On the most recent update an error "Unbound Migration failed" was in the update logs. This may have started with an earlier upgrade, but I am just noticing the error because it stands out. The error message says to check log for details. Here is what is shown in the log.
[ERROR] Model OPNsense\Unbound\Unbound can't be saved, skip ( OPNsense\Phalcon\Filter\Validation\Exception: [OPNsense\Unbound\Unbound:advanced.dnssecstripped] value should be a boolean (0,1){on}
[ERROR] [OPNsense\Unbound\Unbound:advanced.dnssecstripped] value should be a boolean (0,1){on}
Here is the exact text of the error in the update log:
>>> Invoking update script 'refresh'
*** OPNsense\Unbound\Unbound Migration failed, check log for details
I can see exactly what to fix: change the entry in the config XML from "on" to "1" and then the scripts should work. However, I hesitate to fix this manually when there are probably many others with the same problem.
Is this a bug in the migration process?
if your config is not native but related to https://gist.github.com/utkonos/57c79f1a0b68dd6a79cbf2de68db995a then its probably the reason ;)
i think native config uses bool for this field
I have observed this same bug again in a recent update. First, please apologise for the snark: you are wrong about which format of boolean the native config uses.
You can verify that older stock installs of OPNsense from the official ISO did indeed use "on" rather than "1" for the Unbound configuration that I am talking about. These are changes that occur when the choices about Unbound are made during the initial wizard. If you start with "OPNsense-21.1-OpenSSL-dvd-amd64.iso.bz2" from this location:
https://mirror.wdc1.us.leaseweb.net/opnsense/releases/21.1/
Perform a plain vanilla install and then during the install wizard choose the DNSSEC configuration settings. Then take a look at the diff of the config.xml. You will see the the "on" booleans that are causing this bug. Here is a screenshot or two.
(https://i.imgur.com/zRivGbt.png)
(https://i.imgur.com/PiJBcC8.png)
Quote from: Fright on January 30, 2023, 06:53:48 PM
i think native config uses bool for this field
No.
https://github.com/opnsense/core/commit/01922175549b3db79b20c9fb1ec19cc52c784b15
QuoteNo.
Yes.
you just didn't mention wizard in the first post.
wizard is fixed (an you found the commit).
but migration script should probably take that into account too
Quote from: utkonos on January 30, 2023, 03:01:22 PM
Is this a bug in the migration process?
Yes.
https://github.com/opnsense/core/issues/6550
It would help to lead with tickets created as soon as possible to avoid other people's time to be wasted trying to help (and guess).
Cheers,
Franco
https://github.com/opnsense/core/commit/378d9a3
# opnsense-patch 378d9a3