How to building a pfSense .iso from sources - nonsensex64/PiBa-NL-WIKI GitHub Wiki

My preliminary steps for building a pfSense 2.4 / FreeBSD 11 .iso file. Stuff might be missing, and stuff will change over time, and might not be updated.

Hope they help you get started at least part if the way. It is still a work in progress, and as you can see ive used MyFirewall as the productname for now..

== Forking repositories. Fork and change the following ==

==== pfSense : master ==== Create file: /build.conf using build.conf.sample as a example.

Make sure to set the following options:

  • PRODUCT_NAME
  • PKG_REPO_SIGNING_COMMAND

==== FreeBSD-src : RELENG_2_4 ==== Create files from their original counterparts:

  • /release/conf/MyFirewall*.conf 3x conf
  • /sys/amd64/conf/MyFirewall

==== FreeBSD-ports : devel ====

echo ## Installing required packages
pkg install -y pkg
pkg install -y git
pkg install -y poudriere-devel
pkg install -y mkfile
pkg install -y rsync

echo ## Installing optional packages
echo # Allow closing ssh session without stoping the running build commands..
pkg install -y screen
echo # Fast code/script searcher, if you want to find where a variable is used/defined.
pkg install -y the_silver_searcher
echo # Nice 'graphical' top
pkg install -y htop
rehash
screen

echo ## Installing official ports tree as some files are read from /etc/ports/..
echo ## (todo find out what exactly.., should it perhaps just be a copy of the FreeBSD-Ports forked repository?)
portsnap fetch extract

echo ## Generate repository signing key
echo ## This should be hosted on some secure private signing server
cd /root/
openssl genrsa -out repo.key 2048
chmod 0400 repo.key
openssl rsa -in repo.key -out repo.pub -pubout

echo # then it would call the below script from pkg over a ssh connection, for now make it available locally..
cd /root
echo "#\!/bin/sh" > sign.sh
echo "read -t 2 sum" >> sign.sh
echo "[ -z "\"\$sum\"" ] && exit 1" >> sign.sh
echo "echo SIGNATURE" >> sign.sh
echo "echo -n "\$sum" | openssl dgst -sign /root/repo.key -sha256 -binary" >> sign.sh
echo "echo" >> sign.sh
echo "echo CERT" >> sign.sh
echo "cat repo.pub" >> sign.sh
echo "echo END" >> sign.sh

cd /usr && git clone -b MyFirewall https://github.com/PiBa-NL/pfsense.git MyFirewall

echo # 'zroot' zfs volume is required for poudriere
cd /usr/MyFirewall/ && mkfile 4G file1
zpool create zroot /usr/MyFirewall/file1
zpool list

echo ## Now the heavy work starts, several of below steps with 'time' command can take multiple hours to complete

cd /usr/MyFirewall/ && time ./build.sh --setup-poudriere

cd /usr/MyFirewall/ && ./build.sh --update-poudriere-ports
cd /usr/MyFirewall/ && time ./build.sh -u --update-pkg-repo

cd /usr/MyFirewall/ && time ./build.sh --build-kernels
cd /usr/MyFirewall/ && time ./build.sh -u iso