3.9.6 to 3.10 failure

My turris has been sending me error emails every four hours for the past ~three days related to Updater failing. The error email is not entirely helpful:

##### Error notifications #####
Updater failed: Unknown error

If I execute updater.sh manually, I receive the following error messages:
DEBUG:planner.lua:523 (Globals):Resolving critical packages
DEBUG:planner.lua:533 (Globals):Resolving Install and Uninstall requests
DEBUG:planner.lua:543 (Globals):Denying packages without any candidate
DEBUG:planner.lua:550 (Globals):Forcing penalty on expressions with free alternatives
DEBUG:planner.lua:562 (Globals):Deducing minimal set of required packages
WARN:planner.lua:344 (pkg_plan):Requested package luci-i18n-ddns-en that is missing, ignoring as requested.
ERROR:src/pkgupdate/main.c:249 (main):
inconsistent: Requested package suricata that is not available.
DEBUG:src/lib/locks.c:81 (lua_lock_release):Released lock at //var/lock/opkg.lock

If I try this with pkgupdater directly I get the same error messages as above.

Would appreciate any help the forum could provide in resolving the issue. I’ve disabled automatic updates in an effort to stop the notification spam.

Package suricata was renamed to suricata-bin. We are sorry for not explicitly informing you.

You can by hand change install request from suricata to suricata-bin in updater configuration or you can remove suricata and install suricata-bin after update.

Thank you for the quick reply! I’m sure that was in a change log somewhere that I missed…

FYI - I manually changed to suricata-bin and upon update had the /etc/init.d/suricata file removed. suricata binary is there to execute but the init script is gone.

Is this expected behavior?

Probably is. There is no init script as it seems for clean suricata at the moment. @mpetracek is maintainer. He might give you better feedback.

yes, the original suricata package was split into suricata-bin (containing just the binary) and suricata-pakon (containing init script and configuration files).

The idea is that we need suricata with certain configuration for pakon, but somebody wants to experiment with suricata with a different configuration, possibly just using suricata without pakon functionality.

@mpetracek - thanks for the background. I’m sure I am an edge case but the lack of an init.d script for the suricata-bin package makes using suricata without pakon a bit difficult.

The init.d script in the suricata-pakon package is modified for pakon functionality (e.g. the firewall rules).

Any chance we could include a bare-bones init file for suricata-bin standalone?

Here’s what I put together to get up and running (for others to find via search):

#!/bin/sh /etc/rc.common
#
# processname: suricata
# config: /etc/suricata/suricata.yaml
# pidfile: /var/run/suricata.pid
# description: suricata IDS
#
### BEGIN INIT INFO
START=90
STOP=10
USE_PROCD=1
PROG=/usr/bin/suricata

# Short-Description: Start/Stop suricata
# Description: Start/Stop suricata, an IDS daemon
### END INIT INFO


# Check that the config file exists
[ -f /etc/suricata/suricata.yaml ] || exit 0

start_service() {
        procd_open_instance
        procd_set_param command $PROG "-D -c /etc/suricata/suricata.yaml -i br-lan > /dev/null"
        procd_set_param respawn
        procd_close_instance
}`