I just came around updating a host that I have to admit I'm neglecting a bit...
The host runs on 12.4-RELEASE-p6 (was on p5 when I started debugging this), the jails are connected to a dedicated loopback interface (lo1) and PF handles all forwards/nat etc. (This host was first set up before vnet was "production-safe")
This has worked for several years without any issues.
Now when I update pkg in one of the jails it will no longer update from my local repository:
The host itself is fine:
nginx on the pkg host doesn't log any errors or 404s, but also no access when the jail tries to
The repository is configured with an https url; pkg+https as well as the srv mirror_type have been removed a while ago. I also tried forcing pkg to use IPv4 (which it did anyways, but just to be sure...)
All my other jailhosts have already been migrated to vnet and they don't show this behaviour, so it seems the http(s) handler of pkg has had some changes that break it in "loopback-jail" configurations + https (pkg+https works).
Other things I tried:
- using pkg-1.20.7 from the official repositories (updating from the official repos works with all pkg versions!)
- reducing the mtu on the jails loopback interface (I've once seen some weird behaviour with pkg and jumbo frames, so it was worth a try)
- switching to http
This host is bound to be replaced/rebuilt with either 13.2-RELEASE or even 14.0-RELEASE as soon as the 12 branch is nearing EOL, so this isn't super-critical as I can just lock pkg to the last 1.19 version for now. But if someone has any other ideas how to fix this I'd be grateful for any help.
The host runs on 12.4-RELEASE-p6 (was on p5 when I started debugging this), the jails are connected to a dedicated loopback interface (lo1) and PF handles all forwards/nat etc. (This host was first set up before vnet was "production-safe")
This has worked for several years without any issues.
Now when I update pkg in one of the jails it will no longer update from my local repository:
Code:
root@postfix:~ # pkg -v
1.19.2
root@postfix:~ # pkg update -f
Updating local repository catalogue...
[postfix.mail2.mydomain.tld] Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
[postfix.mail2.mydomain.tld] Fetching packagesite.pkg: 100% 149 KiB 152.3kB/s 00:01
Processing entries: 100%
local repository update completed. 584 packages processed.
All repositories are up to date.
root@postfix:~ # pkg upgrade -y pkg
Updating local repository catalogue...
local repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
pkg: 1.19.2 -> 1.20.8
Number of packages to be upgraded: 1
The process will require 1 MiB more space.
[postfix.mail2.mydomain.tld] [1/1] Upgrading pkg from 1.19.2 to 1.20.8...
[postfix.mail2.mydomain.tld] [1/1] Extracting pkg-1.20.8: 100%
Updating local repository catalogue...
pkg: An error occured while fetching package
pkg: An error occured while fetching package
repository local has no meta file, using default settings
pkg: An error occured while fetching package
pkg: An error occured while fetching package
Unable to update repository local
Error updating repositories!
root@postfix:~ # pkg update
Updating local repository catalogue...
pkg: An error occured while fetching package
pkg: An error occured while fetching package
repository local has no meta file, using default settings
pkg: An error occured while fetching package
pkg: An error occured while fetching package
Unable to update repository local
Error updating repositories!
The host itself is fine:
Code:
root@mail2:~ # pkg -v
1.20.8
root@mail2:~ # pkg update -f
Updating local repository catalogue...
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
Fetching packagesite.pkg: 100% 149 KiB 152.3kB/s 00:01
Processing entries: 100%
local repository update completed. 584 packages processed.
All repositories are up to date.
nginx on the pkg host doesn't log any errors or 404s, but also no access when the jail tries to
pkg update
. I *can* see traffic on the hosts external interface to and from the pkg host, I can also successfully fetch
the meta files from the jail and openssl s_client
also establishes a successful connection to the pkg host. So only pkg
is showing this behaviour.The repository is configured with an https url; pkg+https as well as the srv mirror_type have been removed a while ago. I also tried forcing pkg to use IPv4 (which it did anyways, but just to be sure...)
All my other jailhosts have already been migrated to vnet and they don't show this behaviour, so it seems the http(s) handler of pkg has had some changes that break it in "loopback-jail" configurations + https (pkg+https works).
Other things I tried:
- using pkg-1.20.7 from the official repositories (updating from the official repos works with all pkg versions!)
- reducing the mtu on the jails loopback interface (I've once seen some weird behaviour with pkg and jumbo frames, so it was worth a try)
- switching to http
This host is bound to be replaced/rebuilt with either 13.2-RELEASE or even 14.0-RELEASE as soon as the 12 branch is nearing EOL, so this isn't super-critical as I can just lock pkg to the last 1.19 version for now. But if someone has any other ideas how to fix this I'd be grateful for any help.