Your message dated Mon, 14 Nov 2016 04:05:27 +0100
with message-id
<1479092727.3578622.786639337.420db...@webmail.messagingengine.com>
and subject line Re: Bug#843532: [Pkg-dns-devel] Bug#843532: Bug#843532:
dnssec-trigger: broken by OpenSSL 1.1.0
has caused the Debian Bug report #843532,
regarding dnssec-trigger: broken by OpenSSL 1.1.0
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
843532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843532
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dnssec-trigger
Version: 0.13~svn685-6
Severity: critical
Justification: renders package unusable
On upgrading dnssec-trigger within unstable, the postinst fails with
errors from systemd:
Setting up dnssec-trigger (0.13~svn685-6) ...
Job for dnssec-triggerd.service failed because the control process exited with
error code.
See "systemctl status dnssec-triggerd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript dnssec-triggerd, action "start" failed.
● dnssec-triggerd.service - Reconfigure local DNSSEC resolver on connectivity
changes
Loaded: loaded (/lib/systemd/system/dnssec-triggerd.service; enabled; vendor
preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Mon 2016-11-07
08:25:41 EST; 3ms ago
Process: 8425 ExecStopPost=/usr/lib/dnssec-trigger/dnssec-trigger-script
--cleanup (code=exited, status=1/FAILURE)
Process: 8423 ExecStartPost=/usr/lib/dnssec-trigger/dnssec-trigger-script
--update (code=exited, status=1/FAILURE)
Process: 8422 ExecStart=/usr/sbin/dnssec-triggerd -d (code=exited,
status=1/FAILURE)
Process: 8421 ExecStartPre=/usr/lib/dnssec-trigger/dnssec-trigger-script
--prepare (code=exited, status=0/SUCCESS)
Main PID: 8422 (code=exited, status=1/FAILURE)
Nov 07 08:25:41 moxana systemd[1]: dnssec-triggerd.service: Unit entered fa…ate.
Nov 07 08:25:41 moxana systemd[1]: dnssec-triggerd.service: Failed with res…de'.
Hint: Some lines were ellipsized, use -l to show in full.
dpkg: error processing package dnssec-trigger (--configure):
subprocess installed post-installation script returned error exit status 1
The real error message is hiding in "journalctl -xe":
-- Unit dnssec-triggerd.service has begun starting up.
Nov 07 08:34:17 moxana dnssec-triggerd[20281]: Nov 07 08:34:17
dnssec-triggerd[20281] error: could not set SSL_OP_NO_SSLv2 crypto
error:00000000
Nov 07 08:34:17 moxana dnssec-triggerd[20281]: Nov 07 08:34:17
dnssec-triggerd[20281] error: cannot setup SSL context
Nov 07 08:34:17 moxana dnssec-triggerd[20281]: Nov 07 08:34:17
dnssec-triggerd[20281] fatal error: could not init server
Nov 07 08:34:17 moxana systemd[1]: dnssec-triggerd.service: Main process
exited, code=exited, status=1/FAILURE
Nov 07 08:34:17 moxana dnssec-trigger-script[20282]: Cannot connect to
dnssec-trigger.
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]: chattr: Operation not
supported while reading flags on /etc/resolv.conf
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]: Traceback (most recent
call last):
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]: File
"/usr/lib/dnssec-trigger/dnssec-trigger-script", line 465, in <module>
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]:
Application(sys.argv).run()
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]: File
"/usr/lib/dnssec-trigger/dnssec-trigger-script", line 364, in run
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]: self.method()
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]: File
"/usr/lib/dnssec-trigger/dnssec-trigger-script", line 398, in run_cleanup
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]:
subprocess.check_call(["chattr", "-i", "/etc/resolv.conf"])
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]: File
"/usr/lib/python2.7/subprocess.py", line 186, in check_call
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]: raise
CalledProcessError(retcode, cmd)
Nov 07 08:34:18 moxana dnssec-trigger-script[20284]:
subprocess.CalledProcessError: Command '['chattr', '-i', '/etc/resolv.conf']'
returned non-
Nov 07 08:34:18 moxana systemd[1]: Failed to start Reconfigure local DNSSEC
resolver on connectivity changes.
-- Subject: Unit dnssec-triggerd.service has failed
I get the same SSL-related errors upon attempting to start dnssec-triggerd
manually:
# dnssec-triggerd -d -vvvvv
Nov 07 08:37:21 dnssec-triggerd[20314] debug: event mini-event-0.13 uses
not_obtainable method.
Nov 07 08:37:21 dnssec-triggerd[20314] error: could not set SSL_OP_NO_SSLv2
crypto error:00000000:lib(0):func(0):reason(0)
Nov 07 08:37:21 dnssec-triggerd[20314] error: cannot setup SSL context
Nov 07 08:37:21 dnssec-triggerd[20314] fatal error: could not init server
The patch for bug #828283 appears to have been either incomplete or broken, and
not to have been tested. >:-(
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (501, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dnssec-trigger depends on:
ii gir1.2-networkmanager-1.0 1.4.2-2
ii init-system-helpers 1.46
ii libc6 2.24-5
ii libgdk-pixbuf2.0-0 2.36.0-1
ii libglib2.0-0 2.50.1-1
ii libgtk2.0-0 2.24.31-1
ii libldns1 1.6.17-10
ii libssl1.1 1.1.0b-2
ii python 2.7.11-2
ii python-gi 3.22.0-1
ii python-lockfile 1:0.12.2-2
ii unbound 1.5.10-2
dnssec-trigger recommends no packages.
dnssec-trigger suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 0.13~svn685-7
Looks like no further complaints were received, so I am closing this
bug. Feel free to reopen
if you find another breakage related to OpenSSL 1.1.0 transition.
--
Ondřej Surý <ond...@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu
On Sun, Nov 13, 2016, at 00:24, Ondřej Surý wrote:
> I have forwarded both patches to the nlnetlabs-maintainers list. Thanks.
>
> --
> Ondřej Surý <ond...@sury.org>
> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
> Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
> fast DNS(SEC) resolver
> Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
> pečení chleba všeho druhu
>
> On Thu, Nov 10, 2016, at 23:49, Sebastian Andrzej Siewior wrote:
> > On 2016-11-10 12:10:41 [+0100], Ondřej Surý wrote:
> > > Sebastian,
> >
> > Hi Ondřej,
> >
> > > thanks for the patch. The 0.13~svn685-7 version in unstable includes
> > > your patch,
> > > and I would really appreciate if someone could test whether
> > > dnssec-trigger now
> > > works.
> >
> > I managed to get around to test it. So the initial error is gone - the
> > daemon can be started. Are going the forward the two patches upstream or
> > should I do it?
> >
> > > Ondrej
> >
> > Sebastian
> >
> > _______________________________________________
> > pkg-dns-devel mailing list
> > pkg-dns-de...@lists.alioth.debian.org
> > https://lists.alioth.debian.org/mailman/listinfo/pkg-dns-devel
--- End Message ---
