FS#71365 - [arch-audit] Error: failed to get AVG json

Attached to Project: Community Packages
Opened by Batou (Batou) - Saturday, 26 June 2021, 03:10 GMT
Last edited by Toolybird (Toolybird) - Tuesday, 09 May 2023, 05:32 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Christian Rebischke (Shibumi)
Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:


Additional info:
* package version(s)
* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:
This task depends upon

Closed by  Toolybird (Toolybird)
Tuesday, 09 May 2023, 05:32 GMT
Reason for closing:  Works for me
Additional comments about closing:  Seems to be working fine now. Must have been a transient problem.
Comment by Batou (Batou) - Saturday, 26 June 2021, 03:13 GMT
Ugh, I must have pressed Return by an accident in the title filed and it immediately posted the issue without a confirmation and now I can't even edit it. Apologies.
Comment by Batou (Batou) - Saturday, 26 June 2021, 03:16 GMT
Anyway, when I try to run arch-audit, I get this error message:

$ arch-audit
Error: failed to get AVG json
Because: failed to fetch AVGs from URL
Because: Failed to send request
Because: error sending request for url (https://security.archlinux.org/all.json): error trying to connect: invalid certificate: UnknownIssuer
Because: error trying to connect: invalid certificate: UnknownIssuer
Because: invalid certificate: UnknownIssuer

But, both curl and wget have no issues:

$ curl -IL https://security.archlinux.org/all.json
HTTP/2 200
server: nginx
date: Sat, 26 Jun 2021 03:14:56 GMT
content-type: application/json; charset=utf-8
content-length: 720867
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'; style-src 'self'; font-src 'self'; form-action 'self'
x-content-security-policy: default-src 'self'; style-src 'self'; font-src 'self'; form-action 'self'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubdomains; preload

and:

curl -vvI https://security.archlinux.org/all.json
* Trying 95.217.239.55:443...
* Connected to security.archlinux.org (95.217.239.55) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /usr/share/curl/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=security.archlinux.org
* start date: Jun 17 20:20:19 2021 GMT
* expire date: Sep 15 20:20:18 2021 GMT
* subjectAltName: host "security.archlinux.org" matched cert's "security.archlinux.org"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5648a824c970)
> HEAD /all.json HTTP/2
> Host: security.archlinux.org
> user-agent: curl/7.77.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
HTTP/2 200
< server: nginx
server: nginx
< date: Sat, 26 Jun 2021 03:20:34 GMT
date: Sat, 26 Jun 2021 03:20:34 GMT
< content-type: application/json; charset=utf-8
content-type: application/json; charset=utf-8
< content-length: 720867
content-length: 720867
< x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
x-content-type-options: nosniff
< content-security-policy: default-src 'self'; style-src 'self'; font-src 'self'; form-action 'self'
content-security-policy: default-src 'self'; style-src 'self'; font-src 'self'; form-action 'self'
< x-content-security-policy: default-src 'self'; style-src 'self'; font-src 'self'; form-action 'self'
x-content-security-policy: default-src 'self'; style-src 'self'; font-src 'self'; form-action 'self'
< referrer-policy: no-referrer
referrer-policy: no-referrer
< strict-transport-security: max-age=31536000; includeSubdomains; preload
strict-transport-security: max-age=31536000; includeSubdomains; preload

<
* Connection #0 to host security.archlinux.org left intact


I am up to date and everything else is running smoothly:

$ uname -a
Linux batou 5.12.12-arch1-1 #1 SMP PREEMPT Fri, 18 Jun 2021 21:59:22 +0000 x86_64 GNU/Linux


$ pacman -Qi arch-audit
Name : arch-audit
Version : 0.1.19-2


$ dig security.archlinux.org

; <<>> DiG 9.16.18 <<>> security.archlinux.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45421
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;security.archlinux.org. IN A

;; ANSWER SECTION:
security.archlinux.org. 24248 IN A 95.217.239.55


There are no errors in the journal.

Loading...