Fixing Error 171 in PeerGuardian 2.2.2

bridgey
   10 years ago
  0

So yesterday I installed PeerGuardian 2.2.2 onto my Linux Mint 15 box using the instructions in the wiki.

I thought I should update the blocklists before firing it up so I ran:

$ sudo pglcmd update

To my annoyance it failed. So I checked the log:

$ tail /var/log/pgl/pglcmd.log
2013-10-23 22:27:31 BST Begin: pglcmd update
Updating blocklists ...
 * Error 171: No connection to http://www.iblocklist.com/lists.xml. Aborting!

No connection?! My Internet connection was working just fine - I could browse the web, check my email, everything. Odd.

Guessing that pgl probably uses wget to actually download the updates I thought I'd try the download myself:

$ wget http://www.iblocklist.com/lists.xml
--2013-10-23 22:31:59-- http://www.iblocklist.com/lists.xml
Resolving www.iblocklist.com (www.iblocklist.com)... 69.72.235.243
Connecting to www.iblocklist.com (www.iblocklist.com)|69.72.235.243|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://www.iblocklist.com/lists.xml [following]
--2013-10-25 23:10:59-- https://www.iblocklist.com/lists.xml
Connecting to www.iblocklist.com (www.iblocklist.com)|69.72.235.243|:443... connected.
ERROR: cannot verify www.iblocklist.com's certificate, issued by ‘/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287’:
  Self-signed certificate encountered.
To connect to www.iblocklist.com insecurely, use `--no-check-certificate'.

Hmm, interesting: self-signed certificate. Chromium doesn't complain when I visit the site. I'm happy to trust the certificate so I need to add --no-check-certificate to pgl's wget options.

Make sure you're happy to trust the certificate too!

So, what are the current options:

$ sudo pglcmd show_config | grep wget
WGET_OPTS="wget -q -t 5 -T 120 -w 5 --user-agent=pglcmd/2.2.2"

Time to edit the conf file. Open /usr/local/etc/pgl/pglcmd.conf and add to it:

WGET_OPTS="wget -q -t 5 -T 120 -w 5 --user-agent=pglcmd/2.2.2 --no-check-certificate"

Always do a reload when you've changed the conf:

sudo pglcmd reload
 * Reloading PeerGuardian Linux pgld                 [ OK ]

Now, let's try and update:

$ sudo pglcmd update
 * Updating blocklists and reloading PeerGuardian Linux pgld                 [ OK ]

The following lists were updated:
 bluetack_dshield (last modified: 2013-10-25 01:50)
 bluetack_proxy (last modified: 2013-10-25 01:50)
 tbg_business-isps (last modified: 2013-10-25 02:34)
 tbg_general-corporate-ranges (last modified: 2013-10-25 02:38)
 tbg_primary-threats (last modified: 2013-10-25 02:47)

For the following lists there was no update available:
 atma_atma (last modified: 2012-06-22 04:20)
 tbg_bogon (last modified: 2013-10-19 11:25)
 tbg_hijacked (last modified: 2013-10-19 11:28)
 tbg_search-engines (last modified: 2013-10-22 11:36)

Lovely.

Comments
Woky 10 years ago

This is still relevant for todays update to version 2.2.3

(I did get a notification about the manual update failing, which I don't remember happening before)

bridgey 10 years ago

Thanks for the comment Woky. I had indeed made a copy-and-paste error on the location of pglcmd.log. I've now updated it in the tutorial.

I have /etc/pgl/pglcmd.conf too, but for whatever reason, adding the WGET_OPTS to this one made no difference. I also have the /usr/local/etc/pgl/pglcmd.conf file which did make the difference when I added the options. Hmm, maybe this is connected to the fact that I tried compiling pgl from source before realising it was available from a repo!

Woky 10 years ago

Thanks a lot for posting this, till now I'd been blissfully unaware that pgl was not updating as it should. (I'm pretty much a noob at linux)

As far as I can tell pgl doesn't notify you when it has a problem updating, unless you check the log. Which I've never done, since installing it a few weeks ago.

Got a nasty surprise when I took a look at the log on a whim after noticing this tutorial.

I had to customise your instructions a bit though:

To see the log (gui also has a log viewing option)
$ tail /var/log/pgl/pglcmd.log

"/usr/local/etc/pgl/pglcmd.conf" doesn't exist for me. Or not so as I can find it with "files". I found an abbrieviated conf file at "/etc/pgl/pglcmd.conf". To which I added your altered WGET_OPTS line.

Which seems to have worked fine as after a reload the change showed up in the ouptput from;
$ sudo pglcmd show_config

And the log now reflects the updates.

Thanks again for the posting this.

The --no-check-certificate option is not ideal but at least the lists are being updated for now.