Update check mechanism, how/where?

[Manxmann]

Hi Folks,

I have a question regarding updates or more accurately the availability check of updates.

I have a few OPNsense firewalls in use and to conserve in-bound bandwidth I RSYNC the contents of a remote 'official' repo to a local web server on my site. Each firewall is then configured with a custom repo URL pointing at this local web server.

This solution works well and allows me to conserve bandwidth as designed. It does however leave me with one question. If I DON'T update my local repo my firewalls still 'detect' firmware updates/releases. Attempting to update from the local 'out of date' repo correctly gives a 'No updates available on repo' error.

So if the configured repo does not have an update where is the firewall looking to 'find' the updates availability? What other un-configured 'dial home' activities does the firewall do?

Simon

[cookiemonster]

/usr/local/etc/pkg/repos/OPNsense.conf would be my guess but that's the directory where I would have thought you have used to point to your custom repo.

[franco]

Changelogs are pulled from the main mirror for exactly that reason... local solutions go out of sync and people forget that updates ever existed. If you wish to avoid that just block access to pkg.opnsense.org via alias.


Cheers,
Franco

[cookiemonster]

out of curiosity franco, would setting enabled to "no" in OPNsense.conf achieve the same outcome? Feels more "correct" than blocking with a firewall rule.

[franco]

It only disables the repository access and then prevents firmware updates. The changelogs are other metadata found on the mirror like bogon updates. We strictly require them from the default mirror to ensure good and up-to-date data.


Cheers,
Franco

[cookiemonster]

OK, understood.

[Manxmann]

Changelogs are pulled from the main mirror for exactly that reason... local solutions go out of sync and people forget that updates ever existed. If you wish to avoid that just block access to pkg.opnsense.org via alias.

Perfect thank you!