-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Download of data from ftp.ripe.net fails silently #1
Comments
I verified the issue, and the problem is, that the stored MD5 hash of the apnic data does not match the hash of the dowloaded data.
The update simply exits when it sees hash mismatches, since it cannot do much about this by itself. The options are:
|
FYI, for some reason Ripe does not update the MD5 hash file of the Apnic data. The MD5 hash file on the Apnic upstream repo does match the actual MD5 hashes of both data files, namely the one on the Ripe mirror and the one on the Apnic upstram repo. EDIT: On the Ripe mirror the MD5 hash file of the Lacnic data is outdated as well. |
Thanks for looking into this. My brain somehow did not process the fact that Just out of curiosity: why use the MD5 hash at all? My understanding is, that to truly verify a file has not been tampered with during transfer, you'd need to get the hash file through some other means, preferably secure. Or is this simply meant as a basic checksum to ensure that the full file has been transferred? In any case, I have just reported this issue to RIPE NCC and hope they will look into it. |
The MD5 hash checking is really meant as checksum for file integrity. I use the update script in a weekly cron job, and some firewall rules rely on the proper functionality of the ipdb lookup. So, in the case of MD5 mismatches, I prefer that the database files are simply not touched and ipdb continues working. In the present case, the data files are correct and some of the MD5 hash files are outdated for some reasons. It could well be vice versa. There could be various scenarios which could corrupt a data file, either on the mirror or upstream. In my crontab I got:
Therefore, I receive an e-mail when something went wrong. The firewall would just work with the old IP db's for another day, and I would be able to troubleshoot the issue calmly without having any transtortions in the back. I didn't see the issue, because I am in Brazil and I use the Lacnic mirror, which can be accessed from here as fast as the Ripe mirror from somewhere in Europe. |
Response from RIPE NCC:
|
It looks like RIPE NCC has fixed the issues with incorrect MD5 files on their mirrors. |
Unfortunately it did not work for me, so I reported this back. Finally, they confirmed the issues to be resolved today and I can confirm it working on my end. In the meantime I made the script output a simple error message with the mismatching hashes. Would you consider adding something like that? |
Yes, please attach the changed script here, and I will have a look at it. This week I will be quite busy, and I cannot promise to work on it immediately, though. |
Environment
Issue
Recently, since about a week, download of IP data from
ftp.ripe.net
fails halfway through without any error output, just with an exit code of1
.Excerpt:
Using another RIR FTP like
ftp.apnic.net
orftp.lacnic.net
is extremely slow but completes as expected and exits cleanly with0
.The text was updated successfully, but these errors were encountered: