Unable to sync zenarmor repo in 26.7

Started by Lukas L., Today at 02:11:27 PM

Previous topic - Next topic
Went from 26.1.11_6 to 26.7 - now at 26.7 without working sensei (my mistake to remove sensei itself not only remove/add repo)
pkg update -f
Updating OPNsense repository catalogue...
Fetching meta.conf: 100%    179 B   0.2kB/s    00:01
Fetching data.pkg: 100%  327 KiB 334.4kB/s    00:01
Processing entries: 100%
OPNsense repository update completed. 928 packages processed.
Updating SunnyValley repository catalogue...
Unable to update repository SunnyValley
Error updating repositories!

pkg -d update
Updating OPNsense repository catalogue...
DBG(1)[21388]> PkgRepo: verifying update for OPNsense
DBG(1)[21388]> Pkgrepo, begin update of '/var/db/pkg/repos/OPNsense/db'
DBG(1)[21388]> (fetch) Request to fetch https://pkg.opnsense.org/FreeBSD:15:amd64/26.7/latest/meta.conf
DBG(1)[21388]> (fetch) Fetch: fetcher used: https
DBG(1)[21388]> (fetch) Request to fetch https://pkg.opnsense.org/FreeBSD:15:amd64/26.7/latest/data.pkg
DBG(1)[21388]> (fetch) Fetch: fetcher used: https
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
DBG(1)[21388]> PkgRepo: verifying update for SunnyValley
DBG(1)[21388]> PkgRepo: need forced update of SunnyValley
DBG(1)[21388]> Pkgrepo, begin update of '/var/db/pkg/repos/SunnyValley/db'
DBG(1)[21388]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:15:amd64/26.7/latest/meta.conf
DBG(1)[21388]> (fetch) Fetch: fetcher used: https
DBG(1)[21388]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:15:amd64/26.7/latest/meta.txz
DBG(1)[21388]> (fetch) Fetch: fetcher used: https
DBG(1)[21388]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:15:amd64/26.7/latest/data.pkg
DBG(1)[21388]> (fetch) Fetch: fetcher used: https
DBG(1)[21388]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:15:amd64/26.7/latest/data.tzst
DBG(1)[21388]> (fetch) Fetch: fetcher used: https
DBG(1)[21388]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:15:amd64/26.7/latest/packagesite.pkg
DBG(1)[21388]> (fetch) Fetch: fetcher used: https
DBG(1)[21388]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:15:amd64/26.7/latest/packagesite.tzst
DBG(1)[21388]> (fetch) Fetch: fetcher used: https
Unable to update repository SunnyValley
Error updating repositories!


well - what should I do to reinstall os-sensei plugin to let it work, waiting for ZA to bring up the new version?

AFAIK you can't. You need to roll back to 27.1, reinstall os-sensei, then upgrade again without removing the plugin.
Or wait for Sunnyvalley to update their repo.

You did take a snapshot before upgrading, right? If you are not running on ZFS, if you consider to reinstall, now is the time to make the move ;-)
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

no, not realy. Not completely purging the idea of reinstall, but as it is not my main opnsense box i'll wait till the release of the new ZA. To my defense I should say i'm aware of importance of having backups and snapshots. But my current VM setup does not do it automaticaly and I have not expected this to be a mayor upgrade, breaking the update proccess instantly - even when downloading and updating it's own packages... As I have not been warned anywhere :] and suddenly - during new pkgs install - Unable to update repository SunnyValley. I thought this is not a beta anymore...

Today at 03:39:56 PM #5 Last Edit: Today at 04:02:03 PM by Patrick M. Hausen
It isn't, but ZA is a third party product, OPNsense cannot take responsibility for. Sunny Valley's job.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Quote from: Patrick M. Hausen on Today at 03:39:56 PMIt isn't, but ZA is a third party product, OPNsense cannot take responsibility for. Sunnyvalley's job.

Congrats on the 26.7 release!  I also got caught by updating a test machine with ZenArmor Sensei - and it also failed to start ZA after the update
Agree that ZA is considered third party - but seeing as many rely on this extra plugin, maybe there should be a warning for 26.7 release that "those who are using ZA should wait until Sunnyvally releases a compatible version for 26.7 - as an Upgrade will break this feature" 

Just a suggestion!

Today at 03:51:18 PM #7 Last Edit: Today at 04:01:51 PM by Patrick M. Hausen
You mean like in the official release announcement?

Quoteo Since this is a major OS upgrade and OpenSSL changes from 3.0 to 3.5 third party repositories may interfere with your upgrade experience.  Removing offending repositories and plugins may help; or wait for affirmation from the respective repository owners.

EDIT: and here's the matching announcement from Sunny Valley.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Quote from: Patrick M. Hausen on Today at 03:51:18 PMYou mean like in the official release announcement?

Quoteo Since this is a major OS upgrade and OpenSSL changes from 3.0 to 3.5 third party repositories may interfere with your upgrade experience.  Removing offending repositories and plugins may help; or wait for affirmation from the respective repository owners.

EDIT: and here's the matching announcement from Sunny Valley.

Thanks for that - but it's a bit hidden in the forum specific to ZA - My suggestion is a reference in the main 26.7 Release announcement - to avoid such misunderstandings upfront . . . as ZA is quite popular and not everyone ready the ZA Forum specifically . . .

The first quote was from the official OPNsense release announcements. The issue you are facing applies to all third party repos, not only ZA.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

yes, indeed, any message (btw posted some 20 minutes ago) basically saying be aware that it is not working yet, while pushing the new 26.7 to the users seems very valid...  not to offend anybody >:-)
I too vote for the warning saying at least: "hey noob users, this is a major upgrade, pay attention to your repos". And not just spitting some "unable to update repo" messages to the console.  What about some preflight analysis? OK i get it - recently I was working out some upgrades from some ancient opnsense to the latest, everything went smoothly to the point when pkg segfaulted. I did not surender, I had a chance to take my backup and implant it to the new instalation.
But this in fact rolling out a product without proper testing... just saying

Quoteo Since this is a major OS upgrade and OpenSSL changes from 3.0 to 3.5 third party repositories may interfere with your upgrade experience.  Removing offending repositories and plugins may help; or wait for affirmation from the respective repository owners.

I agree with you, specifically your second point. But this text is in the announcement that was published before the update was rolled out for users on 26.1 using the UI. Not later by ZA. By OPNsense before the update was available.

I do expect admins to read release notes before hitting an upgrade button. Seriously.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Yes of course reading release notes is mandandatory.
But it is unusal that you bring a final release without dedicated warning notes.

There is a dedicated warning note for crying out loud. Right in the release notes.

Quoteo Since this is a major OS upgrade and OpenSSL changes from 3.0 to 3.5 third party repositories may interfere with your upgrade experience.  Removing offending repositories and plugins may help; or wait for affirmation from the respective repository owners.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)