Pkg upgrade or pkg delete/install

sparkman123

I had a question about upgrading packages that have different names. Specifically, I installed 3 packages for sockd for pfsense 2.4.4

pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/cyrus-sasl-2.1.27.txz
pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/miniupnpc-2.1_1.txz
pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/dante-1.4.2_1.txz

Now, however, the newer packages all have a numerical different suffix in their name,

pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/cyrus-sasl-2.1.27_1.txz
pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/miniupnpc-2.1_2.txz
pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/dante-1.4.2_1.txz

When I try to run pkg upgrade for one of them, I receive a message saying that "that package isn't installed, can't upgrade." I'm assuming that has to do with the differences in names.

Should I use pkg-upgrade or uninstall the old packages using pkg delete and install a fresh copy?

Thanks.

bmeeks

First, what you are doing is extremely dangerous for a pfSense firewall. You risk breaking the firewall completely because the libraries pulled in by these packages may conflict with the version of the same libraries required by pfSense. You should only use the official pfSense package repository.

However, if you want to continue to live dangerously, I think the proper sequence of commands would be:

pkg update
pkg upgrade

These commands assume you have an additional repo configured pointing to where you got these third-party packages in the first place. Since you specified where to download the packages initially via a URL, I suspect you do not have a proper repo defined. And I will warn you once more, doing that and running the commands I listed is likely to totally break pfSense.

You can find the offical FreeBSD documentation pages for pkg and its various siblings here.

nzkiwi68

@bmeeks I must completely agree.

pfSense is supposed to be a locked down safe "appliance" with specific additional packages that are managed and tested.

You risk doing one or all of the following;

• introducing a serious security vulnerability into pfSense
• conflicting with existing libraries breaking pfSense
• damaging pfSense so it won't upgrade to next version or install package xxx
• introduce a bug that shouldn't and doesn't exist with a standard installation

sparkman123

Thank you for the info.

I think it should be pointed out that I'm not the first to try to use dante- there's this post, this one and this tutorial. If you do a forum search you'll find quite a few hits on other posts.

The utility I'm installing is dante, or sockd, which is a fairly well fleshed out distro (it has its own freebsd manpage). I'm also installing a small number of support packages, so that limits the potential performance degradation vector.

Finally, I'm doing all my testing on a VM for weeks prior to rolling it out on bare metal.

Your initial point is correct though- dante and its supporting libs are not supported by pfsense out of the box and thus could cause problems.

But not all packages are created equal- some pose more risk than others. Case in point, before I settled on dante, I looked at another socks proxy, SS5. While it is in the freebsd packages library it is not nearly as well documented and does not appear to be as well vetted as sockd. It is my judgement that sockd poses less of a risk than SS5.

Others are free to come to their own conclusions, however. Some might not want to take any risk at all. If the need for functionality outweighs the risk my suggestion would be to look through the code of a package, read its documentation and see how many others have posted/played with it before coming up with a final decision.

bmeeks

@sparkman123 said in Pkg upgrade or pkg delete/install:

Thank you for the info.

I think it should be pointed out that I'm not the first to try to use dante- there's this post, this one and this tutorial. If you do a forum search you'll find quite a few hits on other posts.

The utility I'm installing is dante, or sockd, which is a fairly well fleshed out distro (it has its own freebsd manpage). I'm also installing a small number of support packages, so that limits the potential performance degradation vector.

Finally, I'm doing all my testing on a VM for weeks prior to rolling it out on bare metal.

Your initial point is correct though- dante and its supporting libs are not supported by pfsense out of the box and thus could cause problems.

But not all packages are created equal- some pose more risk than others. Case in point, before I settled on dante, I looked at another socks proxy, SS5. While it is in the freebsd packages library it is not nearly as well documented and does not appear to be as well vetted as sockd. It is my judgement that sockd poses less of a risk than SS5.

Others are free to come to their own conclusions, however. Some might not want to take any risk at all. If the need for functionality outweighs the risk my suggestion would be to look through the code of a package, read its documentation and see how many others have posted/played with it before coming up with a final decision.

Just wanted to be sure you were aware of the risks. When folks post it is sometimes hard to determine their "skill level" with pfSense and firewalls in general. So I tend to start with the more elementary things first and move up from there depending on my perception of the poster's skills. We get all kinds here ... . More than once folks have come here asking why they can't get pfSense to install under Windows. They actually think it is just some application you install like Microsoft Office or something ... .

Sounds like you are aware of the risks and willing to accept them.