Bug 213599 - ports-mgmt/pkg regression: pkg audit -F unable to fetch vuln.xml in a jail
Summary: ports-mgmt/pkg regression: pkg audit -F unable to fetch vuln.xml in a jail
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: i386 Any
: --- Affects Only Me
Assignee: freebsd-pkg (Nobody)
URL:
Keywords: regression
Depends on:
Blocks:
 
Reported: 2016-10-18 20:13 UTC by Serge
Modified: 2018-01-12 14:07 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (pkg)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Serge 2016-10-18 20:13:22 UTC 
On a fully patched FreeBSD 10.3 system with a few jails (also up-to-date), pkg-1.8.7_3 works as expected. After updating to pkg-1.9.1, it is no longer possible to update the vulnerability list with 'pkg audit -F' if this command is issued from a jail. Running it from the host system works as expected. Force-reinstalling pkg-1.8.7_3 fixes the issue.

This is what happens on the host system:
$ uname -a 
FreeBSD BSD-Server.local 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 #0: Thu Aug 11 18:38:15 UTC 2016     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

$ freebsd-version
10.3-RELEASE-p10

$ pkg -v
1.9.1

$ sudo pkg audit -F
Fetching vuln.xml.bz2: 100%  646 KiB 661.1kB/s    00:01    
0 problem(s) in the installed packages found.

This is what happens within a jail:
# uname -a
FreeBSD Test-web.local 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 #0: Thu Aug 11 18:38:15 UTC 2016     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

# freebsd-version
10.3-RELEASE-p10

# pkg -v
1.9.1

# pkg audit -F
pkg: http://vuxml.freebsd.org/freebsd/vuln.xml.bz2: No address record
pkg: cannot fetch vulnxml file

# pkg add -f /var/ports/packages/All/pkg-1.8.7_3.txz
[Test-web.local] Installing pkg-1.8.7_3...
package pkg is already installed, forced install
[Test-web.local] Extracting pkg-1.8.7_3: 100%

# pkg -v
1.8.7


# pkg audit -F
[Test-web.local] Fetching vuln.xml.bz2: 100%  646 KiB 661.1kB/s    00:01    
0 problem(s) in the installed packages found.
Comment 1 Serge 2016-10-27 19:28:59 UTC 
When run from a jail, pkg-1.9.1 is also unable to fetch the pkg database.

# pkg search hwloc
pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly/meta.txz: No address record
pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly/packagesite.txz: No address record
pkg: Repository FreeBSD cannot be opened. 'pkg update' required


# pkg update
Updating FreeBSD repository catalogue...
pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly/meta.txz: No address record
repository FreeBSD has no meta file, using default settings
pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly/packagesite.txz: No address record
Unable to update repository FreeBSD
Comment 2 Serge 2016-10-30 03:57:00 UTC 
The latest version 1.9.2 behaves identically to 1.9.1, that is, fetching pkg  or vulnerability database fails with 'No address record' error.
Comment 3 Baptiste Daroussin freebsd_committer freebsd_triage 2016-12-08 09:31:27 UTC 
Can you try with pkg 1.9.4?
Comment 4 Serge 2016-12-08 20:59:35 UTC 
(In reply to Baptiste Daroussin from comment #3)

	Hi there,

My configuration has changed since I filed the issue. Right now I no longer have a 10.3 machine. I am running 11.0 and some jails with both 11.0 and 10.3 userland. Today I first checked pkg 1.9.3. I have two jails, one running 10.3 p13 and another, 10.3 p12. And fetching vuln.xml with pkg 1.9.3 works in p13, but does not work in p12.

After the upgrade to 1.9.4, pkg audit -F works in both p12 and p13. It also works in 11.0 jails that I have. 

So, I think that probably we can close this issue, even though the question of why it worked again after update to 10.3p13 remains.

	Thanks a lot for taking care of this!
	Serge.
Comment 5 Walter Schwarzenfeld 2018-01-12 10:58:36 UTC 
If I understand it right, the problem is solved. Please, close the PR.