On Thursday 12 May 2022 10:13 Michael Tremer wrote:
Hello,
Thanks for spending so much time on this. We definitely need to improve the general update experience since we sometimes seem to break people’s systems and it is not nice to re-install a firewall from scratch. It will take a while.
So what I can say is that the kernel module issues come from when the running kernel is changed and the kernel is trying to load any modules that now have changed. This fails by design, because we sign our kernel modules. The key is randomly generated at build time and used to sign all modules and it then thrown away. For each build, we are using a different, unique key that is not preserved.
This means that although the kernel modules are of the same version, they cannot be loaded because the signature check fails. That might also explain why you are seeing so many ipset errors, because the kernel cannot load that module any more. However, we use so much ipset now, why isn’t the module loaded from before the update was started?
The same goes for any network drivers. I assume you are using virtio or a generic e1000 network adapter which will have been initialised at boot time. The kernel should never unload the kernel module for that interface and load it again later. I have no idea what could have triggered that.
No matter what though; after you reboot, the new kernel should be booted being able to load all modules it wants and the system should run absolutely fine. Can you confirm that that is at least the case?
My Pakfire upgrade to 168 on my development APU2 board failed during upgrade and I lost ethernet communication with the PC.
The APU2 now fails after the grub prompt with the error:
*IPFire 2.27 (x86_64) - core166 Development Build: master/8f696f60 GNU/Linu
Loading Linux 5.15.23-ipfire ... error: file `/vmlinuz-5.15.23-ipfire' not found. Loading initial ramdisk ... error: you need to load the kernel first.
so it looks like update-initramfs didn't run after the upgrade.
I'll try to boot the box from a usbstick and see if I can access the disk.
Rob