updating to acme 1.0 breaks system beyond repair: need to restore from backup
-
Hi all,
Is that something known?
Trying to update the ACME to 1.0 from 0.9_1 and it completely breaks the system beyond repair instantly and system stops booting as well.
Upgrading pfSense-pkg-acme...
Updating pfSense-core repository catalogue...
Fetching meta.conf:
Fetching data.pkg:
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
Fetching meta.conf:
Fetching data.pkg:
pfSense repository is up to date.
All repositories are up to date.
The following 5 package(s) will be affected (of 0 checked):Installed packages to be REMOVED:
bind-tools: 9.20.6
pfSense: 2.8.0.1500029
protobuf: 28.3,1
protobuf-c: 1.4.1_7Installed packages to be UPGRADED:
pfSense-pkg-acme: 0.9_1 -> 1.0 [pfSense]Number of packages to be removed: 4
Number of packages to be upgraded: 1The operation will free 120 MiB.
277 KiB to be downloaded.
[1/1] Fetching pfSense-pkg-acme-1.0.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/5] Deinstalling pfSense-2.8.0.1500029...
[1/5] Deleting files for pfSense-2.8.0.1500029: ........then GUI goes
https://fqdn:9443/pkg_mgr_install.php404 Not Found
nginxand finally if system is rebooted
-
@MarvinFS I did not have acme installed on my 2.8 VM, but I just installed it.. And had no issues
>> Installing pfSense-pkg-acme... Updating pfSense-core repository catalogue... Fetching meta.conf: Fetching data.pkg: pfSense-core repository is up to date. Updating pfSense repository catalogue... Fetching meta.conf: Fetching data.pkg: pfSense repository is up to date. All repositories are up to date. The following 4 package(s) will be affected (of 0 checked): New packages to be INSTALLED: pfSense-pkg-acme: 1.0 [pfSense] php83-ftp: 8.3.19 [pfSense] php83-pecl-ssh2: 1.3.1 [pfSense] socat: 1.8.0.2 [pfSense] Number of packages to be installed: 4What would concern me with what you posted is the REMOVAL
Installed packages to be REMOVED: bind-tools: 9.20.6 pfSense: 2.8.0.1500029 protobuf: 28.3,1 protobuf-c: 1.4.1_7I can't believe it would be a good thing to remove pfSense: 2.8.0.1500029
I thought I read somewhere about fix for removal of packages.. Maybe it was in the 2.8.1 release notes?
edit: well I didn't see it there - maybe it was redmine, I do recall reading somewhere there was issue with other packages being removed on install or update, etc. I will have to look around in the redmine
-
@MarvinFS said in updating to acme 1.0 breaks system beyond repair: need to restore from backup:
Installed packages to be REMOVED:
bind-tools: 9.20.6
pfSense: 2.8.0.1500029
protobuf: 28.3,1
protobuf-c: 1.4.1_7REMOVED sounds not good...
-
@MarvinFS on which pfSense version you tried this?
Since 2.8.0 is removed it must be 2.8.0 stable installed before... -
I don't know if that's my specific system, but it was cleanly installed not long ago after release of 2.8.0. and nothing fancy there.. so I'm confused what to do
-
I can't replicate that here, either. My system has the same versions of those packages installed and ACME goes on fine without wanting to remove them.
Sometimes we have seen issues like that happen if there were conflicting packages somehow, or third party repos enabled (like FreeBSD).
What's odd is that it doesn't say why it wants to remove them, just that they are going to be removed.
-
@MarvinFS same issue here?
-
Thank you for your support, people - really appreciate!
Failed to figure out what was that - probably some broken deps- I've had zenarmor manually installed and crowdsec.
I actually had that in the system - removed
rm /usr/local/etc/pkg/repos/Zenarmor.conf
rm /usr/local/etc/pkg/repos/FreeBSD.conf
rm /usr/local/etc/pkg.confbut that didn't change anything I ended up fresh installing 2.7.2 from ISO, then upgrading to 2.8 and then restoring config (can't use netinstall as new installer doesn't want to connect to my pppoe during setup for unknown reason - so I can't use it, but it works just perfectly fine in GUI)
Now the issue is resolved and I've installed acme just fine... can't tell what was that - I've been using pfsense maybe 10+ years.
-
@MarvinFS said in updating to acme 1.0 breaks system beyond repair: need to restore from backup:
it was cleanly installed not long ago after release of 2.8.0.
installed or upgraded?
@MarvinFS said in updating to acme 1.0 breaks system beyond repair: need to restore from backup:
can't use netinstall as new installer doesn't want to connect to my pppoe during setup for unknown reason - so I can't use it, but it works just perfectly fine in GUI)
more details here would be good.
@MarvinFS said in updating to acme 1.0 breaks system beyond repair: need to restore from backup:
I've had zenarmor manually installed and crowdsec.
hope your foot is OK
-
@jwt said in updating to acme 1.0 breaks system beyond repair: need to restore from backup:
installed or upgraded?
2.7.2 was installed first from iso then upgraded to 2.8 then config restored - that resolved the issue.
@jwt said in updating to acme 1.0 breaks system beyond repair: need to restore from backup:
more details here would be good.
no details - unfortunately installer doesn't provide any logs or troubleshooting info, except "unable to contact netgate servers" during install. Despite same PPPoE username and password specified in the initial prompt as used during normal operations.
-
Same issue, completely broke my system as soon as I started the package upgrade. I could not even SSH into the system and upon rebooting the system it would not boot anymore. I had to also restore from a backup. I have never had a package in pfsense completely hose the system like that.
When I ran the reinstall of 2.8.0 l restored the config directly from the drive and everything is working. The ACME package is also on version 1.0 after the restore now.
-
I upgrade from 0.9 to 1.0 on 2.8.0 today, no issue.
-
@slu said in updating to acme 1.0 breaks system beyond repair: need to restore from backup:
I upgrade from 0.9 to 1.0 on 2.8.0 today, no issue.
There must be some particular config or package conflict that causes the issue for some people. A package should not be able to break the system that bad though.
-
The OP of this thread had unsupported packages installed from third-party repositories, which is almost certainly where the problem originated. It doesn't matter if the repo configs were removed -- if local packages were installed/changed by those repos, those packages are still present.
While we do not deliberately break such configurations, if you install a package from unsupported repositories and they replace or mess with base system dependencies, then there is no telling what will break over time like this.
One of many reasons we discourage using anything but Netgate repositories for packages.
