Updated packages, incoming breakage, feedback needed



  • I'm uploading several packages at once (Squid, ClamAV, p3scan, SpamAssassin). For the next days, expect breakage (lots of). If you're afraid to ruin your installation, do not install packages during the next few days. Those packages are being updated because they were either not working or because I needed features that weren't available. The ones who were updated were mostly completaly rewritten (including Squid).

    The code in those packages depends on some stuff from HEAD, that will be gradually backported to RELENG_1 as it gets more mature. I need feedback. If you want to help, wait one or two days until everything is relatively settled, then cvs_sync.sh RELENG_1 and try to install the packages and tell me what broke. But be warned, this might ruin your installation, be sure you can handle it!

    Once again, BIG FAT WARNING: unless you know what you're doing, wait a few days or weeks until everything is 100% working before installing/upgrading your packages!



  • Will there be an announcement as well, when it's safe again to use packages?

    I don't know, if the squid-package is working ATM, because I still had no chance to try pfsense (I'm just assembling a box for it), but I'd appreciate an info, if / when the squid-package is useable again.



  • Yeah, we'll post a note here when it's safe to use those packages again.

    Note that not all packages will be broken for the next few days. Only the following packages might not be fully functional during the next few days: squid, p3scan, clamav, spamassassin, clamsmtp, freeradius and viralator. The HAVP package might also not work perfectly, since it depends on ClamAV. The other packages weren't affected by this upgrade, so if they were considered broken before, they're still broken, and if they were considered stable before, they're still considered stable now. Since most of those packages that were updated were considered broken before the update (or were only partially functional), it should not be a great loss.

    The packages manifest was updated in the last few minutes. Now people who want to test them, please sync to CVS RELENG_1 before testing (cvs_sync.sh RELENG_1), then simply install the packages you want to test. Some things weren't backported yet, so things like input validation and default values will probably not work. The big fat warning I posted in the first post in this thread still holds true, so if you think you can't handle bad things that may happen, don't install or update your packages. Feedback is appreciated, though.



  • "General settings->Proxy port" need default value '3128'
    If defined "transparent proxy" must be disable field Proxy post"



  • @dvserg:

    "General settings->Proxy port" need default value '3128'

    There's a default value., and it is 3128 The code that does default values is still only in HEAD, though. Gonna be backported soon.

    @dvserg:

    If defined "transparent proxy" must be disable field Proxy post"

    I don't think that's a good idea. People might want to use the proxy as both a transparent proxy and connect to it directly. For example, set the proxy as transparent for LAN, while users from OPT1 might want to connect to the proxy directly.



  • Hi,

    If the clamav package is resonably stable I can test HAVP with it. Are more changes in ClamAV expected?

    raj



  • Yeah, all those packages are reasonably stable, if you consider that they're not likely that they'll brick your machine (however, read the big fat warnings posted earlier). The problems you should encounter could be related to the installation. If it installs, it's probably working.

    I'd like to integrate ClamAV with HAVP (that was the initial plan) and maybe Squid, so that we can get rid of Viralator. Take a look at clamav.inc. It can be configured to add new fields as new packages are installed. I got a bit sidetracked atm, but in a few days I should be trying to integrate HAVP with ClamAV and Squid.



  • I am bit free now, So I will start working on HAVP and ClamAV. Do drop me a line when you are free so that we can coordinate and avoid working on the same thing.

    raj



  • Tested HAVP and is woking fine. Basically HAVP uses only the ClamAV Libraries for scanning. If some one else has any problems with HAVP or ClamAV pl report.

    raj



  • Anyone testing these patches we have MFC'd the trasnparent bits to enable these services to work transparently.



  • Under the Metallic theme (and the Metallic theme only) both the ClamAV and HAVP package configuration options appear to the right of the PfSense frame.  The settings appear properly, but the whole box is shifted to the right leaving a big empty white box where the configurations should appear.



  • @submicron:

    Under the Metallic theme (and the Metallic theme only) both the ClamAV and HAVP package configuration options appear to the right of the PfSense frame.  The settings appear properly, but the whole box is shifted to the right leaving a big empty white box where the configurations should appear.

    Heh I've seen that before.  Had to do with developing in HEAD and then backporting to RELENG_1.  $pgtitle changes I believe.  Hopefully that tidbit helps fix this problem :)

    –Bill



  • Updated ClamAV with Transparency support. To get Transparency in RELENG_1 branch (ie released versions) add the following  in your /etc/inc/filter.inc

    #Add package specific nat rule inside this anchor
            $natrules .= "rdr-anchor "rdr-package/*" \n";

    After this

    
    if (is_package_installed('clamav') && file_exists('/usr/local/pkg/clamav.inc')) {
                    require_once('clamav.inc');
                    $natrules .= clamav_generate_rules('nat');
            }
    
    

    Please execute cvs_sync.sh releng_1 from command shell, before attempting the patch. Reboot after the patch and then install the new HAVP package.

    Please report any feedback about this package in this thread.

    raj



  • I am trying to get rid of squid so I can reinstall it.  I tried through the gui first, it just hangs.  So I did it through the pkg_delete command line tool.  pkg_info reveals no such package now.  But when I go to install packages, it still shows as installed, thus not allowing me to install/reinstall.



  • @Sifter:

    I am trying to get rid of squid so I can reinstall it.  I tried through the gui first, it just hangs.  So I did it through the pkg_delete command line tool.  pkg_info reveals no such package now.  But when I go to install packages, it still shows as installed, thus not allowing me to install/reinstall.

    Download the config.xml from diagnostics>backup/restore and check "do not backup package information" and restore the config again. Should solve the problem.



  • ok I did that, the package installed.  I went to services to try to start it, and got the following error:  "(squid): Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time".

    So I ran squid -z and no longer see that error message, but whenever I hit start through the gui, it just goes back to stopped.



  • the same about squid at here, i did sync to RELENG_1.
    i go to console and do:

    • netstat -na | grep :3128 (for checking squid is running or not) but not found.
    • check tmp/rules.debug , but not rule for squid in mode transparent.
      Thanks.


  • More Updates to HAVP Package,

    • Package now uses latest verison of HAVP
    • You can exclude certain IPs from transparent proxy
    • Added 3 more havp options to web interface.
    • Transparency status is now persistent across reboot.

    Give it a whirl, if it works well, this will become beta and then release version.

    raj



  • Thanks raj,
    Do you add options for using HAVP Package with squid cache? It will great.
    Thanks you.



  • i'm unable to either deinstall or reinstall squid

    squid.xml

    Warning: delete_package(squid.inc): failed to open stream: No such file or directory in /etc/inc/pkg-utils.inc on line 652 Fatal error: delete_package(): Failed opening required 'squid.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /etc/inc/pkg-utils.inc on line 652



  • @Sifter:

    I am trying to get rid of squid so I can reinstall it.  I tried through the gui first, it just hangs.  So I did it through the pkg_delete command line tool.  pkg_info reveals no such package now.  But when I go to install packages, it still shows as installed, thus not allowing me to install/reinstall.

    I exactly have this same problem! Glad to know I'm not the only one.



  • @jola:

    Do you add options for using HAVP Package with squid cache? It will great.

    Yes, There is an option to specify parent proxy in thenew version.

    raj



  • Raj

    is there any thing i have to look at when using havp ?
    does the package autocreate the "transparent-rule" ?
    cause it would not work when i tried last time …  :'(



  • I am unable to install havp her is what the log states for the package:

    Beginning package installation.
    Downloading package configuration file…
    havp-0.80_5 Array
    (
        [0] => Requested space: 1172 bytes, free space: 16762202112 bytes in /var/tm
    p/instmp.4mBLsp
        [1] => tar: Unrecognized archive format: Inappropriate file type or format
        [2] => pkg_add: tar extract of /tmp/apkg_havp-0.80_5.tbz failed!
        [3] => pkg_add: unable to extract table of contents file from '/tmp/apkg_hav
    p-0.80_5.tbz' - not a package?
        [4] => pkg_add: 1 package addition(s) failed
    )

    Package WAS NOT installed properly.

    Please help!



  • Hi,

    I was busy with some other stuff and forgot about this forum :)

    is there any thing i have to look at when using havp ?

    Yes, You have to add an anchor for HAVP.

    mrreload: Can you try once more? For some reason the downloaded package is not a package.

    raj



  • how to do that ? and where ?
    can you post it here ?



  • This is the adding havp anchor part, I had posted this couple of posts back.

    @raj2569:

    Updated ClamAV with Transparency support. To get Transparency in RELENG_1 branch (ie released versions) add the following  in your /etc/inc/filter.inc

    #Add package specific nat rule inside this anchor
            $natrules .= "rdr-anchor "rdr-package/*" \n";

    After this

    
    if (is_package_installed('clamav') && file_exists('/usr/local/pkg/clamav.inc')) {
                    require_once('clamav.inc');
                    $natrules .= clamav_generate_rules('nat');
            }
    
    

    Please execute cvs_sync.sh releng_1 from command shell, before attempting the patch. Reboot after the patch and then install the new HAVP package.

    Please report any feedback about this package in this thread.

    raj

    raj



  • Ok,
    I tried again and I am getting the same thing. Log shows exactly the same as earlier post. I have tried deleteing the havp package file from /tmp, same. Tried to install it with or without squid installed. Tried a fresh install of pfsense, same. Strange thing is I have other packages installed without any issue. Squid and Freeradius.



  • Hi,

    Pl give me some time to go through this. I had reinstalled my pfSense test box for testing some other stuff, will finish that and come back.

    raj



  • Anything yet?



  • @mrreload:

    Ok,
    I tried again and I am getting the same thing. Log shows exactly the same as earlier post. I have tried deleteing the havp package file from /tmp, same. Tried to install it with or without squid installed. Tried a fresh install of pfsense, same. Strange thing is I have other packages installed without any issue. Squid and Freeradius.

    The same happens for me, even on a new install of pfsense.  Here's the error i get for HAVP:

    Downloading package configuration file… done.
    Saving updated package information... done.
    Downloading havp and its dependencies... done.
    Checking for successful package installation... failed!

    Installation aborted.


    Here's the error I get when trying to install CLAMAV:

    Installing clamav and its dependencies.
    Executing custom_php_resync_config_command()...

    It just sits there until I go and close the page after several minutes.  Weird thing though is that CLAMSMTP installs fine without any problems.

    Thanks in advance...


Locked