updater issueshttps://gitlab.nic.cz/turris/updater/updater/-/issues2023-08-16T15:00:04+02:00https://gitlab.nic.cz/turris/updater/updater/-/issues/290Candidates from provided packages might be in some cases ignored2023-08-16T15:00:04+02:00Karel KociCandidates from provided packages might be in some cases ignoredIn one specific case the package `libmariadbclient` provides `libmysqlclient-r` but updater reports
```
TRACE:planner.lua:104 (sat_pkg_group):SAT add package libmysqlclient-r with var: 324
TRACE:planner.lua:150 (sat_pkg_group):SAT group ...In one specific case the package `libmariadbclient` provides `libmysqlclient-r` but updater reports
```
TRACE:planner.lua:104 (sat_pkg_group):SAT add package libmysqlclient-r with var: 324
TRACE:planner.lua:150 (sat_pkg_group):SAT group libmysqlclient-r has no candidate
```Turris OS 4.0.5https://gitlab.nic.cz/turris/updater/updater/-/issues/292Rewrite pkg_unpack to not use tmp and instead do it by stream operation2023-08-16T15:00:00+02:00Karel KociRewrite pkg_unpack to not use tmp and instead do it by stream operationThis should help when we install big packages.
We should unpack two archives not by fist unpacking first one and then other one but by unpacking both at the same time in stream. Files should go directly to mountpoint root (to FS as they...This should help when we install big packages.
We should unpack two archives not by fist unpacking first one and then other one but by unpacking both at the same time in stream. Files should go directly to mountpoint root (to FS as they are going to be written there anyway).https://gitlab.nic.cz/turris/updater/updater/-/issues/325Approvals does not require manual confirmation2023-08-16T14:59:40+02:00Josef SchlehoferApprovals does not require manual confirmationOn Turris 1.1 router, I'm using Approvals.
```
root@turris:~# uci export updater
package updater
config turris 'turris'
option mode 'branch'
option branch 'hbl'
config l10n 'l10n'
list langs 'cs'
config autorun 'autorun'
option e...On Turris 1.1 router, I'm using Approvals.
```
root@turris:~# uci export updater
package updater
config turris 'turris'
option mode 'branch'
option branch 'hbl'
config l10n 'l10n'
list langs 'cs'
config autorun 'autorun'
option enable '1'
option approvals '1'
```
And it seems that Approvals are not necessary since the update is installed anyway.
I got two notifications today:
- 5.28 am:
```
Update notifications
====================
Your approval is required to apply pending updates. You can grant it in the Foris administrative interface in the 'Updater' menu.
• Install libnetfilter-log 1.0.2-1
```
- 6.21 am:
```
Update notifications
====================
Changes performed by updater at 2022-03-18T05:21:23+00:00
• Updated package libnetfilter-log from version 1.0.1-3 to version 1.0.2-1
```
If you need some logs, please let me know, I will be gladly to help.Turris OS 6.0https://gitlab.nic.cz/turris/updater/updater/-/issues/311Compare of dependencies triggers reinstall after opkg usage2022-02-16T16:41:01+01:00Karel KociCompare of dependencies triggers reinstall after opkg usageOpkg sanitizes dependencies and that introduces inconsistency in string comparison. We should probably not compare dependencies as strings but rather in some other way.
This is considered as mirror bug as it triggers only once after opk...Opkg sanitizes dependencies and that introduces inconsistency in string comparison. We should probably not compare dependencies as strings but rather in some other way.
This is considered as mirror bug as it triggers only once after opkg usage and not after that.https://gitlab.nic.cz/turris/updater/updater/-/issues/320File hashes are now stored in `files-sha256sum` control file instead of `file...2022-02-16T16:40:58+01:00Karel KociFile hashes are now stored in `files-sha256sum` control file instead of `files-sha256`https://gitlab.nic.cz/turris/updater/updater/-/issues/231Change how virtual works so that it just doesn't tries to install package it ...2021-12-03T17:35:16+01:00Karel KociChange how virtual works so that it just doesn't tries to install package it selfAt the moment if virtual package has some candidate then we fail. This makes no sense. In reality we should just ignore all candidates and just use package for dependencies nothing else. So error should probably become warning.At the moment if virtual package has some candidate then we fail. This makes no sense. In reality we should just ignore all candidates and just use package for dependencies nothing else. So error should probably become warning.Turris OS 3.x migrationhttps://gitlab.nic.cz/turris/updater/updater/-/issues/319Updater hangs waiting for zombie process2021-10-15T12:02:45+02:00Vojtech MyslivecUpdater hangs waiting for zombie processRunning `pkgupdate` interactively to upgrade from TOS 5.1.8 to TOS 5.2.1 and the updater hangs waiting for zombie process while running `mwan` postinstall script:
![Screenshot_from_2021-06-15_17-37-51](/uploads/c1bb5ff671ed4494a1933ae2e...Running `pkgupdate` interactively to upgrade from TOS 5.1.8 to TOS 5.2.1 and the updater hangs waiting for zombie process while running `mwan` postinstall script:
![Screenshot_from_2021-06-15_17-37-51](/uploads/c1bb5ff671ed4494a1933ae2e30b2763/Screenshot_from_2021-06-15_17-37-51.png)
It recovers itself somehow after several minutes but it takes too long in interactive mode IMO. Also, this happened to me several times already. I guess it's `mwan` package every time...
<details>
<summary>pkgupdate console log</summary>
```
root@factory02: ~ # pkgupdate
INFO:Target Turris OS: 5.2.1
INFO:Queue install of kernel/core/4.14.232-1-67f70e2f39f8e8859c56d42cced0b0b3
...
INFO:Queue install of luci-i18n-mwan3-en/luci/git-21.132.36199-d0cf6e4-1
...
INFO:Queue install of kmod-sit/core/4.14.232-1-67f70e2f39f8e8859c56d42cced0b0b3
INFO:Queue removal of dhparam
...
INFO:Queue removal of luasec
Press return to continue, CTRL+C to abort
INFO:Downloading packages
INFO:Executing preupdate hook: 05_schnapps.sh
Snapshot number 55 created
INFO:Unpacking download packages
INFO:Checking for file collisions between packages
INFO:Running pre-install and pre-rm scripts and merging packages to root file system
WARN:Config file /etc/config/openvpn modified by the user. Backing up the new one into /etc/config/openvpn-opkg
...
WARN:Config file /etc/mwan3.user modified by the user. Backing up the new one into /etc/mwan3.user-opkg
...
WARN:Config file /etc/config/foris modified by the user. Backing up the new one into /etc/config/foris-opkg
INFO:Running prerm of dhparam
...
INFO:Running prerm of luasec
INFO:Removing packages and leftover files
INFO:Running post-install and post-rm scripts
INFO:Running postinst of kernel
...
INFO:Running postinst of kmod-ipt-ipset
INFO:Running postinst of mwan3
...
<several minutes>
...
ip: invalid argument '0x3d00/0x3F00' to 'fwmark'
ip: invalid argument '0x3e00/0x3F00' to 'fwmark'
ip: invalid argument '0x3d00/0x3F00' to 'fwmark'
ip: invalid argument '0x3e00/0x3F00' to 'fwmark'
ip: invalid argument '0x100/0x3F00' to 'fwmark'
ip: invalid argument '0x3d00/0x3F00' to 'fwmark'
ip: invalid argument '0x3e00/0x3F00' to 'fwmark'
ip: invalid argument '0x3d00/0x3F00' to 'fwmark'
ip: invalid argument '0x3e00/0x3F00' to 'fwmark'
ip: invalid argument '0x200/0x3F00' to 'fwmark'
INFO:Running postinst of luci-compat
...
```
</details>https://gitlab.nic.cz/turris/updater/updater/-/issues/293Failed download produces error about uri_path called on scheme https2021-08-03T09:11:05+02:00Karel KociFailed download produces error about uri_path called on scheme https```
DEBUG:src/lib/download.c:53 (download_check_info):Download failed, trying again 3 (https://cynerd.cz/repo/turris/updater.lua): SSL certificate problem: certificate has expired
DEBUG:src/lib/download.c:53 (download_check_info):Downloa...```
DEBUG:src/lib/download.c:53 (download_check_info):Download failed, trying again 3 (https://cynerd.cz/repo/turris/updater.lua): SSL certificate problem: certificate has expired
DEBUG:src/lib/download.c:53 (download_check_info):Download failed, trying again 3 (https://cynerd.cz/repo/turris/updater.lua.sig): SSL certificate problem: certificate has expired
DEBUG:src/lib/download.c:53 (download_check_info):Download failed, trying again 2 (https://cynerd.cz/repo/turris/updater.lua): SSL certificate problem: certificate has expired
DEBUG:src/lib/download.c:53 (download_check_info):Download failed, trying again 2 (https://cynerd.cz/repo/turris/updater.lua.sig): SSL certificate problem: certificate has expired
DEBUG:src/lib/download.c:61 (download_check_info):Download failed (https://cynerd.cz/repo/turris/updater.lua): SSL certificate problem: certificate has expired
DIE:src/lib/uri.c:290 (uri_path):Called uri_path on URI of scheme: https
```
This is invalid error message and we should have failed that time already. We for some reason call `uri_path` on it instead of reporting error.https://gitlab.nic.cz/turris/updater/updater/-/issues/322Update from TOS 4.0.1 to 5.2.3 fails to finish2021-07-27T20:48:58+02:00Stepan RechnerUpdate from TOS 4.0.1 to 5.2.3 fails to finish# Summary
After an update from TOS 4.0.1, no UI is available. Web UI is unavailable, SSH refused. Reported on support (ticket 1361041: [turris nepřístupný přes web po akualizaci](https://rt.nic.cz/Ticket/Display.html?id=1361041), reprodu...# Summary
After an update from TOS 4.0.1, no UI is available. Web UI is unavailable, SSH refused. Reported on support (ticket 1361041: [turris nepřístupný přes web po akualizaci](https://rt.nic.cz/Ticket/Display.html?id=1361041), reproduced on Omnia.
# Steps To Reproduce
1. Re-flash Turris Omnia with Turris OS 4.0.1
2. Finish the first setting guide
3. Let the updater work
# Expected Result
Turris OS updates to the current version, and an automatic restart is set. After a restart, the current version is fully initialized.
# Actual Result
A restart of the router is triggered during an update and the update ends unfinished. After the reboot, DHCP and access to the Internet via Ethernet works, router UIs are not accessible, Wi-Fi is off. Only a pre-update snapshot is created, not a post-update. `pkgupdate` via a serial connection helps.https://gitlab.nic.cz/turris/updater/updater/-/issues/316Newly installed packages configuration scripts are run as they would be an up...2021-05-27T10:22:40+02:00Karel KociNewly installed packages configuration scripts are run as they would be an upgradeDue to error in detection if package is already installed the configure step of package is always run with environment variable `PKG_UPGRADE=1`.
The effects are:
* No automatic service enable and thus not service is started
* Some other...Due to error in detection if package is already installed the configure step of package is always run with environment variable `PKG_UPGRADE=1`.
The effects are:
* No automatic service enable and thus not service is started
* Some other packages using this variable installed in running system might not be set properly.
This was introduced by turris/updater/updater!268 (f099f89de4eebdd610ffe155da1298da752ddbdf)https://gitlab.nic.cz/turris/updater/updater/-/issues/309wget missing after TOS 3->5 upgrade2021-05-26T19:58:17+02:00David Hopfmuellerwget missing after TOS 3->5 upgrade```
root@router:~# cat /etc/turris-version
3.11.19.1
root@router:~# opkg list-installed | grep wget
wget - 1.20.3-1
root@router:~#
```
After installing the tos3to4 package and initiating `pkgupdate` it does `INFO:Queue removal of wget` ...```
root@router:~# cat /etc/turris-version
3.11.19.1
root@router:~# opkg list-installed | grep wget
wget - 1.20.3-1
root@router:~#
```
After installing the tos3to4 package and initiating `pkgupdate` it does `INFO:Queue removal of wget` but never reinstalls it. As such, it leaves TOS 5.1.3 in a broken state without any chance to self-recover through updates.
Please let me know if you need any additional information, I can go back and forth between snapshots if required.https://gitlab.nic.cz/turris/updater/updater/-/issues/295Notification about requested approval is not sent if configuration is set to ...2020-11-20T11:23:35+01:00Karel KociNotification about requested approval is not sent if configuration is set to "always required approval"This is possibly Turris OS 3.x only thing. If it is then it might not fix but it is possible that 4.0+ uses the same piece of code and that there is that bug in reality in 4.0+ as well.This is possibly Turris OS 3.x only thing. If it is then it might not fix but it is possible that 4.0+ uses the same piece of code and that there is that bug in reality in 4.0+ as well.https://gitlab.nic.cz/turris/updater/updater/-/issues/184Assertion failure if user list added multiple times2020-11-12T03:27:20+01:00Ghost UserAssertion failure if user list added multiple timesIt's the version now in rc: 49.1.
```
Stack Traceback
===============
(2) Lua function '?' at line 64 of chunk '"logging"]'
Local variables:
err = [string "backend"]:1246: assertion failed! {msg:[string "backend"]:1246: assertion fa...It's the version now in rc: 49.1.
```
Stack Traceback
===============
(2) Lua function '?' at line 64 of chunk '"logging"]'
Local variables:
err = [string "backend"]:1246: assertion failed! {msg:[string "backend"]:1246: assertion failed!, tp:error, reason:runtime (more...)}
err2string = Lua function '?' (defined at line 45 of chunk "logging"])
msg = string: "\
runtime: [string \"backend\"]:1246: assertion failed!"
(*temporary) = table: 0x10d97cb8 {msg:
runtime: [string "backend"]:1246: assertion failed!}
(3) C function 'function: 0x10420908'
(4) upvalue C function 'error'
(5) Lua global 'required_pkgs' at line 53 of chunk '"updater"]'
Local variables:
entrypoint = string: "internal:entry_lua"
tlc = table: 0x104100c8 {env:table: 0x10434590, level_check:function: 0x10520500, tp:context, sec_level:Full (more...)}
ep_uri = table: 0x105c3be0 {ok:function: 0x10509be8, tp:uri, cback:function: 0x10611ae8, callbacks:table: 0x105c3c80 (more...)}
ok = boolean: true
tls = string: "-- Do not edit this file. It is the entry point. Edit the user.lua file.\
\
local branch = \"\"\
local lists\
if uci then\
-- If something is really broken, we could be unable to load the uci dynamic module. Try to do some recovery in such case and hope it works well the next time.\
local cursor = uci.cursor()\
branch = cursor:get(\"updater\", \"override\", \"branch\")\
if branch then\
WARN(\"Branch overriden to \" .. branch)\
branch = branch .. \"/\"\
else\
branch = \"\"\
end\
lists = cursor:get(\"updater\", \"pkglists\", \"lists\")\
else\
ERROR(\"UCI library is not available. Not processing user lists.\")\
end\
\
-- Guess what board this is.\
local base_model = \"\"\
if model then\
if model:match(\"[Oo]mnia\") then\
base_model = \"omnia/\"\
elseif model:match(\"[Tt]urris\") then\
base_model = \"turris/\"\
end\
end\
\
local base_url\
if base_model then\
base_url = \"https://api.turris.cz/updater-defs/\" .. turris_version .. \"/\" .. base_model .. branch\
end\
\
-- Reused options for remotely fetched scripts\
local script_options = {\
security = \"Remote\",\
ca = \"file:///etc/ssl/updater.pem\",\
crl = \"file:///tmp/crl.pem\",\
pubkey = {\
\"file:///etc/updater/keys/release.pub\",\
\"file:///etc/updater/keys/standby.pub\",\
\"file:///etc/updater/keys/test.pub\" -- It is normal for this one to not be present in production systems\
}\
}\
\
if base_url then\
-- The distribution script. It contains the repository and bunch of basic packages. The URI is computed based on the branch and the guessed board\
Script(\"base\", base_url .. \"base.lua\", script_options)\
-- Ask for a script specific for our serial. But ignore if it's not there (which is common).\
if serial then\
local script_options_ignore = {}\
for n, v in pairs(script_options) do\
script_options_ignore[n] = v\
end\
script_options_ignore.ignore = {\"missing\"}\
-- First try just the revision\
Script(\"revision-specific\", base_url .. \"revision/\" .. serial:sub(1, 8) .. \".lua\", script_options_ignore)\
Script(\"serial-specific\", base_url .. \"serial/\" .. serial .. \".lua\", script_options_ignore)\
end\
end\
\
-- Some provided by the user\
Script \"user-src\" \"file:///etc/updater/user.lua\" { security = \"Local\" }\
-- Some auto-generated by command line\
Script \"auto-src\" \"file:///etc/updater/auto.lua\" { security = \"Local\" }\
\
if uci and base_url then\
-- Go through user lists and pull them in.\
if type(lists) == \"string\" then\
lists = {lists}\
end\
if type(lists) == \"table\" then\
for _, l in ipairs(lists) do\
-- TODO: Make restricted security work\
Script(\"userlist-\" .. l, base_url .. \"userlists/\" .. l .. \".lua\", script_options)\
end\
end\
end\
"
err = [string "backend"]:1246: assertion failed! {msg:[string "backend"]:1246: assertion failed!, tp:error, reason:runtime (more...)}
(6) Lua function '?' at line 61 of chunk '"updater"]'
Local variables:
entrypoint = string: "internal:entry_lua"
```Turris OS 3.8https://gitlab.nic.cz/turris/updater/updater/-/issues/186If package is provided by some other it shouldn't be selected2020-11-12T03:27:14+01:00Karel KociIf package is provided by some other it shouldn't be selectedCurrently if package is provided by some other package. Both are selected as part
of process resolution, because for provided package it is candidate. This breaks
common idiom in packages:
```
Provides: pkg
Conflicts: pkg
```Currently if package is provided by some other package. Both are selected as part
of process resolution, because for provided package it is candidate. This breaks
common idiom in packages:
```
Provides: pkg
Conflicts: pkg
```Turris OS 3.8https://gitlab.nic.cz/turris/updater/updater/-/issues/166Updated packages can leave untracked files behind2020-11-12T03:21:26+01:00Karel KociUpdated packages can leave untracked files behindWhen some package stops using some package (it disappears from .list file), then
we won't remove such file. (At least it seems that way by some test I conducted)
This can be solved together with #159When some package stops using some package (it disappears from .list file), then
we won't remove such file. (At least it seems that way by some test I conducted)
This can be solved together with #159Turris OS 3.7https://gitlab.nic.cz/turris/updater/updater/-/issues/170Support system certificates2020-11-12T03:20:50+01:00Karel KociSupport system certificatesUpdater prefers certificates to be given explicitly, but that is unexpected by
users. More expected would be if url is configured as that it should check
certificate and if ca extra option is nil, than we would use system certificates.Updater prefers certificates to be given explicitly, but that is unexpected by
users. More expected would be if url is configured as that it should check
certificate and if ca extra option is nil, than we would use system certificates.Turris OS 3.7https://gitlab.nic.cz/turris/updater/updater/-/issues/182Updater: [string "planner"]:62: assertion failed!2020-11-12T03:20:44+01:00Michal ČihařUpdater: [string "planner"]:62: assertion failed!When I run updater, I get following error:
```
# updater.sh
WARN:Script revision-specific not found, but ignoring its absence as requested
WARN:Script serial-specific not found, but ignoring its absence as requested
DIE:
[string "plann...When I run updater, I get following error:
```
# updater.sh
WARN:Script revision-specific not found, but ignoring its absence as requested
WARN:Script serial-specific not found, but ignoring its absence as requested
DIE:
[string "planner"]:62: assertion failed!
```
It really does not tell what went wrong.
I can workaround that by removing following lines from `/etc/updater/auto.lua`:
```
Package "knot-libdnssec" { content = "file:///usr/share/updater/local-pkgs/knot-libdnssec_2.4.0-2_mvebu.ipk" }
Install "knot-libdnssec"
Package "knot-libknot" { content = "file:///usr/share/updater/local-pkgs/knot-libknot_2.4.0-2_mvebu.ipk" }
Install "knot-libknot"
Package "knot-libzscanner" { content = "file:///usr/share/updater/local-pkgs/knot-libzscanner_2.4.0-2_mvebu.ipk" }
Install "knot-libzscanner"
Package "knot-resolver" { content = "file:///usr/share/updater/local-pkgs/knot-resolver_1.2.0-4_mvebu.ipk" }
Install "knot-resolver"
```
I've added these when testing fixes for https://gitlab.labs.nic.cz/knot/resolver/issues/132 and https://gitlab.labs.nic.cz/knot/resolver/issues/137, but the error started to show up after upgrading to Turris 3.5.2.Turris OS 3.7https://gitlab.nic.cz/turris/updater/updater/-/issues/177Check if we timeout if postinst script hangs2020-11-12T03:15:43+01:00Karel KociCheck if we timeout if postinst script hangsWe encountered problem with watchcat post install script hanging update. Investigate.We encountered problem with watchcat post install script hanging update. Investigate.Turris OS 3.6https://gitlab.nic.cz/turris/updater/updater/-/issues/179Packages miss reported as having multiple candidates2020-11-12T03:15:39+01:00Karel KociPackages miss reported as having multiple candidatesSometimes packages are reported as having multiple candidates. But in repository
there is only one. There seems to be bug and it might even cause more damage than
this if they are sorted invalidly.Sometimes packages are reported as having multiple candidates. But in repository
there is only one. There seems to be bug and it might even cause more damage than
this if they are sorted invalidly.Turris OS 3.6https://gitlab.nic.cz/turris/updater/updater/-/issues/81Blocking write2020-11-12T02:24:15+01:00Ghost UserBlocking writeMake sure the write into a slave process never blocks. Currently it may create deadlocks (seen in the wild).Make sure the write into a slave process never blocks. Currently it may create deadlocks (seen in the wild).