Hi,
I've been using OPNsense since 2019, but still figuring out many things.
For instance, how do I update beyond version 19.1.8? The GUI "Check for Updates" reports that "There are no updates available on the selected mirror.".
The command "pkg update ; pkg upgrade" reports that my packages are up-to-date.
In the GUI, I can see the changelog for newer versions though...
Also, how can I tell which version is production or testing?
Many thanks!
At the moment production is 20.7.5
I think your updates aren't working
I also tried running the opnsense-update tool:
# opnsense-update -u -r 20.7.5
Fetching packages-20.7.5-OpenSSL-amd64.tar: .. failed, no signature found
Any ideas why it fails?
What signature does it not find?
Hi,
Please don't run random commands. We automate upgrades via easily accessible menu from both the console and GUI not counting the mechanism to do fully automated cron-based upgrades. ;)
From 19.1 you need to upgrade to 19.7 to 20.1 and then to 20.7 to avoid anything unexpected.
Although it's technically possible to move from 19.1 to 20.7 directly it would be more of a research project than production upgrade.
Cheers,
Franco
Hi Franco,
Thank you for the answer and suggestion...
The automated console backup fails:
0) Logout 7) Ping host
1) Assign interfaces 8) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 12
Fetching change log information, please wait... done
This will automatically fetch all available updates, apply them,
and reboot if necessary.
Proceed with this action? [y/N]: y
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (0 candidates): . done
Processing candidates (0 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking integrity... done (0 conflicting)
Nothing to do.
Nothing to do.
Starting web GUI...Generating RRD graphs...done.
done.
Updating to 19.7 fails with a signature error:
root@opnsense:~ # opnsense-update -u -r 19.7
Fetching packages-19.7-OpenSSL-amd64.tar: ....................... failed, signature invalid
So I ran: opnsense-update -i -u -r 19.7
This works but then I get all kinds of key errors when I want to update the rest of the system:
root@opnsense:~ # opnsense-update
Updating OPNsense repository catalogue...
pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
Fetching meta.txz: 100% 1 KiB 1.5kB/s 00:01
pkg-static: No trusted public keys found
repository OPNsense has no meta file, using default settings
Fetching packagesite.txz: 100% 180 KiB 184.0kB/s 00:01
pkg-static: No trusted public keys found
Unable to update repository OPNsense
Error updating repositories!
How do I refresh the keys?
Otherwise, if I backup my settings for version 19.1.8, can I restore them on a fresh installation of the latest version (20.7.x)?
Cheers!
Hi bela,
19.1 requires 19.1.10_1 to be able to update to 19.7.
There is something wrong with the system, but the old versions don't have an appropriate health audit yet to diagnose.
There was an issue with pkg which manifested itself by making all installed packages disappear for the FreeBSD package manager (sqlite database corruption on the disk) and so the upgrade couldn't find anything to do even though the system was properly installed. It looks a bit like this issue and the only cure is running opnsense-bootstrap.
An opnsense-update can't amend this situation.
Cheers,
Franco
Finally, I created a backup and restored it on a fresh install of the latest version.