Solved freebsd-update fails on 10.3 -> 11.0 upgrade

Hello all,

I've got a 64-bit system running FreeBSD 10.3:
Code:
# freebsd-version -uk
10.3-RELEASE-p18
10.3-RELEASE-p19
# uname -a
FreeBSD xxxx.local 10.3-RELEASE-p18 FreeBSD 10.3-RELEASE-p18 #0: Tue Apr 11 10:31:00 UTC 2017     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

I have used freebsd-update to patch the system for the last year of its operation, without any problems. Yesterday, I took the decision to upgrade the system, following the instructions in the handbook. This is what happens when I try to use upgrade:

Code:
# freebsd-update -r 11.0-RELEASE upgrade
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.3-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic src/src world/base world/doc world/lib32

The following components of FreeBSD do not seem to be installed:
world/games

Does this look reasonable (y/n)?

Fetching metadata signature for 11.0-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system... done.
Fetching files from 10.3-RELEASE for merging... done.
Preparing to download files... done.
Fetching 778 patches.....10....20....30....40....50....60....70....80....90....100....110....120....130....140....150....160....170....180....190....200....210....220....230....240....250....260....270....280....290....300....310....320....330....340....350....360....370....380....390....400....410....420....430....440....450....460....470....480....490....500....510....520....530....540....550....560....570....580....590....600....610....620....630....640....650....660....670....680....690....700....710....720....730....740....750....760....770.... done.
Applying patches... done.
Fetching 28243 files... failed.
I have a squid proxy locally installed, but I do not see signs of local access in the squid logs. This system is however inside a larger WAN, whereas access to the internet is content checked for malware.

/etc/freebsd-update.conf is the stock 10.3 one.
 
Squid shouldn't have a problem with the updates but you could test without it. But I'm more inclined to believe the issue is with the content scanner.
 
It's hard to tell what is going on under the hood, without any sort of verbose logging unfortunately. And I have no access to the WAN-perimeter content scanner.

Is there some sort of undocumented feature that can help me use a specific network interface for download? Or a specific proxy/port combination?
 
Thanks, I didn't think about that! I'll check the source and insert some debugging in the call to fetch perhaps.
 
After doing an rm -rf /var/db/freebsd-update/files/* and set FETCH_BIND_ADDRESS to a an interface that bypassed content filtering entirely, the upgrade operation completed succesfully, thanks for the help.
 
After doing an rm -rf /var/db/freebsd-update/files/* and set FETCH_BIND_ADDRESS to a an interface that bypassed content filtering entirely, the upgrade operation completed succesfully, thanks for the help.
Where are you set FETCH_BIND_ADDRESS?
 
freebsd-update(8) is a script that uses fetch(1), which in turn uses fetch(3) from libfetch.

Code:
ENVIRONMENT
     FETCH_BIND_ADDRESS      Specifies a hostname or IP address to which
                             sockets used for outgoing connections will be
                             bound.
So, it's an environment variable.
 
Back
Top