On 10 Jan 2019, at 23:15, listsb wrote:
On Jan 10, 2019, at 06.05, Kevin A. McGrail <kmcgr...@apache.org>
wrote:
I believe this is a known issue fixed in svn. We need to get 3.4.3
out the door for this. Are you able to test with the 3.4 branch from
svn?
thanks. i've done a crude test just grabbing sa-update from svn, with
some progress:
sa-update -v --allowplugins --channelfile
/etc/spamassassin/sa-update-conf.d/channels.txt --gpgkeyfile
/etc/spamassassin/sa-update-conf.d/sa-update-keys.txt --gpghomedir
/var/lib/spamassassin/sa-update-keys
Update available for channel sought.rules.yerp.org: -1 ->
3402014020421
http: (curl) GET http://yerp.org/rules/MIRRORED.BY, success
http: (curl) GET
http://rules.yerp.org.s3.amazonaws.com/rules/stage/3402014020421.tar.gz,
success
http: (curl) GET
http://rules.yerp.org.s3.amazonaws.com/rules/stage/3402014020421.tar.gz.sha512,
FAILED, status: exit 22
http: (curl) GET
http://rules.yerp.org.s3.amazonaws.com/rules/stage/3402014020421.tar.gz.sha256,
FAILED, status: exit 22
http: (curl) GET
http://rules.yerp.org.s3.amazonaws.com/rules/stage/3402014020421.tar.gz.asc,
success
channel 'sought.rules.yerp.org': could not find working mirror,
channel failed
Update failed, exiting with code 4
it parses the url properly now, but still fails.
This breakage is a FEATURE, not a bug.
i guess it doesn't like only having the asc file?
Correct. That channel provides no usable hash file and so cannot work
with sa-update. If you would like a version of sa-update that does not
require hash files, hack it up at will: that's what open source is for.
Also, the signature is bad:
$ gpg --verify -v 3402014020421.tar.gz.asc
gpg: armor header: Version: GnuPG v1.4.10 (GNU/Linux)
gpg: assuming signed data in '3402014020421.tar.gz'
gpg: Signature made Tue Feb 4 16:48:02 2014 EST
gpg: using DSA key DC85341F6C6191E3
gpg: Note: signature key DC85341F6C6191E3 expired Wed Aug 9 19:29:42
2017 EDT
gpg: Note: signature key DC85341F6C6191E3 expired Wed Aug 9 19:29:42
2017 EDT
gpg: Note: signature key DC85341F6C6191E3 expired Wed Aug 9 19:29:42
2017 EDT
gpg: using pgp trust model
gpg: BAD signature from "Justin Mason Signing Key (Code Signing Only)
<signing...@jmason.org>" [expired]
gpg: binary signature, digest algorithm SHA1, key algorithm dsa1024
And finally: that rule channel has not been updated in almost 4 years
and almost surely will never be updated again. Trying to use sa-update
with it is pointless and dangerous and so it SHOULD break. If the
theory and praxis behind the final round of generation and scoring of
the SOUGHT rules was valid in 2014, they would be essentially worthless
against the mythical average mailstream of 2019. They may or may not be
useful for any particular mailstream today but in any case they are
unmaintained and unsupported. No one should use them without local
testing and ongoing local oversight of their performance against one's
local mailstream.
