Designing Firmware Upgrades Around FreeBSD's pkgng · Designing Firmware Upgrades Around...

Designing Firmware UpgradesAround FreeBSD's pkgng

BalCCon, Novi Sad13.09.2015 Franco Fichtner

An Annotated Version History

Overview(0) Author(1) OPNsense(2) FreeBSD(3) pkg(ng)(4) Motivation(5) Requirements(6) Timeline(7) Demo(8) Future Work(9) Questions

"I like nifty things. I read a lot. Sometimes I write stuff."

Author: Franco

o UNIX networking engineero Firewalls, Operating Systemso DragonFly BSD, OPNsense, mdocml, zeromq, FreeBSD ports

@fitchitisfichtner

OPNsenseo Firewall distribution on top of FreeBSD, forked from pfSenseo pkg(ng) adoption, bootstrap interface, MVC, API, redesigned build tools, traffic shaper replacement, etc.o two major releases: 15.1 (January 2015), 15.7 (July 2015), with almost 40 minor releases in total in said 9 monthso Security enhancements: weekly updates, LibreSSL as an option, ASLR soon (via HardenedBSD), privilege separation as a long-term goalo Open community platform, multiple translations (German, Japanese, Chinese, more on the way)

FreeBSD

o Since 1993, forked directly from the original BSDo about three quarters of all BSD deploymentso strong networking and storage (zfs)o large third party software collection (25000 ports)o viable desktop (manually or out of the box with PCBSD)o pkg(ng) as the default manager since FreeBSD 10 (2014)

pkg(ng)

o older FreeBSD tools were written over 20 years agoo binary package manger rework started around 2012o better dependency tracking (shared libraries)o eventually gains FreeBSD base and kernel supporto easy command structure, countless maintenance tools

pkg(ng)

o older FreeBSD tools were written over 20 years agoo binary package manger rework started around 2012o better dependency tracking (shared libraries)o eventually gains FreeBSD base and kernel supporto easy command structure, countless maintenance tools

# pkg install foobar# pkg delete foobar# pkg upgrade

Motivation

timely updates

Motivation

timely updates

sustainablereleaseengineering

Motivation

timely updates

sustainablereleaseengineering

smallestpossibleimpactfor users

Requirements

reliablefastsecuremodularfancy

Requirements

reliablefastsecuremodularfancy

} ok to triggerremotely orto automate

Timeline: 15.1 (Jan 2)

o first release versiono architecture amd64 onlyo package updates onlyo preliminary GUI and backend scripting

Timeline: 15.1.1 (Jan 12)

o added i386 architecture

Timeline: 15.1.6.1 (Feb 21)

o kernel and base upgrades support, direly needed for the upcoming FreeBSD 10.1 upgradeo opnsense-update utility as an unified tool for updates

Timeline: 15.1.7.1 (Feb 28)

o console (ssh) firmware update scripting doneo base/kernel upgrades now only apply if needed ;)o LibreSSL test version

Timeline: 15.1.8.4 (Apr 7)

o detached upgrade from the frontend code (aka upgrades terminated themselves via a loop)o version number madness ;)

Timeline: 15.1.10 (May 4)

o switched on package signature verification

Timeline: 15.1.11 (May 22)

o MVC rewrite of firmware GUI including API

Timeline: 15.1.11.4 (Jun 12)

o lots of GUI UX tweakso opnsense-update now also deals with package updates in one go

Timeline: 15.7.2 (Jul 10)

o opnsense-update gained the ability to move from OpenSSL to LibreSSL and back seamlessly (command line only)

o GUI reboot probingo GUI package overviewo first development versions that could be installed on the system manually

o opnsense-update gained the ability to move to a different firmware mirror (command line only)

Timeline: 15.7.7 (Aug 8)

o GUI mirror and crypto selection was integrated

Upgrading 15.7.11 to 15.7.12, plus OpenSSL to LibreSSL

Future Work

o daily snapshots of development and stable branches plus GUI supporto scheduled updates (automatic mode)o plugin infrastructure and GUI supporto upgrade to the next FreeBSD 11o and probably more :)

Thank you!

Time for your questions, comments and ideas.

https://opnsense.org/https://www.freebsd.org/

Designing Firmware Upgrades Around FreeBSD's pkgng · Designing Firmware Upgrades Around...

Documents

CelloTrack Nano - Cellocator · Communicates with backend server via cellular communication (2G/3G/4G networks) for remote monitoring (OTA), configuration and firmware upgrades. Compliance

EVCC Terminal Driver Installation - ThunderStruck …Tick the “Write flash” box. Select the hex file to download. Thunderstruck will provide firmware upgrades by its website as

INFOBrief - Dell€¦ · and non-disruptive firmware upgrades - all at midrange prices. • The CX500 storage system continues in the excellence of the previous generations, coupling

Lousy virtualization, Happy users: FreeBSD's jail(2) facilityphk.freebsd.dk/pubs/jails.pdf · 2021. 3. 7. · FreeBSD's jail(2) facility Poul-Henning Kamp phk@FreeBSD.org. CHROOT(2)

Loop B a sed Digital Recorder - medias.audiofanzine.com · This manual describes the behaviour of Repeater running OS1.10. Further upgrades of system firmware may be made ... So we

Advanced control - SOMATCO · 2015. 12. 7. · BioCommand® supervisory software. USB ports are provided for exporting trend data and importing firmware upgrades. All are easily accessed

Complete Hard Disk Encryption Using FreeBSD's GEOM Framework

DTX Compact OTDR - Measuretronix · DTX Compact OTDR Gold Support: Includes no-charge repair, loaner kit, no-charge replacement of accessories, no-charge software or firmware upgrades,

WTG SERVICES - winslowtg.com · WTG SERVICES STORAGE • Dell EMC Storage Inst. • Storage Array Firmware Upgrades • Data Migrations • NAS Migrations • Replication Configuration

The complete payment solution - CPI · 2020. 1. 7. · EVA/DTS data Remote firmware upgrades and configuration changes Compliant with EVA/DTS 6.1.1 Remote price changes capabilities

Cisco intersight€¦ · Recommendation engine Compliance Proactive tech support Baselining and notifications Firmware upgrades ... • Embedded Product Feature ... Cisco Intersight+

Overview & Operating Instructions Preliminary. April 2009...Firmware upgrades without a PIC programmer, standard USB port (mini-USB B) on-board Simple, uncluttered display, just the

The 32T - MIT Haystack Observatory baseline ~350 m ... Upgrades to firmware functionality over time 32T expected to functional well into the 512T regime, ... 32T target timeline

Streamline NX v3 - Digital Business Services & Printing ... · management, batch configuration and firmware upgrades. Administration & reporting Use one unified management console

Designing Firmware Upgrades Around FreeBSD's pkgngOPNsense. o Firewall distribution on top of FreeBSD, forked from pfSense o pkg(ng) adoption, bootstrap interface, MVC, API, redesigned

Updates wrmoo ag1 - dialog.roche.com · Performing Accu-Chek Inform II Meter Firmware Upgrades with HosPOC Update Tool Version 10.0 33-36 Performing CoaguChek XS Plus and CoaguChek

Complete Hard Disk Encryption Using FreeBSD's … · Complete Hard Disk Encryption Using FreeBSD's ... 3.5 Complete hard disk encryption using GELI ... to unless encryption and decryption

SYSTEM FIRMWARE UPGRADE OF EMC® … FIRMWARE UPGRADE OF EMC® KAZEON IS1200 RUNNING ON INTEL® SANDYBRIDGE PLATFORM BMC, BIOS, ME, and FRU/SDR Upgrades. ABSTRACT This white paper

MC77XX Product Specification - ltefix.com · application notes, firmware upgrades, troubleshooting tips, ... Product Technical Specification & Customer Design Guidelines ... over

Managing Firmware Upgrades - Cisco · 149 Managing Firmware Upgrades 4. Check the check boxes of the devices that you want to move. 5. Click Change Firmware Group. to open a pop up