Turris silently fails to update packages after "Unreachable: /tmp/crl.pem: No such file or directory" error until manual intervention

Hello,

I got the

Updater failed:
unreachable: /tmp/crl.pem: No such file or directory

on 2017.04.10.

The first problem is the router did not notify me about this issue regardless of having notification email properly set.

The second problem is no updates were applied after that error, though both 3.6.2 and 3.6.3 system versions were released in the meantime.

The router was switched off from 2017.04.14 to 2017.04.16 inclusive.

I was notified about the updates only after rebooting the router today or after running get-api-crl and opkg update manually through SSH after this reboot. Unfortunately I am not sure about what exactly helped, but there were no other actions performed on the router except for enabling secondary SSID, which triggered the aforementioned reboot.

So, what would be expected behavior?

  1. The router should notify about errors by sending an email.
  2. The router should retry to update itself after such errors.

Regards,
Piotr

PS. Should I be worried about any security fixes not being applied on my router during these 20 days?

See Updater failed: unreachable /tmp/crl.pem for explanation :wink:

This situation was mentioned in couple of other threads: please use forum search option to see them.

Could you, please, point me to a comment which states that router not notifying me about error messages is not a bug and that router skipping subsequent updates is not a bug? :wink: I have also asked whether those skipped security fixes should be of any concern to me or not.

The error I got is not issue in itself, but lack of notification about it and lack of updates afterward is, and the level of possible security risk caused by the former. You might want to re-read my post along with its title in case you missed it.

As far as I understand it, updater will notify you via mail as to any updates… unfortunately, if there are no updates due to error(s), it can’t notify you what’s missing :frowning: Anyhow, you can check manually running updater.sh from console (again, forum search is your friend :wink: My two cents :slight_smile: Maybe somebody from Turris team or more knowledgeable will correct me, if I error…

I’m sorry, but either I am completely not clear on the issue or you don’t read my posts thoroughly. :disappointed:

I know updater won’t notify me about updates in case of error(s), that’s why my first complaint is that the router doesn’t send notifications about error(s) in the first place. And I know I can make router update itself again, that’s why I wrote

manual intervention

and

after rebooting the router today or after running get-api-crl and opkg update manually through SSH after this reboot.

No need to point me to forum search over and over again.

I asked you to point me to that comment because your link about unreachable: /tmp/crl.pem not being a bug was completely misguided in the context of this whole thread.

Thanks anyways. :wink:

As far as I’m neither developer nor part of Turris team, I can’t answer precisely :frowning: AFIK router might send error messages (or not) … As to updates, updater is running twice a day (see cron), and sometimes during restart of TO. Exact answer is up to to the team :wink: and, sorry, part of it could be find in forum :frowning: I’m sorry if I made you angry pointing to forum and will do it not again. Maybe somebody will give you better advice.

As to updates, updater is running twice a day (see cron), and sometimes during restart of TO.

Thanks for the details! :slight_smile: If router tries to update itself twice a day, then something is definitely wrong if it stopped to do that until actions I’ve taken. If I was notified about the errors, then I could intervene much earlier. The issue is about this and about the router stopping to update itself, not about it being misconfigured.

sorry, part of it could be find in forum :frowning: I’m sorry if I made you angry pointing to forum and will do it not again.

That’s ok. It’s not wrong to point somebody to some relevant thread or to search when it’s easy to find matching answer. I was unable to find information that would be answer to my issues, thus this thread. :wink:

Have a nice evening and thanks again!

PS. Sorry if I was mean to you.

Hello

I read you topic really fast so sorry if I misunderstood something. But if I remember correctly with Turris OS 3.6 release we broke cron so that might be the culprit. That could have been fixed by reboot as updater is executed on router boot in some cases.

What that error really means is that it wasn’t possible to connect to our servers. It might be because they were down (most improbable) or because there was something with your network connection.

On matter of if error messages are send to you. They are if you specify so. See what setting do you have in Foris. But more specifically they might fail to be sent. In such case they are lost and won’t be send again later on (limitation of current notification system, new system that is in discussion now might solve it). Not getting that specific error is in such case not possible, because if connection is down there is no way we can send email in the same time. That is most probably the reason why you didn’t received email with given error.

So better question is why your router wasn’t able to connect to our servers. And that would require more investigation.

Thank you for your reply. It’s good to see the new notification system is being worked out.

Well, the router might have lost connection because of something on my ISP’s part, so it’s a definitely not that surprising scenario.

The problem is, the router did not install those updates for almost three weeks and it did not notify me about that problem for the same period of time, even though the connection was right during that time and even after reboot. It looks like it stopped attempting to do so after that first failure. All the notification settings are turn on.

Also, could you comment on possible security risks I might have been exposed to? Is there anything to be concerned about? Should I maybe re-flash the router with newest software?