Pakfire update Problem

Hi Guys
Unfortunately I had a problem with my hard drive and had to reinstall IpFire. Now I wanted to install a few packages, which unfortunately is not possible!

I get this error message:

Sie möchten folgende Pakete installieren: .dpfhack. Möglicherweise haben diese Pakete Abhängigkeiten, d.h. andere Pakete müssen zusätzlich installiert werden. Dazu sehen Sie unten eine Liste.

Giving up: There was no chance to get the file “meta/meta-dpfhack” from any available server.
There was an error on the way. Please fix it.
PAKFIRE RESV: dpfhack: Resolving dependencies…
Möchten Sie der Installation aller Pakete zustimmen?

Do you have any idea what it is?

PS: IPFire 2.25 (x86_64) - Core Update 142**

That problem is often temporary. Try again, during a quieter time on the Internet.

Core 142 also has problems with DNS. You might get better result immediately after a reboot.

Okay, the new system has been running for almost two days now!
Can you somehow lend a hand to reinstall your things?
I tried to restart, but unfortunately it didn’t work.

Luke12: check your DNS config. From the IPFire console, will the “host” or “nslookup” commands resolve “pakfire.ipfire.org” ?

[root@ipfire ~]# nslookup

packfire.ipfire.org

Server: 127.0.0.1

Address: 127.0.0.1#53

** server can’t find packfire.ipfire.org: SERVFAIL

[root@ipfire ~]# host packfire.org

Host packfire.org not found: 2(SERVFAIL)

[root@ipfire ~]#. so??

can you setup DNS from your gui? (Network > Domain Name System)

Status: Broken (Recursor-Modus)

I think you could do that … so 8.8.4.4, google.de?
I was a little surprised that no Dns query came during the installation!
Should you put this afterwards?

@luke12

pakfire … not packfire !

ThX @loup001
[root@ipfire ~]# nslookup pakfire.ipfire.org

Server: 127.0.0.1

Address: 127.0.0.1#53

** server can’t find pakfire.ipfire.org: SERVFAIL

[root@ipfire ~]# host pakfire.org

Host pakfire.org not found: 2(SERVFAIL)

[root@ipfire ~]#

@luke12
If that was immediately following a reboot, then it looks like unbound is still not working.

In which case, you might have a faulty installation - I’ve had that happen on an ARM board. One option is to copy your backups and then reinstall. Several continuing problems are reported with core 142, so core 141 might be a more reliable installation.

Yes with the introduction of DoT in core update 141, the DNS section in the setup was dropped. You have to define your DNS within the web user interface.

So can I assume that I have to go back to 141 first?
Can I save my fixed ip’s (current fixed assignments) and my firewall groups (hosts) individually?
Or would you have to add them all again?
Or are there possibilities when 143 comes out to do an update?

Since I don’t know the source of your problem I just want to mention that using firewall groups is not an good idea at the moment (there is a bug so any firewall rules relating to firewall groups don’t work).

So the reason for your problem may be based on your firewall rules.

I installed 142 clean (with no update) and also updated 138 to 142 without any problems so I don’t think so.

You can’t select components for the backup.

Core update 143 is no garantee for any bug fixes. Whenever I have a look in bugzilla I’m shocked that there are know bugs for >1 year.

Have you tried installing your addon at CLI ?

“pakfire install {addon name}”

If that still does not work then it’s probably time to reinstall. By reinstalling with core 141 then you should get some indication of whether it was core 142 or your settings causing the problem.

Although you can’t select components for the backup, it is simply a text file and it might be possible to edit out the “firewall groups” before restoration.

HI,

I installed yesterday ipfire on new hardware and I’m encountering the same problem. It seem’s not to be a connection issue but a certificate validation issue!

Here’s what I get:

wget -S https://pakfire.ipfire.org
--2020-05-08 11:44:54--  https://pakfire.ipfire.org/
Resolving pakfire.ipfire.org... 185.230.118.208
Connecting to pakfire.ipfire.org|185.230.118.208|:443... connected.
ERROR: no certificate subject alternative name matches
        requested host name 'pakfire.ipfire.org'.
To connect to pakfire.ipfire.org insecurely, use `--no-check-certificate'.

Is ther a way to set the ‘–no-check-certificate’ Option to the pakfire update command?

Forget about my posting. It’s not a certificate issue. I saw that the hostname resolution is not working, so the ip of pakfire is wrong!

I had to add the ip of pakfire to the /etc/hosts and then I could update package list and install add-ons.

Anybody has a glue why the hostname resolution for pakfire.ipfire.org is not working, while for ipfire.org is?

Have you tried with
pakfire update --force
?

what DNS are you using …

[root@ipfire ~]# host ipfire.org
ipfire.org has address 81.3.27.38
ipfire.org has IPv6 address 2001:678:b28::
ipfire.org mail is handled by 10 mail01.ipfire.org.

[root@ipfire ~]# host pakfire.ipfire.org
pakfire.ipfire.org is an alias for fw01.ipfire.org.
fw01.ipfire.org has address 81.3.27.38
fw01.ipfire.org has IPv6 address 2001:678:b28::

Absolutely not! That is not our webserver you are talking to there. I suppose you somehow disabled DNSSEC and your ISP is sending your their own IP addresses.

The IP address belongs to senselan.ch.

Luckily you could not compromise your system, because we sign the package lists and packages, too. But there are plenty of other things that do not follow these procedures.

Please do not temper with the security of your IPFire system.