BigFix Fixlet Unable to Download RPM packages for ALAS2-2022-1774 - Kernel Security update - Amazon linux 2 x86_64

I have been trying to deploy the update to our QA Amazon Linux Server and it keep failing.
It looks like the Fixlet may be pointing to a wrong package name/url as other Fixlets released recently are able to download files.

Error I am seeing when enable the CENTOS Download plugin Debug mode:

10448    : 2022-06-21 09:19:41 : INFO     :  New download: {'id': 29, 'file': 'E:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\bfmirror\\downloads\\ActiveDownloads\\dynamic_c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27', 'url': 'CentOSR2Protocol://get.file/aHR0cHM6Ly9jZG4uYW1hem9ubGludXguY29tLzIvY29yZS8yLjAveDg2XzY0LzU0NTRiZGFhZjNlMmZhOGQzYWFjMzU0YmQwYjlmMjEwNzlmOGVmYmZjOGIwNGZiNDBkYjQ2MmVkNDM0ZjlmMDQv/../../../../../blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm', 'sha256': {'algorithm': 'sha256', 'value': 'c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27'}, 'size': 455940}
10448    : 2022-06-21 09:19:41 : INFO     :  CentOS R2 Plugin download url CentOSR2Protocol://get.file/aHR0cHM6Ly9jZG4uYW1hem9ubGludXguY29tLzIvY29yZS8yLjAveDg2XzY0LzU0NTRiZGFhZjNlMmZhOGQzYWFjMzU0YmQwYjlmMjEwNzlmOGVmYmZjOGIwNGZiNDBkYjQ2MmVkNDM0ZjlmMDQv/../../../../../blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm.
10448    : 2022-06-21 09:19:41 : DEBUG    :  op: get.file, params: aHR0cHM6Ly9jZG4uYW1hem9ubGludXguY29tLzIvY29yZS8yLjAveDg2XzY0LzU0NTRiZGFhZjNlMmZhOGQzYWFjMzU0YmQwYjlmMjEwNzlmOGVmYmZjOGIwNGZiNDBkYjQ2MmVkNDM0ZjlmMDQv/../../../../../blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm
10448    : 2022-06-21 09:19:41 : DEBUG    :  Getting URL for aHR0cHM6Ly9jZG4uYW1hem9ubGludXguY29tLzIvY29yZS8yLjAveDg2XzY0LzU0NTRiZGFhZjNlMmZhOGQzYWFjMzU0YmQwYjlmMjEwNzlmOGVmYmZjOGIwNGZiNDBkYjQ2MmVkNDM0ZjlmMDQv, ../../../../../blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm.
10448    : 2022-06-21 09:19:41 : DEBUG    :  repo base: https://cdn.amazonlinux.com/2/core/2.0/x86_64/5454bdaaf3e2fa8d3aac354bd0b9f21079f8efbfc8b04fb40db462ed434f9f04/
10448    : 2022-06-21 09:19:41 : DEBUG    :  Parsed URL:https://cdn.amazonlinux.com/blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm
10448    : 2022-06-21 09:19:41 : DEBUG    :  Getting url https://cdn.amazonlinux.com/blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm to file E:\Program Files (x86)\BigFix Enterprise\BES Server\wwwrootbes\bfmirror\downloads\ActiveDownloads\dynamic_c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27.
10448    : 2022-06-21 09:19:41 : DEBUG    :  Getting url https://cdn.amazonlinux.com/blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm.
10448    : 2022-06-21 09:19:41 : INFO     :  OS proxy settings: {}
10448    : 2022-06-21 09:19:41 : DEBUG    :  User-Agent: 'Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0'
10448    : 2022-06-21 09:19:42 : DEBUG    :  Download failed with an exception for URL https://cdn.amazonlinux.com/blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm.
10448    : 2022-06-21 09:19:42 : DEBUG    :  Exception
Traceback (most recent call last):
  File "dload\util\urllibwrapper.py", line 208, in get_response
  File "urllib\request.py", line 222, in urlopen
  File "urllib\request.py", line 531, in open
  File "urllib\request.py", line 641, in http_response
  File "urllib\request.py", line 569, in error
  File "urllib\request.py", line 503, in _call_chain
  File "urllib\request.py", line 649, in http_error_default
urllib.error.HTTPError: HTTP Error 403: Forbidden
10448    : 2022-06-21 09:19:42 : WARNING  :  Download failed. Please enable DEBUG logs for more information.
10448    : 2022-06-21 09:19:42 : DEBUG    :  Exception
Traceback (most recent call last):
  File "centos\centosdownloader.py", line 157, in download_from_centos
  File "centos\centosdownloader.py", line 65, in download_dload_url
  File "dload\util\urllibwrapper.py", line 264, in get_to_file
  File "dload\util\urllibwrapper.py", line 208, in get_response
  File "urllib\request.py", line 222, in urlopen
  File "urllib\request.py", line 531, in open
  File "urllib\request.py", line 641, in http_response
  File "urllib\request.py", line 569, in error
  File "urllib\request.py", line 503, in _call_chain
  File "urllib\request.py", line 649, in http_error_default
urllib.error.HTTPError: HTTP Error 403: Forbidden
10448    : 2022-06-21 09:19:42 : ERROR    :  Unexpected error during download: [Errno 2] No such file or directory: 'E:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\bfmirror\\downloads\\ActiveDownloads\\dynamic_c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27'
10448    : 2022-06-21 09:19:42 : DEBUG    :  Exception
Traceback (most recent call last):
  File "dload\plugin.py", line 81, in handle_download
  File "centos\ua.py", line 150, in download
  File "dload\util\urllibwrapper.py", line 276, in calculate_metadata
FileNotFoundError: [Errno 2] No such file or directory: 'E:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\bfmirror\\downloads\\ActiveDownloads\\dynamic_c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27'
10448    : 2022-06-21 09:19:42 : WARNING  :  Download failed. Reason: Unexpected error during download: [Errno 2] No such file or directory: 'E:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\bfmirror\\downloads\\ActiveDownloads\\dynamic_c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27'
10448    : 2022-06-21 09:19:42 : WARNING  :  Some downloads have failed.
10448    : 2022-06-21 09:19:42 : INFO     :  Plugin returned with code 1.
18716    : 2022-06-21 09:29:44 : Level 1911 :  CentOS R2 Download Plugin version 1.0.0.5. Gonna get to work now.
18716    : 2022-06-21 09:29:44 : INFO     :  Using regular HTTP wrapper.
18716    : 2022-06-21 09:29:44 : DEBUG    :  Unforced setup.
18716    : 2022-06-21 09:29:44 : DEBUG    :  Unforced setup.
18716    : 2022-06-21 09:29:44 : DEBUG    :  Disabling SSL certificate verification.
18716    : 2022-06-21 09:29:44 : DEBUG    :  Unforced setup.
18716    : 2022-06-21 09:29:44 : INFO     :  New download: {'id': 32, 'file': 'E:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\bfmirror\\downloads\\ActiveDownloads\\dynamic_c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27', 'url': 'CentOSR2Protocol://get.file/aHR0cHM6Ly9jZG4uYW1hem9ubGludXguY29tLzIvY29yZS8yLjAveDg2XzY0LzU0NTRiZGFhZjNlMmZhOGQzYWFjMzU0YmQwYjlmMjEwNzlmOGVmYmZjOGIwNGZiNDBkYjQ2MmVkNDM0ZjlmMDQv/../../../../../blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm', 'sha256': {'algorithm': 'sha256', 'value': 'c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27'}, 'size': 455940}
18716    : 2022-06-21 09:29:44 : INFO     :  CentOS R2 Plugin download url CentOSR2Protocol://get.file/aHR0cHM6Ly9jZG4uYW1hem9ubGludXguY29tLzIvY29yZS8yLjAveDg2XzY0LzU0NTRiZGFhZjNlMmZhOGQzYWFjMzU0YmQwYjlmMjEwNzlmOGVmYmZjOGIwNGZiNDBkYjQ2MmVkNDM0ZjlmMDQv/../../../../../blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm.
18716    : 2022-06-21 09:29:44 : DEBUG    :  op: get.file, params: aHR0cHM6Ly9jZG4uYW1hem9ubGludXguY29tLzIvY29yZS8yLjAveDg2XzY0LzU0NTRiZGFhZjNlMmZhOGQzYWFjMzU0YmQwYjlmMjEwNzlmOGVmYmZjOGIwNGZiNDBkYjQ2MmVkNDM0ZjlmMDQv/../../../../../blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm
18716    : 2022-06-21 09:29:44 : DEBUG    :  Getting URL for aHR0cHM6Ly9jZG4uYW1hem9ubGludXguY29tLzIvY29yZS8yLjAveDg2XzY0LzU0NTRiZGFhZjNlMmZhOGQzYWFjMzU0YmQwYjlmMjEwNzlmOGVmYmZjOGIwNGZiNDBkYjQ2MmVkNDM0ZjlmMDQv, ../../../../../blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm.
18716    : 2022-06-21 09:29:44 : DEBUG    :  repo base: https://cdn.amazonlinux.com/2/core/2.0/x86_64/5454bdaaf3e2fa8d3aac354bd0b9f21079f8efbfc8b04fb40db462ed434f9f04/
18716    : 2022-06-21 09:29:44 : DEBUG    :  Parsed URL:https://cdn.amazonlinux.com/blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm
18716    : 2022-06-21 09:29:44 : DEBUG    :  Getting url https://cdn.amazonlinux.com/blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm to file E:\Program Files (x86)\BigFix Enterprise\BES Server\wwwrootbes\bfmirror\downloads\ActiveDownloads\dynamic_c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27.
18716    : 2022-06-21 09:29:44 : DEBUG    :  Getting url https://cdn.amazonlinux.com/blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm.
18716    : 2022-06-21 09:29:44 : INFO     :  OS proxy settings: {}
18716    : 2022-06-21 09:29:44 : DEBUG    :  User-Agent: 'Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0'
18716    : 2022-06-21 09:29:44 : DEBUG    :  Download failed with an exception for URL https://cdn.amazonlinux.com/blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc++-7.3.1-14.amzn2.x86_64.rpm.
18716    : 2022-06-21 09:29:44 : DEBUG    :  Exception
Traceback (most recent call last):
  File "dload\util\urllibwrapper.py", line 208, in get_response
  File "urllib\request.py", line 222, in urlopen
  File "urllib\request.py", line 531, in open
  File "urllib\request.py", line 641, in http_response
  File "urllib\request.py", line 569, in error
  File "urllib\request.py", line 503, in _call_chain
  File "urllib\request.py", line 649, in http_error_default
urllib.error.HTTPError: HTTP Error 403: Forbidden
18716    : 2022-06-21 09:29:44 : WARNING  :  Download failed. Please enable DEBUG logs for more information.
18716    : 2022-06-21 09:29:44 : DEBUG    :  Exception
Traceback (most recent call last):
  File "centos\centosdownloader.py", line 157, in download_from_centos
  File "centos\centosdownloader.py", line 65, in download_dload_url
  File "dload\util\urllibwrapper.py", line 264, in get_to_file
  File "dload\util\urllibwrapper.py", line 208, in get_response
  File "urllib\request.py", line 222, in urlopen
  File "urllib\request.py", line 531, in open
  File "urllib\request.py", line 641, in http_response
  File "urllib\request.py", line 569, in error
  File "urllib\request.py", line 503, in _call_chain
  File "urllib\request.py", line 649, in http_error_default
urllib.error.HTTPError: HTTP Error 403: Forbidden
18716    : 2022-06-21 09:29:44 : ERROR    :  Unexpected error during download: [Errno 2] No such file or directory: 'E:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\bfmirror\\downloads\\ActiveDownloads\\dynamic_c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27'
18716    : 2022-06-21 09:29:44 : DEBUG    :  Exception
Traceback (most recent call last):
  File "dload\plugin.py", line 81, in handle_download
  File "centos\ua.py", line 150, in download
  File "dload\util\urllibwrapper.py", line 276, in calculate_metadata
FileNotFoundError: [Errno 2] No such file or directory: 'E:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\bfmirror\\downloads\\ActiveDownloads\\dynamic_c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27'
18716    : 2022-06-21 09:29:44 : WARNING  :  Download failed. Reason: Unexpected error during download: [Errno 2] No such file or directory: 'E:\\Program Files (x86)\\BigFix Enterprise\\BES Server\\wwwrootbes\\bfmirror\\downloads\\ActiveDownloads\\dynamic_c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27'
18716    : 2022-06-21 09:29:44 : WARNING  :  Some downloads have failed.
18716    : 2022-06-21 09:29:44 : INFO     :  Plugin returned with code 1.


FWIW a yum command to list available updates for the system that I am trying to patch shows a newer version of the package:

Even more, the update is for Linux Kernel , why is it trying to install other updates?

https://alas.aws.amazon.com/AL2/ALAS-2022-1774.html

Hi @fermt

As you noted, it seems the kernel packages in question have been updated by Amazon.
We are working on the issue and we aim to provide an updated version of the fixlet.

You probably need to wait until tomorrow; I will share more accurate timeline as I have information from the Patch Team.

Thanks
Alessandro De Lorenzi
HCL BigFix Product Manager
Patch Team

The Patch team completed the analysis of this issue, and discovered that that the CentOS R2 Download Plugin does not support special characters in the name of the package (in this case the special char is +).
The team is already working to fix this issue, and the current ETA for publishing the new version of the plugin is July 15th.

As a temporary workaround, customers can perform the followings:
• Download the file libstdc++-7.3.1-14.amzn2.x86_64.rpm manually. It s succrently available from this URL (please note that the URL may be changed in future): https://cdn.amazonlinux.com/blobstore/c6d92795e68573d6370d33d54e662bfabb31c11188d0c0c80afd4638be293d27/libstdc%2B%2B-7.3.1-14.amzn2.x86_64.rpm
• Rename the downloaded file to 9C3F80A5D0D2B0978C7A50B6E44BAFACC2C59C88
• Copy Paste the renamed file into server’s cache :
%BES Server Location%\wwwrootbes\bfmirror\downloads\sha1 folder

This workaround will prevent that the server will use the download plugin to download the failing package, and the fixlet will deploy successfully.

Thanks
Alessandro De Lorenzi
HCL BigFix Product Manager
Patch Team

1 Like

Hello Alessandro,

I appreciate your time and the provided workaround.

However, how was it possible that this was not detected in the QA phase of the Fixlet’s development?

This is at least the second time that content delivered by the BigFix patch team contains action scripts that will never execute successfully(The last one that I remember was trying to execute installers from a wrong location).
Fortunately, we always run test of the fixlets before pushing to production but I’m not sure if the Patch team performs tests before releasing the content to the public.