Regression #14137
closed
pfSense Plus Upgrade repo data remains on the system after upgradng
Added by Steve Wheeler over 1 year ago.
Updated over 1 year ago.
Affected Plus Version:
23.01
Affected Architecture:
amd64
Description
After upgrading from CE to pfSense Plus the repo data used for that should be removed from the firewall leaving it using the Latest Stable branch, 23.01.
After switching the Upgrade repo to use the 23.01 branch this is no longer being completed expected.
The result of this is that the pkg system uses the Plus Upgrade cert and key after upgrading and once those expire it is no longer able to update:
DBG(1)[39712]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.txz with opts "i"
pkg: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.txz: Bad Request
Unable to update repository pfSense
Error updating repositories!
Packages do not show in the Package Manager.
Also see: https://redmine.netgate.com/issues/10335
To work around this issue:
- Set the selected update repo branch back to 23.01 (Latest Stable Version). Go to System > Update > Update Settings and save the branch. 23.01 is the only available branch.
- Manually remove the custom repo files using:
rm /usr/local/share/pfSense/pkg/repos/pfSense-repo-custom.*
Files
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings
- Status changed from New to Confirmed
I hit that case and confirmed that the offered workaround fixes it.
Danilo Zrenjanin wrote in #note-2:
I hit that case and confirmed that the offered workaround fixes it.
I'm running pfsense plus on a Netgate 6100 and have no custum repos
rm /usr/local/share/pfSense/pkg/repos/pfSense-repo-custom.*
rm: No match.
I'm still getting
pkg-static update -f
Updating pfSense-core repository catalogue...
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34950148096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
...
aleksei prokofiev wrote in #note-1:
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings
I can confirm that this fixed my Package Manager issue. Thank you.
Tyler Sparrow wrote in #note-4:
aleksei prokofiev wrote in #note-1:
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings
I can confirm that this fixed my Package Manager issue. Thank you.
I failed to test this method.
aleksei prokofiev wrote in #note-1:
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings
I can also confirm that after toggling the `Disable the Dashboard auto-update check` option, that my `Available Packages` list is now populated and working correctly.
- Status changed from Confirmed to In Progress
- Assignee set to Luiz Souza
Luiz said he and Steve W. will work together on solving this.
aleksei prokofiev wrote in #note-1:
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in System->Update->Update Settings
Thank you so much! I've spent at least 4 hours today trying to resolve this issue and after all the things I've tried it turns out all I needed to do was check a box. Seriously! It really bothers me that it was so difficult to find a resolution to this issue and in the end it turns out to be such an easy to fix. A lot of wasted time and it was alarming to see how many similar issues there are that people are struggling with. In all honesty it has made me a little nervous about using pfSense, I expect these kinds of issues in the CE version(s). Oh well, at least all my equipment is working again and I can start the work I had planned to do four hours ago.
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Fixed in the latest pfSense-upgrade.
This works as expected upgrading from 2.6 to 23.01. The correct repo is set after upgrade and the custom repo data is removed so no
'pfSense Plus Upgrade' message is shown.
However coming from 2.6 to 23.05-RC the repo is set correctly but the message remains.
- Target version changed from 23.05 to 23.09
Moving ahead. If it's actually done we can close it on 23.05, but if there is more to do, it'll marked as 23.09
I'm still seeing issues; if I try changing branch both base systems stay on 23.05, with branch set to 23.05 I get an error trying to add/remove packages
Another instance of pfSense-upgrade is running. Try again later
No problem seeing package lists but logs indicate trouble
/pkg_mgr_installed.php: The command '/usr/local/sbin/pfSense-repo-setup' returned exit code '1', the output was 'pfSense-repoc-static: invalid signature failed to read the repo data. failed to update the repository settings!!!'
Edit: This is being tracked internally NG#10850
- Status changed from Feedback to Resolved
- Target version changed from 23.09 to 23.05
Also available in: Atom
PDF