Missing Files After 22.7.2 Upgrade

[dlpearson]

I've been using OpnSense 22.7 (OpenSSL flavour) since last week. I'm really liking it, to the point that I reflashed my failover device from OpenWRT to OpnSense just today.

Both of my systems picked up the online upgrade to 22.7.2. Everything went fine except for 2 little things:  base-22.7.2.txz and kernel-22.7.2.txz. My system kept trying to fetch these two files to complete the upgrade and trigger the reboot to no avail. I tried to search for anyone else who had a similar problem as mine, but no luck.

Here's the odd part:  I manually rebooted my devices, and they came up without issue - version 22.7.2. When I click on "Check for Updates" to see if there's any more updates and find more packages to install, however, the same two files come up. My systems can't find them at all. Are they on a different repository that I'm not aware of?? Or, am I not the only one having this issue???

[kurtm]

Under System: Firmware screen, at the bottom where you have the choice to run audit for connectivity, health, or security, click that drop down to see if an additional choice for upgrade shows. If it does show up, click it and allow it to finish.

[dlpearson]

@kurtm,

I tried that to no avail.

I just got a chance today to do some more research online. I just came across the syntax for the opnsense-update command. From the command line, I ran: 

opnsense-update -b to get the latest base

opnsense-update -k to get the 22.7.2 kernel

shutdown -r now

I'm now able to run my hardware in kernel 22.7.2. Thank you. Now, I'm off to my next adventure:  Installing FreeBSD ports. I'm needing to be patient in reading the OpnSense docs about how to do it so I stop misunderstanding it.  :-[

[dlpearson]

Update:  If anyone's reading this and are having problems with downloading & installing the base and kernel files, I just discovered another way of solving the problem: 

1) Console into your firewall and run the following command to install the wget command package from the command line:  pkg install wget

2) Create a folder under your username that you can remember (e.g., /<username>/Downloads ). Change to the new directory.

3) Open your web browser and go to the website/mirror for your updates. For example, if you're using the default repository, navigate to https://pkg.opnsense.org/FreeBSD:13:amd64/22.7

4) Navigate to the sets directory.

5) Find the base files with the version you need (e.g., base-22.7.3-amd64.txz).

6) Right-click the filename and choose the Copy Link option.

7) Go to your console and type "wget " and paste the web link at the end of the command. It'll should look like this:  wget https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/sets/base-22.7.3-amd64.txz

8. Repeat steps 5-7 to also download the kernel file. I also downloaded the respective .sig files as a precaution.

9) At the command line, type opnsense-update -b -l . and hit Enter. (lowercase L)

10) Then type opnsense-update -k -l . and hit Enter.

The last two commands will install the respective files from the local directory you created in step 2. You'll be prompted to restart after successfully running each update command. You can also combine the last two commands as:  opnsense-update -bk -l .

I just tried this out on a fresh install of 22.7 on a different system. I updated all of the packages, which upgraded OpnSense to 22.7.6. However, the necessary base & kernel files (22.7.5) didn't join the party. I tried the above steps on a whim, rebooted the system, and it worked. I'm running on base and kernel 22.7.5 right now.

[Patrick M. Hausen]

No need to install wget. Just use fetch instead, which is in the FreeBSD base system.

[dlpearson]

No need to install wget. Just use fetch instead, which is in the FreeBSD base system.

@pmhausen

How is the pkg fetch command supposed to work? When I read the man page on pkg it appears like it only works for pkg-compatible files and not .txz files, which is what the opnsense-update command uses.

Also, how long should the pkg fetch command run? It seems to me like it's running for a long time, traversing the repository, without returning any results. It's definitely noticeable when using the web GUI and do an update. While it's attempting to fetch these two files, you can't refresh the Plugins tab nor install any additional packages until the Update function finishes.

[Patrick M. Hausen]

I did not write pkg fetch.

Instead of

  wget https://some.url/...

use

  fetch https://some.url/...

In FreeBSD since like forever.

[franco]

I can imagine the failure of opnsense-update which uses fetch is due to fetch's IPv6 behaviour, so switching to wget seems like a good idea as fetch will likely still fail.

But in any case it's good to run a connectivity audit and perhaps repair or disable IPv6.


Cheers,
Franco

[Patrick M. Hausen]

fetch -4 ...  ;)

[franco]

yep but opnsense-update doesn't know. it relies on proper configuration :D

[Patrick M. Hausen]

I was referring strictly to the manual steps outlined above where the poster first installed wget to download the pkg files for local imstallation. I just loathe installing additional tooling unnecessarily when a base system - any base system - comes with all the necessary parts, already.

How often did I tell coworkers "you know, Mac OS can do that out of the box, right?"

[franco]

I get that but how should users know that -4 is required when they try to troubleshoot that fetch isn't working in the first place?

I'd always start with the connectivity audit.

Besides the fix to apply the base/kernel manually works but it just leads to repeating the manual install since the fetch will continue to fail.


Cheers,
Franco

[dlpearson]

@pmhausen and @franco

I didn't know fetch existed actually. I'm still learning how OpnSense works when either I'm not in the GUI, or if something doesn't work via the GUI. I've never used any flavor of BSD before. I just happen to remember wget from working with Fedora Linux. Using wget allowed me to get the two .txz files I needed much faster than waiting on the web GUI to attempt to find it and possibly time out. Then, I could run the opnsense-update command locally and reboot.

I can understand @pmhausen and their frustration of things not running out-of-the-box as promised. Unfortunately for me, I learned something while doing IS/IT in uniform - "When Plan A fails, go to Plan B. If Plan B fails, go to Plan C, etc. If you've done all you can, sound the alarm."

[Patrick M. Hausen]

@dlpearson, you are perfectly welcome, and if you take away that FreeBSD has a command named fetch that has semantics similar to wget, then all the better.

Actually the FreeBSD implementation is quite cool, because there's a libfetch library and most base system tools that want to download anything, use it.

The general problem, not restricted to OPNsense, is that all (most) operating systems actively prefer IPv6 over IPv4 nowadays, even if they only think they have IPv6 connectivity, but in reality it's broken for $reasons.

In the OPNsense case there is a "prefer IPv4" knob in System > Settings > General to override that.

HTH,
Patrick

[dlpearson]

@pmhausen,

I'll have to play with fetch sometime, probably before there's another OpnSense version change.

Yeah, I've read that - how most OSes will attempt IPv6 first, then IPv4. IPv6 has or is becoming the dominant standard since World IPv6 Day, while other parts of the world are working towards transitioning for both business and residential ISP customers. Still, though, I'm wondering if there might be something preventing or slowing fetch down so that it's not able to respond faster? Maybe the answer might be found by comparing wget against fetch?  ???