How to run pkg upgrade from Diagnostics → Command Prompt

DominikHoffmann

Today I received this notification email:

Notifications in this message: 1
================================

09:00:17 Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them:

curl: 8.5.0 -> 8.6.0 [pfSense]
unbound: 1.18.0_1 -> 1.19.1 [pfSense]

My question is whether it is okay to run pkg upgrade from Diagnostics → Command Prompt. Are there potential problems this might create?

stephenw10

Better to run it from an interactive prompt like via SSH. But if you have to you can upgrade with the -y switch like: pkg-static upgrade -y.

Steve

DominikHoffmann

@stephenw10 said in How to run pkg upgrade from Diagnostics → Command Prompt:

Better to run it from an interactive prompt like via SSH. But if you have to you can upgrade with the -y switch like: pkg-static upgrade -y.

Steve

What is the potential downside of running the command from the GUI? Also, why do you suggest pkg-static, as opposed to pkg?

stephenw10

If the install fails for some unexpected reason you will only see anything in the GUI if the command completes. Otherwise the page will just hang and eventually timeout. It's unlikely though those pkg upgrades are pretty widely used.
But at an SSH prompt you can see any errors and abort the process.

pkg-static is safer as it uses static linked libs so will always run. If an install has pulled in newer libs from a newer available version pkg may error out. It does it immediately and just returns an error though so it's unlikely to cause a problem when used discretely like that. The pfSense system scripts use pkg-static because when used as part of a script it will abort the script if it fails.

DominikHoffmann

@stephenw10: Shouldn’t then the emailed notification use the png-static nomenclature, too?

stephenw10

When you use the pkg command directly it would just safely fail. But the email says to run it from the shell not via the webgui. And I believe that is generated by a 3rd party script?

DominikHoffmann

@stephenw10: Ah, yes! It is the script from the post by @luckman212, titled “Auto update check, checks for updates to base system + packages and sends email alerts”.

Gertjan

@DominikHoffmann said in How to run pkg upgrade from Diagnostics → Command Prompt:

What is the potential downside of running the command from the GUI?

In one word : gravity
See it like this : you can potentially create the situation where you are sawing that tree branch while sitting on it.

When you receive a mail from the "luckman" script, and it announces :

@DominikHoffmann said in How to run pkg upgrade from Diagnostics → Command Prompt:

curl: 8.5.0 -> 8.6.0 [pfSense]
unbound: 1.18.0_1 -> 1.19.1 [pfSense]

Then you know why it says :

Some packages are part of the base system and will not show up in (pfSense GUI) Package Manager

as these two, unbound and curl, are system (FreeBSD) packages, NOT pfSense GUI packages, the ones that are shown here ;

So, this applies :

If any such updates are listed below, run pkg upgrade from the shell to install them

With 'shell' he means : console or SSH.

My advise : whatever happens : make sure, at any time, that you have a working console access.
If the console access works for you, chances are very great you might never need it.
The day you need console access is not the day you want to make it work first.

Set up SSH access, as this is the "next best" access. SSH access can be done from the same place as where you can access the GUI. So no need to crawl in front of the pfSense device with the small USB cable, or hook up a keyboard and screen to your pfSense box.

With SSH, when login, you see (the same) this :

0) Logout (SSH only)                  9) pfTop
1) Assign Interfaces                 10) Filter Logs
2) Set interface(s) IP address       11) Restart webConfigurator
3) Reset webConfigurator password    12) PHP shell + Netgate pfSense Plus tools
4) Reset to factory defaults         13) Update from console
5) Reboot system                     14) Disable Secure Shell (sshd)
6) Halt system                       15) Restore recent configuration
7) Ping host                         16) Restart PHP-FPM
8) Shell

Enter an option:

Use option 13 and you'll be good.

SwissSteph

@Gertjan
I'm bouncing back on your answer, because when I connect in SSH (not with the original user "admin" but mine which also has admin rights) I don't have the menu that comes back automatically, I only have this (in my Windows system)

Any idea? or how to launch it manually when I'm connected via SSH?

Thanks for your help

stephenw10

You can run /etc/rc.initial to bring up the menu. Though some options there require the admin/root user.

SwissSteph

@stephenw10
Thanks for the quick reply :-) ... it actually works for me.

Gertjan

@SwissSteph said in How to run pkg upgrade from Diagnostics → Command Prompt:

Any idea?

Windows has a ssh client ? [ I even don't want to know ^^ ]

Yeah, go here.
Don't worry, the site look like the something from another centry, but it host worlds most important admn on planet earth.
Putty.
It's a the best SSH client (IMHO of course). Some extra tools come with it.

Run it, enter the IP of pfSense, port 22 (SSH) and save that as a favourite.
Then Connect.
The first time it will ask if you trust the device (your pfSense) : accept.
Done : connected.
Login with "root" (!) don't hassle with other created users or so, pfSense is a router firewall, not a multi user devices server type thing.
The password is the GUI password.

Later on, you'll ditch the user/password login. Real ;) admins use :

DominikHoffmann

@Gertjan said in How to run pkg upgrade from Diagnostics → Command Prompt:

It's a the best SSH client (IMHO of course). Some extra tools come with it.

I do like macOS Terminal!

NollipfSense

@DominikHoffmann said in How to run pkg upgrade from Diagnostics → Command Prompt:

I do like macOS Terminal!

Me also, as well.

Gertjan

@NollipfSense @DominikHoffmann

seems very 'MSoft' to me.

Really, guys, I agree, but can I advise @DominikHoffmann to create a Mac clone to get access to its build in ssh

SwissSteph

@Gertjan
yes, SSH command in a terminal session under Windows

SwissSteph

@stephenw10

I come back to your answer and my answer where I said that this command worked (which is still the case).

But why doesn't this menu appear by itself? I set the original "user" "admin" to disabled and created another "admin" with another name, is that why the menu doesn't appear by itself?

I've also installed the "sudo" package, if this information helps to solve my problem.

Gertjan

@SwissSteph said in How to run pkg upgrade from Diagnostics → Command Prompt:

But why doesn't this menu appear by itself? I set the original "user" "admin" to disabled and created another "admin" with another name, is that why the menu doesn't appear by itself?

=>

@stephenw10 said in How to run pkg upgrade from Diagnostics → Command Prompt:

You can run /etc/rc.initial to bring up the menu. Though some options there require the admin/root user.

See also : Admin Access.

stephenw10

The admin user is set to use the console menu as it's shell directly. For other users you need to add it to the tcsh config. Which can now easily be done because of: https://redmine.pfsense.org/issues/14746
For example when logged in as that user run: echo /etc/rc.initial >> ~/.tcshrc.local
Then logout and back in.

Steve

SwissSteph

@stephenw10

Steve,

Thanks for your reply, it works perfectly!!!

Have a nice day