core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon opnsense

Removal of a cron job command during a firmware update enables automatic firmware updates

Open TheHellSite opened this issue 1 year ago • 6 comments

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

  • [X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [X] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

It seems that if a cron job command (f.e. "Update HAProxy OCSP data") gets removed during a firmware update of OPNsense the system changes the command of that cron job automatically to the first one in the list, which is "Automatic firmware update".

I imagine this can be really bad for some people if an update fails for whatever reason.

To Reproduce

Steps to reproduce the behavior:

  1. Install an OPNsense version prior to v24.1, f.e. 23.7.x
  2. Manually create a cron job with "Update HAProxy OCSP data" as the command.
  3. Update OPNsense to v24.x.
  4. The created cron job will now have the "Automatic firmware update" command set on it.

Expected behavior

In such a case it would be much better if that cron job got disabled during the firmware update.

Describe alternatives you considered

An alternative would be to delete the cron job during the firmware update.

Additional context https://forum.opnsense.org/index.php?topic=23339.msg188879#msg188879

TheHellSite avatar Feb 03 '24 22:02 TheHellSite

Picture for reference: image

populationless avatar Feb 03 '24 22:02 populationless

It won't write that value as the configuration still contains the old one, editing however will show the first item in the list.... option lists are only able to show the options in them.

AdSchellevis avatar Feb 04 '24 12:02 AdSchellevis

Makes sense, thank you for the clarification.

I think it could still make sense to modify the update process as follows:

  1. disable the cron job
  2. keep the original job description but insert something like "DEPRECATED - " at the beginning.

example old description: Update HAProxy OCSP data new description: DEPRECATED - Update HAProxy OCSP data

This should avoid confusion for other users.

TheHellSite avatar Feb 04 '24 13:02 TheHellSite

That would be the responsibility of the plugin in question.... (I expect a configd command was changed in this case, the description shouldn't be very important as the key is the command)

AdSchellevis avatar Feb 04 '24 13:02 AdSchellevis

Understand, but what about commands that are unrelated to HAProxy or other plugins. For them the "issue" would be the same: If they get removed during an update of OPNsense they are still shown as active in the list of cron jobs and could potentially confuse users.

Thanks to you I now know that this is not a big deal since the command isn't able to run anymore, but still handling those situations could be improved.

TheHellSite avatar Feb 04 '24 13:02 TheHellSite

We have written migrations for those in the past already to avoid such bug reports. 😊

fichtner avatar Feb 04 '24 13:02 fichtner

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot avatar Aug 01 '24 21:08 OPNsense-bot