PFSense 1.2.3 packages not installing
-
I have been trying to install some packages on a couple of older PFSense boxes we have that are still on 1.2.3 and cannot be upgraded. I installed some packages a couple of weeks ago just fine. Today I tried installing several different packages and they all stop at "Loading package configuration…". I have tried on both embedded systems on the ALIX platform, as well as with a system with a hard drive in it. I checked the forum and it looks like there was a change to the packaging servers on March 13. Any idea what might be happening?
Thanks -
Yes, stuff moved: https://github.com/pfsense/pfsense/commit/dd246dc48d46b5bc356bb96d22ec2845c1525779 but I believe they intended to have redirects of things so it would all work for at least a year - https://forum.pfsense.org/index.php?topic=73657.0 - it would be worth you posting on that thread and you might get quick attention when @cmb wakes up.
-
Cross-posting this here.
v1.2.3 packages are no longer supported, that's almost a 5 year old release now, and 6 releases behind current within a few days when 2.1.1 is released. There isn't any reason you can't upgrade them. That said, ones that worked a couple weeks ago should still work now. We're not intentionally breaking them (yet), but some are broken because they now require PHP 5.My first guess is maybe something about those systems is preventing them from fetching files via HTTPS. Go to a command prompt and run:
fetch https://packages.pfsense.org/packages/config/filer/filer.xml
see if that succeeds. If not, try:
fetch http://packages.pfsense.org/packages/config/filer/filer.xml -
I understand that this is an older release. But it was fully supported not too long ago. We have many systems in production that cannot be upgraded, for reasons that don't really matter here. None of the production systems can load packages. I am talking about over 100 systems. They are all on different Internet connections from different providers. They could load packages a couple of weeks ago before the "Big change" in the package server. They can all see the packages that are available for download. They just always stop at the same spot, each and every one of them. They stop at "Loading package configuration…". I was hoping I could quickly be pointed in the right direction but I guess I will have to roll up my sleeves and dive into the package code. I am thinking that the router is looking for 1.2.3 configuration pointers that just aren't there anymore.
I tried fetching the files as per the last post but ran into read only file system issues and didn't want to start wasting time going down that rat hole. I'd rather just learn about the package system and how it works to get this solved.
Thanks -
Sounds like "oh noes, Windows XP not supported any more!!!" - moaning about this fact will produce about same results.
-
1.2.3 hasn't been fully supported in going on 3 years now, just because things happen to continue to work doesn't mean they're supported.
My guess was right on the cause, v1.x systems can't fetch files via HTTPS from servers requiring what's considered strong cryptography by today's standards. I changed the 1.2x package file back to use HTTP instead.
That will keep it working for the time being, but roughly this time next year, 1.x packages will completely stop working and will not be fixed. Between now and then, any number of packages may break as things are strictly tested on PHP 5 at this point.
-
@cmb:
1.2.3 hasn't been fully supported in going on 3 years now, just because things happen to continue to work doesn't mean they're supported.
My guess was right on the cause, v1.x systems can't fetch files via HTTPS from servers requiring what's considered strong cryptography by today's standards. I changed the 1.2x package file back to use HTTP instead.
That will keep it working for the time being, but roughly this time next year, 1.x packages will completely stop working and will not be fixed. Between now and then, any number of packages may break as things are strictly tested on PHP 5 at this point.
Interesting. That it came down to HTTP vs HTTPS. It must go a ways back.
If I were you Rocky I would be starting to plan an upgrade and I would also maybe look into sticking up your own repository if you don't think you can push through an upgrade in time.
Sounds like "oh noes, Windows XP not supported any more!!!" - moaning about this fact will produce about same results.
Yes it is old. It is a large batch of production systems. Maybe you would volunteer your time to plan, test and roll out the upgrade. ::) Even though the OP's ask may be a bit long in the tooth I think he asked it in a fairly reasonably spirited way.
-
CMB,
Thanks for making the change back to HTTP. I surely appreciate it. I haven't tried it yet but I will be getting to this later today.Bryan,
Thanks for being understanding. I certainly wasn't moaning and expecting someone else to do the heavy lifting for me. I was simply asking to be pointed in the right direction. I obviously have a very large upgrade project ahead of me. We knew this was coming but as usual, the project wasn't at the top of the list. I had already been looking at setting up our own repository to buy us some time but then the change happened to the package system and it was too late. It looks like I have been given a second chance.Thanks guys.