Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pkg upgrade or pkg delete/install

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sparkman123
      last edited by

      I had a question about upgrading packages that have different names. Specifically, I installed 3 packages for sockd for pfsense 2.4.4

      pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/cyrus-sasl-2.1.27.txz
      pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/miniupnpc-2.1_1.txz
      pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/dante-1.4.2_1.txz
      

      Now, however, the newer packages all have a numerical different suffix in their name,

      pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/cyrus-sasl-2.1.27_1.txz
      pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/miniupnpc-2.1_2.txz
      pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/dante-1.4.2_1.txz
      

      When I try to run pkg upgrade for one of them, I receive a message saying that "that package isn't installed, can't upgrade." I'm assuming that has to do with the differences in names.

      Should I use pkg-upgrade or uninstall the old packages using pkg delete and install a fresh copy?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        First, what you are doing is extremely dangerous for a pfSense firewall. You risk breaking the firewall completely because the libraries pulled in by these packages may conflict with the version of the same libraries required by pfSense. You should only use the official pfSense package repository.

        However, if you want to continue to live dangerously, I think the proper sequence of commands would be:

        pkg update
        pkg upgrade
        

        These commands assume you have an additional repo configured pointing to where you got these third-party packages in the first place. Since you specified where to download the packages initially via a URL, I suspect you do not have a proper repo defined. And I will warn you once more, doing that and running the commands I listed is likely to totally break pfSense.

        You can find the offical FreeBSD documentation pages for pkg and its various siblings here.

        nzkiwi68N 1 Reply Last reply Reply Quote 1
        • nzkiwi68N
          nzkiwi68 @bmeeks
          last edited by

          @bmeeks I must completely agree.

          pfSense is supposed to be a locked down safe "appliance" with specific additional packages that are managed and tested.

          You risk doing one or all of the following;

          • introducing a serious security vulnerability into pfSense
          • conflicting with existing libraries breaking pfSense
          • damaging pfSense so it won't upgrade to next version or install package xxx
          • introduce a bug that shouldn't and doesn't exist with a standard installation
          1 Reply Last reply Reply Quote 0
          • S
            sparkman123
            last edited by

            Thank you for the info.

            I think it should be pointed out that I'm not the first to try to use dante- there's this post, this one and this tutorial. If you do a forum search you'll find quite a few hits on other posts.

            The utility I'm installing is dante, or sockd, which is a fairly well fleshed out distro (it has its own freebsd manpage). I'm also installing a small number of support packages, so that limits the potential performance degradation vector.

            Finally, I'm doing all my testing on a VM for weeks prior to rolling it out on bare metal.

            Your initial point is correct though- dante and its supporting libs are not supported by pfsense out of the box and thus could cause problems.

            But not all packages are created equal- some pose more risk than others. Case in point, before I settled on dante, I looked at another socks proxy, SS5. While it is in the freebsd packages library it is not nearly as well documented and does not appear to be as well vetted as sockd. It is my judgement that sockd poses less of a risk than SS5.

            Others are free to come to their own conclusions, however. Some might not want to take any risk at all. If the need for functionality outweighs the risk my suggestion would be to look through the code of a package, read its documentation and see how many others have posted/played with it before coming up with a final decision.

            bmeeksB 1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks @sparkman123
              last edited by bmeeks

              @sparkman123 said in Pkg upgrade or pkg delete/install:

              Thank you for the info.

              I think it should be pointed out that I'm not the first to try to use dante- there's this post, this one and this tutorial. If you do a forum search you'll find quite a few hits on other posts.

              The utility I'm installing is dante, or sockd, which is a fairly well fleshed out distro (it has its own freebsd manpage). I'm also installing a small number of support packages, so that limits the potential performance degradation vector.

              Finally, I'm doing all my testing on a VM for weeks prior to rolling it out on bare metal.

              Your initial point is correct though- dante and its supporting libs are not supported by pfsense out of the box and thus could cause problems.

              But not all packages are created equal- some pose more risk than others. Case in point, before I settled on dante, I looked at another socks proxy, SS5. While it is in the freebsd packages library it is not nearly as well documented and does not appear to be as well vetted as sockd. It is my judgement that sockd poses less of a risk than SS5.

              Others are free to come to their own conclusions, however. Some might not want to take any risk at all. If the need for functionality outweighs the risk my suggestion would be to look through the code of a package, read its documentation and see how many others have posted/played with it before coming up with a final decision.

              Just wanted to be sure you were aware of the risks. When folks post it is sometimes hard to determine their "skill level" with pfSense and firewalls in general. So I tend to start with the more elementary things first and move up from there depending on my perception of the poster's skills. We get all kinds here ... 😉. More than once folks have come here asking why they can't get pfSense to install under Windows. They actually think it is just some application you install like Microsoft Office or something ... 😕 .

              Sounds like you are aware of the risks and willing to accept them.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.