Messages

I was upgrading from 25.1 to 25.7 today. Upgrade from 25.1 to 25.7 went without a hithc. The next upgrade was from 25.7. to 25.7.11, which failed hard. There was an error in the GUI: "Danger: Unexpected error, check log for details", and I got the 403 error on GUI upon refresh. It did not recover "after some minutes", and I also got the "sh: /usr/local/libexec/opnsense-auth not found" error upon CLI login.

Found this thread quickly, but I had to do some additional steps (specifically the fingrprints). Listing them here for future reference:

Code Select Expand

### log into single user mode
vi /usr/local/libexec/opnsense-auth

### add the following

#!/bin/sh

exit 0

# make it executable
chmod +x /usr/local/libexec/opnsense-auth

reboot

# set up networking
ifconfig ix0 10.10.10.10 netmask 255.255.255.0
route add default 10.10.10.1

# start ssh, so you can login via ssh (for easier copy-paste etc)
/usr/local/sbin/sshd

# ssh user@10.10.10.1
mkdir -p /usr/local/etc/pkg/repos
vi /usr/local/etc/pkg/repos/OPNsense.conf

# add the following

OPNsense: {
  fingerprints: "/usr/local/etc/pkg/fingerprints/OPNsense",
  url: "https://pkg.opnsense.org/${ABI}/25.7/latest",
  signature_type: "fingerprints",
  priority: 11,
  enabled: yes
}

# i also had to create fingerprints directories
mkdir -p /usr/local/etc/pkg/fingerprints/OPNsense/revoked
mkdir -p /usr/local/etc/pkg/fingerprints/OPNsense/trusted

echo 'function: "sha256"' > /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20241217
echo 'fingerprint: "9d104dda4c0ec16316503d47438d7b5dd008871d842c61c259bb89c56af41e88"' >> /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20241217

echo 'function: "sha256"' > /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20250710
echo 'fingerprint: "ab6411c236dd1d03bf23de635f68e4628753b05ae877bf1486d40e63b778f001"' >> /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20250710

# then i could run install + upgrade
pkg install opnsense
pkg upgrade