Testing local updates to core and paks

How does one test local updates to a self-built ipfire install?

I see there is a config for pointing the system to a given pak server but there is no apparent documentation or instruction on how to setup a pak server to serve your local builds, but i assume developers have a way of doing this without having to push to an official server or mirror.

Or is there a way to update from physical media? building a new iso is no issue if necessary but I’d really love to avoid having to do a clean install anytime i want to update things.

Is there a way to build the paks (instead of the iso) and just scp them to a folder on my install and install them via cli or something?

Hi @cellsafemode

Welcome to the IPFire community.

That is the Testing and Unstable repository trees.

If a dev is doing some very fundamental code development then they would do that in their own repository trees.

If you update an addon or create your own addon version then you end up with a .ipfire package in the packages/ directory of the build tree. Then you copy that across to your IPFire system and untar it and run the install.sh file associated with it as per the following wiki link.



I had incorrectly assumed that building the images was the last part of the build process for the distro.

My build always failed after building the ISO…which is during the flash image builds because the make script wanted to do things with lvm/md to create the flash image and I dont build that into the kernel on my main compiling machine since i dont use those things. I didn’t realize that there was an additional step in creating the packages after the install images. I’ve since commented out the part where the flash images are created and the build finally completed fully.

So now I have all the ipfire paks that pertain to my custom build.

It sounds like unfortunately, there isn’t a means of using the pakfire tool itself to install these …nor does it seem like there is a means of hosting my own local lan server that i can point my custom build to to just make use of the frontend. Is that true or am i just not looking in the right place? I’d prefer to just setup a local server to push these changes and point my firewall to that server instead of the official ones.

If not, at least I should be able to push my updates without having to clean install using this manual method.

No there isn’t. The packages that you have from the build are then cryptographically signed before being put on the addon server. When pakfire installs the addons it checks that nothing has been changed in the packages, ie that they have not come from a spoofed server.

So if you create your own server you would also need to setup your own signing process for all the packages and then change the key in IPFire to your own one that is used to check the packages.

You probably could set up your own addon server but you would need to go through the IPFire code to identify what the server needs to look like and how the packages are signed etc, etc.

If you don’t want to create the images then at the beginning of the make.sh script is a line


Probably if you changed this to 0 it would not build the images. That is not certain on my part, I haven’t checked through the rest of the script to confirm it. I just hapenned to notice it as I was looking through for something else.

1 Like

If i’m building the entire dist that i’ve installed, would I not be the one signing everything using the same key the dist is installed with? So my packages would not look “spoofed” to my install. In fact, the official pkgs may look spoofed if it’s signed with different keys.

This is different from just say building an addon using a dist install image from the official server.
Does what you stated still hold true for my scenario?

Is there a repo for the pakfire server that distributes the core and addon ipfire pkgs ? I have no issue creating my own signing key and replacing the stock ones and pointing the hardcoded URL in the configs to point to my own server so that i can just use the same functions developers officially use to push to the official server but instead it would just push to mine and my built distro would look for mine and not the official server.

The questions you are asking now are ones that i have no idea about the answer to.