Opkg updates are failing

jmccabe06 · January 26, 2024, 12:32am

Earlier today updates were working fine. Now - not so much.

"Update Lists..." in LuCI fails.

Downloading https://downloads.openwrt.org/releases/23.05.2/targets/bcm27xx/bcm2711/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.2/targets/bcm27xx/bcm2711/packages/Packages.gz
[...]
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.2/targets/bcm27xx/bcm2711/packages/Packages.gz, wget returned 5.

Popping over the the CLI and trying opkg --no-check-certificate update throws a similar, though different, error:

Downloading https://downloads.openwrt.org/releases/23.05.2/targets/ath79/generic/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.2/targets/ath79/generic/packages/Packages.gz
[...]
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.2/targets/ath79/generic/packages/Packages.gz, wget returned 8.

Note that wget's error moved from 5 ("bad certificate") to r ("server returned an error").

If I directly invoke the wget command so I can get a better view of what's happening, the server is throwing a 404 error:

# wget --no-check-certificate  https://downloads.openwrt.org/releases/23.05.2/targets/ath79/generic/packages/Packages.gz
Downloading 'https://downloads.openwrt.org/releases/23.05.2/targets/ath79/generic/packages/Packages.gz'
Connecting to 168.119.138.211:443
HTTP error 404
root@GarageAP:/tmp# echo $?
8

If I ask OpenSSL to check the server certificate, the domain is mismatched:

CN = firmware-selector.openwrt.org

If I just plonk this into my /etc/hosts then everything works:

146.75.38.132   downloads.openwrt.org

Anyone else having this DNS problem or is it just me?

psherman · January 26, 2024, 1:19am

jmccabe06:

wget --no-check-certificate  https://downloads.openwrt.org/releases/23.05.2/targets/ath79/generic/packages/Packages.gz
Downloading 'https://downloads.openwrt.org/releases/23.05.2/targets/ath79/generic/packages/Packages.gz'

no problem here at all -- file downloaded without any issues.

Check your router's time and dns. Also check that you can properly ping the downloads site.

jmccabe06 · January 26, 2024, 1:25am

kk. Seems buried somewhere in my dnsmasq server. No idea how it got the wrong resolution into it's cache, and so far I'm failing to flush that cache.

Thanks for helping me verify that it's local to my configuration. Much appreciated.

jmccabe06 · January 26, 2024, 1:40am

Found it. Evidently in June of 2022 I added the 168.119.138.211 resolution to /etc/hosts for reasons that, I'm sure, made a lot of sense at the time. And then totally forgot about it.

Fast forward to today - I guess something changed on the OpenWRT hosting side and that IP addy was pointed at firmware-selector instead of downloads.

Let that be a lesson about hard coding resolutions into config files and not cleaning up after yourself when you're done with whatever it is you were doing.

system · February 5, 2024, 1:41am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.