I was not too happy that this just happened after updating one of the DNS secondaries:
May 24 21:29:48 laurel systemd[1]: Starting LSB: Domain Name System (DNS) server, named... -- Subject: Unit named.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit named.service has begun starting up. May 24 21:29:49 laurel named[3173]: Starting name server BIND cp: cannot stat '/lib/engines': No such file or directory May 24 21:29:51 laurel named[3235]: starting BIND 9.10.4-P5 -t /var/lib/named -u named May 24 21:29:51 laurel named[3235]: running on Linux armv6l 4.3.3-6-raspberrypi #1 Wed Dec 16 08:03:35 UTC 2015 (db72752) May 24 21:29:51 laurel named[3235]: built with '--prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--localstatedir=/var' '--libdir=/usr/lib' '--enable-exportlib' '--with-export-libdir=/usr/lib' '--with-export-includedir=/usr/i May 24 21:29:51 laurel named[3235]: ---------------------------------------------------- May 24 21:29:51 laurel named[3235]: BIND 9 is maintained by Internet Systems Consortium, May 24 21:29:51 laurel named[3235]: Inc. (ISC), a non-profit 501(c)(3) public-benefit May 24 21:29:51 laurel named[3235]: corporation. Support and training for BIND 9 are May 24 21:29:51 laurel named[3235]: available at https://www.isc.org/support May 24 21:29:51 laurel named[3235]: ---------------------------------------------------- May 24 21:29:51 laurel named[3235]: adjusted limit on open files from 4096 to 1048576 May 24 21:29:51 laurel named[3235]: found 1 CPU, using 1 worker thread May 24 21:29:51 laurel named[3235]: using 1 UDP listener per interface May 24 21:29:51 laurel named[3235]: using up to 4096 sockets May 24 21:29:51 laurel named[3235]: ENGINE_by_id failed (crypto failure) May 24 21:29:51 laurel named[3235]: error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:233: May 24 21:29:51 laurel named[3235]: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:467: May 24 21:29:51 laurel named[3235]: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:390:id=gost May 24 21:29:51 laurel named[3235]: initializing DST: crypto failure May 24 21:29:51 laurel named[3235]: exiting (due to fatal error) May 24 21:29:51 laurel named[3173]: ..failed May 24 21:29:51 laurel systemd[1]: named.service: Control process exited, code=exited status=1 May 24 21:29:51 laurel systemd[1]: Failed to start LSB: Domain Name System (DNS) server, named. -- Subject: Unit named.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit named.service has failed. -- -- The result is failed. May 24 21:29:51 laurel systemd[1]: named.service: Unit entered failed state. May 24 21:29:51 laurel systemd[1]: named.service: Failed with result 'exit-code'.
It’s in fact a manifestation of [Archive.is] Bug 1040027 – bind (named): fails to start since the introduction of namespaced openSSL packages
A fix is in the pipeline at [Archice.is] Request 496968 – openSUSE Build Service
However, that fix never made it to Raspberry Pi B (the original Rasberry Pi 1B) because that is armv6l and the bind build for that has failed early April 2017.
- https://build.opensuse.org/package/live_build_log/openSUSE:Factory:ARM/bind/standard/armv6l
- https://build.opensuse.org/packages/bind/job_history/openSUSE:Factory:ARM/standard/armv6l
That’s now in [Archive.is] Bug 1040697 – bind fails building for armv6l since 20170401 causing bugfixes not to make it to the wild.
–jeroen
wiert> I just updated one of my Raspberry Pi based secondary DNS servers with zypper duplicate causing named to fail when starting with an issue that is very similar to Debian issues in 2012 and 2016: ghost not loading in a chrooted environment.
wiert> journalctl dmp and references to the issues are at https://gist.github.com/jpluimers/2e35edc7b3b1cd0a7edca42916518ab5
|Anna|> bug 1040027 in openSUSE Tumbleweed (Other) “bind: fails to start since the introduction of namespaced openSSL packages” [Major,New] https://bugzilla.opensuse.org/show_bug.cgi?id=1040027
jordia65 left the chat room. (Ping timeout: 240 seconds)
|Anna|> sr#496968 [submit network/bind -> openSUSE:Factory/bind] a- Fix named init script to dynamically find the location of the openss… (State: accepted) — https://build.opensuse.org/request/show/496968
wiert> searching for named will get you here with only one entry: https://bugzilla.suse.com/show_bug.cgi?id=named
wiert> searching for the error lines didn’t reveal any results. Is it OK if I add my journalctl output in the bug?
wiert> I’ll probably need some help applying the diff. Not yet proficient enough with diff on the commandline.
DimStar> wiert: yeah – I just see that the diff is a bit nasty – as it’s pre-processed during build.. so the easiest will be to just manually edit /etc/init.d/named
wiert> OK. I will try editing /etc/init.d/named as I’ve etckeeper running I can always revert when I screw up.
}-Tux-{ joined the chat room.
}-Tux-{ left the chat room. (Changing host)
}-Tux-{ joined the chat room.
robby_ joined the chat room.
DimStar> currently you only have /lib64 stuff there – and that should be /usr/lib64/openssl-1_0_0/engines
mkubecek left the chat room.
wiert> actually, none of my Raspberry Pi systems (including the ones not yet updated) have /var/lib/named/usr at all.
wiert> an x64 version has /var/lib/named/usr/lib64/openssl-1_0_0/engines with CPE_NAME=”cpe:/o:opensuse:tumbleweed:20170522“
DimStar> ~that’s right – this is ‘new’ since openSSL moved from /lib to /usr/lib – so up to now the engines were in /var/lib/named/lib64/engines – now they need to be copied to /var/lib/named/user/lib64/openssl-1_0_0/engines
DimStar> I’m not sure why the bind package on ARM would not have followed that.. what CPE_NAME do you have there?
DimStar> yeah – the /var/lib/named/lib64/engines are no longer in use – but there is no cleanup code there
DimStar> ARM inherits all packages from openSUSE:Factory – it’s ‘just’ a bit slower with building/testing which is why there are less frequent snapshots
DimStar> but if 0521 went out, that means it must have completed the build – which would imply the updated bind too
DimStar> WTF… osc rbl openSUSE:Factory:ARM bind standard aarch64 => this build was complete on Sat May 20 16:30:13 UTC 2017 – way before 0521 was even started
DimStar> osc rbl openSUSE:Factory:ARM bind standard armv6l => that makes more sense: build failed on May 20th
DimStar> wiert: wouldn’t have helped me at all – I have no idea about the Pi’s and what arch they run :)
DimStar> it implies it was not my change breaking ‘bind’ from building – this already failed on April 1st (it wasn’t me – I was on vacation then :P )
robby_ left the chat room. (Quit: Konversation terminated!)
DimStar> almost – the patch ‘would’ work, but as bind fails for completley different reasons to build, no binary is produced
DimStar> fvogt: does that ring a bell to you: 147s] contrib/dlz/config.dlz.in:31: warning: underquoted definition of DLZ_ADD_DRIVER
wiert> I think that’s what I meant: the bind build was broken earlier, so the patch that got submitted later never got integrated into the distribution
DimStar> wiert: yes, in this case that statement would be true – somebody has to fix build of bind of armv6l
DimStar> wiert: I’d submit an extra bug for bind/armv6l – the bug to address the issue which you acyally SEE is the one I linked / for which the patch is there; the fact that bind fails to build is a deeper rooted one
lurchi__ is now known as lurchi_.
DimStar> wiert: https://build.opensuse.org/package/live_build_log/openSUSE:Factory:ARM/bind/standard/armv6l
wiert> I’ll submit a new bug to solve that build output and refer to the existing bug indicating that because the build fails, the existing bug isn’t in the current CPE_NAME
mjwolf left the chat room. (Quit: Leaving)
lurchi_ is now known as lurchi__.
Vojtaeus joined the chat room.
wiert> https://build.opensuse.org/package/live_build_log/openSUSE:Factory:ARM/bind/standard/armv6l only shows it fails, but not since when. Where can I find the history?
robby_ joined the chat room.
robby_ left the chat room. (Ping timeout: 255 seconds)
srinidhi left the chat room. (Ping timeout: 255 seconds)
wiert> @DimStar: can you check the text of the first file in https://gist.github.com/jpluimers/2e35edc7b3b1cd0a7edca42916518ab5 as that’s what I want to put in the report.
|Anna|> bugzilla.suse.com bug 1040697 in openSUSE Tumbleweed (Other) “bind fails building for armv6l since 20170401 causing bugfixes not to make it to the wild” [Major,New]
Filed under: *nix, bind-named, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed
