Description of problem: Version-Release number of selected component (if applicable): gnutls-3.1.11-1.fc19.x86_64 $ danetool --check fedoraproject.org --proto tcp --port 443 Querying fedoraproject.org (tcp:443)... [1380206085] libunbound[25382:0] error: parse error in /etc/unbound/root.key:6 : Syntax error, could not parse the RR's rdata [1380206085] libunbound[25382:0] error: error reading trust-anchor-file: /etc/unbound/root.key [1380206085] libunbound[25382:0] error: validator: error in trustanchors config [1380206085] libunbound[25382:0] error: validator: could not apply configuration settings. [1380206085] libunbound[25382:0] error: module init for module validator failed danetool: dane_query_tlsa: There was an error while resolving. $ cat /etc/unbound/root.key ; // The root key in bind format. This can be read by most tools, including ; // named, unbound, et. For libunbound, use ub_ctx_trustedkeys() to load this trusted-keys { "." 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0="; // key id = 19036 }; $ cat //var/lib/unbound/root.key ; autotrust trust anchor file ;;id: . 1 ;;last_queried: 1380206290 ;;Thu Sep 26 10:38:10 2013 ;;last_success: 1380206290 ;;Thu Sep 26 10:38:10 2013 ;;next_probe_time: 1380245983 ;;Thu Sep 26 21:39:43 2013 ;;query_failed: 0 ;;query_interval: 43200 ;;retry_time: 8640 . 98799 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1379364356 ;;Mon Sep 16 16:45:56 2013 $ Either the code needs to use ub_ctx_trustedkeys() or better, it should depend on unbound-libs and use /var/lib/libunbound/root.anchor paul@bofh:~/git/libreswan (master)$
In my system unbound-libs is installed but /var/lib/libunbound/root.anchor does not exist. Is there a way to require its presence?
I should have checked more carefully. I suppose you meant: /var/lib/unbound/root.key I'll include a fix on the next update.
The latest unbound-libs is supposed to run a job in %post to fetch the key: %post libs /sbin/ldconfig %{_sbindir}/runuser --command="%{_sbindir}/unbound-anchor -a %{_sharedstatedir}/unbound/root.key -c %{_sysconfdir}/unbound/icannbundle.pem" --shell /bin/sh unbound ||:
gnutls-3.1.17-3.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/gnutls-3.1.17-3.fc20
Package gnutls-3.1.17-3.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing gnutls-3.1.17-3.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-22805/gnutls-3.1.17-3.fc20 then log in and leave karma (feedback).
gnutls-3.1.17-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.