Bug 2005795
Summary: | bind-9.16.20-4.fc36 breaks ipa server installation | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Florence Blanc-Renaud <frenaud> | ||||
Component: | bind | Assignee: | Petr Menšík <pemensik> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | aegorenk, anon.amish, dns-sig, mruprich, msehnout, pavel, pemensik, vonsch, zdohnal | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | openssl-pkcs11-0.4.11-6.fc36 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2021-09-21 20:37:59 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 2005832 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Florence Blanc-Renaud
2021-09-20 07:57:07 UTC
Hmm, confirmed it does not work. Not issue on bind side however. No pkcs11 engine exists after switch to OpenSSL 3. Build of openssl-pkcs11 failed [1] on Fedora, yet it does not have own bug yet. It is still in side-tag and installed openssl-pkcs11-0.4.11-4.fc35.x86_64 is linked to OpenSSL 1.1. # openssl engine -vv pkcs11 00AC0538E57F0000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(/usr/lib64/engines-3/pkcs11.so): /usr/lib64/engines-3/pkcs11.so: cannot open shared object file: No such file or directory 00AC0538E57F0000:error:12800067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:162: 00AC0538E57F0000:error:13000084:engine routines:dynamic_load:dso not found:crypto/engine/eng_dyn.c:422: 00AC0538E57F0000:error:13000074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:343:id=pkcs11 Cannot fix it until we have working openssl-pkcs11 for OpenSSL 3. 1. https://koji.fedoraproject.org/koji/taskinfo?taskID=75717780 It is not the new version, it did not change anything related. It was OpenSSL 3.0 rebuild, which was responsible. Version bind-9.16.20-4.fc36 has the same problem, it was just discovered when testing bind-dyndb-ldap plugin rebuild was tested. Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: starting BIND 9.16.20-RH (Extended Support Version> Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: running on Linux x86_64 5.14.0-0.rc5.20210813gitf8> Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: built with '--build=x86_64-redhat-linux-gnu' '--ho> Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: running as: named -u named -c /etc/named.conf -E p> Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: compiled by GCC 11.2.1 20210728 (Red Hat 11.2.1-1) Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: compiled with OpenSSL version: OpenSSL 3.0.0 7 sep> Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: linked to OpenSSL version: OpenSSL 3.0.0 7 sep 2021 Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: compiled with libxml2 version: 2.9.12 Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: linked to libxml2 version: 20912 Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: compiled with json-c version: 0.15 Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: linked to json-c version: 0.15 Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: compiled with zlib version: 1.2.11 Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: linked to zlib version: 1.2.11 Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: --------------------------------------------------> Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: BIND 9 is maintained by Internet Systems Consortiu> Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: corporation. Support and training for BIND 9 are Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: available at https://www.isc.org/support Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: --------------------------------------------------> Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: adjusted limit on open files from 524288 to 1048576 Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: found 1 CPU, using 1 worker thread Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: using 1 UDP listener per interface Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: using up to 21000 sockets Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: initializing DST: no engine Sep 20 06:09:11 ci-vm-10-0-137-247.hosted.upshift.rdu2.redhat.com named[59588]: exiting (due to fatal error) It seems after installation of openssl-pkcs11 built for OpenSSL 3.0, it works again just fine. Need only to wait until new package is in repositories. |