Problem upgrading jails (pkg, freebsd-update)

poorandunlucky

Well-Known Member

Reaction score: 33
Messages: 372

So I have these jails now, and I want to install Samba on my www jail.

I've upgraded to 12.2-p6, pkg -vv shows kernel 120200.

I've upgraded my jail with freebsd-update -b /jails/www

There was an error, some directories for the certificates under /usr/share/[certs]/[trusted/blacklisted] didn't exist, so freebsd-update failed up upgrade those files in there, I manually created the directories. Re-running freebsd-update -b says there's nothing to do.

Going back to the jail, and running pkg -vv shows osversion 120100.

Here's the log from my last transactions before posting here...

Code:
root@www:/ # cd /usr/share/certs/
root@www:/usr/share/certs # ls
blacklisted     trusted
root@www:/usr/share/certs # cd ..
root@www:/usr/share # cd ..
root@www:/usr # cd ..
root@www:/ # exit
exit
tyler@M6500:/home/tyler # freebsd-update -b /jails/www/ fetch install
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 12.2-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 12.2-RELEASE-p6.
No updates are available to install.
tyler@M6500:/home/tyler # jexec www /bin/tcsh
root@www:/ # pkg -vv
Version                 : 1.14.5
PKG_DBDIR = "/var/db/pkg";
PKG_CACHEDIR = "/var/cache/pkg";
PORTSDIR = "/usr/ports";
INDEXDIR = "";
INDEXFILE = "INDEX-12";
HANDLE_RC_SCRIPTS = false;
DEFAULT_ALWAYS_YES = false;
ASSUME_ALWAYS_YES = false;
REPOS_DIR [
    "/etc/pkg/",
    "/usr/local/etc/pkg/repos/",
]
PLIST_KEYWORDS_DIR = "";
SYSLOG = true;
ABI = "FreeBSD:12:amd64";
ALTABI = "freebsd:12:x86:64";
DEVELOPER_MODE = false;
VULNXML_SITE = "http://vuxml.freebsd.org/freebsd/vuln.xml.bz2";
FETCH_RETRY = 3;
PKG_PLUGINS_DIR = "/usr/local/lib/pkg/";
PKG_ENABLE_PLUGINS = true;
PLUGINS [
]
DEBUG_SCRIPTS = false;
PLUGINS_CONF_DIR = "/usr/local/etc/pkg/";
PERMISSIVE = false;
REPO_AUTOUPDATE = true;
NAMESERVER = "";
HTTP_USER_AGENT = "pkg/1.14.5";
EVENT_PIPE = "";
FETCH_TIMEOUT = 30;
UNSET_TIMESTAMP = false;
SSH_RESTRICT_DIR = "";
PKG_ENV {
}
PKG_SSH_ARGS = "";
DEBUG_LEVEL = 0;
ALIAS {
    all-depends = "query %dn-%dv";
    annotations = "info -A";
    build-depends = "info -qd";
    cinfo = "info -Cx";
    comment = "query -i \"%c\"";
    csearch = "search -Cx";
    desc = "query -i \"%e\"";
    download = "fetch";
    iinfo = "info -ix";
    isearch = "search -ix";
    prime-list = "query -e '%a = 0' '%n'";
    prime-origins = "query -e '%a = 0' '%o'";
    leaf = "query -e '%#r == 0' '%n-%v'";
    list = "info -ql";
    noauto = "query -e '%a == 0' '%n-%v'";
    options = "query -i \"%n - %Ok: %Ov\"";
    origin = "info -qo";
    provided-depends = "info -qb";
    rall-depends = "rquery %dn-%dv";
    raw = "info -R";
    rcomment = "rquery -i \"%c\"";
    rdesc = "rquery -i \"%e\"";
    required-depends = "info -qr";
    roptions = "rquery -i \"%n - %Ok: %Ov\"";
    shared-depends = "info -qB";
    show = "info -f -k";
    size = "info -sq";
}
CUDF_SOLVER = "";
SAT_SOLVER = "";
RUN_SCRIPTS = true;
CASE_SENSITIVE_MATCH = false;
LOCK_WAIT = 1;
LOCK_RETRIES = 5;
SQLITE_PROFILE = false;
WORKERS_COUNT = 0;
READ_LOCK = false;
PLIST_ACCEPT_DIRECTORIES = false;
IP_VERSION = 0;
AUTOMERGE = true;
VERSION_SOURCE = "";
CONSERVATIVE_UPGRADE = true;
PKG_CREATE_VERBOSE = false;
AUTOCLEAN = false;
DOT_FILE = "";
REPOSITORIES {
}
VALID_URL_SCHEME [
    "pkg+http",
    "pkg+https",
    "https",
    "http",
    "file",
    "ssh",
    "ftp",
    "ftps",
    "pkg+ssh",
    "pkg+ftp",
    "pkg+ftps",
]
ALLOW_BASE_SHLIBS = false;
WARN_SIZE_LIMIT = 1048576;
METALOG = "";
OSVERSION = 1201000;
IGNORE_OSVERSION = false;
BACKUP_LIBRARIES = false;
BACKUP_LIBRARY_PATH = "/usr/local/lib/compat/pkg";


Repositories:
  FreeBSD: {
    url             : "pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly",
    enabled         : yes,
    priority        : 0,
    mirror_type     : "SRV",
    signature_type  : "FINGERPRINTS",
    fingerprints    : "/usr/share/keys/pkg"
  }
root@www:/ #

Where did I screw-up?

Also: hello *waves* 😊
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 11,255
Messages: 37,429

freebsd-update fetch install only downloads and installs patches for the version it has now. Your jail appears to be 12.1-RELEASE, you probably never upgraded it. It's not automagically upgraded when you upgrade the host OS. You need to use freebsd-update -r 12.2-RELEASE upgrade on the jail.

Going back to the jail, and running pkg -vv shows osversion 120100.
Run freebsd-version -u to see version.
 
OP
poorandunlucky

poorandunlucky

Well-Known Member

Reaction score: 33
Messages: 372

freebsd-version -u shows 12.2-RELEASE-p6 from both the base OS, and from inside the jail (through jexec).

Running pkg from inside the jail tells me

pkg: http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly/All/samba411-4.11.8.txz: Not Found

Running pkg -j www samba411 install gives me

Newer FreeBSD version for package php73-pear-channel-symfony: To ignore this error set IGNORE_OSVERSION=yes - package: 1202000 - running kernel: 1201000

I tried running freebsd-update -b /jails/www -r 12.2-RELEASE as well, and it's also telling me it's already at that version...

Related yet Unrelated Questions:

What's good practice with jails? Working on them by opening a shell, or operating from the base OS through the --jail options when possible? Like upgrading, should I do it from the jail, or with the freebsd-update -b option?

Howcome trying to install samba from a jail shell tells me the package can't be found, but works fine if I do it from the base OS with the -j option? Seems like at that stage it should just be downloading a file, I don't understand the error...

And back to the main issue, considering both the base OS, and the jail are at 12.2-RELEASE, howcome I'm getting that error?

I made a snapshot, I could override, and rollback if it doesn't work, but I'd just like to understand, I'm not experienced with jails so I think I'm probably doing something wrong in my system administration, so I'd like to take good habits, rather than build a pile of mistakes... I'm kinda proud of my OS right now, and aside my personal folder being a mess, my server is pretty nice, and I don't want to feel like I want to wipe it and start over again... It's running well, it's useful, and I really like it (obviously, I'm still here)...

Like when you upgrade your jails, what do you do? I assume they're on their own dataset, and all... I build them with bsdinstall, and then I open shells inside with jexec, or I'll use the -j option that I think just chroots to the jail basedir when appropriate in the script, so I mix the two without caring much, but is there deeper stuff I'm missing?

I even ran pkg update from inside the jail, maybe it needed to update its file that tells it the kernel version (I don't know where it gets it from, that might acttually be a good place to start tracking backwards, if you can help)...

I'm just really stumped by that problem, everything was going so smoothly I thought everything was in order... I don't want to update to the newest release yet because I don't want to go through all the config right now, I just want samba on the www server at this time... I'll enjoy going that road later, but right now I just want to get this sorted out to make sure everything's fine, and I'm not going to screw everything up again... and make a little website just to refresh myself, and show something to someone (which is what I set out to do in the first place, I'm also trying to remain focussed on my objective)...

I have samba on another jail, and it's running fine, I use it every day, all my files are there now, besides the obligatory stuff I have to keep local to Windows, everything goes on my file server, even game recordings from Windows, everything's set to save to my Samba network drive that's my home folder on that jail... been running for like a year like that now... I want to put Nextcloud on it, re-setup my DNS, I lost a lot of files because of Windows and Microsoft-related issues, and carelessness, and disorganization, plus I'm kinda depressed, and I also took up electronics as a hobby, so it's not going very fast, but at least I think it's fairly solid now... It could just be the package script that has a typo, or it could be something I've done improperly, and I want to know because I really like my server...

I don't understand why that error, and like I said, I don't want to screw things up anymore, or any more... Just asking for jail best practices, and clues where to look for the problem...

FreeBSD is very important to me, not only is it cool to watch debug messages whiz through on a console window, but it also speaks "my language" it just makes sense to me, I'm actually very passionate about it, I didn't choose it over Ubuntu because I liked the logo, the way it's organized, and the way the people who make it write, the code, the structure, it just... I think it's beautiful, I find beauty in it, and because it's so rare to find something like that, well, I keep... trying... *shrugs*

... and yes, even though I've been absent for a while, I've thought about you a few times, if you wonder, 😊, wondering, and hoping, that you're healthy, and happy...

You've always tried to help, and I appreciate, even if you weren't always helpful. 😋

(sure spilled my heart out there... i hope i don't regret it in the morning lol 😁)
 
Last edited:

ShelLuser

Son of Beastie

Reaction score: 2,066
Messages: 3,774

What's good practice with jails? Working on them by opening a shell, or operating from the base OS through the --jail options when possible? Like upgrading, should I do it from the jail, or with the freebsd-update -b option?

Howcome trying to install samba from a jail shell tells me the package can't be found, but works fine if I do it from the base OS with the -j option?
That sounds like a badly set up jail to me. When done properly then a jail will behave in the same way as its host, so it can install packages, build ports, etc.

Best practice is obviously to use jexec(8) to access the jail. Don't forget that it contains running processes and if you simply overrule any possible (soft)lock and start messing around you're in for a really bad time.

Like when you upgrade your jails, what do you do?
Depends, usually the same thing as you'd do on the host.

Either you upgrade from inside the jail or you shut it down and then perform the upgrade from the outside. I usually shut the whole thing down and then "forcefully" extract the archives for the latest version, during which I use mergemaster(8) to help me sort out the configuration (basically I roughly follow the same procedure as if I was upgrading using the source tree).

But your mileage varies. Note that this is all explained in the FreeBSD handbook.

I assume they're on their own dataset, and all... I build them with bsdinstall, and then I open shells inside with jexec, or I'll use the -j option that I think just chroots to the jail basedir when appropriate in the script, so I mix the two without caring much, but is there deeper stuff I'm missing?
Why assume? You build them, so you should know. No, a dataset is definitely not implied nor required (but can be useful). You open shells? It does more than that, also see the manual pages. You don't just open a shell, you start a new child process within your jail. Try using w or ps from inside the jail to see what I mean.
 
OP
poorandunlucky

poorandunlucky

Well-Known Member

Reaction score: 33
Messages: 372

I might've upgraded it without shutting it down...

There's not much on there,I think just nginx, pgsql, php-fpm, ... It's going to be a small hassle, but none of it is really configured, anyway... I think I'm going to just rebuilld it to make sure, I think that's my best move...

Not having a set method to upgrade jails, and there being more than one way about it, I think I I must've upgraded it without shitting it down like you suggested...

I'll also try to install that package on another jail see if it's not that...

There doesn't seem to be a textbook solution to this, so I'm going to try and find out, and I'll let you know what comes out of it...

Thanks again 😊
 
OP
poorandunlucky

poorandunlucky

Well-Known Member

Reaction score: 33
Messages: 372

So I think the problem is that when I upgrade my jails, I use freebsd-update -b /jails/<jailname> fetch install and it works fine from the base OS,, however, if try from within the jail (whtouth the -b, obviously(, it says it can't find the files for my architecture, and I have to built it from source.

The original problem was that pkg was complaining that my kernel version was 12.1,but pkg was trying to install for 12.2.

I always thought it was a file like /var/pkg/version or something like that, but I looked at /boot/, and my files there are from 2019... In /bin/, too, like freebsd-update -b /jail/<jailname> did nothing apparently...

Do you really always have to build jails from source? Why can't you just extract the packages like freebsd-install does?

That's so weird to me...

I always expected freebsd-update -b to just be the way to update and upgrade jails, it's how the base OS gets updated/upgraded and it's just .txz files that get extracted for my arch...

Why do I have to upgrade jails from source? Do I also have to update (patch) them from source, too?

That seems weird, and tednous, and there has to be a reason... I would sincerely expect freebsd-update to udate jails, I installed them with bsdinstall, so it's just tar files thar get extracted with some scripts for permissions and whatnot...

Why is upgrading/updating a jail so darn complicated?

I don't undetstand why those other tools don't work from within/whoutout the jail since it's just package extraction, and doing it on the base system surely can't be less complicated than doing it in a jail... A jail can be shurdown to the point where it's just inert folders with nothing running, no usernale apps to keep running until the next boot, no... It could just extract the packages straight into the jail base directories!

Wjy? Is it s way, like a milestone, to get me to built my kernel, and change the source? Is there another technical reason?

Sure I have a trash app that I could add to /src/, and I guess I could remove dome default modules from the GENERIC kernel, but it's so light already, and ...

*hangs head*

Does anyone know why it's like that?

It's not pissing me off, but I'm only run buildworld installworld a few times, and I'm kind scared I'm going to screw things up, or that it's going to mess my configuration files, or something...
 
Top