From 7346d48872dd50ee7735e09794b6e2ef44c2fb67 Mon Sep 17 00:00:00 2001
From: rcourtman <courtmanr@gmail.com>
Date: Wed, 4 Feb 2026 10:55:55 +0000
Subject: [PATCH] fix: add FreeBSD agent binaries to Docker build and fix
 pfSense boot (#1051)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two fixes for FreeBSD agent support:

1. The Docker image never built or included FreeBSD agent binaries, causing
   404 errors when FreeBSD clients requested the download. Added FreeBSD
   amd64/arm64 cross-compilation for both host-agent and unified-agent,
   plus COPY statements to include them in the image. Also added bare
   FreeBSD binaries to GitHub release assets for the redirect fallback.

2. pfSense does not use the standard FreeBSD rc.d boot system — scripts
   in /usr/local/etc/rc.d/ must end in .sh to run at boot. The installer
   now detects pfSense and creates a .sh boot wrapper alongside the
   standard rc.d script. Also added -r flag to daemon for auto-restart.

Related to #1051
---
 Dockerfile               | 24 ++++++++++++++++++++++--
 scripts/build-release.sh |  8 ++++++--
 scripts/install.sh       | 17 ++++++++++++++++-
 3 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 11bc342ee..44a480eda 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -113,7 +113,15 @@ RUN --mount=type=cache,id=pulse-go-mod,target=/go/pkg/mod \
     CGO_ENABLED=0 GOOS=windows GOARCH=386 go build \
       -ldflags="-s -w -X github.com/rcourtman/pulse-go-rewrite/internal/hostagent.Version=${VERSION}" \
       -trimpath \
-      -o pulse-host-agent-windows-386.exe ./cmd/pulse-host-agent
+      -o pulse-host-agent-windows-386.exe ./cmd/pulse-host-agent && \
+    CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build \
+      -ldflags="-s -w -X github.com/rcourtman/pulse-go-rewrite/internal/hostagent.Version=${VERSION}" \
+      -trimpath \
+      -o pulse-host-agent-freebsd-amd64 ./cmd/pulse-host-agent && \
+    CGO_ENABLED=0 GOOS=freebsd GOARCH=arm64 go build \
+      -ldflags="-s -w -X github.com/rcourtman/pulse-go-rewrite/internal/hostagent.Version=${VERSION}" \
+      -trimpath \
+      -o pulse-host-agent-freebsd-arm64 ./cmd/pulse-host-agent
 
 # Build unified agent binaries for all platforms (for download endpoint)
 RUN --mount=type=cache,id=pulse-go-mod,target=/go/pkg/mod \
@@ -158,7 +166,15 @@ RUN --mount=type=cache,id=pulse-go-mod,target=/go/pkg/mod \
     CGO_ENABLED=0 GOOS=windows GOARCH=386 go build \
       -ldflags="-s -w -X main.Version=${VERSION}" \
       -trimpath \
-      -o pulse-agent-windows-386.exe ./cmd/pulse-agent
+      -o pulse-agent-windows-386.exe ./cmd/pulse-agent && \
+    CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build \
+      -ldflags="-s -w -X main.Version=${VERSION}" \
+      -trimpath \
+      -o pulse-agent-freebsd-amd64 ./cmd/pulse-agent && \
+    CGO_ENABLED=0 GOOS=freebsd GOARCH=arm64 go build \
+      -ldflags="-s -w -X main.Version=${VERSION}" \
+      -trimpath \
+      -o pulse-agent-freebsd-arm64 ./cmd/pulse-agent
 
 
 # Runtime image for the Docker agent (offered via --target agent_runtime)
@@ -259,6 +275,8 @@ COPY --from=backend-builder /app/pulse-host-agent-darwin-arm64 /opt/pulse/bin/
 COPY --from=backend-builder /app/pulse-host-agent-windows-amd64.exe /opt/pulse/bin/
 COPY --from=backend-builder /app/pulse-host-agent-windows-arm64.exe /opt/pulse/bin/
 COPY --from=backend-builder /app/pulse-host-agent-windows-386.exe /opt/pulse/bin/
+COPY --from=backend-builder /app/pulse-host-agent-freebsd-amd64 /opt/pulse/bin/
+COPY --from=backend-builder /app/pulse-host-agent-freebsd-arm64 /opt/pulse/bin/
 # Create symlinks for Windows without .exe extension
 RUN ln -s pulse-host-agent-windows-amd64.exe /opt/pulse/bin/pulse-host-agent-windows-amd64 && \
     ln -s pulse-host-agent-windows-arm64.exe /opt/pulse/bin/pulse-host-agent-windows-arm64 && \
@@ -275,6 +293,8 @@ COPY --from=backend-builder /app/pulse-agent-darwin-arm64 /opt/pulse/bin/
 COPY --from=backend-builder /app/pulse-agent-windows-amd64.exe /opt/pulse/bin/
 COPY --from=backend-builder /app/pulse-agent-windows-arm64.exe /opt/pulse/bin/
 COPY --from=backend-builder /app/pulse-agent-windows-386.exe /opt/pulse/bin/
+COPY --from=backend-builder /app/pulse-agent-freebsd-amd64 /opt/pulse/bin/
+COPY --from=backend-builder /app/pulse-agent-freebsd-arm64 /opt/pulse/bin/
 # Create symlinks for Windows without .exe extension
 RUN ln -s pulse-agent-windows-amd64.exe /opt/pulse/bin/pulse-agent-windows-amd64 && \
     ln -s pulse-agent-windows-arm64.exe /opt/pulse/bin/pulse-agent-windows-arm64 && \
diff --git a/scripts/build-release.sh b/scripts/build-release.sh
index 52fcf5b95..15644e45d 100755
--- a/scripts/build-release.sh
+++ b/scripts/build-release.sh
@@ -327,15 +327,19 @@ zip -j "$RELEASE_DIR/pulse-agent-v${VERSION}-windows-amd64.zip" "$BUILD_DIR/puls
 zip -j "$RELEASE_DIR/pulse-agent-v${VERSION}-windows-arm64.zip" "$BUILD_DIR/pulse-agent-windows-arm64.exe"
 zip -j "$RELEASE_DIR/pulse-agent-v${VERSION}-windows-386.zip" "$BUILD_DIR/pulse-agent-windows-386.exe"
 
-# Also copy bare Windows EXEs for /releases/latest/download/ redirect compatibility
+# Also copy bare binaries for /releases/latest/download/ redirect compatibility
 # These allow LXC/barebone installs to redirect to GitHub without needing versioned URLs
-echo "Copying bare Windows EXEs to release directory for redirect compatibility..."
+echo "Copying bare binaries to release directory for redirect compatibility..."
 cp "$BUILD_DIR/pulse-agent-windows-amd64.exe" "$RELEASE_DIR/"
 cp "$BUILD_DIR/pulse-agent-windows-arm64.exe" "$RELEASE_DIR/"
 cp "$BUILD_DIR/pulse-agent-windows-386.exe" "$RELEASE_DIR/"
 cp "$BUILD_DIR/pulse-host-agent-windows-amd64.exe" "$RELEASE_DIR/"
 cp "$BUILD_DIR/pulse-host-agent-windows-arm64.exe" "$RELEASE_DIR/"
 cp "$BUILD_DIR/pulse-host-agent-windows-386.exe" "$RELEASE_DIR/"
+cp "$BUILD_DIR/pulse-agent-freebsd-amd64" "$RELEASE_DIR/"
+cp "$BUILD_DIR/pulse-agent-freebsd-arm64" "$RELEASE_DIR/"
+cp "$BUILD_DIR/pulse-host-agent-freebsd-amd64" "$RELEASE_DIR/"
+cp "$BUILD_DIR/pulse-host-agent-freebsd-arm64" "$RELEASE_DIR/"
 
 # Copy Windows, macOS, and FreeBSD binaries into universal tarball for /download/ endpoint
 echo "Adding Windows, macOS, and FreeBSD binaries to universal tarball..."
diff --git a/scripts/install.sh b/scripts/install.sh
index 25d1fff64..c4acb98e7 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -1356,7 +1356,7 @@ pulse_agent_start()
 {
     if checkyesno ${rcvar}; then
         echo "Starting ${name}."
-        /usr/sbin/daemon -p ${pidfile} -f ${command} ${command_args}
+        /usr/sbin/daemon -r -p ${pidfile} -f ${command} ${command_args}
     fi
 }
 
@@ -1403,6 +1403,21 @@ RCEOF
             sed -i 's/pulse_agent_enable=.*/pulse_agent_enable="YES"/' /etc/rc.conf
     fi
 
+    # pfSense does not use the standard FreeBSD rc.d boot system.
+    # Scripts in /usr/local/etc/rc.d/ must end in .sh to run at boot.
+    # Create a .sh wrapper that invokes the rc.d script on boot.
+    if [ -f /usr/local/sbin/pfSsh.php ] || ([ -f /etc/platform ] && grep -qi pfsense /etc/platform 2>/dev/null); then
+        BOOT_WRAPPER="/usr/local/etc/rc.d/pulse_agent.sh"
+        log_info "Detected pfSense — creating boot wrapper at $BOOT_WRAPPER..."
+        cat > "$BOOT_WRAPPER" <<'BOOTEOF'
+#!/bin/sh
+# pfSense boot wrapper for pulse-agent
+# pfSense requires .sh extension for scripts to run at boot
+/usr/local/etc/rc.d/pulse-agent start
+BOOTEOF
+        chmod +x "$BOOT_WRAPPER"
+    fi
+
     # Stop existing agent if running
     "$RCSCRIPT" stop 2>/dev/null || true
     sleep 1