Issue upgrading from 2.7.0 to 2.7.2

tom9909

Hi everyone,

We have a number of customers that are unable to upgrade from 2.7.0

When looking at update, there are no branches available:

I've checked DNS resolves

Running certctl rehash hasnt resolved the issue and when running pkg-static upgrade pkg I get

pkg-static: Unable to open '/usr/local/etc/pkg/repos//pfSense.conf':No such file or directory
No active remote repositories configured.

pfSense-upgrade

Navigating to /usr/local/etc/pkg/repos/pfSense.conf shows the file however when attempting to edit it says it doesnt exist or is not a regular file.

Any assistance would be appreciated :)

stephenw10

You can run pkg-static -d update to see what the error is.

But coming from 2.7.0 you probably need to rehash the certs using: certctl rehash
Then retry.

Steve

tom9909

@stephenw10 Thank you.
I've tried the certctl rehash multiple times and pkg-static -d update outputs the below:

DBG(1)[21787]> pkg initialized
pkg-static: Unable to open '/usr/local/etc/pkg/repos//pfSense.conf':No such file or directory
No active remote repositories configured.

tom9909

So I entered the following into the config file:

pfSense: {
  url: "pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core",
  mirror_type: "srv",
  enabled: yes
}

FreeBSD: {
  enabled: no
}

And then after rerunning pkg-static -d update i get the following:

DBG(1)[11238]> pkg initialized
Updating pfSense repository catalogue...
DBG(1)[11238]> PkgRepo: verifying update for pfSense
DBG(1)[11238]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[11238]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/meta.conf
DBG(1)[11238]> curl_open
DBG(1)[11238]> Fetch: fetcher used: pkg+https
DBG(1)[11238]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/meta.conf

DBG(1)[11238]> CURL> attempting to fetch from , left retry 3

• Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults
• Trying 208.123.73.207:443...
• Connected to pkg00-atx.netgate.com (208.123.73.207) port 443
• ALPN: curl offers http/1.1
• CAfile: none
• CApath: /etc/ssl/certs/
• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
• ALPN: server accepted http/1.1
• Server certificate:
• subject: CN=*.netgate.com
• start date: Mar 28 00:00:00 2024 GMT
• expire date: Apr 28 23:59:59 2025 GMT
• subjectAltName: host "pkg00-atx.netgate.com" matched cert's "*.netgate.com"
• issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
• SSL certificate verify ok.
• using HTTP/1.1

GET /pfSense_v2_7_0_amd64-core/meta.conf HTTP/1.1
Host: pkg00-atx.netgate.com
User-Agent: pkg/1.20.8
Accept: /
If-Modified-Since: Wed, 28 Jun 2023 04:49:25 GMT

< HTTP/1.1 200 OK
Fetching meta.conf: < Server: nginx
< Date: Mon, 12 Aug 2024 22:28:17 GMT
< Content-Type: application/octet-stream
< Content-Length: 163
< Last-Modified: Wed, 28 Jun 2023 04:49:24 GMT
< Connection: keep-alive
< ETag: "649bbbd4-a3"
< Strict-Transport-Security: max-age=31536000; preload
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Robots-Tag: all
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Accept-Ranges: bytes
<

• The requested document is not new enough
• Simulate an HTTP 304 response
• Closing connection

DBG(1)[11238]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.pkg
DBG(1)[11238]> curl_open
DBG(1)[11238]> Fetch: fetcher used: pkg+https
DBG(1)[11238]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.pkg

DBG(1)[11238]> CURL> attempting to fetch from , left retry 3

• Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults
• Hostname pkg00-atx.netgate.com was found in DNS cache
• Trying 208.123.73.207:443...
• Connected to pkg00-atx.netgate.com (208.123.73.207) port 443
• ALPN: curl offers http/1.1
• CAfile: none
• CApath: /etc/ssl/certs/
• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
• ALPN: server accepted http/1.1
• Server certificate:
• subject: CN=*.netgate.com
• start date: Mar 28 00:00:00 2024 GMT
• expire date: Apr 28 23:59:59 2025 GMT
• subjectAltName: host "pkg00-atx.netgate.com" matched cert's "*.netgate.com"
• issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
• SSL certificate verify ok.
• using HTTP/1.1

GET /pfSense_v2_7_0_amd64-core/packagesite.pkg HTTP/1.1
Host: pkg00-atx.netgate.com
User-Agent: pkg/1.20.8
Accept: /
If-Modified-Since: Wed, 28 Jun 2023 04:49:25 GMT

< HTTP/1.1 200 OK
Fetching packagesite.pkg: < Server: nginx
< Date: Mon, 12 Aug 2024 22:28:17 GMT
< Content-Type: application/octet-stream
< Content-Length: 1748
< Last-Modified: Wed, 28 Jun 2023 04:49:25 GMT
< Connection: keep-alive
< ETag: "649bbbd5-6d4"
< Strict-Transport-Security: max-age=31536000; preload
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Robots-Tag: all
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Accept-Ranges: bytes
<

• The requested document is not new enough
• Simulate an HTTP 304 response
• Closing connection

pfSense repository is up to date.
All repositories are up to date.

stephenw10

OK that that looks good.

Do you now see branches offered in the update settings? Can you select 2.7.2?

tom9909

@stephenw10 I think I found my issue

https://forum.netgate.com/topic/187311/branch-dropdown-empty-usr-local-etc-pfsense-pkg-repos-empty-2-7-2-ce/5

Unfortunately it looks intentional

stephenw10

Oh, you're running CE in Azure?

tom9909

@stephenw10 Yes, for approx. 2 years now.

stephenw10

Ah, then, yes, 2.7.0 is the last version that will see packages there. The dynamic repos will not pass branches to CE in Azure.