From: "Yu, Mingli" <mingli.yu@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [PATCH v2] bind: remove -r option for rndc-confgen
Date: Sun, 20 Sep 2020 23:37:58 -0700 [thread overview]
Message-ID: <20200921063758.16983-1-mingli.yu@windriver.com> (raw)
From: Mingli Yu <mingli.yu@windriver.com>
The named service fail to start as below:
# systemctl status named.service
named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2020-09-16 06:07:49 UTC; 9s ago
Process: 134206 ExecStartPre=/usr/sbin/generate-rndc-key.sh (code=exited, status=1/FAILURE)
Sep 16 06:07:49 intel-x86-64 systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134206]: Generating /etc/bind/rndc.key:
Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134207]: rndc-confgen: The -r option has been deprecated.
Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134208]: chown: cannot access '/etc/bind/rndc.key': No such file or directory
Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134209]: chmod: cannot access '/etc/bind/rndc.key': No such file or directory
Sep 16 06:07:49 intel-x86-64 systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
Sep 16 06:07:49 intel-x86-64 systemd[1]: named.service: Failed with result 'exit-code'.
Sep 16 06:07:49 intel-x86-64 systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
It is because fail to execute "/usr/sbin/generate-rndc-key.sh" as
-r is deprecated since bind 9.13.x and the random function changes
in [1], so remove -r option to fix the above issue.
DNSSEC validation is now active by default after bind upgrade to 9.16.x,
but it is not in 9.11.x. So disable DNSSEC validation explicitly to
silence below message.
Sep 18 03:21:37 intel-x86-64 named[23272]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
[1]: https://gitlab.isc.org/isc-projects/bind9/-/commit/3a4f820d625c214cfb21f5e6d18ce9160d2a193b
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh | 2 +-
meta/recipes-connectivity/bind/bind_9.16.5.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
index ef915c0ae5..633e29c0e6 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
@@ -2,7 +2,7 @@
if [ ! -s /etc/bind/rndc.key ]; then
echo -n "Generating /etc/bind/rndc.key:"
- /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+ /usr/sbin/rndc-confgen -a -b 512
chown root:bind /etc/bind/rndc.key
chmod 0640 /etc/bind/rndc.key
fi
diff --git a/meta/recipes-connectivity/bind/bind_9.16.5.bb b/meta/recipes-connectivity/bind/bind_9.16.5.bb
index 103192490a..eb263c2eda 100644
--- a/meta/recipes-connectivity/bind/bind_9.16.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.16.5.bb
@@ -34,7 +34,7 @@ PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
-EXTRA_OECONF = " --with-libtool --disable-devpoll --enable-epoll \
+EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation --enable-epoll \
--with-gssapi=no --with-lmdb=no --with-zlib \
--sysconfdir=${sysconfdir}/bind \
--with-openssl=${STAGING_DIR_HOST}${prefix} \
--
2.17.1
reply other threads:[~2020-09-21 6:38 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200921063758.16983-1-mingli.yu@windriver.com \
--to=mingli.yu@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.