pfSense Plus generating corrupted backups
-
That bug was fixed quite some time ago, but if your config already had it in there it may not have been cleaned up properly at the time.
After import that section should have been removed, but it wasn't always removed.
IIRC there was an additional fix that went into 22.05 but I can't remember for certain without digging through redmine.
On 22.05 I did quite extensive testing of restoring SSH keys various ways and it's all solid now as far as I've been able to tell. When reinstalling using the memstick/iso the config recovery also now recovers SSH keys, which is also fun.
-
@jimp I just generated a backup of my config with 22.05 and there are still duplicate <sshdata> sections in it. However, if I understand correctly, 22.05 and above will now know to use only one section and then subsequent backups will only contain the one section?
-
Hmm, that's not what I would expect. If you try to restore it again I'd expect that to fail in the same way.
-
Looking at https://redmine.pfsense.org/issues/13132 it should be cleaning that up as a part of the restore process on 22.05.
-
I can't replicate that here in a backup.
Do you know the exact steps you took to reach that?
-
@stephenw10 said in pfSense Plus generating corrupted backups:
I can't replicate that here in a backup.
Do you know the exact steps you took to reach that?
Checking my old backups archive, the duplicate <sshdata> sections began appearing after I reinstalled pfSense 22.01 to a new disk and restored an XML config file to it. Every backup taken since then (including with today's 22.05 release) is generating duplicate <sshdata> sections.
-
The extra section was made then, but if you restore it to 22.05 it should work properly -- it will remove the duplicate, restore the keys, then remove the sshdata section entirely.
It's fixed when restoring, not when generating.
-
@jimp this is what i got on the last 22.05 RC
[25-Jun-2022 11:51:00 Europe/Zurich] PHP Fatal error: Uncaught Exception: XML error: SSHDATA at line 15302 cannot occur more than once in /etc/inc/xmlparse.inc:89 Stack trace: #0 [internal function]: startElement(Resource id #27, 'SSHDATA', Array) #1 /etc/inc/xmlparse.inc(188): xml_parse(Resource id #27, 'aCB023tWNBoI3S4...', true) #2 /etc/inc/xmlparse.inc(149): parse_xml_config_raw('/conf/config.xm...', Array, 'false') #3 /etc/inc/config.lib.inc(134): parse_xml_config('/conf/config.xm...', Array) #4 /etc/inc/config.gui.inc(56): parse_config() #5 /etc/inc/auth.inc(33): require_once('/etc/inc/config...') #6 /etc/inc/ipsec.inc(26): require_once('/etc/inc/auth.i...') #7 /etc/inc/gwlb.inc(27): require_once('/etc/inc/ipsec....') #8 /etc/inc/functions.inc(35): require_once('/etc/inc/gwlb.i...') #9 /etc/inc/notices.inc(26): require_once('/etc/inc/functi...') #10 /etc/inc/config.inc(51): require_once('/etc/inc/notice...') #11 /etc/inc/openvpn.inc(32): require_once('/etc/inc/config...') #12 /etc/inc/filter.inc(30): require_once('/etc/inc/openvp...') #13 /usr/local/sbin/ in /etc/inc/xmlparse.inc on line 89 [25-Jun-2022 11:51:00 Europe/Zurich] PHP Warning: fopen(): Filename cannot be empty in /etc/inc/notices.inc on line 101
This broke the whole system.
-
@jimp said in pfSense Plus generating corrupted backups:
The extra section was made then, but if you restore it to 22.05 it should work properly -- it will remove the duplicate, restore the keys, then remove the sshdata section entirely.
It's fixed when restoring, not when generating.
I can confirm 22.05 is still broken in this regard.
I created a backup of my running system in 22.05; the backup contained two <sshdata> sections.
I reinstalled 22.01 (latest ISO I have) then updated to 22.05 when prompted.
After rebooting, I restored the backed-up config file which completely broke pfSense and required another reinstall… which, coupled with the issue I reported here, was NOT fun.
At the console:
Fatal error: Uncaught Exception: XML error: SSHDATA at line 7349 cannot occur more than once in /etc/inc/xmlparse.inc:89 Stack trace: #0 [internal function]: startElement(Resource id #26, 'SSHDATA', Array) #1 /etc/inc/xmlparse.inc(188): xml_parse(Resource id #26, 'aEK1LX9+3feLBOO...', false) #2 /etc/inc/xmlparse.inc(149): parse_xml_config_raw('/conf/config.xm...', Array, 'false') #3 /etc/inc/config.lib.inc(134): parse_xml_config('/conf/config.xm...', Array) #4 /etc/inc/config.gui.inc(56): parse_config() #5 /etc/inc/auth.inc(33): require_once('/etc/inc/config...') #6 /etc/inc/openvpn.inc(35): require_once('/etc/inc/auth.i...') #7 /etc/inc/filter.inc(30): require_once('/etc/inc/openvp...') #8 /etc/inc/ipsec.inc(25): require_once('/etc/inc/filter...') #9 /etc/inc/gwlb.inc(27): require_once('/etc/inc/ipsec....') #10 /etc/inc/functions.inc(35): require_once('/etc/inc/gwlb.i...') #11 /etc/inc/notices.inc(26): require_once('/etc/inc/functi...') #12 /etc/inc/config.inc(51): require_once('/etc/inc/notice...') #13 /etc/rc.banner(2 in /etc/inc/xmlparse.inc on line 89 PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 89, Message: Uncaught Exception: XML error: SSHDATA at line 7349 cannot occur more than once in /etc/inc/xmlparse.inc:89 Stack trace: #0 [internal function]: startElement(Resource id #26, 'SSHDATA', Array) #1 /etc/inc/xmlparse.inc(188): xml_parse(Resource id #26, 'aEK1LX9+3feLBOO...', false) #2 /etc/inc/xmlparse.inc(149): parse_xml_config_raw('/conf/config.xm...', Array, 'false') #3 /etc/inc/config.lib.inc(134): parse_xml_config('/conf/config.xm...', Array) #4 /etc/inc/config.gui.inc(56): parse_config() #5 /etc/inc/auth.inc(33): require_once('/etc/inc/config...') #6 /etc/inc/openvpn.inc(35): require_once('/etc/inc/auth.i...') #7 /etc/inc/filter.inc(30): require_once('/etc/inc/openvp...') #8 /etc/inc/ipsec.inc(25): require_once('/etc/inc/filter...') #9 /etc/inc/gwlb.inc(27): require_once('/etc/inc/ipsec....') #10 /etc/inc/functions.inc(35): require_once('/etc/inc/gwlb.i...') #11 /etc/inc/notices.inc(26): require_once('/etc/inc/functi...') #12 /etc/inc/config.inc(51): require_once('/etc/inc/notice...') #13 /etc/rc.banner(2
Same error message when loading any page in the webConfigurator.
-
@hayescompatible said in pfSense Plus generating corrupted backups:
ror: SSHDATA at line 7349 cannot occur more than once
in /etc/inc/xmlparse.inc:89There's a known bug in the SSHDATA issue (https://redmine.pfsense.org/issues/13132) Check the redmine for details