From owner-freebsd-questions@freebsd.org Wed Sep 2 15:08:28 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1CED99C8E78 for ; Wed, 2 Sep 2015 15:08:28 +0000 (UTC) (envelope-from mfv@bway.net) Received: from smtp1.bway.net (smtp1.v6.bway.net [IPv6:2607:d300:1::27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EC733E9C for ; Wed, 2 Sep 2015 15:08:27 +0000 (UTC) (envelope-from mfv@bway.net) Received: from gecko4 (host-216-220-115-179.dsl.bway.net [216.220.115.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m1316v@bway.net) by smtp1.bway.net (Postfix) with ESMTPSA id 15AB8958CD for ; Wed, 2 Sep 2015 11:08:19 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bway.net; s=mail; t=1441206499; bh=YDpf3YLtxENpC6noga3lASeK+wMiccWK3CS6F9bJnCY=; h=Date:From:To:Subject:In-Reply-To:References:Reply-To; b=LbipZpotNHePMtLcj/FYXLabxZQ9B9iQvPWKW/KZlI0PZmpGSHBN6p1q74FscKX7T 05WrqpJ7dBg3V8HD3Om8YNOqBhlfXFQNgE4UYh5O8o4sbOq5pPpHOg7n3wVjwnN13y XAy+PeKoFsRKsz0liRJJMki7UmgVleLvYR3wG7VU= Date: Wed, 2 Sep 2015 11:08:18 -0400 From: mfv To: freebsd-questions@freebsd.org Subject: Re: fail to fetch vulnxml file each night, as seen in daily security, run output. Message-ID: <20150902110818.209e8664@gecko4> In-Reply-To: <55E709C2.8040800@hiwaay.net> References: <55E700C9.4080000@gmail.com> <55E7020B.6040404@hiwaay.net> <55E707E7.4070904@gmail.com> <55E709C2.8040800@hiwaay.net> Reply-To: mfv@bway.net MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2015 15:08:28 -0000 > On Wed, 2015-09-02 at 09:43 "William A. Mahaffey III" > wrote: > >On 09/02/15 09:36, Ernie Luzar wrote: >> William A. Mahaffey III wrote: >>> On 09/02/15 09:05, Ernie Luzar wrote: >>>> Hello list; >>>> >>>> I get the following message in the daily security run output on >>>> both my 10.1 and 10.2 systems. Both which were installed from >>>> scratch using a cdisc1.iso file. >>>> >>>> Checking for packages with security vulnerabilities: >>>> pkg: http://vuxml.freebsd.org/freebsd/vuln.xml.bz2: No route to >>>> host pkg: cannot fetch vulnxml file >>>> >>>> -- End of security output -- >>>> >>>> >>>> Is this normal by design? >>> >>> >>> 'No route to host' means networking issue. I get the same thing >>> whenever I disconnect my Cable modem overnight, which I often do. >>> Make sure your networking is working AOK overnight when that fetch >>> is attempted. >>> >>> >> My network is on 7/24 so that is not the problem. >> When I launch in my >> browser I get a 404. >> This means the vuln.xml.bz2 is not present. > > >Agreed. Misconfigured repo or repo down for some reason ? If so, not a >design or software flaw BTW, but a (presumably temporary) >infrastructure issue. If a bad file-name in a config file, bug, file >it :-), although it is a bit hard to believe that would have survived >2 software version revisions. > > Hello Ernie and William, As a test I just ran http://vuxml.freebsd.org/freebsd/vuln.xml.bz2. After this file was downloaded, it was decompressed. It was then compared to another decompressed file which was installed using "pkg audit -F". This is the results of that comparison: [10:52] /tmp > sha256 /tmp/vuln.xml /var/db/pkg/vuln.xml SHA256 (/tmp/vuln.xml) = b0f0224f66ac9384af08d2e116c8d66cc1826926b6b3d22ec218745e2bb83f26 SHA256 (/var/db/pkg/vuln.xml) = b0f0224f66ac9384af08d2e116c8d66cc1826926b6b3d22ec218745e2bb83f26 Clearly vuln.xml can be downloaded by hand or installed using pkg. As such it seems there is a network issue. Cheers ... Marek