Determining latest available version of BE

[AlanWhite]

I have written a custom script that feeds into our monitoring system to check that our Business Edition firewalls are up to date. 

The first part of the script checks the running version.  I am using SNMP, specifically OID ".1.3.6.1.4.1.8072.1.3.2.3.1.2.7.118.101.114.115.105.111.110".  As of today this returns "OPNsense 25.10_2 (amd64)".  I can strip out the beginning and end to be left with  "25.10_2".

The second part of the script has had a lot of changes over the years as it is scraping the raw HTML to find the current version.  Previously I was using https://docs.opnsense.org/BE_releases.html but the format of the data on these pages is inconsistent.  I have recently switched to using the announcements page on this forum using a regular expression to find the latest "*business edition released" thread.  This has been working well until hotfix 2 was released.   This was just appended as an additional message in the thread, not a new thread. I *can* keep modifying my script to cope with changes like this but I would really prefer that there was a standard, well know, stable, consistent way of finding the latest version number from an OPNsense page.  e.g. https://docs.opnsense.org/BE_latest.txt which just contains "25.10_2".

I did search these forums and found https://forum.opnsense.org/index.php?topic=17155.0 from 5 years ago.  This led me down the path of looking through the files/folders under https://downloads.opnsense.com/<licensekey> but I was unable to find anything appropriate.

Any help appreciated.

Thanks,
Alan

[franco]

Hi Alan,

The best public source for version data is probably https://github.com/opnsense/changelog where everything is generated from.

changelog.txz (which you can also find on community and business mirrors) actually uses a JSON index file which is kept up to date on installs:

# less /usr/local/opnsense/changelog/index.json

Hope that helps :)


Cheers,
Franco

[AlanWhite]

Hi Franco,

Thanks for getting back to me.  Are you able to narrow down the location of the text string that I am looking for?  I have found a reference to "25.10_2" in the following location: 

https://github.com/opnsense/changelog/blob/master/business/25.10/25.10 

...towards the bottom with the line "A hotfix release was issued as 25.10_2:"

That means that I need to enumerate the folders in /business, identify the highest number, then enumerate that folder for the highest numbered file, then read the contents of that file to find a something that looks like a version number in the vicinity of the word "hotfix" (there could be multiple).  This of course may be presented differently next time around.  It would be much easier if there was a static location showing the latest available version.

An alternative would be if SNMP could tell me whether a hotfix was available.  As the GUI console can tell me, why not SNMP too? I appreciate that I can just look in the GUI or manually check the forum etc BUT management of the OPNsense firewalls is a very small part of my job so automation is preferred.

For clarity, when this works, I have a green tick saying all good but if the running version does not equal the available version, it alarms, we run the updates.

Thanks,
Alan

[franco]

Hi Alan,

Hotfixes belong to the release they are issued for. Treating them es separate versions is tedious so only the package manager knows them by the _x annotation (which is called a "port revision" in FreeBSD which also doesn't change the actual version number of the software).

If you want to have the latest version in the remote you can do:

# pkg rquery %v opnsense

or

# # pkg rquery %v opnsense-business

for the BE version.

Note this only brings you to each series end of life release, but not beyond. Every approach has advantages and disadvantages.


Cheers,
Franco