Turris OS 3.10 is out now!

prezes_kk · May 11, 2018, 8:58am

I have a solution for this

--- /usr/bin/turris-cagen-status	2018-05-11 10:27:19.528916152 +0200
+++ /usr/bin/turris-cagen-status	2018-05-11 10:26:11.073741877 +0200
@@ -34,9 +34,9 @@
 	while read line; do
 		id=$(echo $line | sed 's/^\([0-9A-Za-z][0-9A-Za-z]\).*$/\1/')
 		name=$(echo $line | sed 's/^[0-9A-Za-z][0-9A-Za-z] [^ ]* \([^ ]*\)$/\1/')
-		if grep -q "^R\t[0-9]*Z\t[0-9]*Z\t${id}.*CN=${name}.*" index.txt ; then
+		if grep -qP "^R\t[0-9]*Z\t[0-9]*Z\t${id}.*CN=${name}.*" index.txt ; then
 			line="$line revoked"
-		elif grep -q "^V\t[0-9]*Z\t\t${id}.*CN=${name}.*" index.txt ; then
+		elif grep -qP "^V\t[0-9]*Z\t\t${id}.*CN=${name}.*" index.txt ; then
 			line="$line valid"
 		else
 			line="$line generating"

vcunat · May 11, 2018, 9:21am

I haven’t been able to reproduce it yet. What “status” does dig return when you see no address? SERVFAIL or NOERROR (or other)?

Possibly related: in the last couple of days I noticed that my Omnia-connected PC experiences recurring short periods when IPv6 doesn’t work, but so far I haven’t tracked the cause (it might not be Omnia-related at all; I had similar ISP problems already). And it’s latest 3.9, not 3.10 yet.

pseudodamaging · May 11, 2018, 10:49am

i have the same problem with netdata even before rebooting

Pepe · May 11, 2018, 1:57pm

Hi,
issue with client CA in OpenVPN should be fixed in Turris OS 3.10.1.

vladacr · May 11, 2018, 2:22pm

Is this a solution for the “vpn certificate generating” issue?. How do you implement the solution? Adding the code to the end of the /usr/bin/turris-cagen-status file? Thanks for making it clear.

prezes_kk · May 11, 2018, 2:36pm

Patch

pseudodamaging · May 11, 2018, 2:44pm

after rebooting to 3.10 netdata won’t start.

root@turris:~# netdata
2018-05-11 16:39:11: netdata FATAL: Cannot cd to directory ‘/var/cache/netdata’ # : Invalid argument
2018-05-11 16:39:11: netdata INFO : Cleaning up database [0 hosts(s)]…
2018-05-11 16:39:11: netdata INFO : netdata exiting. Bye bye…

ko-nipo · May 11, 2018, 4:59pm

My issues are.

constant flooding with message lines these
[106967.592390] sit: non-ECT from some remove IP with TOS=0x2 [106967.700057] sit: non-ECT from some remove IP with TOS=0x6 [106967.726341] sit: non-ECT from some remove IP with TOS=0x6 [106967.726353] sit: non-ECT from some remove IP with TOS=0x6 [106968.123551] sit: non-ECT from some remove IP with TOS=0x9 [106968.123565] sit: non-ECT from some remove IP with TOS=0x2 [106968.139221] sit: non-ECT from some remove IP with TOS=0x9
kresd does not always do what its told, from custom.conf in /etc/kresd
local forward_rule = policy.add(policy.suffix(policy.STUB(‘internaldns ip’), policy.todnames({‘mylocaldomain’}))) policy.del(forward_rule.id) table.insert(policy.rules, 1, forward_rule)
Sometime it seems to work, other time not. Have not been able to find the reason for this.

tonyquan · May 11, 2018, 5:34pm

It returns SERVFAIL. I wonder if it is timing sensitive somehow, otherwise it wouldn’t make sense that restarting kresd would get it to return the AAAA correctly. if I don’t restart kresd it always returns SERVFAIL for this request.

vcunat · May 11, 2018, 6:26pm

SERVFAIL may mean many things, including bad DNSSEC records, but in many cases the reasons are transient and subsequent queries may succeed. Short IPv6 outages would explain that, but it’s hard to guess just from this. I’ll first see if I can reproduce something like this. I assume the problem doesn’t really constrain your regular internet usage.

tonyquan · May 11, 2018, 9:17pm

you’re right, it’s not a problem for routine internet use. Very few sites are ipv6 only like this one. I’d be surprised if this site has bad DNSSEC records, because then restarting kresd would not fix that. The way I originally found this issue was via the test-ipv6.com test site, which started to return that DNS to ipv6 only sites didn’t work anymore after I upgraded to 3.10, it uses this site as part of its tests.

DIKKEHENK · May 12, 2018, 3:43pm

Did you check it in luci>software>enable?

Also, does pakon work with others? it keeps hanging in a loop here.

freshdax · May 12, 2018, 5:21pm

Three things did not work properly the rest went smoothly.

Pakon does not do anything, but everything is started (same problems as @DIKKEHENK)
In foris, the tab for Wi-Fi is broken, get a page full of error messages. But it works in LuCI.
ddns-scripts is deprecated (2.7.3-1) and asked me to install the latest version, because some functions would not work. Have version 2.7.7-5 installed and it works.

Best regards

pseudodamaging · May 13, 2018, 7:21am

I got it my mistake was trying to start netdata with SSH like in Turris 3.9 , now i started netdata in LuCI and it worked.

p4p4 · May 13, 2018, 8:56am

Hi frechdax

the Wifi-Tab in Foris is working for me with OS 3.10

simonszu · May 13, 2018, 12:53pm

Pakon doesn’t work for me either. The icons next to the “from” and “to” fields aren’t displaying correctly (maybe i am missing a font here on linux?) but most important i get a js alert “Failed to load data” and, of course, no data, just an endless spinner.

DIKKEHENK · May 13, 2018, 1:20pm

Ok, when i activate pakon, the ucollect sending stopped working. Removed pakon, now works.

keep getting this though… (v42) turris firewall rules might not be active

helios21 · May 13, 2018, 7:55pm

I am just getting Updater failed: Unknown error error mails from my Omnia Turris since about 3 days. So I did:

% [ -r /tmp/crl.pem ] || get-api-crl
% ls -l /tmp/crl.pem 
-rw-r--r--    1 root     root          1080 May 13 21:45 /tmp/crl.pem

Although I think pkgupdate will do this anyway.

Still I get this on calling pkgupdate:

% pkgupdate
WARN:Script file:///usr/share/updater/localrepo/localrepo.lua not found, but ignoring its absence as requested
WARN:Requested package luci-i18n-ddns-en that is missing, ignoring as requested.
WARN:Request not satisfied to install package: luci-app-minidlna
WARN:Request not satisfied to install package: luci-app-mjpg-streamer
WARN:Request not satisfied to install package: luci-app-tinyproxy
WARN:Request not satisfied to install package: luci-app-transmission
WARN:Request not satisfied to install package: luci-i18n-minidlna-en
WARN:Request not satisfied to install package: luci-i18n-tinyproxy-en
WARN:Request not satisfied to install package: luci-i18n-transmission-en
WARN:Request not satisfied to install package: luci-i18n-minidlna-de
WARN:Request not satisfied to install package: luci-i18n-tinyproxy-de
WARN:Request not satisfied to install package: luci-i18n-transmission-de
line not found
line not found
line not found
line not found
line not found
ERROR:
inconsistent: Requested package luci-i18n-wshaper-en that is not available.

Any hints?

cynerd · May 13, 2018, 8:13pm

Notifications are fixed in 3.10 release you just have to update to it.

But either way. Sorry for being rude but RTFM. It tells you what is wrong. Package luci-i18n-wshaper-en is not available. You have to remove it, otherwise update won’t continue. I looked to repository and wshaper is probably no longer available. It’s pretty old package and was long time ago obsoleted by sqm so it was probably dropped.

helios21 · May 13, 2018, 8:37pm

Next time please do not assume that I did not read something, unless you can be sure of that. I certainly read the error message, but I did not know that pkgupdate is not capable to remove obsolete packages like any modern Linux distribution package manager, especially if it is an automatically installed one. Removed manually from /etc/updater/conf.d/opkg-auto.lua. I even looked for the package name in /etc/updater, but not recursively. Thanks for your help.

(Also learned that upgrading can cut off current connections, even without the reboot to activate a kernel update. I was not aware of that.)