Bug#1064452: marked as done (dkim-rotate: Errors during --new leave state corrupted)

Sat, 24 Feb 2024 18:39:16 -0800 

Your message dated Sun, 25 Feb 2024 02:34:25 +0000
with message-id <[email protected]>
and subject line Bug#1064452: fixed in dkim-rotate 1.1
has caused the Debian Bug report #1064452,
regarding dkim-rotate: Errors during --new leave state corrupted
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1064452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064452
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: dkim-rotate
Version: 0.4
Severity: important
X-Debbugs-Cc: [email protected]

Hi Ian,

I'm trying to get started with dkim-rotate, but I hit an error during
initial provisioning with --new. I use knot for auth DNS so I don't
have the rndc, hence I tried to override dns_reload in the config. 

The example config at /usr/share/doc/dkim-rotate/examples/example.zone has

    ;! mta_group -

so I copied that syntax for the dns_reload directive but it was
ineffective. Looking at the docs/code I figured out the prefix is
supposed to be just an exclamation mark. Honestly this is not very
intuitive because 1) the example config has it and 2) the SERIAL
directive also uses ';!'.

Example understandability aside with the broken config the resulting
error left the state file corrupted. Running --new (without rndc
installed) I get:

    $ dkim-rotate --new dkim
    dkim                  -  +X    reveal?      no key
    dkim                  -  +N    deadvertise? no key
    dkim                  -  -1    advance/use? no key
    dkim                  l     -1 generated.
    sh: 1: rndc: not found
    dkim-rotate: instance dkim: error: subprocess (DNS reload (rndc reload 
>/dev/null)) failed, exit status 127

Subsequent calls (say --status or --reinstall) will throw a state
corrupted errors:

    $ sudo dkim-rotate --status dkim
    dkim-rotate: instance dkim: error: state corrupted! 
/var/lib/dkim-rotate/dkim/state:5: bad key line

Looking at the state file the problem seems to be the 'DNS,MTA' bit in
the key line which isn't handled by read_config:

    sel_offset 11        
    sel_limit 12
    last_serial 2
    status -1
    key l DNS,MTA 797b760fd46ee2e01eb6c959ff3060af v=DKIM1; h=sha256; s=email; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxzPdpwjhd+tnMooAWxEYAhVKPI2qHKGRwXpwfSEdaijUPKchNpM79HVB1+FKDmSlFR6w30qbPAdyzl4m/+Txzmv2J/So3jJbqmlSFfN85zXJ3uIdgfePWkHWTP2DAEYDeOsc3nbDNVDHQeoJHQrVyN5tBXQ/eaNTrg6qBzE5Qc1nC+Cd0LE4T9vd9PwZSSoRhYH2yprsEtLVvI+zSDqtDbx3QWAMUvDIILiWi5J/46Qw3/hI04gAFpimSoL9YVmkCNWr+arTA4g5jZatahlzkOOmNnMXZdgSRxVByAp5RtQr8EVEG0jV31re3cgXVwJnqvcJvJzDCzS6+caGjYmpQIDAQAB
    status +0
    status +N
    status +X

Seems a bit of a usability problem for new users. I'd recommend not
commenting out directives in the example config without an
explaination and handling the intermediate DNS,MTA key state properly
even outside of key generation.

Thanks,
--Daniel

-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-13-amd64 (SMP w/32 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dkim-rotate depends on:
ii  bash                             5.2.15-2+b2
ii  libgetopt-long-descriptive-perl  0.111-1
ii  libmime-tools-perl               5.510-1
ii  openssl                          3.0.11-1~deb12u2
ii  perl                             5.36.0-7+deb12u1

Versions of packages dkim-rotate recommends:
ii  curl       7.88.1-10+deb12u5
ii  moreutils  0.67-1

dkim-rotate suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: dkim-rotate
Source-Version: 1.1
Done: Ian Jackson <[email protected]>

We believe that the bug you reported is fixed in the latest version of
dkim-rotate, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Jackson <[email protected]> (supplier of updated dkim-rotate 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 25 Feb 2024 01:32:47 +0000
Source: dkim-rotate
Architecture: source
Version: 1.1
Distribution: unstable
Urgency: medium
Maintainer: Ian Jackson <[email protected]>
Changed-By: Ian Jackson <[email protected]>
Closes: 1064452
Changes:
 dkim-rotate (1.1) unstable; urgency=medium
 .
   Important bugfix:
   * Fix reload failure handling with multiple reload-neededs.
     Closes: #1064452.  [Report from Daniel Gröber]
 .
   Documentation etc.:
   * Correct spelling mistakes in docs etc.  [MR !1 from Edward Betts]
   * example.zone: Clarify commented directive.  [Report from Daniel Gröber]
   * dkim-rotate(5): Add a SEE ALSO referencing the example config.
   * debian/control: Improve description.
 .
   Tests:
   * tests: Test spurious "corrupted state" bug #1064452.
Checksums-Sha1:
 67ff90ec795de3b7d54837b7f4d1e8ca3796d09d 1327 dkim-rotate_1.1.dsc
 5a6e7e5f84b620ea41e701116232698f9609aac5 25220 dkim-rotate_1.1.tar.xz
Checksums-Sha256:
 15d0a4f73a4878ba000b232f1692a35373ef787b55acc2d7cd1a5e0d3197f4b5 1327 
dkim-rotate_1.1.dsc
 8e2be2aa1270644588bc7e5454beb998345d8903e1607316105f51370d0b62d0 25220 
dkim-rotate_1.1.tar.xz
Files:
 7f3523f339a8d4756c219da58be9c323 1327 mail optional dkim-rotate_1.1.dsc
 7ffee823a8431f3dce7e15419bb82387 25220 mail optional dkim-rotate_1.1.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAmXaolcACgkQ4+M5I0i1
DTnftAf+J2af+FPufzkhtdMvNa/TCFeUF4WHrd7sK2bO5Vpf4tHM2T62ZSo5Vf82
EPaC0HSEvp5tl5w+33abZD5x3a3xpJd+4mIf75zYf5d0XPyJmkkwhMKUQ/UwT1yg
yxXxfLw7Nn+Wbo16yoO2P/MliAlks/YlG0zERGTJJDWLwfehHeLT6+WvhDlUu5mO
lwPKsyaVuhnC7FXskecMAGG/9Ff6zxhVhhNy6f3dO+ZkcisKl2XFPYviTWDrsQLU
mEJI9cpf7ufbuT6WjJrw8ZZ9pFEx05/i6AJNcM7vMIj/txnpfhDpQ1EmcAr+ZV5T
Qc4fApHYaHmef7NuLW8Rrkme3jNnQA==
=q+Yk
-----END PGP SIGNATURE-----

Attachment: pgpN2ghDZLZb4.pgp
Description: PGP signature


--- End Message ---

Reply via email to