Regression #14137
closedpfSense Plus Upgrade repo data remains on the system after upgradng
100%
Description
After upgrading from CE to pfSense Plus the repo data used for that should be removed from the firewall leaving it using the Latest Stable branch, 23.01.
After switching the Upgrade repo to use the 23.01 branch this is no longer being completed expected.
The result of this is that the pkg system uses the Plus Upgrade cert and key after upgrading and once those expire it is no longer able to update:
DBG(1)[39712]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.txz with opts "i" pkg: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.txz: Bad Request Unable to update repository pfSense Error updating repositories!
Packages do not show in the Package Manager.
Also see: https://redmine.netgate.com/issues/10335
To work around this issue:
- Set the selected update repo branch back to 23.01 (Latest Stable Version). Go to System > Update > Update Settings and save the branch. 23.01 is the only available branch.
- Manually remove the custom repo files using:
rm /usr/local/share/pfSense/pkg/repos/pfSense-repo-custom.*
Files
Updated by aleksei prokofiev almost 2 years ago
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings
Updated by Danilo Zrenjanin over 1 year ago
- Status changed from New to Confirmed
I hit that case and confirmed that the offered workaround fixes it.
Updated by pierre gleich over 1 year ago
Danilo Zrenjanin wrote in #note-2:
I hit that case and confirmed that the offered workaround fixes it.
I'm running pfsense plus on a Netgate 6100 and have no custum repos
rm /usr/local/share/pfSense/pkg/repos/pfSense-repo-custom.*
rm: No match.
I'm still getting
pkg-static update -f
Updating pfSense-core repository catalogue...
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
...
Updated by Tyler Sparrow over 1 year ago
aleksei prokofiev wrote in #note-1:
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings
I can confirm that this fixed my Package Manager issue. Thank you.
Updated by yon Liu over 1 year ago
Tyler Sparrow wrote in #note-4:
aleksei prokofiev wrote in #note-1:
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update SettingsI can confirm that this fixed my Package Manager issue. Thank you.
I failed to test this method.
Updated by Gabriel Zellmer over 1 year ago
aleksei prokofiev wrote in #note-1:
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings
I can also confirm that after toggling the `Disable the Dashboard auto-update check` option, that my `Available Packages` list is now populated and working correctly.
Updated by Jim Pingle over 1 year ago
- Status changed from Confirmed to In Progress
- Assignee set to Luiz Souza
Luiz said he and Steve W. will work together on solving this.
Updated by Grant Macdonald over 1 year ago
aleksei prokofiev wrote in #note-1:
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings
Thank you so much! I've spent at least 4 hours today trying to resolve this issue and after all the things I've tried it turns out all I needed to do was check a box. Seriously! It really bothers me that it was so difficult to find a resolution to this issue and in the end it turns out to be such an easy to fix. A lot of wasted time and it was alarming to see how many similar issues there are that people are struggling with. In all honesty it has made me a little nervous about using pfSense, I expect these kinds of issues in the CE version(s). Oh well, at least all my equipment is working again and I can start the work I had planned to do four hours ago.
Updated by Luiz Souza over 1 year ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Fixed in the latest pfSense-upgrade.
Updated by Steve Wheeler over 1 year ago
This works as expected upgrading from 2.6 to 23.01. The correct repo is set after upgrade and the custom repo data is removed so no
'pfSense Plus Upgrade' message is shown.
However coming from 2.6 to 23.05-RC the repo is set correctly but the message remains.
Updated by Jim Pingle over 1 year ago
- Target version changed from 23.05 to 23.09
Moving ahead. If it's actually done we can close it on 23.05, but if there is more to do, it'll marked as 23.09
Updated by Jordan G over 1 year ago
I'm still seeing issues; if I try changing branch both base systems stay on 23.05, with branch set to 23.05 I get an error trying to add/remove packagesAnother instance of pfSense-upgrade is running. Try again later
No problem seeing package lists but logs indicate trouble
/pkg_mgr_installed.php: The command '/usr/local/sbin/pfSense-repo-setup' returned exit code '1', the output was 'pfSense-repoc-static: invalid signature failed to read the repo data. failed to update the repository settings!!!'
Edit: This is being tracked internally NG#10850
Updated by Marcos M over 1 year ago
- Status changed from Feedback to Resolved
- Target version changed from 23.09 to 23.05