RSS Error when I Log In

ralphshinevar · November 12, 2019, 2:40am

/ Message template (english)

My YunoHost server

**Hardware: Old laptop or computer (Lenovo Think Server)
YunoHost version: 3.6.5.3
I have access to my server : Through SSH and through the web admin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes.
If yes, please explain: I have upgraded MariaDB to 10.4.10 to support a Learning Management System application using Custom Web App.

Description of my issue

When I login to Yunohost Admin I get this error:

“Could not retrieve feed: https://yunohost.org/security.rss. You might have a plugin prevent your browser from performing this request (or the website is down).”

I put the url into my browser and got a lot html/xml code. Is this on your end? The security.rss page? Or do I need to do something from here?

Thanks again for creating YunoHost!

Gunhed · November 14, 2019, 8:38am

Same issue here.

foobalu · November 14, 2019, 12:14pm

Same here…

SohKa · November 19, 2019, 8:55am

Hello !

Yesterday a new version of yunohost-admin has been released (3.6.5.1). In the changelog, I see this :

  - [fix] Disabling security.rss for now because there's a header issue preventing it from working, and hasnt been used in 2+ years anyway

So it should be solved, now.

matthieuv · November 22, 2019, 1:46pm

Same here, but system update does not work.

"Unable to update the cache of APT (Debian’s package manager). Here is a dump of the sources.list lines which might help to identify problematic lines :
sources.list:deb …

E: The repository ‘/…/debian stretch-updates Release’ does no longer have a Release file.

E: The repository ‘/…/debian stretch Release’ does no longer have a Release file.

E: The repository ‘/…/updates Release’ does no longer have a Release file.

E: The repository ‘/…/debian stretch Release’ does no longer have a Release file.

Fetching available upgrades for system packages…"

Any idea what’s going wrong ?

Thanks !

Aleks · November 22, 2019, 1:47pm

Uuuh did you replace some urls with ... ?

matthieuv · November 22, 2019, 1:52pm

Yes, i’m not allowed to post more than 2 urls

I can screenshot the error if you want ?

Aleks · November 22, 2019, 2:18pm

Hm yeah a screenshot would be nice I guess

matthieuv · November 22, 2019, 2:26pm

Here you are :

matthieuv · November 27, 2019, 7:56am

Do you have more info @Aleks ?

Aleks · November 27, 2019, 12:34pm

Uuuuh no, that’s just plain weird … Do you still have the issue right now ?

matthieuv · December 12, 2019, 2:17pm

[Update 12/8/2019] Still can’t update or access anything, can someone help ? or i’ll have to reinstall something ? @Aleks

[Edit 2] : been 14 days since last post, no answer, no solution, and the only thing I can do is edit because i’m not allowed to post new messages, this sucks very much… @SohKa @Aleks

I can’t login as admin, here’s the screen of the log

Website is down, can’t access nexcloud and others…

pintman · November 28, 2019, 3:07pm

I got the same problem when opening Tools -> Security-Feed.

SohKa · November 28, 2019, 4:07pm

This is normal. The release 3.6.5.1 fixed the issue by removing/disabling the automatic fetching of the rss feed from the main menu.

But indeed, if you open Tools -> Security-Feed, you’ll get the error because the underlying problem is still present. Since the feed hasn’t receive any update since a long time, there is no need to open Security-Feed anyway

pintman · November 28, 2019, 7:45pm

If there is no need for this and it is still producing some confusion - at least for me - why not removing the Tools > Security Feed option at all?

SohKa · November 28, 2019, 10:15pm

I’m not involved in the development of Yunohost, so I don’t have a direct explanation for you.

I can just suppose that removing this element from the web admin interface requires a bit of work (more than just disabling the automatic fetching from the main menu). And the devs are probably quite busy with some more important fixes/improvements.

Aleks · November 29, 2019, 1:18am

My opinion is that we should just collectively decide wether or not we’re willing to keep using that feature or not. Removing this RSS check when we login was just a hasty dirty fix because people were (legitimately) complaining about it.

Personally since we didn’t use it since 2 years despite important security issue (c.f. the last thing about PHP) I think it implicitly answer the question and we should indeed just drop the section from the webadmin entirely.

I proposed another method that should be more accurate to detect and warn users about security issues on their server like this : https://github.com/YunoHost/issues/issues/1438 but that obviously requires some work.

SohKa · December 12, 2019, 3:03pm

Hi,

First, it would have been wiser to create your own topic and not hijack this one. Secondly, avoid rudeness.

Did you already try to reboot your server ? If yes, connect to your server via ssh and send a screenshot of the following commands :

cat /etc/apt/sources.list
ls /etc/apt/sources.list.d
cat /etc/apt/sources.list.d/*
sudo yunohost tools diagnosis
ping -c5 ipv4.google.com
ping -c5 ipv6.google.com