Bug#951082: dnsdist: libsystemd-dev should be added to dependancies

2021-09-19 Thread Daniel Baumann 

Hi

I can definitely confirm that dnsdist as packaged in debian works 
perfectly fine in a DoH configuration. There is no need to have 
libsystemd-dev installed on the target system.


Regards,
Daniel

Bug#951082: dnsdist: libsystemd-dev should be added to dependancies

2020-02-10 Thread John Shaft 
Hi Chris,

> All versions of dnsdist that have been shipped with Debian already
> build-depend on libsystemd-dev. I'm not sure what exactly you are
> looking

The library is indeed listed in the source package's Build-depends of
control file.

But as it is needed for building the package, it's also needed to run
properly dnsdist - if dnsdist needs to open file. Without it, it gave me
fatal errors while I was trying to configure it as a DoH server:

févr. 10 19:50:39 Shaft-OL systemd[1]: Starting DNS Loadbalancer...
févr. 10 19:50:39 Shaft-OL dnsdist[591353]: Configuration
'/etc/dnsdist/dnsdist.conf' OK!
févr. 10 19:50:39 Shaft-OL dnsdist[591353]: Configuration
'/etc/dnsdist/dnsdist.conf' OK!
févr. 10 19:50:39 Shaft-OL dnsdist[591354]:
139986757410048:error:0200100D:system library:fopen:Permission
denied:../crypto/bio/bss_file.c:288:fopen('/etc/dnsdist/foobar.key','r')
févr. 10 19:50:39 Shaft-OL dnsdist[591354]:
139986757410048:error:20074002:BIO routines:file_ctrl:system
lib:../crypto/bio/bss_file.c:290:
févr. 10 19:50:39 Shaft-OL dnsdist[591354]:
139986757410048:error:140B0002:SSL
routines:SSL_CTX_use_PrivateKey_file:system lib:../ssl/ssl_rsa.c:540:
févr. 10 19:50:39 Shaft-OL dnsdist[591354]: Fatal error: Error setting
up TLS context for DoH listener on '[2001:bd8:cafe:cafe::443]:443': An
error occurred while trying to load the TLS server private key file:
/etc/dnsdist/foobar.k->
févr. 10 19:50:39 Shaft-OL systemd[1]: dnsdist.service: Main process
exited, code=exited, status=1/FAILURE
févr. 10 19:50:39 Shaft-OL systemd[1]: dnsdist.service: Failed with
result 'exit-code'.
févr. 10 19:50:39 Shaft-OL systemd[1]: Failed to start DNS Loadbalancer.

Without the lib installed, it can work by disabling the
CapabilityBoundingSet in the service file (which is clearly unwanted)

Installing it solved the issue

Thinking about it, it might be a more general bug, not related to Debian
(I'm definitely not a pro but it looks like it may be linked to the
"notify" service type and the CapabilityBoundingSettings)

I hope this message is clearer :)

Regards,

Bug#951082: dnsdist: libsystemd-dev should be added to dependancies

2020-02-10 Thread Chris Hofstaedtler 
Hi John,

thank you for your bug report.

* John Shaft  [200210 23:15]:
> Package: dnsdist
> Version: 1.4.0~rc5-1
> Severity: normal
> 
> To run using systemd, libsystemd-dev is highly recommended in order to have 
> dnsdist be able to use
> systemd-notify
(...)
> Hence, libsystemd-dev should be set as a dependancy of dnsdist

All versions of dnsdist that have been shipped with Debian already
build-depend on libsystemd-dev. I'm not sure what exactly you are
looking for?

Chris

Bug#951082: dnsdist: libsystemd-dev should be added to dependancies

2020-02-10 Thread John Shaft 
Package: dnsdist
Version: 1.4.0~rc5-1
Severity: normal

Dear Maintainer,

To run using systemd, libsystemd-dev is highly recommended in order to have 
dnsdist be able to use
systemd-notify (see :
https://dnsdist.org/install.html#installing-from-source)

Should the package be missing, capabilities defined with CapabilityBoundingSet 
in dnsdist.service will prevent dnsdist from loading external file, eg. private 
key and certificate to run it as DoT/DoH server

Hence, libsystemd-dev should be set as a dependancy of dnsdist

Regards

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dnsdist depends on:
ii  adduser  3.118
ii  init-system-helpers  1.57
ii  libc62.29-10
ii  libcap2  1:2.27-1
ii  libcdb1  0.78+b1
ii  libedit2 3.1-20191231-1
ii  libfstrm00.6.0-1+b1
ii  libgcc1  1:9.2.1-25
ii  libgnutls30  3.6.11.1-2
ii  libh2o-evloop0.132.2.5+dfsg2-3
ii  liblmdb0 0.9.22-1
ii  liblua5.2-0  5.2.4-1.1+b3
ii  libprotobuf173.6.1.3-2+b1
ii  libre2-5 20200101+dfsg-1
ii  libsnmp355.8+dfsg-2
ii  libsodium23  1.0.18-1
ii  libssl1.11.1.1d-2
ii  libstdc++6   9.2.1-25
ii  libsystemd0  244.1-1

dnsdist recommends no packages.

dnsdist suggests no packages.

-- Configuration Files:
/etc/dnsdist/dnsdist.conf changed [not included]

-- no debconf information