Given up on 2.2
-
"Next was postfix and Lightsquid which won´t work either"
Since when is it the responsibility of the pfsense developers to make sure packages work?? If you want to have a problem with someone - track down people creating/maintaining those packages. Same goes for clamav and reverse proxy..
Who said the resolver and forwarder were suppose to coexist? And what leaks did you notice?
Sorry but I feel no pain for anyone that blindly updates a production system to a brand new release, and then complains that something you use to do no longer works.. Where do you work that you could go to new release of anything without a backout plan.. If you use feature X of systems - first thing would be validate feature X works as it did before or better before moving that into production.
-
Since when is it the responsibility of the pfsense developers to make sure packages work??
I guess I'm in the minority in believing that a package that is offered via the pfSense package repository should actually work when installed without hacks and workarounds. To use his example, Lightsquid wouldn't work until you do the following:
ln -s /usr/pbi/lightsquid-amd64/local/www/lightsquid /usr/local/www/lightsquid ln -s /usr/pbi/lightsquid-amd64/local/etc/lightsquid /usr/local/etc/lightsquid pkg install perl5 pkg install p5-gd /usr/bin/perl /usr/pbi/lightsquid-amd64/www/lightsquid/lightparser.pl todayExpecting users to figure this out on their own is absurd.
-
None of this surprises me…
A release always happens
People install and works for most but there are always package issues and other issues once a large enough base has started using new release.
Then the packages get updated
Minor release with fixes of pfsense gets pushed.
And then its solid.Thats how 2.1 got to be 2.15 I think and I'm pretty sure I heard all the same sorts of complaints going into 2.1
Anyway - If something isn't working for a percentage of people, I'm sure its just a short waiting game before its fixed.
So if its a critical bug for you, roll back to last working version and wait the fixes.Thats my guess anyway.
-
I would second KOM's comment - since packages are now in full control of the dev team - they are built, hosted and toolkit access controlled by them - it becomes pfSense's team responsibility that packages work without an error with basic config on clean install. And looking through the forum, it does not seems to be the case :(
I like pfSense and I greatly respect development team's work, but really hope that they can look into packages issue…
If it would be me, installing and owning some 3rd party package through pkg_add - I wold not complain, because I always can go and do some searching, test different versions, etc... But with pfSense packages it is almost impossible... Once can try and troubleshoot and post some workaround, but there is no guarantee that anyone will be looking into implementing it in the next release... I filed bugs for packages before, no one cares fixing them. -
I hear you, Kejainshi, but Lightsquid and Sarg have been broken since I started using pfSense more than a year ago – long before 2.2. I'm not going to rant about it (again), but it doesn't look good on the project to have common packages broken on install for a long time.
-
@KOM:
I hear you, Kejainshi, but Lightsquid and Sarg have been broken since I started using pfSense more than a year ago – long before 2.2.
Yes. So, there's actually no 2.2 regression then, no? :D :D :D
-
lightsquid worked just fine for me before 2.2
I just uninstalled it and squid dansguardian and the rest because I saw no continuing need to filter my kids web when he turned 13.Thank god too… Those packages do not make the internet more reliable.
I've had to roll back once or twice in the past, wait 3 months for an update and move forward also.
I half expect it with any new release of any OS or firmware.
-
If it's important to you:
-
Document what you see as best you can.
-
Open a bug report.
-
Roll back to 2.1.5.
-
Watch redmine to see the progress of your issue.
-
Proceed back to 2.2.X when you think it's safe to do so.
-
-
The best I would hope for, is that before packages can be added that they have to be validated. So when new release comes out there are no packages until the package creators/maintainers show that it works for that release.
So when release.x comes out all packages are removed and not available to install until the makers of said package get it validated for release.x - that would for sure be a win win for everyone involved if you ask me IMHO..
My point is the developers are not coding for all the packages, they are coding for the core.. To expect them do make sure their code doesn't break any package is also absurd.
-
Where were all these package maintainers during the beta and RC cycles?
-
Where were all these package maintainers during the beta and RC cycles?
- Some stuff has not been touched for ages.
- Some maintainers are gone.
- And frankly, "packages are now in full control of the dev team" is exactly what did NOT help.
-
Where were all these package maintainers during the beta and RC cycles?
Exactly. I also realize that some of the packages are maintained by volunteers, but that's not optimal from a corporate standpoint to be reliant on Internet Joe to keep your packages validated and up to date.
-
Nothing ever changes :-) For over 20 years it´s been the same. My own developers call me a whiner when I complain about things not working or them not testing stuff properly…
My hope is that something may be learned and a new test and release procedure may help avoid this in the future. The idea to hold back unverified packages until tested is a good one. It would have saved me a lot of time and I wouldn´t even considered upgrading if I had seen some of the packages didn´t work with 2.2.
I actually did check what packages were available after the 2.2 fresh install and noticed they were all marked with 2.2 so I (naively) figured they were verified to some extent!
I also become a bit concerned by the comments that the packages are left alone and no one actually cares about them or touches them. I love PfSense but a leftover package is a huge security risk and may compromise the whole system! This may lead to demands for more secure options in a production environment. I´m also willing to bet a majority of the userbase have some packages installed and not only uses the core system.
Finally, please don´t regard this as whining, instead find a new way to make it better and keep up the good work that made me go with PfSense from the beginning!
Regards
-
Personally, I don't want 2.2 held back because of a problem with some stupid package with a long-absent maintainer that someone probably doesn't really need. They can stay on 2.1.5 until their package is supported or go to another solution.
I do like the idea of packages not showing up in available packages until they have a decent shot at working.
-
Another option is to have more than one repository for packages, like stable, testing, unstable etc.
This way people who want to risk and test can still do that. And people, who need prod-level stability will be able to judge better before upgrading. -
I couldn't agree more with you guys (FOM and 154218K2)
It was frustrating to upgrade my fw from 2.1.5 to 2.2 because of all the unverified packages that reside in the repo.
I know it's a huge task to test and verify all the packages, but imo thats no excuse.Snort, Squid, squidlight, havp are the most widely used packages around and they should work no matter what upgrade it is.
Thank god for the community to help me figure out some stuff and get it back up and running again !
-
I like the idea of packages having tags next to them basically stating what versions they are compatible with. If you want to provide a over ride button then that would be nice with a warning that certain packages have know compatibility issues, similar to what Windows does.
-
Where were all these package maintainers during the beta and RC cycles?
In my case, working. Porting packages to a great project does something near to zero return.
Another option is to have more than one repository for packages, like stable, testing, unstable etc.
I've tried it once but before starting coding I've decided to ask core team about it and the answer was no.
-
There is one now >>>> marcelloc
GET HIM!!!!
(kidding by the way - Great work you have done… For free???)
-
For free???
Most time yes. Some times somebody remembers that I need to eat and make me a donation or create a bounty.
Something that you may not have noticed is that on pfSense move from 2.0 to 2.1, packages changed from standart freebsd pkg to pcbsd pbi. So testing and compiling packages changed from as simple as using ports to a complete change on binary location and config files and the pseudo jail.
Hard work to change a lot of ported packages to keep it working.Then 2.2 jumped to freebsd 10(finally! :)) but pbi was dead on freebsd 8 or 9 (I guess). This way to keep packages on pbi, core team had to adapt it once again. Binary and config files moved(again) and started a lot of "missing libs" alerts for files that were not missing at all and all 2.1 php package changes did not worked for 2.2. Let's start checking and compiling everything again.
Once binary startup was fine without missing libs, conf files were messed up again. Some times looking on /usr/local and other times under /usr/pbi. And what about helpers and internal binaries called by squid and postfix for example. Main binary was ok but nobody to test in deep.
This is happening since november/december 2014. I have spent much more then my free time working together with Renato and available forum members that had time to test 2.2 beta and RC(cino for example).
2.3 will finally get back to freebsd packages(now on pkgng). compile and install will be much easier on developer's labs but somebody has a clue on what will happen to package gui php,xml and inc?
Will need to be fixed up again. :)
I love this project and did my best to get it even better.
Util pbis are fine on 2.2, there's nothing(or not much) maintainers can do.
