Hello,
I (imho too often) get problems when running sa-update (Debian 8, SA 3.4.0)
/etc/cron.daily/spamassassin:
sa-update failed for unknown reasons
in debug mode I found out:
Sep 5 07:38:31.810 [16137] dbg: channel: selected mirror
http://sa-update.secnap.net
Sep 5 07:38:31.810 [16137] dbg: http: url:
http://sa-update.secnap.net/1840016.tar.gz
Sep 5 07:38:31.810 [16137] dbg: http: downloading to:
/var/lib/spamassassin/3.004000/updates_spamassassin_org/1840016.tar.gz, update
Sep 5 07:38:31.810 [16137] dbg: util: executable for curl was found at
/usr/bin/curl
Sep 5 07:38:31.810 [16137] dbg: http: /usr/bin/curl -s -L -O --remote-time -g
--max-redirs 2 --connect-timeout 30 --max-time 300 --fail -o 1840016.tar.gz -z
1840016.tar.gz -- http://sa-update.secnap.net/1840016.tar.gz
Sep 5 07:38:33.211 [16137] dbg: http: process [16166], exit status: 0
...
Sep 5 07:38:33.799 [16137] dbg: sha1: verification wanted:
ea88487c6e9cd48fb3e546606eac2effe4a3a91c
Sep 5 07:38:33.799 [16137] dbg: sha1: verification result:
953efe8f531a5a87f6d2d5a65b78b05e55599abc
channel: SHA1 verification failed, channel failed
the resulting file:
# ls -lctr --full-time 1840016.tar.gz
-rw-r--r-- 1 debian-spamd debian-spamd 1 2018-09-05 07:38:33.205411724 +0200
1840016.tar.gz
running the curl manually downloads correct file:
# ls -lct --full-time /tmp/1840016.tar.gz
-rw-r--r-- 1 root root 283416 2018-09-05 09:10:02.572034800 +0200
/tmp/1840016.tar.gz
with correct checksum:
# sha1sum 1840016.tar.gz /tmp/1840016.tar.gz
953efe8f531a5a87f6d2d5a65b78b05e55599abc 1840016.tar.gz
ea88487c6e9cd48fb3e546606eac2effe4a3a91c /tmp/1840016.tar.gz
we are behind fortigate firewall, which shows this relevant line:
Sep 5 07:38:34 fgt
date=2018-09-05,time=07:38:34,devname=FGT,devid=XXX,logid=0000000013,type=traffic,subtype=forward,level=notice,vd=root,srcip=x.x.x.x,srcport=60665,srcintf="internal",dstip=204.89.241.6,dstport=80,dstintf="wan1",poluuid=9a0df156-900e-51e8-d4d5-7b4de8e07615,sessionid=48968219,proto=6,action=close,policyid=62,policytype=policy,dstcountry="United
States",srccountry="Reserved",trandisp=snat,transip=y.y.y.y,transport=60665,service="HTTP",duration=1,sentbyte=423,rcvdbyte=604,sentpkt=6,rcvdpkt=4,appcat="unscanned",wanin=388,wanout=103,lanin=103,lanout=388
Sep 5 09:10:03 fgt
date=2018-09-05,time=09:10:03,devname=FGT,devid=XXX,logid=0000000013,type=traffic,subtype=forward,level=notice,vd=root,srcip=x.x.x.x,srcport=36269,srcintf="internal",dstip=204.89.241.6,dstport=80,dstintf="wan1",poluuid=9a0df156-900e-51e8-d4d5-7b4de8e07615,sessionid=49153868,proto=6,action=close,policyid=62,policytype=policy,dstcountry="United
States",srccountry="Reserved",trandisp=snat,transip=y.y.y.y,transport=36269,service="HTTP",duration=2,sentbyte=6554,rcvdbyte=294053,sentpkt=124,rcvdpkt=199,appcat="unscanned",wanin=283697,wanout=98,lanin=98,lanout=283697
This kind of error happens with different mirrors.
Now my questions:
- is this possible problem with mirrors?
- when do mirrors update?
- do mirrors updates propagate atomically?
or should I dig into that deeper to find out what happens?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)