# freebsd-update fetching but failing to install updates



## grahamperrin@ (Jan 1, 2022)

FreeBSD 13.0-RELEASE. p4 kernel, p5 userland, consistent with <https://bokut.in/freebsd-patch-level-table/#releng/13.0>.

freebsd-update(8) repeatedly fetches but fails to install updates. Rebooted, no better. How should I resolve this?



…


----------



## SirDice (Jan 2, 2022)

`rm -rf /var/db/freebsd-update/*`


----------



## grahamperrin@ (Jan 2, 2022)

Thanks. Still failing, for example: 

`install: ///usr/src/secure/caroot/trusted/GlobalSign_Root_R46.pem: No such file or directory`


```
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # history | tail -n 10
   545  13:38   freebsd-version -kru
   546  13:38   setenv PAGER cat
   547  13:38   freebsd-update fetch
   548  13:39   rm -fr /var/db/freebsd-update/*
   549  13:41   du -hs /var/db/freebsd-update/*
   550  13:41   rm -fr /var/db/freebsd-update/*
   551  13:44   ls -ahl /var/db/freebsd-update/
   552  13:44   freebsd-update
   553  13:44   freebsd-update fetch
   554  13:45   history | tail -n 10
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # freebsd-version -kru
13.0-RELEASE-p4
13.0-RELEASE-p4
13.0-RELEASE-p5
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # du -hs /var/db/freebsd-update/*
512B    /var/db/freebsd-update/f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-install
227K    /var/db/freebsd-update/files
5.5K    /var/db/freebsd-update/install.szkmLE
4.5K    /var/db/freebsd-update/pub.ssl
512B    /var/db/freebsd-update/serverlist
512B    /var/db/freebsd-update/serverlist_full
512B    /var/db/freebsd-update/serverlist_tried
4.5K    /var/db/freebsd-update/tINDEX.present
4.5K    /var/db/freebsd-update/tag
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # rm -fr /var/db/freebsd-update/*
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # freebsd-update fetch install
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching public key from update2.freebsd.org... done.
Fetching metadata signature for 13.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 26 files... ....10....20... done.
The following files will be added as part of updating to
13.0-RELEASE-p5:
/usr/src/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem
/usr/src/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem
/usr/src/secure/caroot/blacklisted/Certum_Root_CA.pem
/usr/src/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem
/usr/src/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem
/usr/src/secure/caroot/blacklisted/EC-ACC.pem
/usr/src/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem
/usr/src/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem
/usr/src/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem
/usr/src/secure/caroot/blacklisted/QuoVadis_Root_CA.pem
/usr/src/secure/caroot/blacklisted/Sonera_Class_2_Root_CA.pem
/usr/src/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem
/usr/src/secure/caroot/blacklisted/SwissSign_Platinum_CA_-_G2.pem
/usr/src/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem
/usr/src/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem
/usr/src/secure/caroot/blacklisted/Trustis_FPS_Root_CA.pem
/usr/src/secure/caroot/blacklisted/VeriSign_Universal_Root_Certification_Authority.pem
/usr/src/secure/caroot/blacklisted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
/usr/src/secure/caroot/blacklisted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
/usr/src/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
/usr/src/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem
/usr/src/secure/caroot/trusted/Certum_EC-384_CA.pem
/usr/src/secure/caroot/trusted/Certum_Trusted_Root_CA.pem
/usr/src/secure/caroot/trusted/GLOBALTRUST_2020.pem
/usr/src/secure/caroot/trusted/GlobalSign_Root_E46.pem
/usr/src/secure/caroot/trusted/GlobalSign_Root_R46.pem
Installing updates...install: ///usr/src/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Certum_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/EC-ACC.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/QuoVadis_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Sonera_Class_2_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/SwissSign_Platinum_CA_-_G2.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Trustis_FPS_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/VeriSign_Universal_Root_Certification_Authority.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/Certum_EC-384_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/Certum_Trusted_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/GLOBALTRUST_2020.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/GlobalSign_Root_E46.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/GlobalSign_Root_R46.pem: No such file or directory
Scanning //usr/share/certs/blacklisted for certificates...
Scanning //usr/share/certs/trusted for certificates...
Scanning //usr/local/share/certs for certificates...
 done.
root@mowa219-gjp4-vm-freebsd-13-zfs:~ #
```

I'll try something else …


----------



## grahamperrin@ (Jan 2, 2022)

Nope:


```
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # freebsd-update upgrade -F -r 13.0-RELEASE
freebsd-update: Cannot upgrade from 13.0-RELEASE to itself
root@mowa219-gjp4-vm-freebsd-13-zfs:~ #
```

Now this:


```
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # gitup src
gitup:
Cannot find a matching section in the command line arguments.  These are the configured sections
:
* ports
* quarterly
* release
* stable
* current
: Invalid argument
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # gitup release
# Scanning local repository...
…
```

…


```
…
 ! /usr/src/usr.sbin/zzz/zzz.sh is missing.
gitup: build_repair_command: There are too many files to repair -- please re-clone the repository: Argument list too long
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # man gitup
…
```

Then, disappearance of the desktop environment whilst forcing a clone of the repository. I logged in again, graphics-related failure:



No response to _right_-Control-F2 (ttyv1 did not appear) so I performed an ACPI shutdown.

I gave the virtual machine more memory (2,048 MB) then began another attempt to force a clone to /usr/src:


```
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # date ; uptime ; freebsd-version -kru
Sun Jan  2 14:04:35 GMT 2022
2:04PM  up 2 mins, 3 users, load averages: 0.49, 0.30, 0.13
13.0-RELEASE-p4
13.0-RELEASE-p4
13.0-RELEASE-p5
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # pkg upgrade gitup
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating poudriere repository catalogue...
poudriere repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # gitup -c release
# Scanning local repository...
```

I'm puzzled by the involvement of /usr/src in a routine that's intended for _not_ building from source, but hey. Let's see what happens.


Killed (not by me):


```
…
 + /usr/src/lib/geom/raid3/graid3.8
Killed
root@mowa219-gjp4-vm-freebsd-13-zfs:~ #
```


I'll increase memory from 2,048 to 3,072 MB then make a third attempt to clone to /usr/src.

*Postscript*: I discovered gitup(1) option `-l`, with which I might have not required so much memory.


----------



## grahamperrin@ (Jan 2, 2022)

Still failing:


```
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # gitup -c release                                     # Scanning local repository...
# Host: git.freebsd.org
# Port: 443
# Repository Path: /src.git
# Target Directory: /usr/src
# Have: 2646dd665909e60a369015c17cb602515e6025dc
# Want: 2646dd665909e60a369015c17cb602515e6025dc
# Branch: releng/13.0
# Done.
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # setenv PAGER cat ; freebsd-update fetch install
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 13.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
The following files will be added as part of updating to
13.0-RELEASE-p5:
/usr/src/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem
/usr/src/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem
/usr/src/secure/caroot/blacklisted/Certum_Root_CA.pem
/usr/src/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem
/usr/src/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem
/usr/src/secure/caroot/blacklisted/EC-ACC.pem
/usr/src/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem
/usr/src/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem
/usr/src/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem
/usr/src/secure/caroot/blacklisted/QuoVadis_Root_CA.pem
/usr/src/secure/caroot/blacklisted/Sonera_Class_2_Root_CA.pem
/usr/src/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem
/usr/src/secure/caroot/blacklisted/SwissSign_Platinum_CA_-_G2.pem
/usr/src/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem
/usr/src/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem
/usr/src/secure/caroot/blacklisted/Trustis_FPS_Root_CA.pem
/usr/src/secure/caroot/blacklisted/VeriSign_Universal_Root_Certification_Authority.pem
/usr/src/secure/caroot/blacklisted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
/usr/src/secure/caroot/blacklisted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
/usr/src/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
/usr/src/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem
/usr/src/secure/caroot/trusted/Certum_EC-384_CA.pem
/usr/src/secure/caroot/trusted/Certum_Trusted_Root_CA.pem
/usr/src/secure/caroot/trusted/GLOBALTRUST_2020.pem
/usr/src/secure/caroot/trusted/GlobalSign_Root_E46.pem
/usr/src/secure/caroot/trusted/GlobalSign_Root_R46.pem
Installing updates...install: ///usr/src/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Certum_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/EC-ACC.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/QuoVadis_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Sonera_Class_2_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/SwissSign_Platinum_CA_-_G2.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Trustis_FPS_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/VeriSign_Universal_Root_Certification_Authority.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: No such file or directory
install: ///usr/src/secure/caroot/blacklisted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/Certum_EC-384_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/Certum_Trusted_Root_CA.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/GLOBALTRUST_2020.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/GlobalSign_Root_E46.pem: No such file or directory
install: ///usr/src/secure/caroot/trusted/GlobalSign_Root_R46.pem: No such file or directory
Scanning //usr/share/certs/blacklisted for certificates...
Scanning //usr/share/certs/trusted for certificates...
Scanning //usr/local/share/certs for certificates...
 done.
root@mowa219-gjp4-vm-freebsd-13-zfs:~ #
```

From 2016: 



SirDice said:


> By default freebsd-update(8) also updates the sources in /usr/src/. Which you don't have. Hence the errors. You can either populate /usr/src/ or disable updating of the source in freebsd-update.conf(5).



…


----------



## grahamperrin@ (Jan 2, 2022)

I can't recall ever changing a freebsd-update.conf file on any machine, but here goes:


```
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # ls -hl /etc/freebsd-update.conf
-rw-r--r--  1 root  wheel   2.8K Apr  9  2021 /etc/freebsd-update.conf
root@mowa219-gjp4-vm-freebsd-13-zfs:~ # grep -v \# /etc/freebsd-update.conf | sort

…

Components src world kernel
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
IgnorePaths
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
MergeChanges /etc/ /boot/device.hints
ServerName update.FreeBSD.org
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
root@mowa219-gjp4-vm-freebsd-13-zfs:~ #
```

What next?


Stop the clock in this topic. 

I'm investigating a possible bug.


----------

