Your message dated Sun, 22 Oct 2017 13:19:11 +0200
with message-id
<1508671151.815349.1146906880.773a8...@webmail.messagingengine.com>
and subject line Closing bugs in old-old-stable bind9 versions
has caused the Debian Bug report #612748,
regarding Fails to start if $OPENSSL_CONF is set
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
612748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612748
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: bind9
Version: 1:9.7.2.dfsg.P3-1.1
Severity: normal
I'm not sure whether this is a bug or my own configuration error.
In interactive shells, I set $OPENSSL_CONF to point to the configuration
file for my local CA. BIND should not use this, and indeed does not have
permission to access it. However some part of OpenSSL initialisation
(used for DNSSEC now?) honours it and fails due to the permission error.
This is not logged anywhere; I had to use strace to work out where it
failed.
System log messages:
Feb 10 11:58:30 shadbolt named[24623]: starting BIND 9.7.2-P3 -u bind
Feb 10 11:58:30 shadbolt named[24623]: built with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind'
'--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool'
'--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no'
'--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes'
'--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Feb 10 11:58:30 shadbolt named[24623]: adjusted limit on open files from 1024
to 1048576
Feb 10 11:58:30 shadbolt named[24623]: found 1 CPU, using 1 worker thread
Feb 10 11:58:30 shadbolt named[24623]: using up to 4096 sockets
strace output:
[...]
24623 open("/home/ben/decadent-ca/openssl.cnf", O_RDONLY|O_LARGEFILE) = -1
EACCES (Permission denied)
24623 brk(0xb82e1000) = 0xb82e1000
24623 write(2, "Auto configuration failed\n", 26) = 26
24623 write(2, "3067479776:error:0200100D:system"..., 128) = 128
24623 write(2, "3067479776:error:2006D002:BIO ro"..., 79) = 79
24623 write(2, "3067479776:error:0E078002:config"..., 90) = 90
24623 exit_group(1) = ?
Ben.
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'squeeze-updates'), (100, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages bind9 depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii bind9utils 1:9.7.2.dfsg.P3-1.1 Utilities for BIND
ii debconf [debconf-2.0 1.5.36.1 Debian configuration management sy
ii libbind9-60 1:9.7.2.dfsg.P3-1.1 BIND9 Shared Library used by BIND
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcap2 1:2.19-3 support for getting/setting POSIX.
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libdns69 1:9.7.2.dfsg.P3-1.1 DNS Shared Library used by BIND
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libisc62 1:9.7.2.dfsg.P3-1.1 ISC Shared Library used by BIND
ii libisccc60 1:9.7.2.dfsg.P3-1.1 Command Channel Library used by BI
ii libisccfg62 1:9.7.2.dfsg.P3-1.1 Config File Handling Library used
ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries
ii liblwres60 1:9.7.2.dfsg.P3-1.1 Lightweight Resolver Library used
ii libssl0.9.8 0.9.8o-4 SSL shared libraries
ii libxml2 2.7.8.dfsg-2 GNOME XML library
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii net-tools 1.60-23 The NET-3 networking toolkit
ii netbase 4.45 Basic TCP/IP networking system
bind9 recommends no packages.
Versions of packages bind9 suggests:
ii bind9-doc 1:9.7.2.dfsg.P3-1.1 Documentation for BIND
ii dnsutils 1:9.7.2.dfsg.P3-1.1 Clients provided with BIND
pn resolvconf <none> (no description available)
pn ufw <none> (no description available)
-- Configuration Files:
/etc/bind/named.conf changed [not included]
-- debconf information excluded
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Version: 1:9.10.3.dfsg.P4-12.3
Hi,
the bind9 bug list grew too much and the Debian BIND team cannot
simply test all the reported bugs against versions not in stable, so
this is mass bug close, as either the version is no longer relevant
(because of old-old-stable 9.8.x or old-stable 9.9.5 or even older
version of bind9) or the bug was already fixed.
However, if you can reproduce the bug with a current version in stable,
please use Debian BTS 'found <bug> <version_you_reproduced_the_issue>'
command to retag the bug and reopen it.
Cheers,
Ondrej
signature.asc
Description: PGP signature
--- End Message ---
