Upgrade to 24.1 ends up with 23.7.12_5

[astrandb]

I have updated a couple of devices to 24.1 without issues. But when I resumed the work this morning the upgrade fails on two units.
After the step where I expected 24.1 to be in place the router restarted with these versions:

Code Select Expand


OPNsense 23.7.12_5-amd64
FreeBSD 13.2-RELEASE-p9
OpenSSL 3.0.12


When I try to upgrade again I get this:

Code Select Expand


***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.7.12_5 at Wed Jan 31 13:06:23 CET 2024
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 863 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (77 candidates): .......... done
Processing candidates (77 candidates): ... done
Checking integrity... done (1 conflicting)
  - openssl111-1.1.1w conflicts with openssl-3.0.12_2,1 on /usr/local/bin/c_rehash
Checking integrity... done (0 conflicting)
The following 58 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
cpdup: 1.22_1
haproxy28: 2.8.5_4
hostapd: 2.10_9
openssl: 3.0.12_2,1
opnsense: 23.7.12_5
opnsense-installer: 24.1
opnsense-update: 24.1
os-haproxy: 4.2
php82: 8.2.15
php82-ctype: 8.2.15
php82-curl: 8.2.15
php82-dom: 8.2.15
php82-filter: 8.2.15
php82-gettext: 8.2.15
php82-google-api-php-client: 2.4.0
php82-ldap: 8.2.15
php82-mbstring: 8.2.15
php82-pcntl: 8.2.15
php82-pdo: 8.2.15
php82-pear: 1.10.13
php82-pear-Crypt_CHAP: 1.5.0_1
php82-pecl-mcrypt: 1.0.6
php82-pecl-radius: 1.4.0b1_2
php82-phalcon: 5.3.1
php82-phpseclib: 3.0.34
php82-session: 8.2.15
php82-simplexml: 8.2.15
php82-sockets: 8.2.15
php82-sqlite3: 8.2.15
php82-xml: 8.2.15
php82-zlib: 8.2.15
sudo: 1.9.15p5_3

New packages to be INSTALLED:
openssl111: 1.1.1w

Installed packages to be DOWNGRADED:
cyrus-sasl: 2.1.28_4 -> 2.1.28_1
pkcs11-helper: 1.29.0_2 -> 1.29.0_1
python39: 3.9.18_1 -> 3.9.18

Installed packages to be REINSTALLED:
bind-tools-9.18.20_1 (direct dependency changed: openssl111)
curl-8.5.0 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
krb5-1.21.2 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
libfido2-1.14.0 (direct dependency changed: openssl111)
lighttpd-1.4.73 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)
ntp-4.2.8p17_1 (direct dependency changed: openssl111)
openldap26-client-2.6.6 (direct dependency changed: openssl111)
openssh-portable-9.6.p1_1,1 (direct dependency changed: openssl111)
openvpn-2.6.8_1 (direct dependency changed: openssl111)
py39-aioquic-0.9.24 (direct dependency changed: openssl111)
py39-cryptography-41.0.7_2,1 (direct dependency changed: openssl111)
socat-1.8.0.0_2 (direct dependency changed: openssl111)
squid-6.6 (direct dependency changed: openssl111)
strongswan-5.9.13 (direct dependency changed: openssl111)
syslog-ng-4.4.0 (direct dependency changed: openssl111)
unbound-1.19.0 (direct dependency changed: openssl111)
wpa_supplicant-2.10_10 (direct dependency changed: openssl111)

Number of packages to be removed: 32
Number of packages to be installed: 1
Number of packages to be reinstalled: 22
Number of packages to be downgraded: 3

The operation will free 107 MiB.
***DONE***

Pressing Update gives the same result.

[karel]

I have the same issue. Is there a solution/fix to force the update?

Code Select Expand


OPNsense 23.7.12_5-amd64
FreeBSD 13.2-RELEASE-p9
OpenSSL 3.0.12


Code Select Expand


***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.7.12_5 at Wed Jan 31 14:17:48 CET 2024
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (74 candidates): .......... done
Processing candidates (74 candidates): ... done
Checking integrity... done (1 conflicting)
  - openssl111-1.1.1w conflicts with openssl-3.0.12_2,1 on /usr/local/bin/c_rehash
Cannot solve problem using SAT solver, trying another plan
Checking integrity... done (0 conflicting)
The following 55 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
cpdup: 1.22_1
hostapd: 2.10_9
openssl: 3.0.12_2,1
opnsense: 23.7.12_5
opnsense-installer: 24.1
opnsense-update: 24.1
php82: 8.2.15
php82-ctype: 8.2.15
php82-curl: 8.2.15
php82-dom: 8.2.15
php82-filter: 8.2.15
php82-gettext: 8.2.15
php82-google-api-php-client: 2.4.0
php82-ldap: 8.2.15
php82-mbstring: 8.2.15
php82-pcntl: 8.2.15
php82-pdo: 8.2.15
php82-pear: 1.10.13
php82-pear-Crypt_CHAP: 1.5.0_1
php82-pecl-mcrypt: 1.0.6
php82-pecl-mongodb: 1.15.3
php82-pecl-radius: 1.4.0b1_2
php82-phalcon: 5.3.1
php82-phpseclib: 3.0.34
php82-session: 8.2.15
php82-simplexml: 8.2.15
php82-sockets: 8.2.15
php82-sqlite3: 8.2.15
php82-xml: 8.2.15
php82-zlib: 8.2.15
sudo: 1.9.15p5_3

New packages to be INSTALLED:
openssl111: 1.1.1w

Installed packages to be DOWNGRADED:
cyrus-sasl: 2.1.28_4 -> 2.1.28_1
pkcs11-helper: 1.29.0_2 -> 1.29.0_1
python39: 3.9.18_1 -> 3.9.18

Installed packages to be REINSTALLED:
curl-8.5.0 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
krb5-1.21.2 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
libfido2-1.14.0 (direct dependency changed: openssl111)
lighttpd-1.4.73 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)
ntp-4.2.8p17_1 (direct dependency changed: openssl111)
openldap26-client-2.6.6 (direct dependency changed: openssl111)
openssh-portable-9.6.p1_1,1 (direct dependency changed: openssl111)
openvpn-2.6.8_1 (direct dependency changed: openssl111)
py39-aioquic-0.9.24 (direct dependency changed: openssl111)
py39-cryptography-41.0.7_2,1 (direct dependency changed: openssl111)
squid-6.6 (direct dependency changed: openssl111)
strongswan-5.9.13 (direct dependency changed: openssl111)
syslog-ng-4.4.0 (direct dependency changed: openssl111)
unbound-1.19.0 (direct dependency changed: openssl111)
wpa_supplicant-2.10_10 (direct dependency changed: openssl111)

Number of packages to be removed: 31
Number of packages to be installed: 1
Number of packages to be reinstalled: 20
Number of packages to be downgraded: 3

The operation will free 105 MiB.
pkg-static: Cannot delete vital package: opnsense!
pkg-static: If you are sure you want to remove opnsense,
pkg-static: unset the 'vital' flag with: pkg set -v 0 opnsense
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***

[franco]

We had an internal issue with pkg while trying to contain the Suricata 7 situation by reverting to version 6. It may have been syncing to the mirrors for a time.

To get out of this situation you should run this manually:

# opnsense-update -up

And reboot.


Cheers,
Franco

[karel]

Thanks for the quick reply.
I used a proxmox snapshot from before the update and removed all zenarmor plugins and manually removed all leftover zenarmor pkg's. Then I updated and now 24.1 is working great.

Your solution was offcourse the better and quicker one ;-)

[franco]

Safer option is also fine :)


Cheers,
Franco

[astrandb]

The forced update worked like a charm.
Thank you!

[heaven73]

updating from shell with opnsense-update -up for me still ends up with 23.7.12_5 :-(

[franco]

An upgrade log would be helpful. You know these things do exist ;)

[heaven73]

in my case it was the SSD failed. after i noticed : SMART failure (the code was overheating) but was unusuable sectors. by replacing the SSD the problem has been solved, running 24.1.8 now