Turris OS 4.0.2 is released into HBT - Testing branch

Dear Turris users,

We are pleased to announce the release of Turris OS 4.0.2 is now available HBT (Testing) branch. This release is for Turris MOX and Turris Omnia routers. In this release, there is a new feature, which was requested here on the forum and we heard your voices.

  • In the About tab of administration interface Foris tab, you can now find details, which Turris OS branch you are using.

Full release notes for this release:

  • added missing hardening package list
  • fixed autodetection of router address in Foris OpenVPN
  • irssi: updated to version 1.2.2, fix CVE-2019-15717
  • sudo: updated to version 1.8.28p1, fix CVE-2019-14287
  • bind: updated to version 9.11.11
  • openldap: updated to version 2.4.48, fix CVE-2019-13565
  • kernel: updated to version 4.14.151
  • libpcap: updated to version 1.9.1, fix CVE-2019-1516{1,2,3,4,5}
  • tcpdump: updated to version 4.9.3, fix multiple CVEs
  • python: updated to version 2.7.17
  • foris: updated to version 100.6
  • foris-controller: updated to version 1.0.6
  • python[3]-cryptography: fix CVE-2018-10903
  • enable RTC NVMEM access for Turris 1.x
  • ustream-ssl: CVE-2019-5101, CVE-2019-5102
  • iptables-geoip-mod: fixed compilation
    and fixed issue that it can not open file for reading when you boot your Turris MOX from another Turris router, which was running Turris OS 4.x

If you would like to try this release, you need to switch to branch hbt with the following command in command-line interface:

switch-branch hbt

Any feedback regarding this release is appreciated.

Known issue:

  • package perl-device-usb is not available for Turris MOX router. Fixed in RC2.
  • reForis is not compiled in this RC release for now. Fixed in RC3.

Turris OS 4.0.2 po instalaci LXC utilities přestane fungovat opkg update

Collected errors:

při odstranění balíčku wget-nossl,opkg update funguje (baliček se sám časem znovu nainstaluje)

4 posts were split to a new topic: Hidden topic in release topic

nevím zda to má s tím něco společného ale https://repo.turris.cz/hbt/lists/lxc.lua řádek 8 odkaz vede do hbs

That link to HBS is not a problem. It is condition to migrate old versions of updater to new setup. That is intentional.

The problem is described here: https://gitlab.labs.nic.cz/turris/turris-build/issues/92
Thank you for reporting it.

2 Likes

Nothing has changed. Mox is not working …

root@turris:~# netboot-manager regen -f
Regenerating configuration...
Getting new rootfs...
Downloading 'https://repo.turris.cz/hbs/netboot/mox-netboot-latest.tar.gz'
Connecting to 217.31.192.69:443
Writing to '/srv/turris-netboot/rootfs/rootfs-new.tar.gz'
/srv/turris-netboot/ 100% |*******************************| 42066k  0:00:00 ETA
Download completed (43075675 bytes)
Downloading 'https://repo.turris.cz/hbs/netboot/mox-netboot-latest.tar.gz.sha256'
Connecting to 217.31.192.69:443
Writing to '/srv/turris-netboot/rootfs/rootfs-new.tar.gz.sha256'
/srv/turris-netboot/ 100% |*******************************|    98   0:00:00 ETA
Download completed (98 bytes)
Downloading 'https://repo.turris.cz/hbs/netboot/mox-netboot-latest.tar.gz.sig'
Connecting to 217.31.192.69:443
Writing to '/srv/turris-netboot/rootfs/rootfs-new.tar.gz.sig'
/srv/turris-netboot/ 100% |*******************************|   151   0:00:00 ETA
Download completed (151 bytes)
rootfs-new.tar.gz: OK
Cannot open file '/etc/opkg/keys//xxxxxxxxxxxxx' for reading
Tampered tarball

Same as under 4.0.1 … Post here

After I updated to 4.0.X I just have a bricked mox, which get not listed over netboot-manager or elsewhere …

I realy need soon a solution for my problems withs netbooting MOX. 6 Month ago I received my “early bird MOX”. Under 3.11 I got him running after some investigations, but just for a week or two, then I had to make a factoryreset again to get him back online. Then I installed 4.0.x, because I hoped it will get better, but the result was, that he doesn´t work at all in the moment.

Hello there, running TurrisOS 4.0.2 99fcf8f / LuCI branch (git-19.305.00515-5a05075) on a Mox classic, and was wondering why adblock is working, but not loading the lists anymore. It does all work, but the result is 0. This is since a week or so?

Nov 8 07:18:11 turrisMOX adblock-3.5.5-2[29132]: blocklist with overall 0 domains loaded successfully (CZ.NIC Turris Mox Board, TurrisOS 4.0.2 99fcf8f/4.0.2)

best, DIKKE

znovu vyzkoušeno a funguje do té doby než uživatel ručně nainstaluje balíček wget, pkgupdate následně odstraní balíček wget a nahradí ho balíčkem wget-nossl

There were some changes for netboot tarball itself, but it is going to be fixed only when we release Turris OS 4.0.2 from Testing branch into Stable branch (hbs). As you can see in your output it downloads the tarball from hbs branch. If you would like in the meantime you can modify the source code of netboot (/etc/bin/netboot-manager) to download it from hbt, but those changes will be overridden by the update.

Ok, I would like to try it out till next update. What exactly I have to do?

Je tohle dostupné už i pro turris 1.x ? TOS 4.0.1 (turris1x-medkit-latest.tar.gz) jsem zkoušel a updater mi skončil na nedustopnosti balíku kmod-mmc-fsl-p2020

Thank you, opkg remove wget-nossl resolved the fact opkg update was failing with the same error you quoted in your post. Also as mentioned above, the package will re-install itself with the next update unless you do something like this:

echo -e '\nUninstall("wget-nossl")' >> /etc/updater/conf.d/example.lua; pkgupdate

I stumbled upon that too recently. Try installing full wget

opkg install wget

wget package got removed from TOS base image at some point and unfortunately busybox’s wget doesn’t implement all command line options. I guess @dibdot should be notified as well and perhaps correct me if I am wrong.

Is TOS 4.x shipped with uclient-fetch plus ssl lib? If so, you can simply switch/select that one in adblock for blocklist downloads.

1 Like

Ahhh, thxs! the uclient -fetch Works. The opkg install wget gives errors

Vývojáři pracují na tom, aby byla verze Turris OS 4.x+ dostupná také pro routery Turris 1.0 a Turris 1.1. Ačkoliv je v tuto chvíli možné nainstalovat Turris OS 4.x podle návodu, který byl zde zveřejněný v jiném vlákně, tak je pouze pro velmi zkušené uživatelé a není oficiálně podporovaný tedy mohou se objevit chyby a v některých případech je také možné, že může být potřeba sériová konzole.

Jakmile budeme spokojeni s podporou Turris OS 4.0+ na modrých routerech Turris, tak vám o tom dáme určitě vědět.

1 Like

Today, we have released another RC version of Turris OS 4.0.2.

Changes between RC1 and this version:

  • based on OpenWrt 18.06.05
  • mariadb: updated to version 10.4.10, fix CVE-2019-2974, CVE-2019-2938
  • luci-compat, lmdb: new packages
  • foris: netboot fix
  • acme: updated to version 2.8.3
  • kernel: updated to version 4.14.152
  • enable some packages for Turris 1.x

Fixed known issue:

  • package perl-device-usb is now available for all of our routers.
2 Likes

V této verzi (MOX) konečně začala fungovat vzdálená správa (přístup na dálku) ve Forisu prostřednictvím Omnie (Turris OS 3.11.8). Po mnoha verzích, kde vždy blikalo černé kolečko s občasným zobrazením otazníku nebo vykřičníku, bylo konečně možné touto cestou nastavit wi-fi síť.

Následně spojení přestalo znovu fungovat, ale to vyřešila ruční změna IP adresy v souboru “/etc/config/fosquitto”. Po nastavení wi-fi totiž MOX změnil svou MAC adresu a DHCP server Omnie mu přidělil IP novou. V příslušném souboru ale zůstala ta stará.

Prosím proto o opravu nebo informaci, že je v 3.11.9 RC již vyřešeno (tuto verzi jsem záměrně na Omnii nezkoušel, protože router používám v produkčním prostředí).

This time better! Simplest config (WiFi only - MOX will be used mainly as WiFi extender for Omnia :wink: all seems working.