Project

General

Profile

Actions

Regression #14137

closed

pfSense Plus Upgrade repo data remains on the system after upgradng

Added by Steve Wheeler about 1 year ago. Updated 10 months ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Upgrade
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Release Notes:
Default
Affected Plus Version:
23.01
Affected Architecture:
amd64

Description

After upgrading from CE to pfSense Plus the repo data used for that should be removed from the firewall leaving it using the Latest Stable branch, 23.01.

After switching the Upgrade repo to use the 23.01 branch this is no longer being completed expected.

The result of this is that the pkg system uses the Plus Upgrade cert and key after upgrading and once those expire it is no longer able to update:

DBG(1)[39712]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.txz with opts "i" 
pkg: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.txz: Bad Request
Unable to update repository pfSense
Error updating repositories!

Packages do not show in the Package Manager.

Also see: https://redmine.netgate.com/issues/10335

To work around this issue:

  1. Set the selected update repo branch back to 23.01 (Latest Stable Version). Go to System > Update > Update Settings and save the branch. 23.01 is the only available branch.
  2. Manually remove the custom repo files using:
    rm /usr/local/share/pfSense/pkg/repos/pfSense-repo-custom.*
    

Files

clipboard-202303210806-70feo.png (47.5 KB) clipboard-202303210806-70feo.png aleksei prokofiev, 03/21/2023 12:06 AM
Actions #1

Updated by aleksei prokofiev about 1 year ago

Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings

Actions #2

Updated by Danilo Zrenjanin 12 months ago

  • Status changed from New to Confirmed

I hit that case and confirmed that the offered workaround fixes it.

Actions #3

Updated by pierre gleich 12 months ago

Danilo Zrenjanin wrote in #note-2:

I hit that case and confirmed that the offered workaround fixes it.

I'm running pfsense plus on a Netgate 6100 and have no custum repos

rm /usr/local/share/pfSense/pkg/repos/pfSense-repo-custom.*
rm: No match.

I'm still getting

pkg-static update -f
Updating pfSense-core repository catalogue...
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
...
Actions #4

Updated by Tyler Sparrow 12 months ago

aleksei prokofiev wrote in #note-1:

Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings

I can confirm that this fixed my Package Manager issue. Thank you.

Actions #5

Updated by yon Liu 12 months ago

Tyler Sparrow wrote in #note-4:

aleksei prokofiev wrote in #note-1:

Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings

I can confirm that this fixed my Package Manager issue. Thank you.

I failed to test this method.

Actions #6

Updated by Gabriel Zellmer 11 months ago

aleksei prokofiev wrote in #note-1:

Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings

I can also confirm that after toggling the `Disable the Dashboard auto-update check` option, that my `Available Packages` list is now populated and working correctly.

Actions #7

Updated by Jim Pingle 11 months ago

  • Status changed from Confirmed to In Progress
  • Assignee set to Luiz Souza

Luiz said he and Steve W. will work together on solving this.

Actions #8

Updated by Grant Macdonald 11 months ago

aleksei prokofiev wrote in #note-1:

Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings

Thank you so much! I've spent at least 4 hours today trying to resolve this issue and after all the things I've tried it turns out all I needed to do was check a box. Seriously! It really bothers me that it was so difficult to find a resolution to this issue and in the end it turns out to be such an easy to fix. A lot of wasted time and it was alarming to see how many similar issues there are that people are struggling with. In all honesty it has made me a little nervous about using pfSense, I expect these kinds of issues in the CE version(s). Oh well, at least all my equipment is working again and I can start the work I had planned to do four hours ago.

Actions #9

Updated by Luiz Souza 11 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

Fixed in the latest pfSense-upgrade.

Actions #10

Updated by Steve Wheeler 11 months ago

This works as expected upgrading from 2.6 to 23.01. The correct repo is set after upgrade and the custom repo data is removed so no
'pfSense Plus Upgrade' message is shown.

However coming from 2.6 to 23.05-RC the repo is set correctly but the message remains.

Actions #11

Updated by Jim Pingle 10 months ago

  • Target version changed from 23.05 to 23.09

Moving ahead. If it's actually done we can close it on 23.05, but if there is more to do, it'll marked as 23.09

Actions #12

Updated by Jordan G 10 months ago

I'm still seeing issues; if I try changing branch both base systems stay on 23.05, with branch set to 23.05 I get an error trying to add/remove packages
Another instance of pfSense-upgrade is running. Try again later

No problem seeing package lists but logs indicate trouble

/pkg_mgr_installed.php: The command '/usr/local/sbin/pfSense-repo-setup' returned exit code '1', the output was 'pfSense-repoc-static: invalid signature failed to read the repo data. failed to update the repository settings!!!'

Edit: This is being tracked internally NG#10850

Actions #13

Updated by Marcos M 10 months ago

  • Status changed from Feedback to Resolved
  • Target version changed from 23.09 to 23.05
Actions

Also available in: Atom PDF