Patch Settings¶

When creating or editing a Custom System Patch entry, the following settings are available:

Description:

Text identifying the patch for reference.

URL/Commit ID:

A commit ID for the pfSense CE software repository on GitHub, or the full URL to a patch file.

After saving the patch, use the Fetch button to download the patch content to the firewall.

Danger

Ensure the source of the patch is trustworthy. Using a commit ID alone may not be sufficient protection against pulling in malicious changes. For example, GitHub will follow commit IDs from a main repository into forks, which could be from untrustworthy third parties.

Patch Contents:

The contents of the patch in unified diff format.

When using a URL or commit ID, this should be blank when first saving but will contain the patch content after fetching.

Patch File Upload:

A button to populate the Patch Contents by selecting a file on the client computer.

Path Strip Count:

The number of path components to remove from the paths in patch metadata.

GitHub commit IDs and URLs should be count of 2 (default and fixed automatically on save). Patches from other sources will need to be set appropriately.

For example, if a path like a/src/etc/inc/filter.inc is in the patch header, the package should strip off the a/src so a strip count of 2 is needed. If it’s deeper, such as home/me/patches/etc/inc/filter.inc, strip however many levels are necessary, which in this example would be 3.

Base Directory:

The package assumes a base directory of / for patches by default, but an alternate base may be applied if a patch does not supply a full path to the file it is patching (e.g. /usr/local/www).

Ignore Whitespace:

Whether the patching process should ignore whitespace differences in the patch data.

Patches from GitHub should work with either whitespace setting, patches from other sources may need the option set to ignore whitespace, especially if they contain DOS line endings rather than UNIX or if the patch content lost tabs when copying and pasting.

Auto Apply:

Whether the package will attempt to apply this patch on each boot of the firewall.

For patches which are included in future releases of pfSense software this is unnecessary as the appropriate fixes are included in the new release and need not be applied again. For manual custom changes this may be necessary to ensure these customizations are restored after upgrades.

The patches may be reordered in the list to arrange them so they apply in a specific order automatically, in case one patch depends on a previous patch.

Patch ID:

When editing an existing patch, the GUI displays its unique ID in this field.