23.01 -> 23.05 upgrade failed
-
@Gertjan Thanks a lot.
In other words:
The packages that are shown are not associated or tied to the pfSense version currently running. New package versions shown may "belong" to the newer version of pfSense, and that means "think twice before updating packages if not running the most recent version of pfSense". Correct?
I always thought they are tied via some sort of version specific repository like in Debian or whatever. -
@demux said in 23.01 -> 23.05 upgrade failed:
The packages that are shown are not associated or tied to the pfSense version currently running.
Probably not ;)
You could update them right now .... before upgrading pfSense first.
You will be violating pfSense usage rules, though.
See the "what t do when an pfSese updgarde is aviable" : Netgate Blog post, upgrade documentation ( ! ), user experience here on the forum. etc.@demux said in 23.01 -> 23.05 upgrade failed:
New package versions shown may "belong" to the newer version of pfSense, and that means "think twice before updating packages if not running the most recent version of pfSense". Correct?
Correct.
@demux said in 23.01 -> 23.05 upgrade failed:
I always thought they are tied via some sort of version specific repository like in Debian or whatever.
Aha : the good question
This is my (private) answer : as soon as Netgate becomes a "Fortune 500" company, they will be able to manage a package repository for every available (supported) version they bring out.
So, example, when you use pfSense+ 23.01, the pfSense package list will show you only the packages available for that "23.01" version and not the other ones.You should know that not every pfSense packages is written and maintained by Netgate. Some are maintained by other people, like you and me.
Now, tell me, would you want to maintain your package for pfSense 2.4.5, 2.5.2, 2.6.0, 22.01, 23.01, 23.05 and several intermediate snap shot versions (so users can try out the newer versions with you before they will get released for he big public ) ?
Most probably : you don't, you'll maintain against the latest pfSense stable version only, as you don't want to be bothered with bugs from an ancient 2.4.5 version.You mentioned 'Debian' :
deb http://security.debian.org/ buster/updates main contrib non-free deb-src http://security.debian.org/ buster/updates main contrib non-free
so I use the 'buster' repository, (Debian 10) not the version '11' Bullseye.
Debian uses a dedicated repository for every main version release.
-
@pdavis Update - After toggling the "Current Stable Version" and "Previous Stable Version" in System/Update/System Update, the GUI now showed 23.05 upgrade option.
Upgrade processed without incident this time - it looks like it just appeared as an option in the GUI a day or so before the server side was ready.
-
I had an upgrade issue on my VM instance, flipping the branch between 23.01 and 23.05 resolved it and running update the second time worked. No such love on my physical install (Dell R210II). All attempts from GUI fail, so started trying via CLI.
I have tried a few iterations. After this issue, I flip the branch back to 23.01 and run "pkg-static clean -ay ; pkg-static install -fy pkg pfSense-repo pfSense-upgrade" which seems to get it back into a "good" state.
[23.01-RELEASE][admin@NONO]/root: cat /usr/local/etc/pkg.conf ABI=FreeBSD:14:amd64 ALTABI=freebsd:14:x86:64 [23.01-RELEASE][admin@NONO]/root: pfSense-upgrade -c >>> Setting vital flag on pfSense-upgrade... done. ERROR: It was not possible to determine pkg remote version >>> Updating repositories metadata... ^[[A^[[Adone. Your system is up to date [23.01-RELEASE][admin@NONO]/root: cat /usr/local/etc/pkg.conf ABI=FreeBSD:14:amd64 ALTABI=freebsd:14:x86:64 PKG_ENV { SSL_CA_CERT_FILE=/etc/ssl/netgate-ca.pem SSL_CLIENT_CERT_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-prev-cert.pem SSL_CLIENT_KEY_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-prev-key.pem } *** changed Branch setting in GUI to 23.05 *** [23.01-RELEASE][admin@NONO]/root: cat /usr/local/etc/pkg.conf ABI=FreeBSD:14:amd64 ALTABI=freebsd:14:x86:64 PKG_ENV { SSL_CA_CERT_FILE=/etc/ssl/netgate-ca.pem SSL_CLIENT_CERT_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-stable-cert.pem SSL_CLIENT_KEY_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-stable-key.pem } [23.01-RELEASE][admin@NONO]/root: pfSense-upgrade -c >>> Updating repositories metadata... done. 23.05 version of pfSense is available [23.01-RELEASE][admin@NONO]/root: pfSense-upgrade -d >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: . done Processing entries: .. done pfSense-core repository update completed. 15 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: .......... done Processing entries: Processing entries............. done pfSense repository update completed. 549 packages processed. All repositories are up to date. >>> Upgrading pfSense-upgrade... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-upgrade: 1.0_61 -> 1.0_66 [pfSense] Number of packages to be upgraded: 1 20 KiB to be downloaded. [1/1] Fetching pfSense-upgrade-1.0_66.pkg: ... done Checking integrity... done (0 conflicting) [1/1] Upgrading pfSense-upgrade from 1.0_61 to 1.0_66... [1/1] Extracting pfSense-upgrade-1.0_66: ...... done pfSense-repoc-static: invalid signature failed to read the repo data. failed to update the repository settings!!! failed to update the repository settings!!!
-
This post is deleted! -
@Raffi_ said in 23.01 -> 23.05 upgrade failed:
I had the same issue with upgrade error through GUI and then the GUI showing I already have the latest install. I was able to solve this by SSHing into console and using "pfsense-upgrade".
Hi Bro, it was the same here ,
I subscribed to this thread and I see you have been here, hope all is well with you, long time no hear from you...BTW:
SSH solves everything, hahaha -
@DaddyGo said in 23.01 -> 23.05 upgrade failed:
@Raffi_ said in 23.01 -> 23.05 upgrade failed:
I had the same issue with upgrade error through GUI and then the GUI showing I already have the latest install. I was able to solve this by SSHing into console and using "pfsense-upgrade".
Hi Bro, it was the same here ,
I subscribed to this thread and I see you have been here, hope all is well with you, long time no hear from you...all is good my friend. Been enjoying the nice west coast weather. Hope all is good with you.
BTW:
SSH solves everything, hahahahaha we are such nerds because we find that funny.
-
@Raffi_ said in 23.01 -> 23.05 upgrade failed:
Been enjoying the nice west coast weather. Hope all is good with you.
That's nice, hmmm the ocean is a little warmer at Lisbon - that's why I'm not complaining...:)
Now everything is OK, I had a little health problem, but it's sorting itself out. I've been away from "here" because of that, but now I'll have time and we'll push SSH hard
BTW:
I'll have time to do a bit better with this great NGFW, the "love" has remained -
@Gertjan said in 23.01 -> 23.05 upgrade failed:
when you use pfSense+ 23.01, the pfSense package list will show you only the packages available for that "23.01" version and not the other ones.
Actually, that is not correct. It will show packages for the selected branch, which may not be the installed version if this router has not yet upgraded to the latest version, but has Current selected.
In the past one could install/upgrade a package in that state, and the package would pull in software, maybe a later PHP version, and break everything. However I think I did see they are showing a warning now about the version/repo mismatch? I would still select Previous Stable Version if necessary to make them match. There is a redmine about this.
-
Is this common for pfsense? I have a 6100 and 4100. Went to update both and now both of them will not load the gui? I have only had them long enough to update the software twice (this being the second time). Worse firewall I have ever used in my life when try to update.
-
@Innz said in 23.01 -> 23.05 upgrade failed:
Worse firewall I have ever used in my life when try to update.
Hmmmm
@Innz "Is this common for pfsense?"
No it's not general, don't assume anything at first.
Always make a backup and you can restore it in no time if you're experienced. -
@Innz You didn't provide many details. Error message? What does the console show? Logs? You might start a new thread.
If you didn't wait long enough (see my sig) more than one person has rebooted halfway through the update.
-
@driise
more digging:this file /usr/local/etc/pfSense/pkg/repos/pfSense-repo-stable.conf points to a hostname that doesn't exist. is this a bug?
lrwxr-xr-x 1 root wheel 57 May 26 01:20 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-stable.conf [23.01-RELEASE][admin@NONO]/usr/local/etc/pkg/repos: more pfSense.conf FreeBSD: { enabled: no } pfSense-core: { url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-core", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes } pfSense: { url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes } [23.01-RELEASE][admin@NONO]/usr/local/etc/pkg/repos: ping firmware.netgate.com PING firmware.netgate.com (208.123.73.209): 56 data bytes 64 bytes from 208.123.73.209: icmp_seq=0 ttl=43 time=12.406 ms 64 bytes from 208.123.73.209: icmp_seq=1 ttl=43 time=12.473 ms ^C --- firmware.netgate.com ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 12.406/12.440/12.473/0.034 ms [23.01-RELEASE][admin@NONO]/usr/local/etc/pkg/repos: ping pfsense-plus-pkg.netgate.com ping: Unknown host
-
@driise said in 23.01 -> 23.05 upgrade failed:
@driise
more digging:this file /usr/local/etc/pfSense/pkg/repos/pfSense-repo-stable.conf points to a hostname that doesn't exist. is this a bug?
No.
Different variation on the hostname but same concept.
-
@driise - running into similar issues as you've described not being able to update packages:
https://forum.netgate.com/topic/180382/unable-to-upgrade-packages
Any ideas/thoughts on how to further troubleshoot this?
-
@tman222 At this time, I'm stuck I guess, tried again this morning to get it to update, same issues. Hopefully Netgate will determine the issue and fix.
-
Any feedback on what we're seeing?
Any logs I can provide that might help? I can reproduce the issue easy if there's debug logs or something I can pull.I reverted my VM instance back to the 23.01 boot image so that my physical and VM (secondary) could properly sync.
-
@pdavis said in 23.01 -> 23.05 upgrade failed:
After toggling the "Current Stable Version" and "Previous Stable Version" in System/Update/System Update, the GUI now showed 23.05 upgrade option.
So I had the same problem. First attempt at update failed with certificate issues, then my device got "stuck" thinking that 23.01 was the latest. Your steps quoted here fixed it for me too. Very strange!!
-
@demux said in 23.01 -> 23.05 upgrade failed:
Why? What can happen?
If you upgrade it can be in some cases that
the cert. lease will be gone, and so you only
have to wait a while until it is renewed and then
the entire upgrade process will work again for you without any problems. -
@SteveITS said in 23.01 -> 23.05 upgrade failed:
Actually, that is not correct. It will show packages for the selected branch, which may not be the installed version ....
Exact.
That's why I was talking about Netgate being a fortune 500 company : the pfSense package list should correspond the system you are using, which isn't necessarily the list with packages available.
The latest versions of a package become available when you use the latest pfSense version.
Something like that.This implies that there should be a unique repository for every supported pfSense version. This means a lot of labor to main all this.