202 | -h "${PLUGINSENV}" -I "${UPLOADDIR}" -D "${EXTRABRANCH}" \ 203 | -A "${PORTSREFURL}" -J "${PORTSENV}" ${${STEP}_ARGS} 204 | .endfor 205 | 206 | .for SCRIPT in ${SCRIPTS} 207 | ${SCRIPT}: lint-composite 208 | ${VERBOSE_HIDDEN} cd ${.CURDIR} && \ 209 | sh ${VERBOSE_FLAGS} ./composite/${SCRIPT}.sh ${${SCRIPT}_ARGS} 210 | .endfor 211 | 212 | .if "${_OS}" != "${OS}" 213 | .error Expected OS version ${OS} for ${_CONFIGDIR}; to continue anyway set OS=${_OS} 214 | .endif 215 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | About the OPNsense tools 2 | ======================== 3 | 4 | In conjunction with src.git, ports.git, core.git and plugins.git they 5 | create sets, packages and images for the OPNsense project. 6 | 7 | Setting up a build system 8 | ========================= 9 | 10 | Install [FreeBSD](https://www.freebsd.org/) 14.3-RELEASE for amd64 11 | on a machine with at least 40GB of hard disk and at least 8GB of RAM 12 | to successfully build all standard images. All tasks require a root 13 | user. Do the following to grab the repositories (overwriting standard 14 | ports and src): 15 | 16 | # pkg install git 17 | # cd /usr 18 | # git clone https://github.com/opnsense/tools 19 | # cd tools 20 | # make update 21 | 22 | Note that the OPNsense repositories can also be setup in a non-/usr directory 23 | by setting ROOTDIR. For example: 24 | 25 | # mkdir -p /tmp/opnsense 26 | # cd /tmp/opnsense 27 | # git clone https://github.com/opnsense/tools 28 | # cd tools 29 | # env ROOTDIR=/tmp/opnsense make update 30 | 31 | TL;DR 32 | ===== 33 | 34 | # make dvd 35 | 36 | If successful, a dvd image can be found under: 37 | 38 | # make print-IMAGESDIR 39 | 40 | Detailed build steps and options 41 | ================================ 42 | 43 | How to specify build options on the command line 44 | ------------------------------------------------ 45 | 46 | The build is broken down into individual stages: base, 47 | kernel, ports, plugins and core can be built separately and 48 | repeatedly without affecting the other stages. All stages 49 | can be reinvoked and continue building without cleaning the 50 | previous progress. A final stage assembles all five stages 51 | into a target image. 52 | 53 | All build steps are invoked via make(1): 54 | 55 | # make step OPTION="value" 56 | 57 | Available early build options are: 58 | 59 | * SETTINGS: the name of the requested local configuration 60 | * CONFIGDIR: read configuration from other directory and override SETTINGS 61 | (make sure to use an absolute path when specifying) 62 | 63 | Available build options are: 64 | 65 | * ABI: a custom ABI (defaults to SETTINGS) 66 | * ADDITIONS: a list of packages/plugins to add to images 67 | * ARCH: the target architecture if not native 68 | * COMSPEED: serial speed, e.g. "115200" (default) 69 | * DEBUG: build a debug kernel with additional object information 70 | * DEVICE: loads device-specific modifications, e.g. "A10" (default) 71 | * KERNEL: the kernel config to use, e.g. SMP (default) 72 | * MIRRORS: a list of mirrors to prefetch sets from 73 | * NAME: "OPNsense" (default) 74 | * PRIVKEY: the private key for signing sets 75 | * PUBKEY: the public key for signing sets 76 | * SUFFIX: the suffix of top package name (default is empty) 77 | * TYPE: the base name of the top package to be installed 78 | * UEFI: use amd64 hybrid images for said images, e.g. "vga vm" 79 | * VERSION: a version tag (if applicable) 80 | * ZFS: ZFS pool name to create for VM images, e.g. "zpool" 81 | 82 | How to specify build options via configuration file 83 | --------------------------------------------------- 84 | 85 | The configuration file is required at "CONFIGDIR/build.conf". 86 | Its contents can be modified to adapt a non-standard build environment 87 | and to avoid excessive Makefile arguments. 88 | 89 | A local override exists as "CONFIGDIR/build.conf.local" and is 90 | parsed first to allow more flexible overrides. Use with care. 91 | 92 | How to run individual or composite build steps 93 | ---------------------------------------------- 94 | 95 | Kernel, base, packages and release sets are stored under: 96 | 97 | # make print-SETSDIR 98 | 99 | All final images are stored under: 100 | 101 | # make print-IMAGESDIR 102 | 103 | Build the userland binaries, bootloader and administrative files: 104 | 105 | # make base 106 | 107 | Build the kernel and loadable kernel modules: 108 | 109 | # make kernel 110 | 111 | Build all the third-party ports: 112 | 113 | # make ports 114 | 115 | Build additional plugins if needed: 116 | 117 | # make plugins 118 | 119 | Wrap up our core as a package: 120 | 121 | # make core 122 | 123 | A dvd live image is created using: 124 | 125 | # make dvd 126 | 127 | A serial memstick live image is created using: 128 | 129 | # make serial 130 | 131 | A vga memstick live image is created using: 132 | 133 | # make vga 134 | 135 | A flash card full disk image is created using: 136 | 137 | # make nano 138 | 139 | A virtual machine full disk image is created using: 140 | 141 | # make vm 142 | 143 | A special embedded device image based on vm variety: 144 | 145 | # make factory 146 | 147 | Release sets can be built as follows although the result is 148 | an unpredictable set of images depending on the previous 149 | build states: 150 | 151 | # make release 152 | 153 | However, the release target is necessary for the following 154 | target which includes sanity checks, proper clearing of the 155 | images directory and core package version alignment: 156 | 157 | # make distribution 158 | 159 | Cross-building for other architecures 160 | ------------------------------------- 161 | 162 | This feature is currently experimental and requires installation 163 | of packages for cross building / user mode emulation and additional 164 | boot files to be installed as prompted by the build system. 165 | 166 | A cross-build on the operating system sources is executed by 167 | specifying the target architecture and custom kernel: 168 | 169 | # make base kernel DEVICE=BANANAPI 170 | 171 | In order to speed up building of using an emulated packages build, 172 | the xtools set can be created like so: 173 | 174 | # make xtools DEVICE=BANANAPI 175 | 176 | The xtools set is then used during the packages build similar to 177 | the distfiles set. 178 | 179 | # make packages DEVICE=BANANAPI 180 | 181 | The final image is built using: 182 | 183 | # make arm- DEVICE=BANANAPI 184 | 185 | Currently available device are: BANANAPI and RPI2. 186 | 187 | About other scripts and tweaks 188 | ============================== 189 | 190 | Device-specific settings 191 | ------------------------ 192 | 193 | Device-specific settings can be found and added in the 194 | device/ directory. Of special interest are hooks into 195 | the build process for required non-default settings for 196 | image builds. The .conf files are shell scripts that can 197 | define hooks in the form of e.g.: 198 | 199 | serial_hook() 200 | { 201 | # ${1} is the target file system root 202 | touch ${1}/my_custom_file 203 | } 204 | 205 | These hooks are available for all image types, namely 206 | dvd, nano, serial, vga and vm. Device-specific hooks 207 | are loaded after config-specific hooks and both of them 208 | can coexist in a given build. 209 | 210 | Updating the code repositories 211 | ------------------------------ 212 | 213 | Updating all or individual repositories can be done as follows: 214 | 215 | # make update[-[,...]] [VERSION=git.tag] 216 | 217 | Available update options are: core, plugins, ports, portsref, src, tools 218 | 219 | VERSION can be used to update to the matching git tag instead of HEAD. 220 | 221 | Regression tests and ports audit 222 | -------------------------------- 223 | 224 | Before building images, you can run the regression tests 225 | to check the integrity of your core.git modifications plus 226 | generate output for the style checker: 227 | 228 | # make test 229 | 230 | To check the binary packages from ports against the upstream 231 | vulnerability database run the following: 232 | 233 | # make audit 234 | 235 | Advanced package builds 236 | ----------------------- 237 | 238 | Package sets ready for web server deployment are automatically 239 | generated and modified by ports, plugins and core steps. The 240 | build automatically caches temporary build dependencies to avoid 241 | spurious rebuilds. These packages are later discarded to provide 242 | a slim runtime set only. 243 | 244 | If signing keys are available, the packages set will be signed 245 | twice, first embedded into repository metadata (inside) and 246 | then again as a flat file (outside) to ensure integrity. 247 | 248 | For faster ports building it may be of use to cache all distribution 249 | files before running the actual build: 250 | 251 | # make distfiles 252 | 253 | For targeted rebuilding of already built packages the following 254 | works: 255 | 256 | # make ports-[,...] 257 | # make plugins-[,...] 258 | # make core-[,...] 259 | 260 | Please note that reissuing ports builds will clear plugins and 261 | core progress. However, following option apply to PORTSENV: 262 | 263 | * BATCH=no Developer mode with shell after each build failure 264 | * DEPEND=no Do not tamper with plugins or core packages 265 | * MISMATCH=no Rebuild packages that have a version mismatch 266 | * PRUNE=no Do not check ports integrity prior to rebuild 267 | 268 | The defaults for these ports options are set to "yes". A sample 269 | invoke is as follows: 270 | 271 | # make ports-curl PORTSENV="DEPEND=no PRUNE=no" 272 | 273 | Both ports and plugins builds allow to override the current list 274 | derived from their respective configuration files, i.e.: 275 | 276 | # make ports PORTSLIST="security/openssl" 277 | # make plugins PLUGINSLIST="devel/debug" 278 | 279 | Acquiring precompiled sets from the mirrors or another local directory 280 | --------------------------------------------------------------------- 281 | 282 | Compiled sets can be prefetched from a mirror if they exist, 283 | while removing any previously available set: 284 | 285 | # make prefetch-