Hi team,
Thanks for the update. After updating to 24.7.9 I get a user/password wrong error when trying to log into the WebGUI. I have 2FA enabled right after the password.
Rollback to 24.7.8 fixed the issue.
Thanks!
Sorry about that. 24.7.9_1 was issued reverting the change and the situation is now fixed on the development branch too:
https://github.com/opnsense/core/commit/ae97263e4
Cheers,
Franco
All fixed after the patch, thanks for the super quick response Franco!
Sure, really appreciate speedy feedback after a release. <3
I stumbled over that one, too. However, there is another problem:
Once you try to upgrade via ssh, you will be told:
0) Logout 7) Ping host
1) Assign interfaces 8 ) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 12
Fetching change log information, please wait... done
This will automatically fetch all available updates and apply them.
This update requires a reboot.
Proceed with this action? [y/N]: y
Neither the original upgrade from 24.7.8 to 24.7.9 nor the second upgrade to 24.7.9_1 needed a reboot. I think that the notification on the CLI upgrade is wrong about needing that.
Did you perchance set the "always reboot" option in the UI?
System > Firmware > Settings > Advanced
Yep, it's a bit opportunistic, but fixing this properly is a bit more difficult since update.sh decides if it reboots!
https://github.com/opnsense/core/blob/ae97263e460/src/opnsense/scripts/firmware/reboot.sh#L62-L65
vs.
https://github.com/opnsense/core/blob/ae97263e460/src/opnsense/scripts/firmware/update.sh#L73-L77
No, I did not set the "always reboot". I only occured to me because with all of the other boxes, where 2FA was disabled, I could upgrade via web UI and was not told that an upgrade were imminent, whereas here, it was different.
I could not do a reboot at that time, so I delayed the update until later, only to find that there was no reboot at all.
So I assume that there is a difference in how the web UI detects if a reboot is neccessary vs. the CLI.
opnsense-update -p doesn't require a reboot and should be OK to use in this case.
> So I assume that there is a difference in how the web UI detects if a reboot is neccessary vs. the CLI.
None that I can think of. It's probably right, minus locks on base or kernel set. But the GUI behaves the same: locks are ignored for the check so it says it likes to reboot but if the kernel or base is locked then it will not reboot later on as per user request.
Cheers,
Franco
As luck would have it I stumbled over this bug testing a preliminary 25.1-BETA image:
https://github.com/opnsense/core/commit/3009ad964d
Since it's a small fix I also added it to 24.7.11_2.
Cheers,
Franco