fail to fetch vulnxml file each night, as seen in daily security, run output.
mfv
mfv at bway.net
Wed Sep 2 15:08:28 UTC 2015
> On Wed, 2015-09-02 at 09:43 "William A. Mahaffey III"
> <wam at hiwaay.net> wrote:
>
>On 09/02/15 09:36, Ernie Luzar wrote:
>> William A. Mahaffey III wrote:
>>> On 09/02/15 09:05, Ernie Luzar wrote:
>>>> Hello list;
>>>>
>>>> I get the following message in the daily security run output on
>>>> both my 10.1 and 10.2 systems. Both which were installed from
>>>> scratch using a cdisc1.iso file.
>>>>
>>>> Checking for packages with security vulnerabilities:
>>>> pkg: http://vuxml.freebsd.org/freebsd/vuln.xml.bz2: No route to
>>>> host pkg: cannot fetch vulnxml file
>>>>
>>>> -- End of security output --
>>>>
>>>>
>>>> Is this normal by design?
>>>
>>>
>>> 'No route to host' means networking issue. I get the same thing
>>> whenever I disconnect my Cable modem overnight, which I often do.
>>> Make sure your networking is working AOK overnight when that fetch
>>> is attempted.
>>>
>>>
>> My network is on 7/24 so that is not the problem.
>> When I launch in my
>> browser I get a 404.
>> This means the vuln.xml.bz2 is not present.
>
>
>Agreed. Misconfigured repo or repo down for some reason ? If so, not a
>design or software flaw BTW, but a (presumably temporary)
>infrastructure issue. If a bad file-name in a config file, bug, file
>it :-), although it is a bit hard to believe that would have survived
>2 software version revisions.
>
>
Hello Ernie and William,
As a test I just ran http://vuxml.freebsd.org/freebsd/vuln.xml.bz2.
After this file was downloaded, it was decompressed.
It was then compared to another decompressed file which was installed
using "pkg audit -F".
This is the results of that comparison:
[10:52] /tmp > sha256 /tmp/vuln.xml /var/db/pkg/vuln.xml
SHA256 (/tmp/vuln.xml) =
b0f0224f66ac9384af08d2e116c8d66cc1826926b6b3d22ec218745e2bb83f26
SHA256 (/var/db/pkg/vuln.xml) =
b0f0224f66ac9384af08d2e116c8d66cc1826926b6b3d22ec218745e2bb83f26
Clearly vuln.xml can be downloaded by hand or installed using pkg. As
such it seems there is a network issue.
Cheers ...
Marek
More information about the freebsd-questions
mailing list