pfSense update stuck

A Former User

Hi all,

I have a strange issue with pfSense CE. Current version is 2.5.2, and it says version 2.7.0 is available.

Clicking the cloud image button from the GUI gets me upgrade page and after hitting Confirm button, nothing really happens. The GUI shows Please wait while the update system initializes message and that's it, nothing happens after that. I've waited for a while and still no luck. Internet is definitely connected.

I tried with upgrading from the console and this is the result.

pfSense-repoc-static: invalid signature
failed to read the repo data.
failed to update the repository settings!!!
failed to update the repository settings!!!
pfSense - Netgate Device ID: 9bf75f5c9bca2b92b6ad

Is directly upgrading from 2.5.2 to 2.7.0 not possible? If so, could I please get some advice regarding the steps e.g., how to upgrade 2.5.2 to 2.6 first and then 2.7?

Hope I can get some help. Thank you.

Eoin

Topogigio

@eoin exaclty same issue here!

did you find a solution?

stephenw10

The first thing to try here is to switch update branches to 2.6 and then back to 2.7.

If you still see that try upgrading to 2.6 first.

Topogigio

@stephenw10 I tried that before to write but nothing.

I solved with a "lot of cleanup commands" on pkg from CLI. After them (I'm not sure about the right sequence: I did try all I could) the update has started (and completed).

A Former User

In my case, there was no 2.5 to 2.6 upgrade selectable. Therefore, I kept all the production systems as they are.

For new ones, I just used fresh 2.7 ISO.

stephenw10

You never saw either a 2.6 or 2.7 upgrade offered?

You should try running pkg-static -d update at the CLI and see what error is returned.

A Former User

@stephenw10 I'm re-visiting this issue as now I have a test VM for this. The VM is running v2.5.1. From the main screen, pfSense said version 2.7.0 is available. I clicked the cloud icon and proceeded the upgrade. Now, this is where it got stuck.

/var/log/system.log file showed the following four lines:

Oct 18 12:20:41 pfSense pkg-static[7069]: libucl upgraded: 0.8.1 -> 0.8.2 
Oct 18 12:20:41 pfSense pkg-static[7069]: pfSense-repoc-20230616 installed
Oct 18 12:20:41 pfSense pkg-static[7069]: uclcmd upgraded: 0.1_3 -> 0.2.20211204 
Oct 18 12:20:41 pfSense pkg-static[7069]: pfSense-upgrade upgraded: 1.0_15 -> 1.0_33 

And it looks like no further progress happening.

Now back to the original state, I can see PREVIOUS version (v2.6.0) branch in the menu. When I changed the branch, this is what happened first time.

I've toggled the branch back to v2.7.0 and back to v2.6.0 again and this shows.

I'll try to upgrade now to v2.6.0 and will see how it goes. It's okay to mess up with this VM as I have a snapshot and this VM is not a production VM. However, given the fact that I have a lot of v2.5.1 and v2.5.2 in production, this sort of hassle is quite scary.

Are there any official documentation for this issue somewhere that I can follow?

Eoin

A Former User

@stephenw10 updating to v2.6.0 doesn't work either. It got stuck at the same place.

A Former User

@stephenw10 updating from console doesn't work either.

pfSense-repoc-static: no package 'name'
pfSense-repoc-static: no pfSense packages installed
pfSense-repoc-static: invalid signature
failed to read the repo data.
failed to update the repository settings!!!
failed to update the repository settings!!!

I'll keep trying anything available out there.

A Former User

So, I tested a few times using my pfSense VM snapshot (v2.5.1) and found a few things.

First, direct upgrade v2.7.0 doesn't work, meaning the upgrade should follow to v2.6.0 and then to v2.7.0 path.

Second, it looks like some commands are required if upgrading to v2.6.0 doesn't work. The following steps are what I did to upgrade v2.5 to v2.6.

1. Go to System > Update > Update Settings from GUI and change the branch to v2.6.0.
2. Access pfSense CLI and run the following two commands: pkg-static install -fy pkg pfSense-repo and pkg-static install -fy pkg pfSense-upgrade. From the system log, I could see the packages were downgraded.
3. Go back to GUI and run the upgrade to v2.6.0. Do not change the branch - since the branch was changed to v2.6.0 from the step #1, it should already show v2.6.0.

After upgraded to v2.6.0, I could upgrade to v2.7.0 with no issues.

I'll test a bit more times to make sure this method working okay, but so far so good.

Marci

@eoin Thanks a lot for posting your solution. I was about to get crazy with the update not working but you saved the day (or better the night).

Gertjan

@eoin said in pfSense update stuck:

my pfSense VM snapshot (v2.5.1)

If you have a VM : what about :
Get / export a config.xml from the 2.5.1
Create a new VM. Use the same settings as the 2.5.1 VM. Stop the 2.5.1 VM.
Start the new VM, have it boot from the install ISO.
Install clean.
Import the config.
Done.
And please, tell me if I forgot a step here.

Every step will take about 60 seconds ?! (installing + reboot maybe 120 seconds ?)

If needed - if issues - with one click you can boot into the working (2.5.1) and have your connection back.

Marci

Just read about upgrading to 2.7.1

*Troubleshooting

Due to changes in pkg, the new version of pkg may not be able to properly locate and use the CA trust store when running on the previous version before upgrading.

If the firewall is unable to load packages or check for updates after selecting the CE 2.7.1 upgrade branch, run certctl rehash from the console, a root shell prompt, or via Diagnostics > Command Prompt. This will allow pkg to utilize the system certificates until the next reboot.*

Marci

@Gertjan Thats quite an approach... maybe it was too much out of the box for me