Bug#921538: Fails to start since upgrade to 1.9.0-1
Package: unbound Followup-For: Bug #921538 I found the that problem is that 1.9.0-1 does a chroot("/etc/unbound") even though there is no chroot option in the config files. Once that occurs, it cannot see files like /var/lib/unbound/root.key et alia. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.15.0-2-amd64 (SMP w/1 CPU core) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages unbound depends on: ii adduser 3.118 ii dns-root-data 2018091102 ii libc6 2.28-6 ii libevent-2.1-6 2.1.8-stable-4 ii libfstrm0 0.4.0-1 ii libprotobuf-c1 1.3.1-1+b1 ii libpython3.73.7.2-2 ii libssl1.1 1.1.1a-1 ii libsystemd0 240-5 ii lsb-base10.2018112800 ii openssl 1.1.1a-1 ii unbound-anchor 1.8.1-1+b1 unbound recommends no packages. Versions of packages unbound suggests: pn apparmor -- no debconf information
Bug#921538: Fails to start since upgrade to 1.9.0-1
Simon Deziel wrote: > On 2019-02-06 11:12 a.m., Ryan Kavanagh wrote: > > Since the upgrade to 1.9.0-1, unbound fails to start. Purging the > > package and reinstalling does not fix the issue. The errors seem to be > > due to being unable to read various configuration files. > > > > Feb 06 11:01:12 zeta unbound[28647]: [28647:0] error: unable to open > > /var/lib/unbound/root.key for reading: No such file or directory > > Feb 06 11:01:12 zeta package-helper[28648]: [1549468872] > > unbound-checkconf[28651:0] error: Could not open > > /etc/unbound//etc/unbound/unbound.conf: No such file or director > > It seems like chroot'ing to /etc/unbound is attempted. To workaround you > can try this: > > cat << EOF > /etc/unbound/unbound.conf.d/chroot.conf > server: > chroot: "" > EOF > service unbound restart Automatic chroot'ing has been disabled in the unbound Debian package for a while, by this commit: https://salsa.debian.org/dns-team/unbound/commit/66bb04a0869e315f76c4b4efe8632914d860686c It looks like that change was lost in the 1.9.0-1 upload, compare these two revisions: https://salsa.debian.org/dns-team/unbound/blob/debian/1.8.1-1/util/config_file.c#L163-165 https://salsa.debian.org/dns-team/unbound/blob/debian/1.9.0-1/util/config_file.c#L169-171 Probably it's better to use the --with-chroot-dir= argument to configure rather than directly patching the source to change the default. -- Robert Edmonds edmo...@debian.org
Bug#921538: Fails to start since upgrade to 1.9.0-1
On 2019-02-09 8:28 p.m., Robert Edmonds wrote: > Probably it's better to use the --with-chroot-dir= argument to configure > rather than directly patching the source to change the default. Indeed and that's what's being proposed in the merge request. Regards, Simon
Bug#921538: Fails to start since upgrade to 1.9.0-1
On 2019-02-08 7:26 a.m., Kepi wrote: > Chroot workaround is working for me too. Good. > Anyway in the long term would it be better to have chroot setup > automatically again? I found out that it was working before, at least > some work was done in #579622 for auto support. The auto-chroot setup was broken with the (welcomed) move to systemd notify. I have a working PoC to restore the functionality that I'll submit soon as another merge request. Regards, Simon signature.asc Description: OpenPGP digital signature
Bug#921538: Fails to start since upgrade to 1.9.0-1
Chroot workaround is working for me too. It should probably be uploaded as soon as possible to save more networks :) Anyway in the long term would it be better to have chroot setup automatically again? I found out that it was working before, at least some work was done in #579622 for auto support. Cheers -- Kepi signature.asc Description: PGP signature
Bug#921538: Fails to start since upgrade to 1.9.0-1
Hi Simon, I too can confirm that disabling chroot'ing works. Best, Ryan -- |)|/ Ryan Kavanagh | GPG: 4E46 9519 ED67 7734 268F |\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A signature.asc Description: PGP signature
Bug#921538: Fails to start since upgrade to 1.9.0-1
> > It seems like chroot'ing to /etc/unbound is attempted. To workaround you > can try this: > > cat << EOF > /etc/unbound/unbound.conf.d/chroot.conf > server: > chroot: "" > EOF > service unbound restart This fix worked for me.
Bug#921538: Fails to start since upgrade to 1.9.0-1
Here is a merge request [*] to disable chroot'ing again like it has been since version 1.0.0-3 Regards, Simon *: https://salsa.debian.org/dns-team/unbound/merge_requests/3 signature.asc Description: OpenPGP digital signature
Bug#921538: Fails to start since upgrade to 1.9.0-1
Hi Ryan, On 2019-02-06 11:12 a.m., Ryan Kavanagh wrote: > Since the upgrade to 1.9.0-1, unbound fails to start. Purging the > package and reinstalling does not fix the issue. The errors seem to be > due to being unable to read various configuration files. > > Feb 06 11:01:12 zeta unbound[28647]: [28647:0] error: unable to open > /var/lib/unbound/root.key for reading: No such file or directory > Feb 06 11:01:12 zeta package-helper[28648]: [1549468872] > unbound-checkconf[28651:0] error: Could not open > /etc/unbound//etc/unbound/unbound.conf: No such file or director It seems like chroot'ing to /etc/unbound is attempted. To workaround you can try this: cat << EOF > /etc/unbound/unbound.conf.d/chroot.conf server: chroot: "" EOF service unbound restart Regards, Simon signature.asc Description: OpenPGP digital signature
Bug#921538: Fails to start since upgrade to 1.9.0-1
Package: unbound Version: 1.9.0-1 Severity: grave Since the upgrade to 1.9.0-1, unbound fails to start. Purging the package and reinstalling does not fix the issue. The errors seem to be due to being unable to read various configuration files. Feb 06 11:01:12 zeta unbound[28647]: [28647:0] error: unable to open /var/lib/unbound/root.key for reading: No such file or directory Feb 06 11:01:12 zeta package-helper[28648]: [1549468872] unbound-checkconf[28651:0] error: Could not open /etc/unbound//etc/unbound/unbound.conf: No such file or director -- rak@zeta:~$ sudo apt purge unbound && sudo apt install unbound Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: apg bmon byobu ccze cmatrix ipsec-tools jp2a libconfuse-common libconfuse2 libipe7.2.7 moreutils pastebinit python-newt screen speedometer tree unbound-anchor Use 'sudo apt autoremove' to remove them. The following packages will be REMOVED: unbound* 0 upgraded, 0 newly installed, 1 to remove and 111 not upgraded. After this operation, 4,286 kB disk space will be freed. Do you want to continue? [Y/n] (Reading database ... 450489 files and directories currently installed.) Removing unbound (1.9.0-1) ... Processing triggers for man-db (2.8.5-1) ... (Reading database ... 450457 files and directories currently installed.) Purging configuration files for unbound (1.9.0-1) ... insserv: There is a loop between service sendsigs and racoon if stopped insserv: loop involving service racoon at depth 3 insserv: loop involving service sendsigs at depth 2 insserv: loop involving service bluetooth at depth 1 insserv: loop involving service rsyslog at depth 4 insserv: loop involving service avahi at depth 2 Processing triggers for systemd (240-5) ... Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: apg bmon byobu ccze cmatrix ipsec-tools jp2a libconfuse-common libconfuse2 libipe7.2.7 moreutils pastebinit python-newt screen speedometer tree Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: unbound 0 upgraded, 1 newly installed, 0 to remove and 111 not upgraded. Need to get 0 B/795 kB of archives. After this operation, 4,286 kB of additional disk space will be used. Selecting previously unselected package unbound. (Reading database ... 450450 files and directories currently installed.) Preparing to unpack .../unbound_1.9.0-1_amd64.deb ... Unpacking unbound (1.9.0-1) ... Setting up unbound (1.9.0-1) ... Created symlink /etc/systemd/system/multi-user.target.wants/unbound.service → /lib/systemd/system/unbound.service. Created symlink /etc/systemd/system/unbound.service.wants/unbound-resolvconf.service → /lib/systemd/system/unbound-resolvconf.service. Job for unbound.service failed because the control process exited with error code. See "systemctl status unbound.service" and "journalctl -xe" for details. insserv: There is a loop between service sendsigs and racoon if stopped insserv: loop involving service racoon at depth 3 insserv: loop involving service sendsigs at depth 2 insserv: loop involving service bluetooth at depth 1 insserv: loop involving service rsyslog at depth 4 insserv: loop involving service avahi at depth 2 Job for unbound.service failed because the control process exited with error code. See "systemctl status unbound.service" and "journalctl -xe" for details. invoke-rc.d: initscript unbound, action "start" failed. ● unbound.service - Unbound DNS server Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Wed 2019-02-06 11:01:07 EST; 7ms ago Docs: man:unbound(8) Process: 28299 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS) Process: 28333 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS) Process: 28374 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE) Main PID: 28374 (code=exited, status=1/FAILURE) Feb 06 11:01:07 zeta systemd[1]: Failed to start Unbound DNS server. Feb 06 11:01:07 zeta unbound[28374]: [28374:0] fatal error: failed to setup modules Processing triggers for systemd (240-5) ... Processing triggers for man-db (2.8.5-1) ... -- -- rak@zeta:~$ systemctl status unbound.service ● unbound.service - Unbound DNS server Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2019-02-06 11:01:12 EST; 3min 43s ago Docs: man:unbound(