Turris OS 5.0.0 is released in HBT

Dear Turris users,

We are pleased to inform you that we have released a new major version of Turris OS 5.0.0 in the testing branch Here be Turtles (hbt) :turtle:. This version is based on the latest OpenWrt version 19.0.7 with our features, our userspace setup, and our kernel configuration. There is a lot of new packages, security updates, and interesting new features. Supported routers in this release are Turris MOX, Turris Omnia and there is experimental support for Turris 1.x routers when you are booting from microSD card using Btrfs.

Here there are some highlights which this version brings to you:

  • We have been working on our redesigned Foris (reForis), which has now a few amazing features like snapshots integration and remote control, but it is in the development.
  • In default configurations, there is enabled support for USB Mass Storage devices by default to use Storage plugin without installing package list NAS.
  • There is added support for secondary IP addresses for DNS servers and enabled TLS for Google DNS servers.
  • There is a basic migration from samba3 to samba4.
  • As a time-based job scheduler, we are using cronie instead of vixie-cron, which is no longer under development.
  • For webapps, there is an automatic redirect to HTTPS, if it is possible.
  • LuCI is using client-side rendering for improved performance.
  • Optional WPA3 support

More information can be found on our Gitlab or in the OpenWrt changelog. We appreciate anyone, who tested this release in the HBK branch.

If you would like to test this release before it reaches a stable branch, you can use the following command switch-branch hbt, which switches you to the testing branch and if you find out any bugs, please let us know about it here in this thread or preferably write an email to tech.support@turris.cz and don’t forget to include if possible outputs.

Any feedback is welcome.


Known bugs:

What’s the most straightforward way for a TOS 3.11.16 to try 5.0.0? I don’t necessarily need to migrate my current settings and can redo them.

Big congrats! :slight_smile:

1 Like

If running the OS from the eMMC on a T or O:

  • 4-LED reset with medkit from the HBT branch (mind the default branch for any medkit is set to HBS), or
  • with schnapps as discussed here
1 Like

Uhmm…ok, my mox apperantly is now on TOS 5. Not my choice but i assume i was still using the bugs bunny HB mode ( Powered by LuCI branch (git-20.027.47766-367959f)
OPENVPN is gone, Foris GUI gives server error 503, luci is working. Syslog : Error: logfile not found!\

Kernel log does work, but adblock log also Error: logfile not found! Wifi gone, i see it in Luci, but not active


Edit : Ok, used ssh to get in, run pkgupdate, and i noticed some problems with DNS. changed the DNS to ‘use from provider’ and then run the update again. Almost everything works again, only reforris is not working ( yet ) . Thxs for the migration guys :slight_smile: Looks nice, great work!

edit 2 Reforis working

My upgrade from TOS 4 to 5 in HBT branch was same. Foris return HTTP error 500/503. Switch branch to HBT helped, MOX hanged three times.

Sorry for replying so late. I am glad that you managed it to solve it. All routers by default with Turris OS 4.0+ points to HBS branch and you need to manually change it by using switch-branch if you want to use a different branch.

I would like to hear more about your issue, which you had, so we can take a look. In OpenWrt 18.06 (Turris OS 4.x), there is being used Python 3.6 and in OpenWrt 19.07 (Turris OS 5.x), there is used Python 3.7 and it might require to do a reboot of your router to apply pending changes. It would explain the issue with Foris. But without logs, I can just guess what was wrong in your case.

If in LuCI was not able to found, I think that updater might be running in the background. There were changes in LuCI and we moved some binaries (in syslog-ng) from different paths to another one to make it work. And even if you do a reboot, Updater will try to recover from the previous run and proceed further when you stopped it during the update.

It’s also my issue. After night update I had to switch from HBT to HBT, only restart won’t help.

Yep, understand that, but i think i needed the syslog working for that? Of does it stash its logs somewhere else and i can still find them?
my rough guess is that it went wrong with the update ( i noticed i’m on HBT , completely forgot about that ) and simply did not do the whole thing?
The update happened at night i think, so my action was about 5 hours later. Reboot did not work, therefore i went for the manual update , to see if that would help. There i noticed it did not find certain packages, so i started to check the internet/DNS part. And that was dodgy.

The DNS thing is strange though…

so far everything seems to work! yay! great work!! thx!!!

except the new reforis snapshots plugin just shows :

‘An error occurred while fetching data.’

also storage in old foris shows ssd twice (but that may have been the case even before 5.0, not sure about it):

pkgudate complains about cyclic deps & missing i18n packages :

INFO:Target Turris OS: 5.0.0
WARN:Package wpad is in cyclic dependency. It might fail its post-install script.
WARN:Package hostapd is in cyclic dependency. It might fail its post-install script.
WARN:Requested package luci-i18n-rainbow-en that is missing, ignoring as requested.
WARN:Requested package luci-i18n-sqm-en that is missing, ignoring as requested.
WARN:Requested package luci-i18n-rainbow-de that is missing, ignoring as requested.
WARN:Requested package luci-i18n-sqm-de that is missing, ignoring as requested.
WARN:Requested package foris-pakon-plugin-l10n-de that is missing, ignoring as requested.
WARN:Requested package foris-storage-plugin-l10n-de that is missing, ignoring as requested.
WARN:Requested package reforis-diagnostics-plugin-l10n-de that is missing, ignoring as requested.
WARN:Requested package reforis-openvpn-plugin-l10n-de that is missing, ignoring as requested.
WARN:Requested package reforis-snapshots-plugin-l10n-de that is missing, ignoring as requested.

will there be a reforis gui for :

  • storage
  • netmeter
  • pakon

and when will the old foris gui be removed?

reForis could be as default in TOS 5.1.

1 Like

NextCloud MOX:

switch-branch hbt
INFO:Queue removal of luci-i18n-hd-idle-cs
Press return to continue, CTRL+C to abort

INFO:Downloading packages
line not found
line not found
line not found
corruption: The sha256 sum of nextcloud does not match
+ echo 'Updater execution exited with error. Please see previous output to know what went wrong.'
Updater execution exited with error. Please see previous output to know what went wrong.
+ opkg update
Collected errors:
 * opkg_download: Failed to download https://repo.turris.cz/hbt/mox/packages/luci_theme_rosy/Packages.gz, wget returned 8.
+ echo 'OPKG update failed. Please see previous output to know what went wrong.'
OPKG update failed. Please see previous output to know what went wrong.

The Updater hangs on ddns postinstall, because i have disable 3 DDNS-Configs, after i delete the Lines the update process gos on.
When a config is not enbale the updater schould do gon on in the Process.

mfg redFOX

befor update on tos5 i have trubble with the 2,4ghz WIFI Card. I could not modprobe the ath9k_hw kernel Modul. After the update ich con not modprobe mac80211 module. It does not response any error massage?
I have moved the Card’s because ich put in a SSD on the mSATA Port.
My Config ist from left the 2,4ghz card, the 5ghz card und the mSATA SSD.
Can anyone help me?

I the Kernel Log stand:

[ 778.416832] vmap allocation for size 454656 failed: use vmalloc= to increase size
[ 778.424984] modprobe: vmalloc: allocation failure: 450560 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
[ 778.434913] modprobe cpuset=/ mems_allowed=0
[ 778.439207] CPU: 1 PID: 24841 Comm: modprobe Not tainted 4.14.172 #0
[ 778.445574] Hardware name: Marvell Armada 380/385 (Device Tree)
[ 778.451519] [] (unwind_backtrace) from [] (show_stack+0x10/0x14)
[ 778.459283] [] (show_stack) from [] (dump_stack+0x94/0xa8)
[ 778.466527] [] (dump_stack) from [] (warn_alloc+0xd0/0x190)
[ 778.473858] [] (warn_alloc) from [] (__vmalloc_node_range+0x22c/0x238)
[ 778.482143] [] (__vmalloc_node_range) from [] (module_alloc+0x4c/0x54)
[ 778.490432] [] (module_alloc) from [] (load_module+0x9e4/0x2134)
[ 778.498196] [] (load_module) from [] (SyS_init_module+0x148/0x198)
[ 778.506136] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x54)
[ 778.514450] Mem-Info:
[ 778.516737] active_anon:43883 inactive_anon:19342 isolated_anon:0
[ 778.516737] active_file:17611 inactive_file:12178 isolated_file:0
[ 778.516737] unevictable:0 dirty:0 writeback:0 unstable:0
[ 778.516737] slab_reclaimable:3743 slab_unreclaimable:3348
[ 778.516737] mapped:7786 shmem:25466 pagetables:384 bounce:0
[ 778.516737] free:405942 free_pcp:368 free_cma:0
[ 778.550218] Node 0 active_anon:175532kB inactive_anon:77368kB active_file:70444kB inactive_file:48712kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:31144kB dirty:0kB writeback:0kB shmem:101864kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 778.573659] Normal free:667440kB min:16384kB low:20480kB high:24576kB active_anon:0kB inactive_anon:0kB active_file:26884kB inactive_file:3084kB unevictable:0kB writepending:0kB present:786432kB managed:757276kB mlocked:0kB kernel_stack:1712kB pagetables:1536kB bounce:0kB free_pcp:848kB local_pcp:724kB free_cma:0kB
[ 778.601616] lowmem_reserve[]: 0 10240 10240
[ 778.605817] HighMem free:956328kB min:512kB low:7600kB high:14688kB active_anon:175532kB inactive_anon:77368kB active_file:43560kB inactive_file:45628kB unevictable:0kB writepending:0kB present:1310720kB managed:1310720kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:624kB local_pcp:112kB free_cma:0kB
[ 778.634121] lowmem_reserve[]: 0 0 0
[ 778.637618] Normal: 304kB (UME) 598kB (UME) 2616kB (UME) 1432kB (UME) 1264kB (UE) 3128kB (U) 3256kB (UM) 5512kB (UM) 61024kB (UME) 22048kB (M) 1594096kB (M) = 667440kB
[ 778.653586] HighMem: 3818
4kB (M) 25308kB (M) 166316kB (M) 97232kB (UM) 55864kB (UM) 256128kB (M) 148256kB (M) 86512kB (UM) 521024kB (M) 302048kB (M) 1464096kB (M) = 956328kB
[ 778.670075] 55255 total pagecache pages
[ 778.673921] 0 pages in swap cache
[ 778.677240] Swap cache stats: add 0, delete 0, find 0/0
[ 778.682478] Free swap = 3973588kB
[ 778.685884] Total swap = 3973588kB
[ 778.689294] 524288 pages RAM
[ 778.692178] 327680 pages HighMem/MovableOnly
[ 778.696455] 7289 pages reserved

Why is the vmalloc only 240MB great?

[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xffc00000 - 0xfff00000 (3072 kB)
[ 0.000000] vmalloc : 0xf0800000 - 0xff800000 ( 240 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xf0000000 ( 768 MB)
[ 0.000000] pkmap : 0xbfe00000 - 0xc0000000 ( 2 MB)
[ 0.000000] modules : 0xbf000000 - 0xbfe00000 ( 14 MB)
[ 0.000000] .text : 0xc0008000 - 0xc0800000 (8160 kB)
[ 0.000000] .init : 0xc0a00000 - 0xc0b00000 (1024 kB)
[ 0.000000] .data : 0xc0b00000 - 0xc0b3bb80 ( 239 kB)
[ 0.000000] .bss : 0xc0b3bb80 - 0xc0b7bfd8 ( 258 kB)

can i change the size of the vmalloc?

If any plugin in ReForis shows you the following message, we need more details.

  1. Which version of reForis and its plugin you have installed.
opkg list-installed | grep reforis

In this case, I would like to know if the version of reforis-snapshots-plugin is 1.1.0.

  1. Which browser and its version and operating system, which you are using. It might be possible that in some browsers it works and in others, it does not.

  2. In the browser by pressing F12, it will open developer console. There should be some error for AJAX call. We need the output of it, so we will be able to look.

I am using Firefox and Google Chrome on different OS and I am not able to reproduce your issue:

reForis is still in development and it is experimental. We can not replace old Foris GUI for now, because of the reasons, which you said. There are some plugins, which need to be written, tested and added.
You can develop your own plugin with backend for reForis. The source code can be found here: https://gitlab.labs.nic.cz/turris/reforis

And netmetr is already done and can be found in Turris OS 5.1.0, which is in branch HBL. New features shouldn’t be added to HBK due to feature freeze.

This issue is not in Foris itself. If you are going to take a look for example on output of blkid, The hard disk is detected as /dev/sda and it has two partitions /dev/sda1 and /dev/sda2. This depends on your disk partitioning. The same output you will see in the operating system.

In this output, I see what went wrong. It failed because the hash of the file, which you downloaded does not match the one, which you should have. You can try to run switch-branch hbt once again.

second switch branch worked, thank you @Pepe !

After update of my Turris 1.1 from 4.0.6 to 5.0.0 I can not enter router’s web pages (Lighttpd) configured on HTTPS due to SSL_ERROR_BAD_MAC_ALERT error. There are two different certificates, one for internal and the second for external access in the config file for ssh.
Is there some solution?

Just to be sure, the DNS setting in reforis. Normally and with tos4 and 3 on my omnia i have the setting on internal DNS resolver with DNSSEC support. When i use that with TOS5, it gives errors.

Error notifications

Updater failed:

runtime: [string “requests”]:417: [string “utils”]:429: Unable to finish URI (https://repo.turris.cz/hbt/mox/lists/base.lua): Download failed

Updater failed:

runtime: [string “requests”]:417: [string “utils”]:429: Unable to finish URI (https://repo.turris.cz/hbt/mox/lists/base.lua): Download failed

If i set it to use ISP, no problems.

So, is this how it should be? Or am i missing something/is internal DNS resolver still not 100% ?
thx, Dikke