Offline Update Possibility

Hi guys,

Apologies, if I have missed it: Is there an option to update IPFire offline (like QNAP or OpenWRT etc.)?

Many thanks,

No, you can take a backup, reinstall the system from media and then restore the backup. That would come close, but is a lot of work.

Thanks, that’s a pity. Any chance that you would consider offering this way of updating IPFire?

No, not really. I do not see much demand for it.

Mainly that is because IPFire is a firewall. It is normally connected to the Internet. This is a use-case that only very few people would benefit from, and quite frankly, we have only limited development resources and therefore should focus on things that are relevant to more users.


Hey there, I would like to warm up this old topic a bit because I basically have the same issue and this one seems to be the most related one to what I was searching for…

My setup is an offline IPFire. I use IPFire to separate networks that all do not have any connection to the internet.

I still have the possibility to mirror the contents of pakfire into that network and my DNS is configured to name the pakfire mirrors.
When I run pakfire on the ipfire it actually can get the list of servers, choose one, get the list of packages and tries to download updates.

My internal mirror has a couple of pakfire mirrors configured as hostnames in the apache config and the DNS resolves to that IP, so connection is not the problem.

But: of course, it is https, it refuses to download with a 500 error due to hostname mismatch in the certificate…

In my eyes the easiest way would be to allow pakfire to ignore the hostname or just trust the certificate.
Yeah, that’s something I would never do while being on the internet, but since the system has only internal connections this could be an option to get the downloads done.
The thing is I cannot find anything to configure pakfire to skip this check, use http instead of https or to install my internal certificate to be trusted.

@Michael Tremer: I can see your point in limited development resources but one simple way of configuration to allow pakfire to ignore such issues (probably not via GUI but via config file) for such special environments should not be too much work, is it? I don´t think the is any development necessary since all the tools involved should have such an option when downloading via https.

1 Like