25.1.12 broke my OPNsense

[dmopn]

After doing the latest update my OPNsense failed to boot, as shown in this screenshot


I've never been happier than I'm running it as a VM under Proxmox, as I was able to restore from my backup and get my Internet back within minutes.

EDIT: This was updating from 25.1.8_1 to 25.1.12

[OPNenthu]

I've never been happier than I'm running it as a VM under Proxmox, as I was able to restore from my backup and get my Internet back within minutes.

I run on bare metal and I like the built-in Snapshot feature (System->Snapshots) as well and made it a habit to always take one before a system update.  I wish this was automatic or at least there could be a setting to toggle automatic snapshots for system updates, but at least we have this capability.  It's saved me on a couple occasions.

I just append the current version to the generated timestamp so that I can easily pick them out in the FreeBSD boot menu, if needed.

You cannot view this attachment.

... and periodically delete the old ones. Simple enough.

[franco]

Yes we had reports of partial upgrades which likely stemmed from the bad sqlite commit in FreeBSD ports what we addressed in 25.1.12. This was a very unfortunate situation that has no visibility during the builds and even pkg upgrade. As noted it was only uncovered while testing upgrades to 25.7.

Steps for recovery are noted here: https://github.com/opnsense/core/issues/8944


Cheers,
Franco

[9axqe]

I am a bit confused now: I was holding off on 25.1.11 because of this, but you are saying it is NOT fixed in 25.1.12?

Or is it a "dormant" issue that _may_ be already present in some routers in previous versions and will cause an issue when upgrading to anything 21.5.11 or later anyway (if that dormant issue is present)?

[beneix]

I tried an upgrade from 25.1.9_2 to 25.1.12. The system booted up but many of the services were not running. I had noticed before the reboot that the upgrade script seemed to be installing 25.1.11, not 25.1.12. Attempting to reboot left the system unresponsive and I had to pull the power to reboot. Since I use snapshots, I was able to get back to a working system on 25.1.9_2 but I will hold off on upgrades until 25.7 seems stable.

It seems if you are on older versions like my 25.1.9_2, the upgrade from the dashboard will not go straight for 25.1.12 and therefore the fix of partial upgrades will not be installed, leaving the system broken with 25.1.11.

[franco]

> but you are saying it is NOT fixed in 25.1.12?

That's not what I said. 25.1.11 has a bad SQLite build as per FreeBSD ports mistake that we unfortunately caught. 25.1.12 fixes that issue.

>  I had noticed before the reboot that the upgrade script seemed to be installing 25.1.11

If you talk about the base and the kernel then 25.1.11 is correct. 25.1.12 issued no new base and kernel.

Please, people, don't panic and bring the straight facts?


Cheers,
Franco

[9axqe]

>That's not what I said. 25.1.11 has a bad SQLite build as per FreeBSD ports mistake that we unfortunately caught. 25.1.12 fixes that issue.

The confusing part is that this thread is called "25.1.12 broke my OPNsense". You reply make it sound like the issue is still present in this release.

Not panicking, just wanting to get some clarity on this point before attempting the upgrade. Thank you for confirming.

This means however we are a bit off-topic here, the issue of the original poster is a different one.

[franco]

To be frank I don't exactly know. There is literally zero visibility for the SQLite shared library change that snuck into 25.1.11 that it's also impossible to assess the full impact.

What I am sure of is that going from 25.1.10 or earlier to 25.1.12 should not be an issue with this particular problem in mind.

What happens going from and to 25.1.11 is problematic and erratic. I've seen very weird things with the package manager trying to update a 25.1.11 to 25.7 and I don't have a time machine to undo 25.1.11 so 25.1.12 is the best we have.

For any report here please attach an update log, information on what version you started updating from and the exact error message you're seeing (whether on boot or in the GUI doesn't matter, but context is everything). This is a general statement not meant to address anyone personally.

Please also note some mirrors may even still offer 25.1.11 as the "latest" version. Mirrors are not under our control.

[Fabian Wenk]

I did update 2 systems from 25.1.11 to 25.1.12 yesterday, and it only failed on one of them and I had to reinstall.

And just now we did update 4 systems from 25.1.10 to 25.1.12 directly without any issue at all. The only small thing we have seen on two of the systems that after another "Check for updates" the update of p5-Specio was still pending, which we then have done as well.

[Schmiddi]

Just to reassure other people reading this thread.

25.1.8 -> 25.1.11 -> 25.1.12 without any problems on my end.

[dmopn]

For any report here please attach an update log, information on what version you started updating from and the exact error message you're seeing (whether on boot or in the GUI doesn't matter, but context is everything). This is a general statement not meant to address anyone personally.

I've updated my post to clarify that I was updating from 25.1.8_1 to 25.1.12. I actually thought I was on 25.1.11 but I restored from the backup made yesterday so clearly I wasn't.