v2.6.0 to v2.7.2 error for repo packagesite
-
I have pfSense V2.6.0 installed on a VM. The pfsense works offline and the repos are also offline, all work on my own network.
I tried to install the pfSense v2.7.2 on this VM. I downloaded the iso and the install went well. I configured the pfsense with the back-off of the pfsense v2.6. When I tried to connect to the repos with pkg-static -d update, i have the following errors :
"fetching meta.conf: 100% 179B 0.2kB/s 00:01
*Connection #0 to host X.X.X.X left intact
DGB(1)[43329]> Request to fetch pkg+http://X.X.X.X:Y......./pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.pkg -- pkg+// implies SRV mirror type
DGB(1)[43329]> Request to fetch pkg+http://X.X.X.X:Y......./pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.tzst -- pkg+// implies SRV mirror type
Unable to update repository pfSense"I don't understand why it doesn't work. I went back to the 2.6.0 version and it can load the packagesite.pkg from the repo 2.7.2.
-
Can we see the complete output from that command?
I assume you have redacted the host IP there? There's no need to do that, every user hits those same IPs.
How is that VM connecting out?
-
I change the content of the file pfSense-repo.conf to put the url where the repos files are and so I also change the host IP. I can't give it in this forum so I replace it by X.X.X.X. The pfSense-repo.conf is now :
FreeBSD: {enabled: no} pfSense: { url : "pkg+http://X.X.X.X:Y/repositories/COTS/pfSense/2.7.2/files00.netgate/pfSense_v2_7_2_amd64-pfSense_2_7_2", mirror_type :"srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes }The repos files are on a NAS that the VM can access via the LAN. The VM uses network adaptaters for all its interfaces.
The complete output :
> GET /repositories/COTS/pfSense/2.7.2/files00.netgate.com/pfSense_v2_7_2_amd64-pfSense_v2_7_2/meta.conf HTTP/1.1 Host : X.X.X.X:Y User-Agent : pkg/1.20.8 Accept : */* If-Modified-Since : Thu, 01 Jan 1970 00:00:00 GMT <HTP/1.1 200 OK < Server : nginx/1.16.1 < Date : Mon, 08 Dec 2025 14:31:25 GMT < Content-Type : application/octet-stream < Content-Length : 179 < Last-Modified : Fri, 05 Dec 2025 10:10:34 GMT < Connection : keep-alive < ETag : "6932af9a-b3" < Accept-Ranges: bytes < *Connection #0 to host X.X.X.X left intact Fetching meta.conf: . done DGB(1) [42761]> Request to fetch pkg+http://X.X.X.X:Y/repositories/COTS/pfSense/2.7.2/files00.netgate.com/pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.pkg pkg-static : packagesite URL error for pkg+http://X.X.X.X:Y/repositories/COTS/pfSense/2.7.2/files00.netgate.com/pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.pkg -- pkg+:// implies SRV mirror type DGB(1) [42761]> Request to fetch pkg+http://X.X.X.X:Y/repositories/COTS/pfSense/2.7.2/files00.netgate.com/pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.tzst pkg-static : packagesite URL error for pkg+http://X.X.X.X:Y/repositories/COTS/pfSense/2.7.2/files00.netgate.com/pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.tzst -- pkg+:// implies SRV mirror type Unable to update repository pfSense Error updating repositories!I don't understand why the same parameters worked for v2.6.0 and why it can fetch meta.conf but not packagesite.pkg
-
@charlotte said in v2.6.0 to v2.7.2 error for repo packagesite:
The repos files are on a NAS that the VM can access via the LAN.
Ah, OK. Yeah many things could break there. pfSense-repoc will obviously fail.
I would expect to have to add an additional repo conf file since the pfSense-repo file may get overwritten. It will run last matched so test_repo.conf should work there.
-
@stephenw10 I add a test_repo.conf and I still have the same error messages. Do I need to delete pfSense-repo.conf ? But I don't think the problem comes from this : In the error message the url is the same as I put it in the file so it read the right file.
-
I'd guess that the fingerprint or cert doesn't match.
But you should probably also change the url to something not referencing an SRV record if you're using the IP directly.
Hosting pkgs locally like that is not a supported config so I've never tested the ways it might fail.
-
@stephenw10 I compare the fingerprints files in usr/local/share/pfSense/keys/trusted between the v2.6.0 (which works) and the v2.7.2.
For v2.6.0, I have only two files :
- pkg.pfSense.org.20160406
- beta.pfSense.org.2015123
For v2.7.2, I have several files :
- pkg.pfSense.org.20160406
- pkg.pfSense.org.20160406.pkgsave
- beta.pfSense.org.2015123
- beta.pfSense.org.2015123.pkgsave
- plus-pkg.pfSense.org.20160406
- plus-pkg.pfSense.org.20160406.pkgsave
- plus-beta.pfSense.org.2015123
- plus-beta.pfSense.org.2015123.pkgsave
I compare the two common files (pkg.pfSense.org.20160406 and beta.pfSense.org.2015123) and they are the same. I also try to exclude the files that are not in v2.6.0 but I still have the same error when I do "pkg-static -d update"
-
Can we see the complete output of the connection attempt?
I assume it does update correctly against the public update servers?
-
@stephenw10
I succeed to connect to the repo files. I had to change the pfSense-repo.conf :url: "http://X.X.X.X:Y.....", mirror_type: "none", ....When I do "pkg update", I have "All repositories are up to date".
Do you know if it is possible to upgrade pfSense to go from v2.7.2 to v2.8.0 without access to Netgate ? I have seen that there is no iso for v2.8.0 but it was possible to go from 2.7.2 to 2.8.0.
-
Ah, OK. Yup that's what I was referencing above, pkg+http makes it try to resolve that as SVR. Nice.
You can upgrade from 2.7.2 to 2.8.X but you need to access the public pkg servers to do it. Your install is completely air-gapped?
-
@stephenw10
Yes it's totally air-grapped. So it's not possible without access to the public pkg servers ? -
Not currently. You would need to allow it external access temporarily or swap out a firewall already installed with 2.8.1.
-
Gee, I wonder what 'Charlotte' is up to here.
Anybody who complains about lack of ISO availability should be linked to this thread.
