Regression #14896
closed
Suricata is removed when upgrading the base system
0%
Description
After upgrading from 23.05.01 to 23.09 beta on a clean install (and on a second install) the Suricata package will not be reinstalled following the upgrade even though it's present before hand.
I've also noticed going between beta builds the past several days that this issue reappears each time pfSense Plus is upgraded between builds.
Logs after the upgrade show nothing and even waiting 30 minutes in hopes of a reinstall occurring eventually for the package bear nothing.
Build Info:
23.09-BETA (amd64)
built on Wed Oct 18 23:37:00 EDT 2023
FreeBSD 14.0-CURRENT
Files
Updated by Brian Dahlquist about 1 year ago
From the Netgate forums working with another user who provided possible insight:
https://forum.netgate.com/topic/183136/suricata-uninstalled-on-updates/28?_=1697732116695
After looking around in the pfSense upgrade code, I found a spot where there might be a problem. But I'm not sure. That spot is in this function: https://github.com/pfsense/pfsense/blob/e67b20f4851d7754477c0cdead1c8ea37babde73/src/etc/inc/pkg-utils.inc#L1139.
It could be that the package name Suricata is storing for itself in config.xml is not getting properly recognized after the pfSense upgrade when the code is attempting to find and reinstall the previously installed packages.
Updated by Marcos M about 1 year ago
- Subject changed from Suricata Not Reinstalled in 23.09 to Suricata is removed when upgrading base system
- Priority changed from High to Normal
I was able to reproduce this upgrading between 23.09-BETA versions: Show
Updated by Bill Meeks about 1 year ago
Hi Netgate team: I will need a little help addressing this issue. I currently do not have a pfSense Plus test environment. Plus, I'm not sure exactly how the new package remove/reinstall code is working. My suspicion is maybe the Suricata package name is not getting correctly recognized, but that's just a guess. I do know that nothing has changed in the package's XML manifest in years. It has been storing the same package name in config.xml for a very long time.
Although I've not seen any reports, it's possible the Snort package may have the same problem.
Bill
Updated by Marcos M about 1 year ago
- Status changed from New to In Progress
- Assignee set to Marcos M
- Affected Architecture All added
- Affected Architecture deleted (
amd64)
Updated by Marcos M about 1 year ago
- Tracker changed from Bug to Regression
- Project changed from pfSense Plus to pfSense
- Subject changed from Suricata is removed when upgrading base system to Suricata is removed when upgrading the base system
- Category changed from Package System to Package System
- Status changed from In Progress to Pull Request Review
- Target version set to 2.8.0
- Release Notes changed from Default to Force Exclusion
- Affected Plus Version deleted (
23.09) - Plus Target Version set to 23.09
Thanks for taking a look Bill. The issue does not affect Snort. It turns out that a workaround for a recent bug with pkg rquery incorrectly triggers some suricata specific package code. The rquery issue itself has been resolved in recent pkg versions, so we can simply revert the workaround commit.
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/370
Updated by Bill Meeks about 1 year ago
Thank you, Marcos. Glad it was an easy fix.
Updated by Marcos M about 1 year ago
- Status changed from Pull Request Review to Feedback
Updated by Marcos M about 1 year ago
- Status changed from Feedback to Resolved
Verified working after an upgrade to 23.09: Show
I did run into an unrelated Suricata issue afterwards - info here: https://redmine.pfsense.org/issues/14898#note-1
Updated by Jim Pingle about 1 year ago
- Target version changed from 2.8.0 to 2.7.1