Post

Fixing The OPNsense Package Manager Part 2

This post is a continuation of my post, Fixing The OPNsense Package Manager. This issue still bothered me, and I never did sort out the underlying cause. However, everything with all the affected instances continued working fine and updating, except one. Maybe I did something different on this instance because of the previous update issues?

My latest issues began as I started the update to 22.7.3_2. My problem instance threw the error Could not authenticate the selected mirror.

Changing the mirror and rebooting, I was greeted with all new errors:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7.2 (amd64/OpenSSL)
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
1508 bytes from 89.149.211.205: icmp_seq=0 ttl=51 time=146.094 ms
1508 bytes from 89.149.211.205: icmp_seq=1 ttl=51 time=145.938 ms
1508 bytes from 89.149.211.205: icmp_seq=2 ttl=51 time=146.013 ms
1508 bytes from 89.149.211.205: icmp_seq=3 ttl=51 time=146.115 ms

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 145.938/146.040/146.115/0.070 ms
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Authentication error
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Error updating repositories!
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***

I have never experienced a problem with updating OPNsense like this before. I likely did something to induce it, so I set out to roll back anything I changed. Knowing I had a thoroughly tested and working backup, I started fiddling around and only made things worse until I got this error:

1
2
3
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.7.2 (amd64/OpenSSL)
Fetching changelog information, please wait... Missing /usr/local/etc/pkg/repos/OPNsense.conf

At this point, I knew I had pushed too many buttons.

Running audits revealed:

1
2
3
4
5
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7.2 (amd64/OpenSSL)
No IPv4 address could be found for host: 
No IPv6 address could be found for host: 
***DONE***

and

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.2 (amd64/OpenSSL)
>>> Check installed kernel version
Version 22.7.2 is correct.
Unverified consistency check for kernel: invalid /usr/local/opnsense/version/kernel.mtree.sig
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.2 is correct.
Unverified consistency check for base: invalid /usr/local/opnsense/version/base.mtree.sig
~~~~~~~~~~~~~~~~~~~~
>>> Check for missing package dependencies
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
>>> Check for missing or altered package files
Checking all packages: ....
opnsense-22.7.2: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.
~~~~~~~~~~~~~~~~~~~~
opnsense-22.7.2: missing file /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.
opnsense-22.7.2: missing file /usr/local/etc/pkg/repos/FreeBSD.conf.sample
opnsense-22.7.2: missing file /usr/local/etc/pkg/repos/OPNsense.conf.sample
Checking all packages......... done
>>> Check for core packages consistency
~~~~~~~~~~~~~~~~~~~~

We are missing some things. I came across a post mentioning the opnsense-bootstrap tool. The opnsense-bootstrap will completely reinstall a running system in place while also automatically picking up the latest available version.

Run this as root within the local console (not ssh). Change the version 22.7 to your target version.

1
2
3
pkg install ca_root_nss
fetch https://raw.githubusercontent.com/opnsense/update/master/src/bootstrap/opnsense-bootstrap.sh.in
sh ./opnsense-bootstrap.sh.in -r 22.7

When the script completed repairs, it automatically rebooted the system. A few plugins were missing. Since this is mostly a default installation now that is to be expected. , I installed the missing plugins and rebooted the system once more and we were operational.

This resolved all the issues and updated my installation to the latest version. These tools are going straight into the toolbox.

Happy Routing!

This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.

© Kevin Schwickrath. Some rights reserved.

Using the Chirpy theme for Jekyll.