pkg broken in 25.07.1?
-
hmm indeed.
A force re-install resulted in a downgrade of pkg. My only guess here is that version 2.2.2_2 of pkg was in use during the beta of 25.07?
[25.07.1-RELEASE][root@fw]/root: pkg-static install -fy pkg pfSense-repo pfSense-upgrade Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 3 package(s) will be affected (of 0 checked): Installed packages to be DOWNGRADED: pkg: 2.2.2_2 -> 1.21.3_5 [pfSense] Installed packages to be REINSTALLED: pfSense-repo-25.07.1 [pfSense] pfSense-upgrade-1.3.11 [pfSense] Number of packages to be reinstalled: 2 Number of packages to be downgraded: 1 The operation will free 7 MiB. 17 MiB to be downloaded. [1/3] Fetching pfSense-repo-25.07.1.pkg: 100% 6 KiB 6.3kB/s 00:01 [2/3] Fetching pkg-1.21.3_5.pkg: 100% 17 MiB 8.9MB/s 00:02 [3/3] Fetching pfSense-upgrade-1.3.11.pkg: 100% 31 KiB 31.6kB/s 00:01 Checking integrity... done (0 conflicting) [1/3] Reinstalling pfSense-repo-25.07.1... [1/3] Extracting pfSense-repo-25.07.1: 100% [2/3] Reinstalling pfSense-upgrade-1.3.11... [2/3] Extracting pfSense-upgrade-1.3.11: 100% [3/3] Downgrading pkg from 2.2.2_2 to 1.21.3_5... [3/3] Extracting pkg-1.21.3_5: 100% certctl: Skipping untrusted certificate f3377b1b (/etc/ssl/untrusted/f3377b1b.0) certctl: Skipping untrusted certificate 76cb8f92 (/etc/ssl/untrusted/76cb8f92.0) certctl: Skipping untrusted certificate 2e5ac55d (/etc/ssl/untrusted/2e5ac55d.0) certctl: Skipping untrusted certificate 5a7722fb (/etc/ssl/untrusted/5a7722fb.0) certctl: Skipping untrusted certificate 18856ac4 (/etc/ssl/untrusted/18856ac4.0) certctl: Skipping untrusted certificate 5e98733a (/etc/ssl/untrusted/5e98733a.0) certctl: Skipping untrusted certificate 66445960 (/etc/ssl/untrusted/66445960.0) certctl: Skipping untrusted certificate 57bcb2da (/etc/ssl/untrusted/57bcb2da.0) certctl: Skipping untrusted certificate 5d3033c5 (/etc/ssl/untrusted/5d3033c5.0) certctl: Skipping untrusted certificate 4304c5e5 (/etc/ssl/untrusted/4304c5e5.0) certctl: Skipping untrusted certificate 4a6481c9 (/etc/ssl/untrusted/4a6481c9.0) certctl: Skipping untrusted certificate 3e44d2f7 (/etc/ssl/untrusted/3e44d2f7.0) certctl: Skipping untrusted certificate 3e45d192 (/etc/ssl/untrusted/3e45d192.0) certctl: Skipping untrusted certificate 1636090b (/etc/ssl/untrusted/1636090b.0) certctl: Skipping untrusted certificate 08063a00 (/etc/ssl/untrusted/08063a00.0) certctl: Skipping untrusted certificate 5273a94c (/etc/ssl/untrusted/5273a94c.0) certctl: Skipping untrusted certificate 03179a64 (/etc/ssl/untrusted/03179a64.0) certctl: Skipping untrusted certificate 7aaf71c0 (/etc/ssl/untrusted/7aaf71c0.0) certctl: Skipping untrusted certificate 5e98733a (/etc/ssl/untrusted/5e98733a.0) certctl: Skipping untrusted certificate 57bcb2da (/etc/ssl/untrusted/57bcb2da.0) certctl: Skipping untrusted certificate 08063a00 (/etc/ssl/untrusted/08063a00.0) certctl: Skipping untrusted certificate 18856ac4 (/etc/ssl/untrusted/18856ac4.0) You may need to manually remove /usr/local/etc/pkg.conf if it is no longer needed. -
@SteveITS said in pkg broken in 25.07.1?:
@dennypage said in pkg broken in 25.07.1?:
"libutil.so.10" not found
hmm, see: https://forum.netgate.com/topic/198800/solved-pkg-upgrade-not-found-required-by-pkg/2
And thanks, I had missed that post.
-
@dennypage said in pkg broken in 25.07.1?:
version 2.2.2_2 of pkg
May have been pulled yesterday by https://forum.netgate.com/topic/198787/what-is-it-25.11.a.20250916.0600/6 as that was logged on the router I used. I haven't tried running pkg though.
-
@SteveITS said in pkg broken in 25.07.1?:
May have been pulled yesterday by https://forum.netgate.com/topic/198787/what-is-it-25.11.a.20250916.0600/6 as that was logged on the router I used. I haven't tried running pkg though.
Sure enough:
<13>1 2025-09-16T10:23:23.770794-07:00 fw pkg-static 66477 - - pkg upgraded: 1.21.3_5 -> 2.2.2_2I didn't take any action to initiate that which makes me rather uncomfortable.
-
@dennypage You logged in ~1 minute before that. :) I think it's part of the dashboard update check.
-
@SteveITS said in pkg broken in 25.07.1?:
You logged in ~1 minute before that. :) I think it's part of the dashboard update check.
LOL, yes.
However, any package / firmware changes need to require an explicit action to be taken by an administrator. Simply logging in definitely should never constitute such an action.
-
@dennypage That's a valid question. In general, in the past the "current" branch would change versions over time and presumably the update was tied to checking the new version. So it's not new behavior AFAIK but I wonder if it's still necessary.
FWIW this is also (seems) related to the "another instance is running" warning when logging in and immediately trying to update. On slower/ARM devices it can take a few minutes to update pkg and after that log entry appears the "other instance" is no longer running, in my experience.
That said though, I checked my home router and it was 29 hours after the login so seems unrelated:
Sep 15 11:28:06 php-fpm 23574 /index.php: Successful login for user 'admin' from: _____ (Local Database) Sep 16 16:31:44 pkg-static 7428 pkg upgraded: 1.21.3_5 -> 2.2.2_2I checked a 2100 where the last login was Sept 11 and it doesn't have pkg upgrading at all, until I logged in just now. Here's the delay for pkg there. Note the different version:
Sep 17 15:51:51 php-fpm 93201 /index.php: Successful login for user 'admin' from: _______ (Local Database) Sep 17 15:59:32 pkg-static 69005 pkg upgraded: 1.21.3_4 -> 1.21.3_5 -
I made a redmine for the pkg update delay.
-
Hmm, yes pkg is upgraded by pfSense-upgrade during the check to be sure it can check for pkgs!
But it can result in that ugly error. pkg-static should always work though as you found. -
said in pkg broken in 25.07.1?:
I made a redmine for the pkg update delay.
Jim replied to it already, short version, it's already solved. "...in Plus 25.11 and CE 2.9.0 the certutil program has been rewritten in C upstream and now completes in <1 second even on 1100."
-
Yup, it's waaaay faster!
