Package: unbound Version: 1.9.0-1 Severity: grave Justification: renders package unusable
Immediately after installing 1.9.0-1, unbound refused to run after restart. System logs contained: Feb 6 11:00:24 annuminas package-helper[6142]: /var/lib/unbound/root.key has content Feb 6 11:00:24 annuminas unbound: [6146:0] notice: init module 0: subnet Feb 6 11:00:24 annuminas unbound: [6146:0] notice: init module 1: validator Feb 6 11:00:24 annuminas unbound: [6146:0] error: unable to open /var/lib/unbound/root.key for reading: No such file or directory Feb 6 11:00:24 annuminas systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE Feb 6 11:00:24 annuminas unbound: [6146:0] error: error reading auto-trust-anchor-file: /var/lib/unbound/root.key Feb 6 11:00:24 annuminas systemd[1]: unbound.service: Failed with result 'exit-code'. Feb 6 11:00:24 annuminas unbound: [6146:0] error: validator: error in trustanchors config Feb 6 11:00:24 annuminas unbound: [6146:0] error: validator: could not apply configuration settings. Feb 6 11:00:24 annuminas unbound: [6146:0] error: module init for module validator failed Feb 6 11:00:24 annuminas unbound: [6146:0] fatal error: failed to setup modules Feb 6 11:00:24 annuminas kernel: [1792989.896766] audit: type=1400 audit(1549468824.750:4639): apparmor="STATUS" operation="profile_replace" info="same as cur rent profile, skipping" profile="unconfined" name="/usr/sbin/unbound" pid=6149 comm="apparmor_parser" Feb 6 11:00:24 annuminas systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart. Feb 6 11:00:24 annuminas systemd[1]: unbound.service: Scheduled restart job, restart counter is at 1. Feb 6 11:00:25 annuminas systemd[1]: unbound.service: Control process exited, code=killed, status=15/TERM Feb 6 11:00:25 annuminas systemd[1]: unbound.service: Succeeded. Commenting out the contents of /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf allowed the process to start, presumably no longer validating DNSSEC. The /var/lib/unbound/root.key file is present and readable, as it was prior to the upgrade. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-1-amd64 (SMP w/12 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages unbound depends on: ii adduser 3.118 ii dns-root-data 2018091102 ii libc6 2.28-6 ii libevent-2.1-6 2.1.8-stable-4 ii libfstrm0 0.4.0-1 ii libprotobuf-c1 1.3.1-1+b1 ii libpython3.7 3.7.2-2 ii libssl1.1 1.1.1a-1 ii libsystemd0 240-5 ii lsb-base 10.2018112800 ii openssl 1.1.1a-1 ii unbound-anchor 1.9.0-1 unbound recommends no packages. Versions of packages unbound suggests: ii apparmor 2.13.2-7
