# After update pkg. FreeBSD 10.3



## RockerMan (Mar 1, 2017)

Hi

After the next update multiple ports vulnerabilities, including port pkg, stopped working pkg audit in daily security run output.
Writes error:

```
Checking for packages with security vulnerabilities:
Database fetched: Mon Feb 27 03:34:35 MSK 2017
pkg: sqlite error while executing sqlite open in file pkgdb.c:1107: unable to open database file

-- End of security output --
```
on two servers.
Anyone encountered such a mistake?
How to remove it?

PS.
At the same time, on the server console command works fine

```
# pkg audit
0 problem(s) in the installed packages found.
```


----------



## SirDice (Mar 1, 2017)

Try forcing an update of the repository data; `pkg update -f`. I'm guessing it's that database that's corrupted.


----------



## RockerMan (Mar 1, 2017)

Sorry I did not write, but I've done this update. Did again restarted for /etc/crontab. I also reinstalled sqlite3 from port, it did not help.

```
Checking for packages with security vulnerabilities:
Database fetched: Wed Mar  1 05:41:14 MSK 2017
pkg: sqlite error while executing sqlite open in file pkgdb.c:1107: unable to open database file

-- End of security output --
```


```
# pkg audit
0 problem(s) in the installed packages found.
```


----------



## SirDice (Mar 1, 2017)

RockerMan said:


> I also reinstalled sqlite3 from port, it did not help.


ports-mgmt/pkg doesn't use it, it has its own SQLite code.

What version of pkg do you have? And on what version of FreeBSD?


----------



## RockerMan (Mar 1, 2017)

ok

```
# pkg -v
1.10.0
# uname -a
FreeBSD prime-prx 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: Mon Oct 24 18:49:24 UTC 2016     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
```


----------



## SirDice (Mar 1, 2017)

I'm starting to think it might be a permission issue. Because it works if you run the commands by hand as root. What does `ls -al /var/db/pkg` show?


----------



## RockerMan (Mar 1, 2017)

of course

```
root@prime-prx:/var/db/pkg # ls -al
total 52420
drwxr-xr-x  48 root  wheel      1536 Mar  1 14:00 .
drwxr-xr-x  13 root  wheel       512 Feb  7 15:44 ..
-rw-r--r--   1 root  wheel       246 Feb 28 04:59 FreeBSD.meta
drwxr-xr-x   2 root  wheel       512 Dec  9 11:45 apache22-2.2.31_1
drwxr-xr-x   2 root  wheel       512 Dec  9 11:44 apr-1.5.2.1.5.4_2
drwxr-xr-x   2 root  wheel       512 Oct 20 16:50 autoconf-2.69_1
drwxr-xr-x   2 root  wheel       512 Feb 27 10:44 ca_root_nss-3.29.1
drwxr-xr-x   2 root  wheel       512 Feb  8 10:17 chkrootkit-0.51
drwxr-xr-x   2 root  wheel       512 Feb  8 09:50 cmake-3.7.2
drwxr-xr-x   2 root  wheel       512 Feb  8 09:50 cmake-modules-3.7.2
drwxr-xr-x   2 root  wheel       512 Feb 27 10:44 curl-7.53.1
drwxr-xr-x   2 root  wheel       512 Dec  9 11:43 db5-5.3.28_6
drwxr-xr-x   2 root  wheel       512 Oct 20 16:50 dialog4ports-0.1.6
drwxr-xr-x   2 root  wheel       512 Dec  9 11:43 expat-2.2.0_1
drwxr-xr-x   2 root  wheel       512 Feb  8 09:17 gettext-runtime-0.19.8.1_1
drwxr-xr-x   2 root  wheel       512 Feb  8 09:19 gettext-tools-0.19.8.1
drwxr-xr-x   2 root  wheel       512 Feb  8 10:29 glib-2.46.2_4
drwxr-xr-x   2 root  wheel       512 Oct 20 16:50 gmake-4.2.1_1
drwxr-xr-x   2 root  wheel       512 Feb  8 10:01 gnutls-3.5.8
drwxr-xr-x   2 root  wheel       512 Dec  9 11:26 indexinfo-0.2.6
drwxr-xr-x   2 root  wheel       512 Feb  8 09:38 jsoncpp-1.8.0_1
drwxr-xr-x   2 root  wheel       512 Feb  8 10:23 libgcrypt-1.7.6
drwxr-xr-x   2 root  wheel       512 Feb  8 10:23 libgpg-error-1.26
drwxr-xr-x   2 root  wheel       512 Dec  9 11:25 libiconv-1.14_10
drwxr-xr-x   2 root  wheel       512 Feb  8 10:22 libssh2-1.8.0,3
drwxr-xr-x   2 root  wheel       512 Feb  8 09:53 libtasn1-4.10
drwxr-xr-x   2 root  wheel       512 Feb  8 09:53 libunistring-0.9.7
drwxr-xr-x   2 root  wheel       512 Feb  8 09:39 libuv-1.11.0
-rw-r--r--   1 root  wheel   6475776 Feb 28 16:14 local.sqlite
drwxr-xr-x   2 root  wheel       512 Feb  8 09:37 m4-1.4.18,1
drwxr-xr-x   2 root  wheel       512 Feb 27 10:52 net-snmp-5.7.3_12
drwxr-xr-x   2 root  wheel       512 Feb  8 09:54 nettle-3.3
drwxr-xr-x   2 root  wheel       512 Feb 15 13:17 nginx-1.10.3_1,2
drwxr-xr-x   2 root  wheel       512 Dec  9 11:38 nmap-7.31
drwxr-xr-x   2 root  wheel       512 Feb 15 13:16 openssl-1.0.2k_1,1
drwxr-xr-x   2 root  wheel       512 Feb  8 09:57 p11-kit-0.23.3
drwxr-xr-x   2 root  wheel       512 Feb  8 10:26 pcre-8.40
drwxr-xr-x   2 root  wheel       512 Oct 20 16:48 perl5-5.20.3_15
drwxr-xr-x   2 root  wheel       512 Feb 28 12:10 pkg-1.10.0_1
drwxr-xr-x   2 root  wheel       512 Feb 28 12:11 pkgconf-1.3.0
drwxr-xr-x   2 root  wheel       512 Oct 20 16:55 png-1.6.25
drwxr-xr-x   2 root  wheel       512 Feb  8 09:41 py27-docutils-0.13.1
drwxr-xr-x   2 root  wheel       512 Feb  8 09:36 py27-setuptools27-32.1.0
drwxr-xr-x   2 root  wheel       512 Feb  8 09:42 py27-sphinx-1.4.8,1
drwxr-xr-x   2 root  wheel       512 Feb  8 09:36 python27-2.7.13_1
-rw-r--r--   1 root  wheel  41967616 Feb 28 04:59 repo-FreeBSD.sqlite
drwxr-xr-x   2 root  wheel       512 Feb  8 09:37 scons-2.5.1
drwxr-xr-x   2 root  wheel       512 Feb 27 10:46 sqlite3-3.17.0
drwxr-xr-x   2 root  wheel       512 Feb  8 09:31 sudo-1.8.19p2
drwxr-xr-x   2 root  wheel       512 Feb  8 10:22 tripwire-2.4.3.2
-r--r--r--   1 root  wheel   4908955 Mar  1 05:41 vuln.xml
drwxr-xr-x   2 root  wheel       512 Dec  9 11:26 wget-1.18
```
with rights all right

```
-rw-r--r--   1 root  wheel   6475776 Feb 28 16:14 local.sqlite
```


----------



## RockerMan (Mar 1, 2017)

reboot my desktop, login to server, from console too not work

```
# pkg audit
pkg: sqlite error while executing sqlite open in file pkgdb.c:1107: unable to open database file
```


----------



## RockerMan (Mar 1, 2017)

reinstall pkg from ports, and work from console

```
# pkg audit
0 problem(s) in the installed packages found.
```


----------



## slaru (Mar 1, 2017)

I have the same `pkg audit` problem.  I tried the other suggestions in this thread.  I nuked my /usr/local and /var/db/pkg directories, bootstrapped, and reinstalled packages.  Still getting the same `pkg audit` problem.


```
# pkg audit
pkg: sqlite error while executing sqlite open in file pkgdb.c:1107: unable to open database file
# pkg -v
1.10.0
# uname -a
FreeBSD *** 11.0-RELEASE-p8 FreeBSD 11.0-RELEASE-p8 #0: Wed Feb 22 06:12:04 UTC 2017     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
```


----------



## cpm@ (Mar 1, 2017)

It has been reported via bugzilla. See PR 217390.


----------



## wekers (Mar 1, 2017)

confirmed, happens here too.


----------



## cpm@ (Mar 1, 2017)

RockerMan 

Can you provide the following output?

`truss pkg audit`


----------



## RockerMan (Mar 2, 2017)

yes


----------



## RockerMan (Mar 2, 2017)

In principle, change the permissions on the directory root (see PR 217390) corrected error "pkg: sqlite error ...".
But security policy requires a directory root setup rights 0700.


----------



## tsarya (Mar 2, 2017)

I have the same issue, my /root being 0700:

```
# pkg audit
pkg: sqlite error while executing sqlite open in file pkgdb.c:1107: unable to open database file
```

pkg version:

```
# pkg -v
1.10.0
```

If I run the same command under /var/db/pkg it works fine:

```
# cd /var/db/pkg/ && pkg audit
0 problem(s) in the installed packages found.
```


----------



## RockerMan (Mar 6, 2017)

Hi

Yes, the same situation. With 
	
	



```
cd /var/db/pkg/ && pkg audit
```
 work.
Tell me pls, what script performs "daily security run output" that's this part:
"Checking for packages with security vulnerabilities:"?
To be able to insert it in "cd /var/db/pkg/ && pkg audit"?


----------



## tsarya (Mar 6, 2017)

As a workaround, I set my /root folder to 0755. This btw is the default after a fresh install.
What you can do is, while waiting for a fix, to make sure all sub-folders under /root are 0700.
Also, you can set the `umask`for your shell to 077 so that all new directories and files created by root have 0700 and 0600 permissions.


----------



## RockerMan (Mar 7, 2017)

OK!

Thanks


----------



## Jim Trigg (Mar 11, 2017)

Safer fix: modify /usr/local/etc/periodic/security/410.pkg-audit and in the audit_pkgs() function add "cd /" before the first if statement. That fixes all of the daily/weekly/monthly security checks. Then you just need to make sure that when you run it manually you're in an accessible directory.


----------



## cpm@ (Mar 18, 2017)

The following patch fixes sqlite3 path lookup issue introduced in r434755.


----------



## dvl@ (Mar 22, 2017)

I encountered a similar problem today.  The cause of the problem: my pwd was a deleted directory.

i.e. something like this:


```
# cd ~/tmp/log
# rm -rf ~/tmp
# pkg info
pkg: sqlite error while executing sqlite open in file pkgdb.c:1107: unable to open database file
```

Solution: cd to an existing directory


----------



## wekers (Mar 29, 2017)

Was Fixed on pkg version: 1.10.1


----------



## Prostir (Apr 4, 2017)

Hi!
I have a similar problem:
FreeBSD version 11.0-RELEASE-p8

`portmaster -a -f -D -R`

```
pkg: sqlite error while executing sqlite open in file pkgdb.c:1126: unable to open database file
......
......
Installing wget-1.19...
===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/bin/wget

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://www.gnu.org/s/wget/

===>>> Re-installation of wget-1.19 succeeded

===>>> Returning to update check of installed ports

===>>> Update check of installed ports complete

pkg: sqlite error while executing sqlite open in file pkgdb.c:1126: unable to open database file
===>>> Done displaying pkg-message files

===>>> The following actions were performed:
        Re-installation of pkg-1.10.1
        Re-installation of perl5-5.24.1
        Re-installation of ca_root_nss-3.30
        Re-installation of dialog4ports-0.1.6
        Re-installation of nload-0.7.4_1
        Re-installation of pkgconf-1.3.0,1
        Re-installation of portmaster-3.17.10
        Re-installation of libiconv-1.14_10
        Re-installation of indexinfo-0.2.6
        Re-installation of gettext-runtime-0.19.8.1_1
        Re-installation of gettext-tools-0.19.8.1
        Re-installation of gmake-4.2.1_1
        Re-installation of tree-1.7.0
        Re-installation of autoconf-wrapper-20131203
        Re-installation of automake-wrapper-20131203
        Re-installation of cscope-15.8b
        Re-installation of ctags-5.8
        Re-installation of p5-Locale-gettext-1.06
        Re-installation of help2man-1.47.4
        Re-installation of texinfo-6.1.20160425,1
        Re-installation of m4-1.4.18,1
        Re-installation of autoconf-2.69_1
        Re-installation of automake-1.15_1
        Re-installation of libtool-2.4.6
        Re-installation of fusefs-libs-2.9.5
        Re-installation of icu-58.2,1
        Re-installation of libdnet-1.12_1
        Re-installation of libedit-3.1.20170329_2,1
        Re-installation of libevent-2.1.8
        Re-installation of libmspack-0.5
        Re-installation of libssh2-1.8.0,3
        Re-installation of libxml2-2.9.4
        Re-installation of libyaml-0.1.6_2
        Re-installation of tcl86-8.6.6_2
        Re-installation of xerces-c3-3.1.4
        Re-installation of apache-xml-security-c-1.7.3
        Re-installation of libffi-3.2.1
        Re-installation of readline-6.3.8
        Re-installation of pcre-8.40
        Re-installation of python27-2.7.13_1
        Re-installation of glib-2.50.2,1
        Re-installation of libidn-1.33_1
        Re-installation of libmetalink-0.1.3
        Re-installation of lua52-5.2.4
        Re-installation of ruby-2.3.3_2,1
        Re-installation of bison-3.0.4,1
        Re-installation of bash-4.4.12_1
        Re-installation of mc-4.8.19_1
        Re-installation of open-vm-tools-nox11-10.1.0_1,2
        Re-installation of python36-3.6.1
        Re-installation of rsync-3.1.2_6
        Re-installation of sqlite3-3.18.0
        Re-installation of sudo-1.8.19p2
        Re-installation of tmux-2.3_2
        Re-installation of vim-8.0.0534
        Re-installation of wget-1.19
```


```
# pkg audit
0 problem(s) in the installed packages found.
# pkg -v
1.10.1
```
All the software I installed with portmaster(8).


----------



## DeadLoco (Jun 5, 2017)

wekers said:


> Was Fixed on pkg version: 1.10.1


No, it doesn't.


```
pkg: sqlite error while executing sqlite open in file pkgdb.c:1126: unable to open database file
===>>> Done displaying pkg-message files
```

I've got that message in spite of PWD I'm in. 


```
> pkg -v
1.10.1
```


----------



## VRx (Jun 5, 2017)

reinstall mysql. that fixed it for me.

It said it couldn't open a file. It would have been good to know which file.


----------



## SirDice (Jun 7, 2017)

pkg(8) uses SQLite databases, so reinstalling MySQL does absolutely nothing to fix the issue.


----------



## zapata (Jul 12, 2017)

I often get this error (on different machines) updating ports, e.g. `portmaster nginx` on FreeBSD 10.3 and 11.1-PRERELEASE. :-(


----------



## aaronbaugher (Jul 14, 2017)

```
pkg: sqlite error while executing sqlite open in file pkgdb.c:1126: unable to open database file
```

The code that triggers this error is:


```
if (sqlite3_open("local.sqlite", &db->sqlite) != SQLITE_OK) {
```

That file, "local.sqlite", is in /var/db/pkg.  Yet I still get the error if I cd into that directory before running portmaster.  So my guess at this point is that somewhere earlier in the code it's getting itself into the wrong current directory, or something like that which keeps it from being able to open that file.

It doesn't seem to hurt anything.  /var/db/pkg/local.sqlite is still getting updated.  pkg still works, and I can open that file with sqlite3.


----------



## uzsolt (Jul 20, 2017)

aaronbaugher said:


> ```
> pkg: sqlite error while executing sqlite open in file pkgdb.c:1126: unable to open database file
> ```


PR 220114


----------



## zapata (Aug 2, 2017)

I have seen this PR and the issue at Github , but I am not running pkg from a non-existent directory!
# pwd
/root
# portmaster security/ca_root_nss
[...]
pkg: sqlite error while executing sqlite open in file pkgdb.c:1126: unable to open database file

If I remove pkg-message from  SUB_FILES the error is gone.

After more testing I think the error does not appear on 12.0-current (pkg) and 11-RELEASE/STABLE (pkg-devel).


----------



## ironudjin (Oct 15, 2017)

zapata said:


> pkg: sqlite error while executing sqlite open in file pkgdb.c:1126: unable to open database file


I've got exactly the same error on 11-STABLE r324545 when I upgrade software use portmaster.
`pkg audit` or `pkg info` don't report any problems.

P.S: pkg-1.10.1


----------

