Date: Wed, 2 Sep 2015 11:08:18 -0400 From: mfv <mfv@bway.net> To: freebsd-questions@freebsd.org Subject: Re: fail to fetch vulnxml file each night, as seen in daily security, run output. Message-ID: <20150902110818.209e8664@gecko4> In-Reply-To: <55E709C2.8040800@hiwaay.net> References: <55E700C9.4080000@gmail.com> <55E7020B.6040404@hiwaay.net> <55E707E7.4070904@gmail.com> <55E709C2.8040800@hiwaay.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, 2015-09-02 at 09:43 "William A. Mahaffey III" > <wam@hiwaay.net> wrote: > >On 09/02/15 09:36, Ernie Luzar wrote: >> William A. Mahaffey III wrote: >>> On 09/02/15 09:05, Ernie Luzar wrote: >>>> Hello list; >>>> >>>> I get the following message in the daily security run output on >>>> both my 10.1 and 10.2 systems. Both which were installed from >>>> scratch using a cdisc1.iso file. >>>> >>>> Checking for packages with security vulnerabilities: >>>> pkg: http://vuxml.freebsd.org/freebsd/vuln.xml.bz2: No route to >>>> host pkg: cannot fetch vulnxml file >>>> >>>> -- End of security output -- >>>> >>>> >>>> Is this normal by design? >>> >>> >>> 'No route to host' means networking issue. I get the same thing >>> whenever I disconnect my Cable modem overnight, which I often do. >>> Make sure your networking is working AOK overnight when that fetch >>> is attempted. >>> >>> >> My network is on 7/24 so that is not the problem. >> When I launch in my >> browser I get a 404. >> This means the vuln.xml.bz2 is not present. > > >Agreed. Misconfigured repo or repo down for some reason ? If so, not a >design or software flaw BTW, but a (presumably temporary) >infrastructure issue. If a bad file-name in a config file, bug, file >it :-), although it is a bit hard to believe that would have survived >2 software version revisions. > > Hello Ernie and William, As a test I just ran http://vuxml.freebsd.org/freebsd/vuln.xml.bz2. After this file was downloaded, it was decompressed. It was then compared to another decompressed file which was installed using "pkg audit -F". This is the results of that comparison: [10:52] /tmp > sha256 /tmp/vuln.xml /var/db/pkg/vuln.xml SHA256 (/tmp/vuln.xml) = b0f0224f66ac9384af08d2e116c8d66cc1826926b6b3d22ec218745e2bb83f26 SHA256 (/var/db/pkg/vuln.xml) = b0f0224f66ac9384af08d2e116c8d66cc1826926b6b3d22ec218745e2bb83f26 Clearly vuln.xml can be downloaded by hand or installed using pkg. As such it seems there is a network issue. Cheers ... Marek
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150902110818.209e8664>