Broken updates/upgrades/packages segmentation faults etc



  • Hopefully I will cover a lot of basis here with this post because we have seen a lot of these faults.

    If you are getting any of the following errors updating pfSense please try these steps.

    Upgrading from console option 13
    Error updating repositories
    Child process pid=xxxx terminated abnormally: Segmentation fault
    pkg: Repository pfSense-core load error: access repo file(/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or directory
    Warning: require_once(Net/IPv6.php): failed to open stream:

    Console or SSH into you device
    Try running these commands exactly as typed here.

    pkg-static update –f
    
    pkg-static upgrade –f
    
    pkg update -f
    
    pkg upgrade -f
    
    pfSense-upgrade -4
    

    If any of these fail, check your DNS

    nslookup
    set type=srv
    _https._tcp.pkg.pfsense.org
    

    If you do not receive a valid response then your DNS servers may have been wiped or the GW removed from the DNS settings. You need to temporarily fix this with these commands.

    echo "nameserver x.x.x.x" > /etc/resolv.conf
    route add default y.y.y.y
    

    where x.x.x.x is a valid public dns and y.y.y.y is your public wan gw ip address.



  • @mrohler:

    ….
    If you do not receive a valid response then your DNS servers may have been wiped

    … or you keep the default DNS Resolver activated.
    Root DNS can't get wiped - and if they do, Internet, as we know it, is dead anyway.

    Btw : I'm answering here because I think - not having any proof - that so many people mess up their DNS, without knowing what they are actually doing. LAN devices still work, they resolve, but pfSense can't resolve anymore, so no more upgrade notifications, no more package upgrades proposed. And the day they want to upgrade pfSense, all 'hell' breaks loose.
    All this because they went '8.8.8.8' haywire (Google should have chosen 6.6.6.6, there would be less issues for sure), or some other remote resolver, without finishing the job.

    Good thing you posted your findings, although

    echo "nameserver x.x.x.x" > /etc/resolv.conf
    

    could work under special, non default conditions. By default unbound isn't using /etc/resolv.conf, see https://www.unbound.net/documentation/unbound-host.html
    I'd would like an explanation of this one :

    route add default y.y.y.y
    


  • @Gertjan:

    I'd would like an explanation of this one :

    route add default y.y.y.y
    

    Although the OP mentioned this in terms of DNS resolution, it's more basic.  It adds (temporarily) a default IP route (aka default gateway).  Without routes you won't reach anything, let alone an upstream DNS server[1].  Drilling down further, you'd also want to verify that your WAN interface has a valid IP address, netmask and is UP.  Useful checks:

    ping y.y.y.y
    
    ifconfig -a
    

    [1]<pedantic>unless they're on local subnets</pedantic>