V2.1.4 - snort package won't install, hash broken?

orthopteroid

As reported https://208.123.73.68/index.php?topic=74640.msg435939#msg435939, but I posted to a thread for the wrong pfsense release and have new details. I will try to make amends here.

On a clean CF install of "2.1.4-RELEASE (amd64) built on Fri Jun 20 12:59:50 EDT 2014 FreeBSD 8.3-RELEASE-p16" I try to install snort. pfsense reports:

Beginning package installation for snort .
Downloading package configuration file… done.
Saving updated package information... done.
Downloading snort and its dependencies...
Checking for package installation...
  Downloading https://files.pfsense.org/packages/amd64/8/All/snort-2.9.6.2-amd64.pbi ... (extracting)

But takes a very long time, all the while loading the page. Eventually, the page stops loading and snort shows up in the installed packages tab. However, snort does not show up as a service on the main services tab. I check the log:

$ cat /var/log/services.log
...
Jul 31 17:59:30 php: /pkg_mgr_install.php: Beginning package installation for snort .
...

So I perform a safe reboot and recheck the logs:

...

Jul 31 18:38:59 php: rc.start_packages: Reinstalling package snort failed. Take appropriate measures!!!
...
Jul 31 18:38:59 kernel: x ./bin/mysqladmin: Write to restore size failed\n x ./bin/mysqlbinlog: Write to restore size failed\n x ./bin/mysqlcheck: Write to restore size failed\n x ./bin/mysqldump: Write to restore size failed\n x ./bin/mysqlimport: Write to restore size failed\n x ./bin/mysqlshow: Write to restore size failed\n x ./bin/mysqlslap: Write to restore size failed\n x ./bin/barnyard2: Write to restore size failed\n x ./bin/snort: Write to restore size failed\n x ./bin/u2boat: Write to restore size failed\n x ./bin/u2spewfoo: Write to restore size failed\n tar: (Empty error message)\n tar: Error exit delayed from previous errors.\n pbi_add: Failed extracting /root/tmp/apkg_snort-2.9.6.2-amd64.pbi\nof snort-2.9.6.2-amd64 failed!\n\nInstallation aborted.Removing package...\nStarting package deletion for snort-2.9.6.2-amd64...done.\nRemoving snort components...\nConfiguration... done.\ndone.\nFailed to install package.\n";
...
[etc etc etc]

And indeed snort has been removed from the installed packages folder. I double check filesystem usage:

$ df -h
Filesystem          Size    Used  Avail Capacity  Mounted on
/dev/ufs/pfsense0    442M    249M    157M    61%    /
devfs                1.0k    1.0k      0B  100%    /dev
/dev/ufs/cf          49M    773k    44M    2%    /cf
/dev/md0              38M    72k    35M    0%    /tmp
/dev/md1              57M    16M    36M    32%    /var
devfs                1.0k    1.0k      0B  100%    /var/dhcpd/dev

I also tried a filesystem check:

$ fsck -y /dev/ufs/pfsense0
** /dev/ufs/pfsense0 (NO WRITE)
** Last Mounted on /
** Root file system
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
8316 files, 510866 used, 395789 free (461 frags, 49416 blocks, 0.1% fragmentation)

Other notes:

1. The server install directory https://files.pfsense.org/packages/amd64/8/All/ shows file snort-2.9.6.2-amd64.pbi present but not snort-2.9.6.2-amd64.pbi.sha256. Is sha256 file missing for package snort-2.9.6.2-amd64.pbi ?

2. I see that snort-2.9.6.0-amd64.pbi hashes to 6B9E3BBD7A77CD63256BCB7902F03F9AAC9FCEFF2E6F5FC06F27DAB4FBCDAB35 but that snort-2.9.6.0-amd64.pbi.sha256 contains c42b84faa71dd6df8e0314141312f95ec349e235e0e69b5d69b0510be2a7be35. Broken hashes?

3. An install yesterday has an odd message in the syslog: > kernel: 568706c02e14da2353ca3e15faaf45cab1fcd7945a08d5121cf9d301eb0\n pbi_add: /root/tmp/apkg_snort-2.9.6.2-amd64.pbi failed checksum, the archive may be corrupt.\n";

Any advice on how to proceed? How do I try to install an old version of snort?

BBcan177

I would assume the you ran out of disk space to install the latest version.

Can you increase your RAM disk partitions size?

orthopteroid

I changed the ramdisks to 100MB each, restarted and tried to reinstall snort.

Again, installer doesn't get past the message: "Downloading https://files.pfsense.org/packages/amd64/8/All/snort-2.9.6.2-amd64.pbi …  (extracting)"

Snort appears in 'installed packages' tab but not in "services" menu. I double check the disk usage:

$ df -h
Filesystem          Size    Used  Avail Capacity  Mounted on
/dev/ufs/pfsense0    442M    239M    167M    59%    /
devfs                1.0k    1.0k      0B  100%    /dev
/dev/ufs/cf          49M    783k    44M    2%    /cf
/dev/md0              96M    428k    88M    0%    /tmp
/dev/md1              96M    16M    72M    19%    /var
devfs                1.0k    1.0k      0B  100%    /var/dhcpd/dev

[during install, /dev/ufs/pfsense0 never exceeded 61% and /dev/md? didnt change from 0% and 19%]

I reboot (oops, forgot to check the logs before reboot), then check logs:

php: rc.start_packages: Reinstalling package snort because its include file(/usr/local/pkg/snort/snort.inc) is missing!
php: rc.start_packages: PBI dir for snort-2.9.6.2-amd64 was not found - cannot cleanup PBI files
php: rc.start_packages: Beginning package installation for snort .
php: rc.start_packages: Reinstalling package snort because its include file(/usr/local/pkg/snort/snort.inc) is missing!
php: rc.start_packages: PBI dir for snort-2.9.6.2-amd64 was not found - cannot cleanup PBI files
php: rc.start_packages: PBI dir for snort-2.9.6.2-amd64 was not found - cannot cleanup PBI files
php: rc.start_packages: Beginning package installation for snort .
php: rc.start_packages: Reinstalling package snort failed. Take appropriate measures!!!
kernel: 568706c02e14da2353ca3e15faaf45cab1fcd7945a08d5121cf9d301eb0\n pbi_add: /root/tmp/apkg_snort-2.9.6.2-amd64.pbi failed checksum, the archive may be corrupt.\n";
kernel: 568706c02e14da2353ca3e15faaf45cab1fcd7945a08d5121cf9d301eb0\n pbi_add: /root/tmp/apkg_snort-2.9.6.2-amd64.pbi failed checksum, the archive may be corrupt.\nof snort-2.9.6.2-amd64 failed!\n\nInstallation aborted.";
kernel: 568706c02e14da2353ca3e15faaf45cab1fcd7945a08d5121cf9d301eb0\n pbi_add: /root/tmp/apkg_snort-2.9.6.2-amd64.pbi failed checksum, the archive may be corrupt.\nof snort-2.9.6.2-amd64 failed!\n\nInstallation aborted.Removing package…\n";

So, it looks like it was auto-removed because the hash failed ... I suspect that https://files.pfsense.org/packages/amd64/8/All/snort-2.9.6.2-amd64.pbi.sha256 is needed, no? Can anyone confirm that an install will fail when the sha256 file is missing? Does the problem get logged like this when that occurs?

[ I'm not sure if changing the ram disk sizes helped expose this or not. Probably, I just didn't look for all the log info the first time. ]

Supermule

Try a clean install on at least 1GB drive…. I dont have any issues with Snort but I use 17% of 4GB drive....

The disks doesnt grow even in VM's if you give it more room...it stays the same and need seriuos love to get going with bigger disks.

orthopteroid

The disk in question is 1GB. I notice though that on boot I can select 1 of 2 partitions to boot into ( I had previously been using pfsense 2.1 on a 1GB SD card, but it only had 1 partition). Perhaps this is why the main partition appears to only be about 500MB.

I'm using the pfSense-2.1.4-RELEASE-1g-amd64-nanobsd-vga-20140620-1259 image, but perhaps won't work with extra packages?

bmeeks

@orthopteroid:

The disk in question is 1GB. I notice though that on boot I can select 1 of 2 partitions to boot into ( I had previously been using pfsense 2.1 on a 1GB SD card, but it only had 1 partition). Perhaps this is why the main partition appears to only be about 500MB.

I'm using the pfSense-2.1.4-RELEASE-1g-amd64-nanobsd-vga-20140620-1259 image, but perhaps won't work with extra packages?

The Snort PBI binary package contains a number of support libraries for Barnyard2 and MySQL along with libpcap.  All together they occupy quite a bit of space while being "unzipped" and installed.  It appears you are perhaps running out of space.  Once that happens, the pfSense Package Manager never finishes the installation.

You are not the first person to have problems installing packages on NanoBSD devices.  I know I will probably get flamed for this statement, but with SSDs being so cheap now, I really don't see the advantage of a Nano install anymore – especially in light of the potential issues with installing other packages and just doing general firmware updates.  Just slap in a 32 GB or so SSD, do a full install with the i386 or AMD64 regular image, and let her rip.

Bill

Supermule

Totally agree!

I saw only 442MB on that partition and thought is was a 512MB card and I believe that its quite on the small side of things.

120GB of SSD is less than 100$ and that is not worth the hassle to settle for less.

orthopteroid

I can't test with an SSD/HDD unfortunately, but I did track down a larger SD card and am now able to install snort on the 4G nano image… hooray!

So, either it was that the <4G images have trouble installing snort or just the broken link to https://files.pfsense.org/packages/amd64/8/All/snort-2.9.6.2-amd64.pbi.sha256 (which I see is now fixed - thanks!).

Thanks to all for helping.

orthopteroid

Just one final update: I went back to my 2GB SD card and bumped the /tmp and /var ramdisk sizes to 200MB each and now snort will install. I've been using the vga pfsense image on a box in another room, and didn't (until today) see screen messages that /tmp was full. I guess when I set it earlier to 100MB it still wasn't large enough.

Regards.

Supermule

Good! :)