Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Restoring With Old/Outdated Apps?

    Scheduled Pinned Locked Moved pfSense Packages
    11 Posts 6 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FlashPan
      last edited by

      Hi Chaps,

      So far I am making a full disk backup of my install which is on a vm everynight.

      I make regular config backups from pfsense itself when I make some major changes (package update etc).  But then it occured to me what happens with bad packages installs?

      If I have say for example have package ABC v1 installed, I create the backup file within pfsense then upgrade that package to ABC v2 from the packages menu.  It all goes horribly wrong and ABC v2 does not work as expected.

      I then decide to re-isntall pfsense and recover my settings/packages with the backup file that contains the ABC v1 app and settings.

      So the end question is.  Will the restore grab the ABC v1 packages files or default over to v2 as that is what is now default to install from the packages menu?

      Cheers all and thanks in advance for your guidance.

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        afaik a config restore will fetch the newest version of the packages. the settings will be used in the new version.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          There is only ever one set of files on the package server so if a newer version has been released that's what will be downloaded.

          Steve

          1 Reply Last reply Reply Quote 0
          • F
            FlashPan
            last edited by

            Ok guys, thanks for the clarification.

            I'll keep doing my nightly backups then.

            If I may be so bold to ask? Is their a reason why we cannot include the previous version(s) of package on the package server for a roll back?

            Cheers

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              I don't believe there is a particular reason other than it has never been felt necessary. Most updates to the packages are to remove bugs or increase functionality. If a sufficiently large change is made the package is often split into a -dev version and later merged back if it proves successful. One of the devs could probably answer that better.
              There are separate repos for different FreeBSD based versions. If you roll back from 2.2 to 2.1.5 you will automatically get the older packages from the 8 repo.

              Steve

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by

                @FlashPan:

                If I may be so bold to ask? Is their a reason why we cannot include the previous version(s) of package on the package server for a roll back?

                Cheers

                There is only one version of the PHP code that is used as part of most packages.  Many packages are a combination of an underlying binary that runs as a daemon and then PHP code that provides GUI configuration pages.  Snort and Suricata are examples of this.  The binary bits are contained within a PBI package, but the PHP GUI bits are stored as simple text files on the packages repository server.  There is no "versioning" of these as the file names are always the same and they are stored in the same directory.  So while it is technically possible to rollback to an older PBI package for the binary bits, the PHP GUI code bits are always "current" (meaning designed to support the latest version).  So even if you rollback to an older binary package, your PHP GUI would potentially not be matched up to that binary and would probably produce configuration files the older binary could choke on.

                A shorter answer is simply that the packages repository system is not set up to handle multiple versions of both the binary bits and the PHP GUI code bits
                for packages.  The packages repository always points to the "current version" of any package.

                Bill

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  Is their a reason why we cannot include the previous version(s) of package on the package server for a roll back?

                  A better question might be, "Why aren't you taking a snapshot before you make any changes to it in the first place?".  I run 2.1.5 in production in a vSphere environment.  I take daily backups of the VM and regular config backups.  But besides all that, if I'm going to make a major change that could affect the stability of the system then I will take a snapshot first.  Better to have to delete an unwanted snap than to have to do a full restore while the CEO is asking why he can't get his email.

                  1 Reply Last reply Reply Quote 0
                  • F
                    FlashPan
                    last edited by

                    So it seems that it's more complicated to me (the layman) the file/storage/package structure is maybe not as straightforward as the layman may think  ;)

                    I do take a nightly backup of my VM so can role back relatively easily.  I guess I was also thinking at the back of my mind how to people running a physical box manage?

                    1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM
                      last edited by

                      For physical servers, your options are more limited.  If you are concerned that a package update might cause damage then your only real option would be to image the system disk beforehand, which is obviously undesirable as it takes the firewall out of service until the backup is complete.  If you make a config XML backup, then a restore will pull down the current packages and not the ones you had previously installed.  That may actually fix the problem if it was a weird upgrade glitch that caused it in the first place.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        If you're running the full install on physical hardware you can use the full-backup option. That backs up packages as well.
                        https://doc.pfsense.org/index.php/Full_Backup

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          If you run a local copy of the packages repo, you can sync it to any version/commit you want.

                          If someday pfSense packages files get fetched by a commit id or tag just like we can do on freebsd ports, it will be easy to roll back.

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.