Turris OS 5.0.0 is released in HBT

Please try to follow https://doc.turris.cz/doc/en/howto/dnsdebug and provide logs, it is hard to say without logs. If you cannot install the package do your workaround first, install package, and try to reproduce problem afterwards.

Thank you for your time!

1 Like

Mox with POE, SDIO-WLAN, Module C
Most of the Functions work: WLAN (5 GHz, Normal & Guest), LXC, DNS, SSH, reForis
Not Working: Foris, luci

Luci Error:

/usr/lib/lua/luci/dispatcher.lua:315: /etc/config/luci seems to be corrupt, unable to find section ‘main’
stack traceback:
[C]: in function ‘assert’
/usr/lib/lua/luci/dispatcher.lua:315: in function ‘dispatch’
/usr/lib/lua/luci/dispatcher.lua:208: in function </usr/lib/lua/luci/dispatcher.lua:207>

@rwg I am sorry to hear that. Don’t you mind to provide more details about these two interfaces LuCI and Foris does not work?

If you want to login to the Foris is that successful?

  • If yes, that’s fine.

    • Some tabs are not working? Which one? Download the unexpected error message and follow those instructions, which are there.
  • If not, do you see some output, which you can share? If there is an HTML Status code. Is there a possibility to check logs if there is something that could be related to it?


The LuCI error, which you see you received after successful login to the LuCI? Did you try other tabs as well? This is because that configuration file /etc/config/luci is corrupted. Did you modify it anyhow?

I have upgraded to OS 5.0.0 on my Turris Omnia (initial release, 2.4 & 5GHz WLAN, 2GB, internal MSATA).
The upgrade itself went quite smooth (with some manual adjustments) and after boot everything works.

But the boot itself takes a long time - mostly due to initialising the WLAN cards (250 Seconds!):

[   14.559474] pci 0000:00:02.0: enabling device (0140 -> 0142)
[   14.565390] ath10k_pci 0000:02:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
[   14.803958] ath10k_pci 0000:02:00.0: Direct firmware load for ath10k/pre-cal-pci-0000:02:00.0.bin failed with error -2
[   14.814693] ath10k_pci 0000:02:00.0: Falling back to user helper
[   79.842787] ath10k_pci 0000:02:00.0: Direct firmware load for ath10k/cal-pci-0000:02:00.0.bin failed with error -2
[   79.853182] ath10k_pci 0000:02:00.0: Falling back to user helper
[  141.281559] ath10k_pci 0000:02:00.0: Direct firmware load for ath10k/QCA988X/hw2.0/firmware-6.bin failed with error -2
[  141.292308] ath10k_pci 0000:02:00.0: Falling back to user helper
[  202.721248] ath10k_pci 0000:02:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043202ff sub 0000:0000
[  202.730531] ath10k_pci 0000:02:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
[  202.740065] ath10k_pci 0000:02:00.0: firmware ver 10.2.4-1.0-00047 api 5 features no-p2p,raw-mode,mfp,allows-mesh-bca
st crc32 35bd9258
[  202.784888] ath10k_pci 0000:02:00.0: Direct firmware load for ath10k/QCA988X/hw2.0/board-2.bin failed with error -2
[  202.795371] ath10k_pci 0000:02:00.0: Falling back to user helper
[  264.162479] ath10k_pci 0000:02:00.0: board_file api 1 bmi_id N/A crc32 bebc7c08
[  265.302199] ath10k_pci 0000:02:00.0: htt-ver 2.1 wmi-op 5 htt-op 2 cal otp max-sta 128 raw 0 hwcrypto 1
[  265.451899] ath: EEPROM regdomain: 0x0
[  265.451903] ath: EEPROM indicates default country code should be used
[  265.451904] ath: doing EEPROM country->regdmn map search
[  265.451908] ath: country maps to regdmn code: 0x3a
[  265.451911] ath: Country alpha2 being used: US
[  265.451912] ath: Regpair used: 0x3a
[  265.461399] usbcore: registered new interface driver qcserial

From my research I think the error -2 for the “Direct firmware load” is o.k. because there is no new FW for this card found. But the time it takes to do the fallback is annoying.

Here is my card placement:

turris:~# lspci
00:01.0 PCI bridge: Marvell Technology Group Ltd. Device 6820 (rev 04)
00:02.0 PCI bridge: Marvell Technology Group Ltd. Device 6820 (rev 04)
00:03.0 PCI bridge: Marvell Technology Group Ltd. Device 6820 (rev 04)
02:00.0 Network controller: Qualcomm Atheros QCA986x/988x 802.11ac Wireless Network Adapter
03:00.0 Network controller: Qualcomm Atheros AR9287 Wireless Network Adapter (PCI-Express) (rev 01)

Thanks, Basil

Hi, I have the same problem. In which file did You delete the lines?

Hallo, I have problem with transmission…

Turris System Logs show repeated message:

Apr 17 14:53:07 turris transmission-daemon[7989]: [2020-04-17 14:53:07.048] tr_crypto_utils OpenSSL error: error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy (crypto-utils-openssl.c:346)
Apr 17 14:53:07 turris transmission-daemon[7989]: [2020-04-17 14:53:07.048] tr_crypto_utils OpenSSL error: error:2406B072:random number generator:RAND_DRBG_generate:in error state (crypto-utils-openssl.c:381)

And Transmission Web is showing:

404: Not Found

Couldn’t find Transmission’s web interface files!

Users: to tell Transmission where to look, set the TRANSMISSION_WEB_HOME environment variable to the folder where the web interface’s index.html is located.

Package Builders: to set a custom default at compile time, #define PACKAGE_DATA_DIR in libtransmission/platform.c or tweak tr_getClutchDir () by hand.

But Web files id on default location:

root@turris:/usr/share/transmission/web# ls

LICENSE images index.html javascript style

Is there someone with same problem?
Thank you

The Updater hangs on ddns postinstall. Pre-inst shows a ddns error message. Any idea how to solve this problem? The system works (somehow) but I am sure the script should finalize all operations.

INFO:Running preinst of ddns-scripts
DIE:Failed to exec /usr/lib/opkg/info//ddns-scripts.preinst: Exec format error

You must delete the section that is not enables in ddns config under /etc/config/ddns
After that the Script goes on

In /etc/config/ddns, you must delete all sections there are not habe a enable =‘1’, or you enable all sections…

Thank You. Unfortunatelly deleting the not required section did not help. There was still the error message “DIE:Failed to exec /usr/lib/opkg/info//ddns-scripts.preinst: Exec format error” and the update process stopped.
But after deleting all content in /etc/config/ddns the switch-branch process worked through and updated the router successfully. I manually reconfigured my ddns service in LuCI and ddns operates again as it should. Your hint regarding the ddns-config file was very helpful. Thank You.

  1. root@turris /root # opkg list-installed | grep reforis
    reforis - 0.8.0-3.7-1.2
    reforis-diagnostics-plugin - 2.4.0-3.7-1.2
    reforis-l10n-de - 0.8.0-3.7-1.2
    reforis-openvpn-plugin - 1.3.0-3.7-1.2
    reforis-snapshots-plugin - 1.1.0-3.7-1.2
  2. Windows 10.0.18363 Build 18363
    Chromium 81.0.4044.92 (Official Build) (64-bit)
  3. # 500 -- Server error
    ### Error:
    Remote Exception: Incorrect output. {'kind': 'reply', 'module': 'schnapps', 'action': 'list', 'data': {'snapshots': [{'number': 19, 'type': 'single', 'size': '59.71MiB', 'created': '2019-07-08 02:05:37 +0200', 'description': 'configured ovpn/storage/igmpproxy/git/docker-in-lxc'}, {'number': 82, 'type': 'post', 'size': '111.53MiB', 'created': '2019-12-10 16:36:53 +0100', 'description': 'Automatic post-update snapshot'}, {'number': 86, 'type': 'post', 'size': '18.39MiB', 'created': '2019-12-18 20:14:26 +0100', 'description': 'Automatic post-update snapshot'}, {'number': 88, 'type': 'post', 'size': '18.40MiB', 'created': '2019-12-20 16:18:26 +0100', 'description': 'Automatic post-update snapshot'}, {'number': 330, 'type': 'pre', 'size': '65.98MiB', 'created': '2020-03-05 08:20:38 +0100', 'description': 'Automatic pre-update snapshot'}, {'number': 331, 'type': 'pre', 'size': '65.97MiB', 'created': '2020-03-05 08:51:21 +0100', 'description': 'Automatic pre-update snapshot'}, {'number': 332, 'type': 'pre', 'size': '66.16MiB', 'created': '2020-03-05 08:58:58 +0100', 'description': 'Automatic pre-update snapshot'}, {'number': 334, 'type': 'time', 'size': '9.00MiB', 'created': '2020-03-15 01:05:02 +0100', 'description': 'Snapshot created by cron'}, {'number': 335, 'type': 'time', 'size': '9.00MiB', 'created': '2020-03-22 01:05:02 +0100', 'description': 'Snapshot created by cron'}, {'number': 336, 'type': 'time', 'size': '9.00MiB', 'created': '2020-03-29 01:05:02 +0100', 'description': 'Snapshot created by cron'}, {'number': 337, 'type': 'time', 'size': '9.00MiB', 'created': '2020-04-05 01:05:02 +0200', 'description': 'Snapshot created by cron'}, {'number': 338, 'type': 'time', 'size': '8.99MiB', 'created': '2020-04-12 01:05:02 +0200', 'description': 'Snapshot created by cron'}, {'number': 339, 'type': 'pre', 'size': '94.46MiB', 'created': '2020-04-16 04:53:33 +0200', 'description': 'Automatic pre-update snapshot'}, {'number': 340, 'type': 'post', 'size': '588.00KiB', 'created': '2020-04-16 05:17:14 +0200', 'description': 'Automatic post-update snapshot'}, {'number': 341, 'type': 'pre', 'size': '420.00KiB', 'created': '2020-04-16 16:46:57 +0200', 'description': 'Automatic pre-update snapshot'}, {'number': 342, 'type': 'post', 'size': '20.00KiB', 'created': '2020-04-16 16:47:19 +0200', 'description': 'Automatic post-update snapshot'}]}}
    ### Extra:
    {"module": "schnapps", "action": "list", "kind": "request"}
    ### Trace:
    Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/foris_controller/message_router.py", line 140, in process_message File "/usr/lib/python3.7/site-packages/foris_controller/message_router.py", line 40, in wrapper File "/usr/lib/python3.7/site-packages/foris_controller/message_router.py", line 76, in validate File "/usr/lib/python3.7/site-packages/foris_schema/validator.py", line 257, in validate File "/usr/lib/python3.7/site-packages/jsonschema/validators.py", line 353, in validate jsonschema.exceptions.ValidationError: 'configured ovpn/storage/igmpproxy/git/docker-in-lxc' is too long Failed validating 'maxLength' in schema['properties']['data']['properties']['snapshots']['items']['properties']['description']: {'maxLength': 50, 'type': 'string'} On instance['data']['snapshots'][0]['description']: 'configured ovpn/storage/igmpproxy/git/docker-in-lxc'

=> looks like a snapshot comment i made for a manual snapshot is too long for reforis :wink:


i think you misunderstood, the two partitions do rightfully show up in foris gui as sda1 & sda2. but what shouldn’t be there is that entry for sda itself. see blkid only lists sd1 & sd2 and not sda :

root@turris /root # blkid
/dev/mmcblk0p1: UUID="14b35544-0fc8-4e09-881d-e63bce1fd6c6" UUID_SUB="46d11f28-415f-4089-b4dd-5b3765af4eae" TYPE="btrfs" PARTUUID="26b3c94c-01"
/dev/sdb1: LABEL="TURRIS" UUID="8AEC-2FB4" TYPE="vfat" PARTUUID="9480e371-01"
/dev/sda2: UUID="bbcaf4b0-6e79-4fec-8c65-a7c54cc154d0" TYPE="swap" PARTUUID="ca1387a0-2970-794a-a45d-edb57e17e0c4"
/dev/sda1: LABEL="srv" UUID="b7aa0ae4-506b-4b51-9926-21ed96c47818" UUID_SUB="bdf852cd-b909-40d0-b5c9-78d5911ebb71" TYPE="btrfs" PARTUUID="d257d2a6-b201-0c4b-865d-ca5246f404a3"

if you look at the picture it says that both sda & sda1 have a btrfs filsystem with uuid b7aa0ae4 that is mounted at /srv. which is just not true. afaik only zfs can work with raw disks without partitions.
wait a moment…
i just realized that sdb shows up besides sdb1. but then the entries for sdb & sdb1 correctly separate that one is a disk and the other a partition with a filesystem, wheras that entry for sda shows as a disk & as a filesystem. so i guess it’s working as intended with a minor ui bug?! since it’s configured correctly i will just shrug at the ui & ignore it :

root@turris /root # cat /etc/config/storage
config srv 'srv'
        option uuid 'b7aa0ae4-506b-4b51-9926-21ed96c47818'

also: thanks for taking the time to answer all my questions!

i have to hand it to you guy (and gals), the work you do is absolutely amazing!

Ever since updating to some early 4.0 beta (it worked fine before, but until then i never did anything with it except using it as a router on defaults), even though being on hbt, it has been smooth sailing. everything just works (well except the modifications i make, but then you can’t account for them can you ;-), and now we’re finally on the most recent openwrt. all completely automated. VERY NICE INDEED!

turris omnia has to be one of my best purchases in electronics. while expensive, the ROI is amazing.

1 Like

@pepe I hit the same issue as @bernstein, a comment on a snapshot I had made was too long for the reforis snapshot plugin to handle.

Thanks! I’ve already forwarded it to @Bogdan and he will look at it.

found an error with /etc/config/resolver when installing 5.0.0 using HBT medkit onto an Omnia.

the line

option prefered_resolver 'unbound'

is there, this should only be true for Turris 1.x right? While kresd does seem to start properly, if you start it using

/etc/init.d/resolver start

the bad line of config causes some junk to be printed out like this

root@turris:/tmp/log# /etc/init.d/resolver start
job 5 at Sun Apr 19 02:56:00 2020
Called /etc/init.d/kresd start
set dhcp script
Traceback (most recent call last):
  File "/etc/resolver/dhcp_host_domain_ng.py", line 353, in <module>
  File "/etc/resolver/dhcp_host_domain_ng.py", line 285, in refresh_resolver
  File "/etc/resolver/dhcp_host_domain_ng.py", line 223, in refresh_leases
  File "/etc/resolver/dhcp_host_domain_ng.py", line 237, in _clean_leases
  File "/etc/resolver/dhcp_host_domain_ng.py", line 164, in _get_unbound_list
    cmd_ret = self._call_unbound(unbound_list)
  File "/etc/resolver/dhcp_host_domain_ng.py", line 156, in _call_unbound
    ret = call_cmd(["unbound-control", cmd])
  File "/etc/resolver/dhcp_host_domain_ng.py", line 58, in call_cmd
    task = subprocess.Popen(cmd, shell=False, stdout=subprocess.PIPE)
  File "/usr/lib/python2.7/subprocess.py", line 394, in __init__
  File "/usr/lib/python2.7/subprocess.py", line 1046, in _execute_child
  File "/usr/lib/python2.7/pickle.py", line 1388, in loads
  File "/usr/lib/python2.7/pickle.py", line 864, in load
  File "/usr/lib/python2.7/pickle.py", line 977, in load_string
LookupError: no codec search functions registered: can't find encoding

Changed this to say

option prefered_resolver 'kresd'

and error was gone. Logged bug https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/580

1 Like

Amazing bug report. Thank you so much for it! I have fix for it, but it is waiting for review.

1 Like

quick question as I am new to 5.0.0 coming from 3.11. I see that SSH Honeypot (HaaS) is there, and there is a dynamic firewall and a telnet honeypot (Sentinel). I was able to get these working by reading the docs and forums, because there doesn’t seem to be anything in Foris/reForis to configure these yet. One notable omission that I didn’t see anywhere though is cloud backups, will these return at some point?

Any tips on how to debug sentinel? Have sentinel running but it doesn’t seem to be adding anything to the firewall rules. The processes are there, like so

root@turris:~# ps wwax | grep sentinel
 5192 ?        Sl     0:00 python3 /usr/bin/sentinel-dynfw-client --ipset turris-sn-dynfw-block --cert /tmp/run/sentinel_server.key
 5247 ?        Sl     0:00 sentinel-proxy
 5382 ?        Sl     0:00 /usr/bin/sentinel-minipot -T 2333
 5400 ?        S      0:00 /usr/bin/sentinel-minipot -T 2333
 8625 pts/0    S+     0:00 grep sentinel

However when I check to see if sentinel as added anything to the dynamic firewall, no IPs to block have been added:

root@turris:~# ipset -L turris-sn-dynfw-block
Name: turris-sn-dynfw-block
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 56
References: 1
Number of entries: 0

Hi, thanks for reporting that. Due to update of used libraries, Sentinel:DynFW client does not work in current HBT.

We are aware of this and it would be fixed in next “RC” release.