Turris OS 4.0.5 is released out!

Unstable in the true sense of the word…

When I install Reforis, the tab of the browser goes to “Web site unavailable”. It’s like it’s frozen.
Even after I have started the update to 4.0.5, it takes forever, with the message no more memory…

“Failed to fork command /tmp/updater-busybox-jGcFEp/busybox: Out of memory”

The box runs already after the start with only 200MB free RAM what Netdata says, LuCI says only half.
And there I even turned off Pakon/Suricata meanwhile…
And that with absolutely minimal adjustment via Foris or LuCI, no special scenarios that are running here.

For the cash I would have gotten a good Fritzbox!..

Tinkering is fine, but if I have to be afraid before each update that it doesn’t work or that the memory is full again, then something goes wrong with the concept.

Best Regards

That is odd, and

It does not exhibit on my node which however does not deploy:

  • reForis (which is said to be in development)
  • pakon
  • ludus
  • sentinel
  • turris-survey
  • collectd

Today I noticed that I can not connect to Transmission, I thought that it completely fell apart, reinstalled and then the same. I can see that Turris has updated to version 4.0.5. Is someone also not working on Transmission?

Forum search provides

I think I have a similar problem here.

Why the command does not work /etc/init.d/transmission start ? It is the same in the browser on LUCI.

Just to check if it’s the same problem, or a different one. Do you see the “jail: not root, aborting: No error information” error in /var/log/messages as well? If so, it might be the seccomp hardening packages problem. Do you have the “Hardening (experimental) Seccomp tools for system hardening.” packages enabled in the Updater tab in Foris?

On a side note, I’m unable to run transmission (even wihtout seccomp) from the init script (or LuCi) after the update to 4.0.5 either. I didn’t have time to investigate yet, but it might as well be a new problem introduce in 4.0.5.

I have not yet found such information in the file /var/log/messages and I don’t have the Hardening package (experimental) either - in fact what is it for?

Just wondering why everytime there is TOS update …in Foris>WAN section it makes changes my “IPv6=Disabled” to “IPv6 = (Automatic DHCPv6)” . Plus “Wan6” interface is created (which cause some other issues with surricata related services, routing and such). So i have to change it back a and manually remove wan6 and restart network/firewall services.

Also i do not understand, but i have to “disable data collect” (wait for pkgupdate to finish), “enable data collect” (with email registration)…otherwise collect/sending reports is not working correctly.

Is there a way how to prevent this?

Then it is a different problem. Can you start transmission with transmission-daemon -g /tmp/transmission/ from the command line?

Hardening is for secure isolation of running processes. Since you don’t have it, you don’t need to worry about it.

@Pepe is there any timespan already in your mind, when all Turris Omnia owner will get this major update? I am thinking to update my Turris Omnia to Turris OS 4.0.5 within the next 2 weeks, but if the genera update would come within the next month, I would wait for it.

Yes, Until now, it works like this for me. Otherwise it doesn’t turn on

Now that I checked, I have the same problem as you after update to 4.0.5. In 4.0.3 the init script/LuCI worked with the hardening packages uninstalled. In 4.0.5 this stopped working, and I can only get it running from the command line directly.

having a problem running pkgupdate. since feb. 1 i get the following error :

##### Error notifications #####
Updater failed:
[string "transaction"]:328: [string "transaction"]:153: Collisions:
• /bin/less: busybox (new-file), less (existing-file)

on TurrisOS 4.0.5 ab9d1bf

Edit: found solution : Collision during automatic update

After migration from TOS 3.11.15 I tried to make debian container with pihole running but this is the result:

 -----------------------------------------------------
 TurrisOS 4.0.5, Turris 1.x
 -----------------------------------------------------
root@turris:~# lxc-start -n pihole -F
Failed to lookup module alias 'autofs4': Function not implemented
Failed to lookup module alias 'unix': Function not implemented
Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
[!!!!!!] Failed to mount API filesystems.
Exiting PID 1...

Updated config:

root@turris:/srv/lxc/pihole# cat config
lxc.uts.name = pihole
lxc.rootfs.path = /srv/lxc/pihole/rootfs
lxc.start.auto=1
lxc.start.order=8
lxc.start.delay=60
# Apparently, cgroup for `/dev/snd`
lxc.cgroup.devices.allow = c 116:* rwm
lxc.mount.entry=devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
lxc.mount.entry = /dev/snd dev/snd none bind,optional,create=dir
lxc.mount.entry = /dev/net dev/net none bind,optional,create=dir
lxc.mount.entry = /dev/input dev/input none bind,optional,create=dir
lxc.mount.entry=proc /proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry=tmpfs /dev/shm tmpfs  defaults 0 0
lxc.mount.entry= /data data none bind.ro 0.0
lxc.mount.entry= /mnt/flash mnt/flash none bind.ro 0.0
lxc.mount.entry= /lib/modules lib/modules none bind.ro 0.0
lxc.pty.max=1024
lxc.apparmor.allow_incomplete = 1

# Set up /dev for systemd
lxc.autodev=1

# networking
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = br-lan
lxc.net.0.hwaddr = 00:11:22:00:01:02
lxc.net.0.ipv4.address = 192.168.0.2/24
lxc.net.0.ipv4.gateway = 192.168.0.1
lxc.seccomp.profile =

Installed LXC packages:
root@turris:~# opkg list-installed | grep lxc
liblxc - 3.0.3-2.0
luci-app-lxc - git-20.016.50228-85e4d85-1.0
lxc - 3.0.3-2.0
lxc-attach - 3.0.3-2.0
lxc-auto - 3.0.3-2.0
lxc-autostart - 3.0.3-2.0
lxc-cgroup - 3.0.3-2.0
lxc-checkconfig - 3.0.3-2.0
lxc-common - 3.0.3-2.0
lxc-config - 3.0.3-2.0
lxc-configs - 3.0.3-2.0
lxc-console - 3.0.3-2.0
lxc-copy - 3.0.3-2.0
lxc-create - 3.0.3-2.0
lxc-destroy - 3.0.3-2.0
lxc-device - 3.0.3-2.0
lxc-execute - 3.0.3-2.0
lxc-freeze - 3.0.3-2.0
lxc-hooks - 3.0.3-2.0
lxc-info - 3.0.3-2.0
lxc-init - 3.0.3-2.0
lxc-ls - 3.0.3-2.0
lxc-monitor - 3.0.3-2.0
lxc-monitord - 3.0.3-2.0
lxc-snapshot - 3.0.3-2.0
lxc-start - 3.0.3-2.0
lxc-stop - 3.0.3-2.0
lxc-templates - 3.0.3-2.0
lxc-unfreeze - 3.0.3-2.0
lxc-unshare - 3.0.3-2.0
lxc-user-nic - 3.0.3-2.0
lxc-usernsexec - 3.0.3-2.0
lxc-wait - 3.0.3-2.0
rpcd-mod-lxc - 20171206.0

root@turris:/srv/lxc/pihole# lxc-checkconfig - 3.0.3-2.0
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points:
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/cpu
/sys/fs/cgroup/cpuacct
/sys/fs/cgroup/blkio
/sys/fs/cgroup/memory
/sys/fs/cgroup/devices
/sys/fs/cgroup/freezer
/sys/fs/cgroup/net_cls
/sys/fs/cgroup/pids
/sys/fs/cgroup/debug

Cgroup v2 mount points:


Cgroup v1 systemd controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, loaded
CONFIG_NF_NAT_IPV6: enabled, loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities:

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

How can I make it to run ? I’m sorry to be so tired at 21h to google for answers. Welcome any help.

I reinstalled Turris OS 5.0.0. and get for luci-proto-relay:

root@turris:~# opkg install luci-proto-relay
Installing luci-proto-relay (git-20.016.50399-e1df28d-1.0) to root...
Downloading https://repo.turris.cz/hbs/omnia/packages/luci/luci-proto-relay_git-20.016.50399-e1df28d-1_all.ipk
Collected errors:
 * check_data_file_clashes: Package luci-proto-relay wants to install file /usr/lib/lua/luci/model/network/proto_relay.lua
	But that file is already provided by package  * luci-compat
 * opkg_install_cmd: Cannot install package luci-proto-relay.

And even though it seems to be “installed”, it is not listed under the interfaces. And if I move the above file and install the package it does still not show up under interfaces that can be added.

How did you reinstall it? You are using HBS branch.

I used the medkit: https://repo.turris.cz/hbs/medkit/omnia-medkit-latest.tar.gz with the “4 LED factory reset” approach. Subsequently I tried to install the package:

opkg update
opkg install luci-proto-relay

opkg install relayd also gives a “command failed”

And if we look already on issues: the Microtik R11e-5HacT does not function at all.

I have the same problem on my MOX. I ran a debug pkgupdate and this was the last few lines:

DEBUG:src/lib/interpreter.c:323 (lua_run_generic):Util command: tar -xzf /tmp/updater-OfgdOM/data.tar.gz -C /usr/share/updater/unpacked//updater-aLnmLm/data
DEBUG:src/lib/interpreter.c:323 (lua_run_generic):Util command: rm -rf /tmp/updater-OfgdOM
DEBUG:src/lib/interpreter.c:323 (lua_run_generic):Util command: find ! -type d -print0
DEBUG:src/lib/interpreter.c:323 (lua_run_generic):Util command: find -type d -print0
DEBUG:src/lib/interpreter.c:323 (lua_run_generic):Util command: tar -xzf /usr/share/updater/download/mox-support-4.14.162-1-9fe572fdacfb832dfffa9a18b98e72e3.2.ipk -C /tmp/updater-bAfemI
DEBUG:src/lib/interpreter.c:323 (lua_run_generic):Util command: rm -rf /tmp/updater-bAfemI
DEBUG:src/lib/interpreter.c:323 (lua_run_generic):Util command: rm -rf /usr/share/updater/unpacked//updater-oMjDLA
DEBUG:src/lib/journal.c:286 (lua_finish):Closing journal
line not found
line not found
line not found
line not found
line not found
line not found
DIE:src/pkgupdate/main.c:204 (main):
[string “transaction”]:330: [string “backend”]:485: Stage 1 unpack failed: tar: corrupted data
tar: short read

Aborted

Anybody got this working??