Installed Package Updates and New Version of CE release
-
I am running 2.6.0, and I noticed 2.7.0 is now available. I go to check my installed packages, and just about every package has an update. I check very frequently for package updates, and find it odd just about every package has an update. Is this because of the release of 7.0? Should I wait to update them till I upgrade to 7.0?
-
Never ever update packages when a new version of pfSense is released UNTIL you have first updated pfSense itself!!!
Packages are compiled against the current pfSense version, and packages compiled for a newer version of pfSense will not work on an older pfSense install. And forcing a package update in that situation can actually break the entire firewall.
First update your pfSense version to 2.7. Then you can update packages if you wish, although the update will do that for you in most cases (but it will take a long time, so be patient).
Or follow the recommendations of many others and remove your packages, update pfSense, then manually install your packages again. They will remember their configurations as those are stored in the
config.xml
file on the firewall. -
@bmeeks said in Installed Package Updates and New Version of CE release:
Never ever update packages when a new version of pfSense is released UNTIL you have first updated pfSense itself!!!
Packages are compiled against the current pfSense version, and packages compiled for a newer version of pfSense will not work on an older pfSense install. And forcing a package update in that situation can actually break the entire firewall.
First update your pfSense version to 2.7. Then you can update packages if you wish, although the update will do that for you in most cases (but it will take a long time, so be patient).
Or follow the recommendations of many others and remove your packages, update pfSense, then manually install your packages again. They will remember their configurations as those are stored in the
config.xml
file on the firewall.I can confirm. I learned this the hard way few days ago. I was running 2.6 at the time and there was an update for WireGuard package. So i thought, why not. And i updated it. As soon as i finished update, WireGuard service stopped working. Rebooting didnt help. I had to reinstall. However, there was an update for pfBlockerNG as well but there were no issues in 2.6 after the update. I guess it depends on the package.
-
@nimrod said in Installed Package Updates and New Version of CE release:
I guess it depends on the package.
Netgate has improved the coding a bit. In the past if the package for 2.7 had, say, PHP 8.2 marked as required, it would (as directed) try to install PHP 8.2 on pfSense 2.6 and break just about everything that is written for PHP 7. I believe it will just refuse now if it detects a newer PHP version is being requested.
The correct way to install packages on 2.6 now that 2.7 is out, is to set your update branch to Previous Stable which is now 2.6. Then you'll only see packages for 2.6. Note that only works for one version back though.
(summarized in my sig :) )
Edit: if someone does this and needs 2.6, go to https://www.pfsense.org/download/, do not select an Architecture, click Download, and it will show a list of the last few versions.
-
After almost 20 years they still CANNOT code it properly and do the needed checks to AVOID these situations:
"Only install packages for your version, or risk breaking it."
They keep improving slowly (ex. pfblockerng "prod" finally up to the latest "dev" version).
But anybody with a little coding in them would agree that having to WARN users about a very basic ONE
click process (pkg updates) is NOT "Production or Enterprise" ready!Make/code/check it so the user CANNOT do those system BREAKING actions!
(Just like any other serious firewall/appliance).As far as CE 2.7, I have been bitten more than 3, 4 times by not-well-tested upgrades, so I will wait at least a
month for the usual new-release issues to get fixed.(To be fair, I do remember a few releases that were perfect, but just when you trusted, the next release did you in).
-
@pppfsense
https://redmine.pfsense.org/issues/10464#note-17
"Internal Redmine 7479 I feel would be a better solution to this problem, rather than making PHP changes. If we split repos by version number like that is saying (I believe Glen is working on this already) it would eliminate the need to hide anything."They have added some error checking in the past year or so, it stopped me once flagging the PHP change. Even those that know may log in, go to the package page, and install something, not knowing a new release came out that day.
-
Can I safely jump from CE 2.6 -> pfsense plus upgrade v23.05? Any pre-work that needs to be done?
-
Yes, you can upgrade to Plus from 2.6. You may want to wait until we switch the Plus upgrade repo to 23.05.1 so you can do it in one step. That should be happening imminently.
The same precautions as the 2.7 upgrade apply there. The safest way to upgrade is to remove packages first.
Steve