Bug 1294339

Summary: unbound-control-setup fails due to mistakenly escaping shell chars
Product: [Fedora] Fedora Reporter: Luc de Louw <ldelouw>
Component: unboundAssignee: Tomáš Hozza <thozza>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: 22CC: afazekas, devel, esm, joeym, jv+fedora, pj.pandit, psimerda, pwouters, theo148, thozza, wolfgang.rupprecht
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: unbound-1.5.7-2.fc23 unbound-1.5.7-2.fc22 unbound-1.5.8-1.fc23 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-09 15:51:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Patch that fixes the problem none

Description Luc de Louw 2015-12-27 10:19:46 UTC 
Created attachment 1109790 [details]
Patch that fixes the problem

Description of problem:
When starting up unbound the first time it fails. When running unbound-checkconf, it complains about missing /etc/unbound/unbound_server.pem

The problem is the setup script /usr/sbin/unbound-control-setup which mistakenly escapes shell characters. Removing the \n fixes the problem.

See also upstream bug 729 https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=729 


Version-Release number of selected component (if applicable):
unbound-1.5.7

How reproducible:
Always

Steps to Reproduce:
1. dnf -y install unbound
2. systemctl start unbound.service

Actual results:
ec 27 10:07:42 dns.example.com systemd[1]: Starting Unbound Control Key And Certificate Generator...
-- Subject: Unit unbound-keygen.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit unbound-keygen.service has begun starting up.
Dec 27 10:07:42 dns.example.com unbound-control-setup[7125]: setup in directory /etc/unbound/
Dec 27 10:07:42 dns.example.com unbound-control-setup[7125]: generating unbound_server.key
Dec 27 10:07:42 dns.example.com unbound-control-setup[7125]: Generating RSA private key, 3072 bit long modulus
Dec 27 10:07:43 dns.example.com unbound-control-setup[7125]: ...................++
Dec 27 10:07:45 dns.example.com unbound-control-setup[7125]: ..................++
Dec 27 10:07:45 dns.example.com unbound-control-setup[7125]: unable to write 'random state'
Dec 27 10:07:45 dns.example.com unbound-control-setup[7125]: e is 65537 (0x10001)
Dec 27 10:07:45 dns.example.com unbound-control-setup[7125]: generating unbound_control.key
Dec 27 10:07:45 dns.example.com unbound-control-setup[7125]: Generating RSA private key, 3072 bit long modulus
Dec 27 10:07:54 dns.example.com unbound-control-setup[7125]: ...........................................................
Dec 27 10:07:58 dns.example.com unbound-control-setup[7125]: .............................................++
Dec 27 10:07:58 dns.example.com unbound-control-setup[7125]: unable to write 'random state'
Dec 27 10:07:58 dns.example.com unbound-control-setup[7125]: e is 65537 (0x10001)
Dec 27 10:07:58 dns.example.com unbound-control-setup[7125]: create unbound_server.pem (self signed certificate)
Dec 27 10:07:58 dns.example.com unbound-control-setup[7125]: error on line 6 of request.cfg
Dec 27 10:07:58 dns.example.com unbound-control-setup[7125]: 3071420196:error:0E079065:configuration file routines:DEF_L
Dec 27 10:07:58 dns.example.com unbound-control-setup[7125]: /usr/sbin/unbound-control-setup fatal error: could not crea
Dec 27 10:07:58 dns.example.com systemd[1]: unbound-keygen.service: Main process exited, code=exited, status=1/FAILURE
Dec 27 10:07:58 dns.example.com systemd[1]: Failed to start Unbound Control Key And Certificate Generator.
-- Subject: Unit unbound-keygen.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit unbound-keygen.service has failed.
-- 
-- The result is failed.

Expected results:
Self signed certificate gets created and unbound successfully started up


Additional info:
Same applies for Fedora rawhide.
Comment 1 Joe Miller 2016-01-14 22:53:59 UTC 
Ran into this issue as well. The bug report targets fedora-23 but I just wanted to note that it is broken on fedora-22 as well.
Comment 2 Fedora Update System 2016-01-21 17:55:43 UTC 
unbound-1.5.7-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-6cf11cb6b5
Comment 3 Fedora Update System 2016-01-21 17:55:44 UTC 
unbound-1.5.7-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-554095acdd
Comment 4 Fedora Update System 2016-01-22 04:54:24 UTC 
unbound-1.5.7-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-554095acdd
Comment 5 Fedora Update System 2016-01-23 21:28:11 UTC 
unbound-1.5.7-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-6cf11cb6b5
Comment 6 Fedora Update System 2016-01-28 18:23:25 UTC 
unbound-1.5.7-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2016-02-01 06:28:25 UTC 
unbound-1.5.7-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2016-03-03 03:00:44 UTC 
unbound-1.5.8-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-3a8f0c9c3c
Comment 9 Fedora Update System 2016-03-03 21:58:00 UTC 
unbound-1.5.8-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-3a8f0c9c3c
Comment 10 Fedora Update System 2016-03-09 15:51:25 UTC 
unbound-1.5.8-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2016-03-09 20:12:00 UTC 
unbound-1.5.8-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.