22.7.2 -> 22.7.9 update fails with Class "phpseclib3\Crypt\Common\AsymmetricKey" not found

[kimnzl]

Important notices

• [ X ] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [ X ] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

Doing an update from 22.7.2 to 22.7.9 fails. I have confirmed that it occurs on both the WebUI and Console. The update stops applying part way through, then it reboots.

[74/83] Extracting freeradius3-3.2.1: .......... done
You should remove /usr/local/etc/raddb if you don't need it any more.
pkg-static: Fail to set time on /var/log/radacct:No such file or directory

Fatal error: Uncaught Error: Class "phpseclib3\Crypt\Common\AsymmetricKey" not found in /usr/local/share/phpseclib/Crypt/RSA.php:69
Stack trace:
#0 /usr/local/etc/inc/certs.inc(34): require_once()
#1 /usr/local/etc/inc/config.inc(40): require_once('/usr/local/etc/...')
#2 /usr/local/etc/rc.restart_webgui(4): require_once('/usr/local/etc/...')
#3 {main}
  thrown in /usr/local/share/phpseclib/Crypt/RSA.php on line 69
Installation out of date. The update to opnsense-22.7.9 is required.

This is a VM under proxmox. I hit the issue 3 times. 1x WebUI and 2x Console (1x SSH, 1x VM Console). I restored from my VM backup (taken when shutdown) between runs.

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert) The bug renders the system unable to boot properly.

To Reproduce

Steps to reproduce the behavior: Use 22.7.2. Try to update to 22.7.9.

Expected behavior

The update to complete.

Describe alternatives you considered

Is it possible to update to 22.7.3 or 22.7.4? This bug looks to be in relation to phpseclib 3. That is the library what I am seeing in the error message/screenshots.

Screenshots

Screenshots after reboot:

Relevant log files

Log of the update from the Console via SSH:

*** xxx: OPNsense 22.7.2 (amd64/OpenSSL) ***
  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup

Enter an option: 12

Fetching change log information, please wait... done

This will automatically fetch all available updates and apply them.

This update requires a reboot.

Proceed with this action? [y/N]: y

Hi!

A quick update to address the new FreeBSD security advisory for ping utility
as well as Suricata.  The DNS block list was rewritten in Python and there
will be a couple of cool additions for it in the foreseeable future.  :)

Here are the full patch notes:

o system: fix internal CRL check (contributed by kulikov-a)
o system: fix a few minor Coverty Scan reports[1]
o interfaces: use get_interface_list() to identify hardware devices
o interfaces: fix single ACL use for MVC/API interface pages
o firewall: add category selection to aliases
o unbound: rework DNSBL implementation to Python module
o backend: clean up scripts/systemheath location
o backend: moved log format definitions to new location for core and several plugins
o mvc: change default sorting to case-insensitive
o mvc: move JavaScript and CSS imports to base controller
o mvc: make sure HostnameField with ZoneRootAllowed accepts "@." prefix
o plugins: os-telegraf 1.12.7[2]
o plugins: os-theme-cicada 1.30 (contributed by Team Rebellion)
o plugins: os-theme-vicuna 1.42 (contributed by Team Rebellion)
o plugins: os-wireguard now attempts to start tunnels again when all DNS is configured
o src: ixgbe: workaround errata about UDP frames with zero checksum
o src: hpet: Allow a MMIO window smaller than 1K
o src: ping: fix handling of IP packet sizes[3]
o ports: php 8.0.26[4]
o ports: sqlite 3.40.0[5]
o ports: suricata 6.0.9[6]

Stay safe,
Your OPNsense team

--
[1] https://scan.coverity.com/projects/opnsense-core
[2] https://github.com/opnsense/plugins/blob/stable/22.7/net-mgmt/telegraf/pkg-descr
[3] https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
[4] https://www.php.net/ChangeLog-8.php#8.0.26
[5] https://sqlite.org/releaselog/3_40_0.html
[6] https://suricata.io/2022/11/29/suricata-6-0-9-released/

Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (83 candidates): .......... done
Processing candidates (83 candidates): .......... done
The following 83 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
    acme.sh: 3.0.4 -> 3.0.5
    bash: 5.1.16 -> 5.2.12
    bind-tools: 9.18.5 -> 9.18.9
    ca_root_nss: 3.81 -> 3.85
    curl: 7.84.0 -> 7.85.0
    dnsmasq: 2.86_4,1 -> 2.87,1
    e2fsprogs-libuuid: 1.46.5 -> 1.46.5_1
    expat: 2.4.8 -> 2.5.0
    freeradius3: 3.0.25 -> 3.2.1
    glib: 2.72.3,2 -> 2.74.2_1,2
    isc-dhcp44-relay: 4.4.2P1 -> 4.4.3P1
    isc-dhcp44-server: 4.4.2P1_1 -> 4.4.3P1
    krb5: 1.20 -> 1.20.1
    ldns: 1.8.1 -> 1.8.3
    libedit: 3.1.20210910,1 -> 3.1.20221030,1
    libffi: 3.4.2 -> 3.4.3
    libfido2: 1.11.0 -> 1.12.0
    libgpg-error: 1.45 -> 1.46
    libidn2: 2.3.3 -> 2.3.3_1
    liblz4: 1.9.3,1 -> 1.9.4,1
    libpsl: 0.21.1_4 -> 0.21.1_6
    libunistring: 1.0 -> 1.1
    libxml2: 2.9.14 -> 2.10.3_1
    libxslt: 1.1.35_3 -> 1.1.37
    lighttpd: 1.4.66 -> 1.4.67
    mpd5: 5.9_9 -> 5.9_12
    mysql57-client: 5.7.38 -> 5.7.40
    nano: 6.2 -> 7.0
    nspr: 4.34.1 -> 4.35
    nss: 3.81 -> 3.85
    openssl: 1.1.1q,1 -> 1.1.1s,1
    openvpn: 2.5.7 -> 2.5.8
    opnsense: 22.7.2 -> 22.7.9
    opnsense-lang: 22.7.1 -> 22.7.3
    opnsense-update: 22.7.2 -> 22.7.9
    os-acme-client: 3.13 -> 3.14_1
    os-freeradius: 1.9.20 -> 1.9.21_2
    os-qemu-guest-agent: 1.1 -> 1.1_1
    os-vnstat: 1.3 -> 1.3_1
    os-wireguard: 1.11 -> 1.13_2
    pcre: 8.45_1 -> 8.45_3
    perl5: 5.32.1_1 -> 5.32.1_3
    php80: 8.0.22 -> 8.0.26
    php80-ctype: 8.0.22 -> 8.0.26
    php80-curl: 8.0.22 -> 8.0.26
    php80-dom: 8.0.22 -> 8.0.26
    php80-filter: 8.0.22 -> 8.0.26
    php80-gettext: 8.0.22 -> 8.0.26
    php80-ldap: 8.0.22 -> 8.0.26
    php80-mbstring: 8.0.22 -> 8.0.26
    php80-pdo: 8.0.22 -> 8.0.26
    php80-phalcon: 5.0.0.r4 -> 5.1.1
    php80-phpseclib: 2.0.37 -> 3.0.16
    php80-session: 8.0.22 -> 8.0.26
    php80-simplexml: 8.0.22 -> 8.0.26
    php80-sockets: 8.0.22 -> 8.0.26
    php80-sqlite3: 8.0.22 -> 8.0.26
    php80-xml: 8.0.22 -> 8.0.26
    php80-zlib: 8.0.22 -> 8.0.26
    protobuf: 3.20.1,1 -> 3.21.7,1
    py39-Babel: 2.10.3 -> 2.11.0
    py39-Jinja2: 3.0.1 -> 3.1.2
    py39-certifi: 2022.6.15 -> 2022.9.24
    py39-charset-normalizer: 2.1.0 -> 2.1.1
    py39-cryptography: 3.4.8 -> 3.4.8,1
    py39-dns-lexicon: 3.11.3 -> 3.11.4
    py39-filelock: 3.7.1 -> 3.8.0
    py39-idna: 3.3 -> 3.4
    py39-pytz: 2021.3,1 -> 2022.5,1
    py39-sqlite3: 3.9.13_7 -> 3.9.15_7
    py39-urllib3: 1.26.11,1 -> 1.26.12,1
    python39: 3.9.13 -> 3.9.15_1
    readline: 8.1.2 -> 8.2.0
    socat: 1.7.4.3 -> 1.7.4.4
    sqlite3: 3.39.0,1 -> 3.40.0,1
    squid: 4.15 -> 5.7
    strongswan: 5.9.6_2 -> 5.9.8_1
    sudo: 1.9.11p3 -> 1.9.12p1
    suricata: 6.0.6 -> 6.0.9
    syslog-ng: 3.37.1 -> 3.38.1
    unbound: 1.16.2 -> 1.17.0
    wireguard-go: 0.0.20220316_4,1 -> 0.0.20220316_6,1

Installed packages to be REINSTALLED:
    openldap24-client-2.4.59_4 (options changed)

Number of packages to be upgraded: 82
Number of packages to be reinstalled: 1

The process will require 2 MiB more space.
90 MiB to be downloaded.
[1/83] Fetching wireguard-go-0.0.20220316_6,1.pkg: .......... done
[2/83] Fetching unbound-1.17.0.pkg: .......... done
[3/83] Fetching syslog-ng-3.38.1.pkg: .......... done
[4/83] Fetching suricata-6.0.9.pkg: .......... done
[5/83] Fetching sudo-1.9.12p1.pkg: .......... done
[6/83] Fetching strongswan-5.9.8_1.pkg: .......... done
[7/83] Fetching squid-5.7.pkg: .......... done
[8/83] Fetching sqlite3-3.40.0,1.pkg: .......... done
[9/83] Fetching socat-1.7.4.4.pkg: .......... done
[10/83] Fetching readline-8.2.0.pkg: .......... done
[11/83] Fetching python39-3.9.15_1.pkg: .......... done
[12/83] Fetching py39-urllib3-1.26.12,1.pkg: .......... done
[13/83] Fetching py39-sqlite3-3.9.15_7.pkg: .... done
[14/83] Fetching py39-pytz-2022.5,1.pkg: .......... done
[15/83] Fetching py39-idna-3.4.pkg: ......... done
[16/83] Fetching py39-filelock-3.8.0.pkg: .. done
[17/83] Fetching py39-dns-lexicon-3.11.4.pkg: .......... done
[18/83] Fetching py39-cryptography-3.4.8,1.pkg: .......... done
[19/83] Fetching py39-charset-normalizer-2.1.1.pkg: ........ done
[20/83] Fetching py39-certifi-2022.9.24.pkg: .......... done
[21/83] Fetching py39-Jinja2-3.1.2.pkg: .......... done
[22/83] Fetching py39-Babel-2.11.0.pkg: .......... done
[23/83] Fetching protobuf-3.21.7,1.pkg: .......... done
[24/83] Fetching php80-zlib-8.0.26.pkg: ... done
[25/83] Fetching php80-xml-8.0.26.pkg: ... done
[26/83] Fetching php80-sqlite3-8.0.26.pkg: ... done
[27/83] Fetching php80-sockets-8.0.26.pkg: ..... done
[28/83] Fetching php80-simplexml-8.0.26.pkg: ... done
[29/83] Fetching php80-session-8.0.26.pkg: ..... done
[30/83] Fetching php80-phpseclib-3.0.16.pkg: .......... done
[31/83] Fetching php80-phalcon-5.1.1.pkg: .......... done
[32/83] Fetching php80-pdo-8.0.26.pkg: ...... done
[33/83] Fetching php80-mbstring-8.0.26.pkg: .......... done
[34/83] Fetching php80-ldap-8.0.26.pkg: .... done
[35/83] Fetching php80-gettext-8.0.26.pkg: . done
[36/83] Fetching php80-filter-8.0.26.pkg: ... done
[37/83] Fetching php80-dom-8.0.26.pkg: ....... done
[38/83] Fetching php80-curl-8.0.26.pkg: ..... done
[39/83] Fetching php80-ctype-8.0.26.pkg: . done
[40/83] Fetching php80-8.0.26.pkg: .......... done
[41/83] Fetching perl5-5.32.1_3.pkg: .......... done
[42/83] Fetching pcre-8.45_3.pkg: .......... done
[43/83] Fetching os-wireguard-1.13_2.pkg: .. done
[44/83] Fetching os-vnstat-1.3_1.pkg: . done
[45/83] Fetching os-qemu-guest-agent-1.1_1.pkg: . done
[46/83] Fetching os-freeradius-1.9.21_2.pkg: ...... done
[47/83] Fetching os-acme-client-3.14_1.pkg: .......... done
[48/83] Fetching opnsense-update-22.7.9.pkg: ..... done
[49/83] Fetching opnsense-lang-22.7.3.pkg: .......... done
[50/83] Fetching opnsense-22.7.9.pkg: .......... done
[51/83] Fetching openvpn-2.5.8.pkg: .......... done
[52/83] Fetching openssl-1.1.1s,1.pkg: .......... done
[53/83] Fetching openldap24-client-2.4.59_4.pkg: .......... done
[54/83] Fetching nss-3.85.pkg: .......... done
[55/83] Fetching nspr-4.35.pkg: .......... done
[56/83] Fetching nano-7.0.pkg: .......... done
[57/83] Fetching mysql57-client-5.7.40.pkg: .......... done
[58/83] Fetching mpd5-5.9_12.pkg: .......... done
[59/83] Fetching lighttpd-1.4.67.pkg: .......... done
[60/83] Fetching libxslt-1.1.37.pkg: .......... done
[61/83] Fetching libxml2-2.10.3_1.pkg: .......... done
[62/83] Fetching libunistring-1.1.pkg: .......... done
[63/83] Fetching libpsl-0.21.1_6.pkg: ........ done
[64/83] Fetching liblz4-1.9.4,1.pkg: .......... done
[65/83] Fetching libidn2-2.3.3_1.pkg: .......... done
[66/83] Fetching libgpg-error-1.46.pkg: .......... done
[67/83] Fetching libfido2-1.12.0.pkg: .......... done
[68/83] Fetching libffi-3.4.3.pkg: ...... done
[69/83] Fetching libedit-3.1.20221030,1.pkg: .......... done
[70/83] Fetching ldns-1.8.3.pkg: .......... done
[71/83] Fetching krb5-1.20.1.pkg: .......... done
[72/83] Fetching isc-dhcp44-server-4.4.3P1.pkg: .......... done
[73/83] Fetching isc-dhcp44-relay-4.4.3P1.pkg: .......... done
[74/83] Fetching glib-2.74.2_1,2.pkg: .......... done
[75/83] Fetching freeradius3-3.2.1.pkg: .......... done
[76/83] Fetching expat-2.5.0.pkg: .......... done
[77/83] Fetching e2fsprogs-libuuid-1.46.5_1.pkg: ..... done
[78/83] Fetching dnsmasq-2.87,1.pkg: .......... done
[79/83] Fetching curl-7.85.0.pkg: .......... done
[80/83] Fetching ca_root_nss-3.85.pkg: .......... done
[81/83] Fetching bind-tools-9.18.9.pkg: .......... done
[82/83] Fetching bash-5.2.12.pkg: .......... done
[83/83] Fetching acme.sh-3.0.5.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/83] Upgrading readline from 8.1.2 to 8.2.0...
[1/83] Extracting readline-8.2.0: .......... done
[2/83] Upgrading openssl from 1.1.1q,1 to 1.1.1s,1...
[2/83] Extracting openssl-1.1.1s,1: .......... done
[3/83] Upgrading libffi from 3.4.2 to 3.4.3...
[3/83] Extracting libffi-3.4.3: .......... done
[4/83] Upgrading python39 from 3.9.13 to 3.9.15_1...
[4/83] Extracting python39-3.9.15_1: .......... done
[5/83] Upgrading py39-cryptography from 3.4.8 to 3.4.8,1...
[5/83] Extracting py39-cryptography-3.4.8,1: .......... done
[6/83] Upgrading py39-idna from 3.3 to 3.4...
[6/83] Extracting py39-idna-3.4: .......... done
[7/83] Upgrading py39-certifi from 2022.6.15 to 2022.9.24...
[7/83] Extracting py39-certifi-2022.9.24: .......... done
[8/83] Upgrading libunistring from 1.0 to 1.1...
[8/83] Extracting libunistring-1.1: .......... done
[9/83] Upgrading libgpg-error from 1.45 to 1.46...
[9/83] Extracting libgpg-error-1.46: .......... done
[10/83] Upgrading py39-urllib3 from 1.26.11,1 to 1.26.12,1...
[10/83] Extracting py39-urllib3-1.26.12,1: .......... done
[11/83] Upgrading py39-charset-normalizer from 2.1.0 to 2.1.1...
[11/83] Extracting py39-charset-normalizer-2.1.1: .......... done
[12/83] Upgrading libxml2 from 2.9.14 to 2.10.3_1...
[12/83] Extracting libxml2-2.10.3_1: .......... done
[13/83] Upgrading libidn2 from 2.3.3 to 2.3.3_1...
[13/83] Extracting libidn2-2.3.3_1: .......... done
[14/83] Upgrading krb5 from 1.20 to 1.20.1...
[14/83] Extracting krb5-1.20.1: .......... done
[15/83] Upgrading perl5 from 5.32.1_1 to 5.32.1_3...
[15/83] Extracting perl5-5.32.1_3: .......... done
[16/83] Upgrading libxslt from 1.1.35_3 to 1.1.37...
[16/83] Extracting libxslt-1.1.37: .......... done
[17/83] Upgrading libpsl from 0.21.1_4 to 0.21.1_6...
[17/83] Extracting libpsl-0.21.1_6: .......... done
[18/83] Upgrading libedit from 3.1.20210910,1 to 3.1.20221030,1...
[18/83] Extracting libedit-3.1.20221030,1: .......... done
[19/83] Upgrading ca_root_nss from 3.81 to 3.85...
[19/83] Extracting ca_root_nss-3.85: ...... done
[20/83] Upgrading sqlite3 from 3.39.0,1 to 3.40.0,1...
[20/83] Extracting sqlite3-3.40.0,1: .......... done
[21/83] Upgrading py39-pytz from 2021.3,1 to 2022.5,1...
[21/83] Extracting py39-pytz-2022.5,1: .......... done
[22/83] Upgrading py39-filelock from 3.7.1 to 3.8.0...
[22/83] Extracting py39-filelock-3.8.0: .......... done
[23/83] Upgrading protobuf from 3.20.1,1 to 3.21.7,1...
[23/83] Extracting protobuf-3.21.7,1: .......... done
[24/83] Upgrading php80 from 8.0.22 to 8.0.26...
[24/83] Extracting php80-8.0.26: .......... done
[25/83] Upgrading pcre from 8.45_1 to 8.45_3...
[25/83] Extracting pcre-8.45_3: .......... done
[26/83] Reinstalling openldap24-client-2.4.59_4...
[26/83] Extracting openldap24-client-2.4.59_4: .......... done
[27/83] Upgrading nspr from 4.34.1 to 4.35...
[27/83] Extracting nspr-4.35: .......... done
[28/83] Upgrading liblz4 from 1.9.3,1 to 1.9.4,1...
[28/83] Extracting liblz4-1.9.4,1: .......... done
[29/83] Upgrading curl from 7.84.0 to 7.85.0...
[29/83] Extracting curl-7.85.0: .......... done
[30/83] Upgrading socat from 1.7.4.3 to 1.7.4.4...
[30/83] Extracting socat-1.7.4.4: ......... done
[31/83] Upgrading py39-Babel from 2.10.3 to 2.11.0...
[31/83] Extracting py39-Babel-2.11.0: .......... done
[32/83] Upgrading php80-session from 8.0.22 to 8.0.26...
[32/83] Extracting php80-session-8.0.26: .......... done
[33/83] Upgrading php80-pdo from 8.0.22 to 8.0.26...
[33/83] Extracting php80-pdo-8.0.26: .......... done
[34/83] Upgrading php80-mbstring from 8.0.22 to 8.0.26...
[34/83] Extracting php80-mbstring-8.0.26: .......... done
[35/83] Upgrading nss from 3.81 to 3.85...
[35/83] Extracting nss-3.85: .......... done
[36/83] Upgrading mysql57-client from 5.7.38 to 5.7.40...
[36/83] Extracting mysql57-client-5.7.40: .......... done
[37/83] Upgrading libfido2 from 1.11.0 to 1.12.0...
[37/83] Extracting libfido2-1.12.0: .......... done
[38/83] Upgrading ldns from 1.8.1 to 1.8.3...
[38/83] Extracting ldns-1.8.3: .......... done
[39/83] Upgrading glib from 2.72.3,2 to 2.74.2_1,2...
[39/83] Extracting glib-2.74.2_1,2: .......... done
[40/83] Upgrading expat from 2.4.8 to 2.5.0...
[40/83] Extracting expat-2.5.0: .......... done
[41/83] Upgrading e2fsprogs-libuuid from 1.46.5 to 1.46.5_1...
[41/83] Extracting e2fsprogs-libuuid-1.46.5_1: .......... done
[42/83] Upgrading bind-tools from 9.18.5 to 9.18.9...
[42/83] Extracting bind-tools-9.18.9: .......... done
[43/83] Upgrading bash from 5.1.16 to 5.2.12...
[43/83] Extracting bash-5.2.12: .......... done
[44/83] Upgrading wireguard-go from 0.0.20220316_4,1 to 0.0.20220316_6,1...
[44/83] Extracting wireguard-go-0.0.20220316_6,1: .... done
[45/83] Upgrading unbound from 1.16.2 to 1.17.0...
===> Creating groups.
Using existing group 'unbound'.
===> Creating users
Using existing user 'unbound'.
[45/83] Extracting unbound-1.17.0: .......... done
[46/83] Upgrading syslog-ng from 3.37.1 to 3.38.1...
[46/83] Extracting syslog-ng-3.38.1: .......... done
[47/83] Upgrading suricata from 6.0.6 to 6.0.9...
[47/83] Extracting suricata-6.0.9: .......... done
[48/83] Upgrading sudo from 1.9.11p3 to 1.9.12p1...
[48/83] Extracting sudo-1.9.12p1: .......... done
[49/83] Upgrading strongswan from 5.9.6_2 to 5.9.8_1...
[49/83] Extracting strongswan-5.9.8_1: .......... done
[50/83] Upgrading squid from 4.15 to 5.7...
===> Creating groups.
Using existing group 'squid'.
===> Creating users
Using existing user 'squid'.
===> Creating homedir(s)
===> Pre-installation configuration for squid-5.7
[50/83] Extracting squid-5.7: .......... done
[51/83] Upgrading py39-sqlite3 from 3.9.13_7 to 3.9.15_7...
[51/83] Extracting py39-sqlite3-3.9.15_7: ........ done
[52/83] Upgrading py39-dns-lexicon from 3.11.3 to 3.11.4...
[52/83] Extracting py39-dns-lexicon-3.11.4: .......... done
[53/83] Upgrading py39-Jinja2 from 3.0.1 to 3.1.2...
[53/83] Extracting py39-Jinja2-3.1.2: .......... done
[54/83] Upgrading php80-zlib from 8.0.22 to 8.0.26...
[54/83] Extracting php80-zlib-8.0.26: ........ done
[55/83] Upgrading php80-xml from 8.0.22 to 8.0.26...
[55/83] Extracting php80-xml-8.0.26: ......... done
[56/83] Upgrading php80-sqlite3 from 8.0.22 to 8.0.26...
[56/83] Extracting php80-sqlite3-8.0.26: ......... done
[57/83] Upgrading php80-sockets from 8.0.22 to 8.0.26...
[57/83] Extracting php80-sockets-8.0.26: .......... done
[58/83] Upgrading php80-simplexml from 8.0.22 to 8.0.26...
[58/83] Extracting php80-simplexml-8.0.26: ......... done
[59/83] Upgrading php80-phpseclib from 2.0.37 to 3.0.16...
[59/83] Extracting php80-phpseclib-3.0.16: ......... done
[60/83] Upgrading php80-phalcon from 5.0.0.r4 to 5.1.1...
[60/83] Extracting php80-phalcon-5.1.1: ........ done
[61/83] Upgrading php80-ldap from 8.0.22 to 8.0.26...
[61/83] Extracting php80-ldap-8.0.26: ........ done
[62/83] Upgrading php80-gettext from 8.0.22 to 8.0.26...
[62/83] Extracting php80-gettext-8.0.26: ........ done
[63/83] Upgrading php80-filter from 8.0.22 to 8.0.26...
[63/83] Extracting php80-filter-8.0.26: ......... done
[64/83] Upgrading php80-dom from 8.0.22 to 8.0.26...
[64/83] Extracting php80-dom-8.0.26: .......... done
[65/83] Upgrading php80-curl from 8.0.22 to 8.0.26...
[65/83] Extracting php80-curl-8.0.26: .......... done
[66/83] Upgrading php80-ctype from 8.0.22 to 8.0.26...
[66/83] Extracting php80-ctype-8.0.26: ........ done
[67/83] Upgrading opnsense-update from 22.7.2 to 22.7.9...
[67/83] Extracting opnsense-update-22.7.9: .......... done
[68/83] Upgrading opnsense-lang from 22.7.1 to 22.7.3...
[68/83] Extracting opnsense-lang-22.7.3: .......... done
[69/83] Upgrading openvpn from 2.5.7 to 2.5.8...
===> Creating groups.
Using existing group 'openvpn'.
===> Creating users
Using existing user 'openvpn'.
[69/83] Extracting openvpn-2.5.8: .......... done
[70/83] Upgrading mpd5 from 5.9_9 to 5.9_12...
[70/83] Extracting mpd5-5.9_12: .......... done
[71/83] Upgrading lighttpd from 1.4.66 to 1.4.67...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[71/83] Extracting lighttpd-1.4.67: .......... done
[72/83] Upgrading isc-dhcp44-server from 4.4.2P1_1 to 4.4.3P1...
===> Creating groups.
Using existing group 'dhcpd'.
===> Creating users
Using existing user 'dhcpd'.
[72/83] Extracting isc-dhcp44-server-4.4.3P1: .......... done
[73/83] Upgrading isc-dhcp44-relay from 4.4.2P1 to 4.4.3P1...
[73/83] Extracting isc-dhcp44-relay-4.4.3P1: ....... done
[74/83] Upgrading freeradius3 from 3.0.25 to 3.2.1...
===> Creating groups.
Using existing group 'freeradius'.
===> Creating users
Using existing user 'freeradius'.
===> Setting user and group in radiusd.conf
[74/83] Extracting freeradius3-3.2.1: .......... done
You should remove /usr/local/etc/raddb if you don't need it any more.
pkg-static: Fail to set time on /var/log/radacct:No such file or directory

Fatal error: Uncaught Error: Class "phpseclib3\Crypt\Common\AsymmetricKey" not found in /usr/local/share/phpseclib/Crypt/RSA.php:69
Stack trace:
#0 /usr/local/etc/inc/certs.inc(34): require_once()
#1 /usr/local/etc/inc/config.inc(40): require_once('/usr/local/etc/...')
#2 /usr/local/etc/rc.restart_webgui(4): require_once('/usr/local/etc/...')
#3 {main}
  thrown in /usr/local/share/phpseclib/Crypt/RSA.php on line 69
Installation out of date. The update to opnsense-22.7.9 is required.
Fetching base-22.7.9-amd64.txz: ...................... done
Fetching kernel-22.7.9-amd64.txz: ........... done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing kernel-22.7.9-amd64.txz... done
Installing base-22.7.9-amd64.txz... done
Cleaning obsolete files... done
Please reboot.
>>> Invoking stop script 'beep'
>>> Invoking stop script 'freebsd'
Stopping acme_http_challenge.
Waiting for PIDS: 49955.
Stopping monit.
Waiting for PIDS: 35775.
Stopping qemu_guest_agent.
Waiting for PIDS: 25797.
Stopping radiusd.
Waiting for PIDS: 72778.
[#] rm -f /var/run/wireguard/wg1.sock
>>> Invoking stop script 'backup'
>>> Invoking backup script 'captiveportal'
>>> Invoking backup script 'dhcpleases'
>>> Invoking backup script 'duid'
>>> Invoking backup script 'netflow'
>>> Invoking backup script 'rrd'
>>> Invoking stop script 'config'
Shutdown NOW!
shutdown: [pid 21949]

*** FINAL System shutdown message from root@firewall.home.ktr.nz ***

System going down IMMEDIATELY

System shutdown time has arrived

Fatal error: Uncaught Error: Class "phpseclib3\Crypt\Common\AsymmetricKey" not found in /usr/local/share/phpseclib/Crypt/RSA.php:69
Stack trace:
#0 /usr/local/etc/inc/certs.inc(34): require_once()
#1 /usr/local/etc/inc/config.inc(40): require_once('/usr/local/etc/...')
#2 /usr/local/opnsense/scripts/shell/banner.php(32): require_once('/usr/local/etc/...')
#3 {main}
  thrown in /usr/local/share/phpseclib/Crypt/RSA.php on line 69
Connection to xxx closed.

Additional context

This is in a VM running under Proxmox. NIC via hardware passthrough of the whole card. I have backups and can reproduce or try possible fixes easily enough as needed.

Environment

OPNsense 22.7.2-amd64 FreeBSD 13.1-RELEASE-p1 OpenSSL 1.1.1q 5 Jul 2022 Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz Network Intel Server Adapter I350-T4 v2

[frank499]

I had the same Problem. I solved it by upgrading to 22.7.3 first. In the firmware settings set flavour to 22.7/MINT/22.7.3/OpenSSL, run the upgrade and set flavour to default again and upgrade to 22.7.9

[fichtner]

Basically freeradius3 package is out of whack for unknown reasons and the phpseclib3 error is unrelated and only temporary. About the first issue other tickets exist but until someone says how to reproduce I'm not able to look at it because it looks like a time sink. In practice removing freeradius3 (or os-freeradius) and adding it back after update works fine....

[fichtner]

Going to refer this to #6167.

[kimnzl]

I can confirm that this was caused by freeradius3. Removing the plugin then updating works.

[davidohne]

deactivating freeradius is definitively no option since the plugin is normally installed to do something, in my case: authentication.

[fichtner]

In that case you can never reboot your firewall? oO

[davidohne]

In that case you can never reboot your firewall? oO

Well I don't try until there is a solution for the freeradius problem. Firewall is protected by an USP so without an upgrade related reboot it stays up for a long time..

[AdSchellevis]

and there is a solution (according to others in the same thread)... deinstall --> upgrade --> reinstall. but you're always free to wait for events that might not happen.