OPNsense 23.7.7 Upgrade Problem

[Faren81]

Hi Guys,

just a question...i'm having problem to upgrade as Subject 23.7.6. to 23.7.7

All third repository has been removed.

Any Idea ?

***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.7.6 at Wed Oct 25 12:02:46 CEST 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (119 candidates): .......... done
Processing candidates (119 candidates): ..... done
Checking integrity... done (1 conflicting)
  - openssl111-1.1.1w conflicts with openssl-1.1.1w,1 on /usr/local/bin/c_rehash
Cannot solve problem using SAT solver, trying another plan
Checking integrity... done (0 conflicting)
The following 61 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
   mpd5: 5.9_16
   openssl: 1.1.1w,1
   opnsense: 23.7.6

New packages to be INSTALLED:
   libinotify: 20211018
   openssl111: 1.1.1w

Installed packages to be UPGRADED:
   curl: 8.3.0 -> 8.4.0
   easy-rsa: 3.1.6 -> 3.1.7
   gettext-runtime: 0.22_1 -> 0.22.3
   libnet: 1.2,1 -> 1.3,1
   libnghttp2: 1.56.0 -> 1.57.0
   lighttpd: 1.4.71 -> 1.4.72
   nss: 3.93 -> 3.94
   opnsense-lang: 23.7.4 -> 23.7.7
   opnsense-update: 23.7.4 -> 23.7.7
   os-nginx: 1.32.1_3 -> 1.32.2
   p11-kit: 0.24.1_2 -> 0.25.0
   perl5: 5.34.1_3 -> 5.36.1_1
   py39-numpy: 1.25.0,1 -> 1.25.0_2,1
   py39-outcome: 1.2.0 -> 1.3.0
   redis: 7.2.1 -> 7.2.2
   suricata: 6.0.14 -> 6.0.15
   unbound: 1.18.0 -> 1.18.0_1
   wazuh-agent: 4.5.2 -> 4.5.3

Installed packages to be REINSTALLED:
   cpdup-1.22 (direct dependency changed: openssl111)
   cyrus-sasl-2.1.28 (direct dependency changed: openssl111)
   cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
   gmp-6.3.0 (option added: INFO)
   groff-1.23.0_2 (direct dependency changed: perl5)
   haproxy26-2.6.15 (direct dependency changed: openssl111)
   hostapd-2.10_8 (direct dependency changed: openssl111)
   hw-probe-1.6.5 (direct dependency changed: perl5)
   isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
   krb5-1.21.2 (direct dependency changed: openssl111)
   ldns-1.8.3 (direct dependency changed: openssl111)
   libevent-2.1.12 (direct dependency changed: openssl111)
   libfido2-1.13.0 (direct dependency changed: openssl111)
   liboping-1.8.0_2 (direct dependency changed: perl5)
   monit-5.33.0 (direct dependency changed: openssl111)
   mysql80-client-8.0.33_3 (direct dependency changed: openssl111)
   net-snmp-5.9.1_4,1 (direct dependency changed: openssl111)
   netdata-1.42.4 (direct dependency changed: openssl111)
   nginx-1.24.0_12,3 (direct dependency changed: openssl111)
   ntopng-5.6.d20230920,1 (direct dependency changed: openssl111)
   ntp-4.2.8p17_1 (direct dependency changed: openssl111)
   openldap26-client-2.6.6 (direct dependency changed: openssl111)
   openssh-portable-9.3.p2_1,1 (direct dependency changed: openssl111)
   openvpn-2.6.6 (direct dependency changed: openssl111)
   php82-8.2.11 (direct dependency changed: openssl111)
   php82-pecl-mongodb-1.15.3 (direct dependency changed: openssl111)
   pkcs11-helper-1.29.0 (direct dependency changed: openssl111)
   pkg-1.19.2
   py39-aioquic-0.9.21 (direct dependency changed: openssl111)
   py39-cryptography-41.0.4,1 (direct dependency changed: openssl111)
   python39-3.9.18 (direct dependency changed: openssl111)
   rrdtool-1.8.0_2 (direct dependency changed: perl5)
   ruby-3.1.4_1,1 (direct dependency changed: openssl111)
   squid-5.9 (direct dependency changed: openssl111)
   strongswan-5.9.11_2 (direct dependency changed: openssl111)
   syslog-ng-4.4.0 (direct dependency changed: openssl111)
   tor-0.4.8.7 (direct dependency changed: openssl111)
   wpa_supplicant-2.10_9 (direct dependency changed: openssl111)

Number of packages to be removed: 3
Number of packages to be installed: 2
Number of packages to be upgraded: 18
Number of packages to be reinstalled: 38

The operation will free 21 MiB.
pkg-static: Cannot delete vital package: opnsense!
pkg-static: If you are sure you want to remove opnsense,
pkg-static: unset the 'vital' flag with: pkg set -v 0 opnsense
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***

[furfix]

I think we will need to wait. It's not working for me neither, as well as other users commenting on reddit. Hopefully it will get resolve soon.

[Faren81]

Thanks

[iMx]

Usually a good idea to read the release notes before attempting an upgrade ... *hint hint*

... perhaps the part about OpenSSL and 3rd party repos, requiring package rebuilds?

[ilya_rt]

I just upgraded to 23.7.7
I was asked to unlock  opnsense package and I did with ssh.

After reboot my root password not working anymore!
I can not login nor via ssh nor via local console.

UPDATE. I could workaround issue by changing root password via Web GUI from another admin account which I have at this system. After changing password I can login with root credentials. This was nice update)

[Kali]

Installed packages to be REMOVED:
   mpd5: 5.9_16
   openssl: 1.1.1w,1
   opnsense: 23.7.6


this looks very bad

[AbelardoAcosta]

Hi,
  I have the same problem.

***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.7.6 at Wed Oct 25 14:24:10 CEST 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (107 candidates): .......... done
Processing candidates (107 candidates): ..... done
Checking integrity... done (1 conflicting)
  - openssl111-1.1.1w conflicts with openssl-1.1.1w,1 on /usr/local/bin/c_rehash
Cannot solve problem using SAT solver, trying another plan
Checking integrity... done (0 conflicting)
The following 47 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
   mpd5: 5.9_16
   openssl: 1.1.1w,1
   opnsense: 23.7.6

New packages to be INSTALLED:
   openssl111: 1.1.1w

Installed packages to be UPGRADED:
   curl: 8.3.0 -> 8.4.0
   easy-rsa: 3.1.6 -> 3.1.7
   gettext-runtime: 0.22_1 -> 0.22.3
   libnet: 1.2,1 -> 1.3,1
   libnghttp2: 1.56.0 -> 1.57.0
   lighttpd: 1.4.71 -> 1.4.72
   nss: 3.93 -> 3.94
   opnsense-lang: 23.7.4 -> 23.7.7
   opnsense-update: 23.7.4 -> 23.7.7
   os-wireguard: 2.3 -> 2.4
   perl5: 5.34.1_3 -> 5.36.1_1
   py39-numpy: 1.25.0,1 -> 1.25.0_2,1
   py39-outcome: 1.2.0 -> 1.3.0
   suricata: 6.0.14 -> 6.0.15
   unbound: 1.18.0 -> 1.18.0_1

Installed packages to be REINSTALLED:
   clamav-1.2.0_1,1 (direct dependency changed: openssl111)
   cpdup-1.22 (direct dependency changed: openssl111)
   cyrus-sasl-2.1.28 (direct dependency changed: openssl111)
   cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
   gmp-6.3.0 (option added: INFO)
   hostapd-2.10_8 (direct dependency changed: openssl111)
   isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
   krb5-1.21.2 (direct dependency changed: openssl111)
   ldns-1.8.3 (direct dependency changed: openssl111)
   libevent-2.1.12 (direct dependency changed: openssl111)
   libfido2-1.13.0 (direct dependency changed: openssl111)
   monit-5.33.0 (direct dependency changed: openssl111)
   ntp-4.2.8p17_1 (direct dependency changed: openssl111)
   openldap26-client-2.6.6 (direct dependency changed: openssl111)
   openssh-portable-9.3.p2_1,1 (direct dependency changed: openssl111)
   openvpn-2.6.6 (direct dependency changed: openssl111)
   php82-8.2.11 (direct dependency changed: openssl111)
   pkcs11-helper-1.29.0 (direct dependency changed: openssl111)
   postfix35-3.5.12_1,1 (direct dependency changed: openssl111)
   py39-aioquic-0.9.21 (direct dependency changed: openssl111)
   py39-cryptography-41.0.4,1 (direct dependency changed: openssl111)
   python39-3.9.18 (direct dependency changed: openssl111)
   rrdtool-1.8.0_2 (direct dependency changed: perl5)
   squid-5.9 (direct dependency changed: openssl111)
   strongswan-5.9.11_2 (direct dependency changed: openssl111)
   syslog-ng-4.4.0 (direct dependency changed: openssl111)
   wpa_supplicant-2.10_9 (direct dependency changed: openssl111)
   zabbix6-agent-6.0.22 (direct dependency changed: openssl111)

Number of packages to be removed: 3
Number of packages to be installed: 1
Number of packages to be upgraded: 15
Number of packages to be reinstalled: 28

The operation will free 22 MiB.
pkg-static: Cannot delete vital package: opnsense!
pkg-static: If you are sure you want to remove opnsense,
pkg-static: unset the 'vital' flag with: pkg set -v 0 opnsense
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***

[meyergru]

How about you all post something about what 3rd party components like zenarmor you have installed?

There must be a common factor, because I have just upgraded 4 instances of OpnSense from 23.7.6 (no relevant 3rd party components) without a hitch.

[Faren81]

Before to upgrade, i unistalled every third party application

[meyergru]

...obviously leaving some installed packages behind that relied on FreeBSD or other packages which are now uninstalled or leaving 3rd party repositories enabled (probably FreeBSD itself) which now cause conflicts?

These may well be packages that have been installed because of dependencies and not directly, so you may have forgotten to uninstall them. It is sufficient even if the source repo is not OpnSense, but their name and release is the same...

[bringha]

Can confirm @meyergru 's experience: No third party package, no upgrade hiccups

br br

[Mars79]

On the corresponding github page there are also people mentioning this issue on clean installations.

https://github.com/opnsense/core/issues/6959

It seems the issue has been identified and hotfixed now.

[Lochkartenknipser]

YES, the update is working now.

[furfix]

It's now working now for me. Thanks!

ps. just for the records, i do not use 3rd party plugins at all and I was getting same error.

[cmccallu]

Working for me now too on my test instance.