2018806 – unbound-keygen requires openssl [rhel8]

Bug 2018806 - unbound-keygen requires openssl [rhel8]

Summary: unbound-keygen requires openssl [rhel8]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	unbound
Sub Component:
Version:	CentOS Stream
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Menšík
QA Contact:	Petr Sklenar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2116790 2116802
TreeView+	depends on / blocked

Reported:	2021-10-31 11:36 UTC by Marcel Härri
Modified:	2022-11-08 10:51 UTC (History)
CC List:	4 users (show)
Fixed In Version:	unbound-1.16.2-2.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2116790 2116802 (view as bug list)
Environment:
Last Closed:	2022-11-08 09:51:08 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-101143	0	None	None	None	2021-10-31 11:42:40 UTC
Red Hat Product Errata	RHSA-2022:7622	0	None	None	None	2022-11-08 09:51:26 UTC

Description Marcel Härri 2021-10-31 11:36:21 UTC

On a system without openssl installed, the unbound-keygen keygen service will fail:

# systemctl status unbound-keygen.service
● unbound-keygen.service - Unbound Control Key And Certificate Generator
   Loaded: loaded (/usr/lib/systemd/system/unbound-keygen.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2021-10-31 11:28:45 UTC; 2min 16s ago
  Process: 294605 ExecStart=/usr/sbin/unbound-control-setup -d /etc/unbound/ (code=exited, status=1/FAILURE)
 Main PID: 294605 (code=exited, status=1/FAILURE)

Oct 31 11:28:45 vwb01-00.srv.example.net systemd[1]: Starting Unbound Control Key And Certificate Generator...
Oct 31 11:28:45 vwb01-00.srv.example.net unbound-control-setup[294605]: setup in directory /etc/unbound/
Oct 31 11:28:45 vwb01-00.srv.example.net unbound-control-setup[294605]: generating unbound_server.key
Oct 31 11:28:45 vwb01-00.srv.example.net unbound-control-setup[294605]: /usr/sbin/unbound-control-setup: line 100: openssl: command not found
Oct 31 11:28:45 vwb01-00.srv.example.net unbound-control-setup[294605]: /usr/sbin/unbound-control-setup fatal error: could not genrsa
Oct 31 11:28:45 vwb01-00.srv.example.net systemd[1]: unbound-keygen.service: Main process exited, code=exited, status=1/FAILURE
Oct 31 11:28:45 vwb01-00.srv.example.net systemd[1]: unbound-keygen.service: Failed with result 'exit-code'.
Oct 31 11:28:45 vwb01-00.srv.example.net systemd[1]: Failed to start Unbound Control Key And Certificate Generator.

# rpm -qi unbound
Name        : unbound
Version     : 1.7.3
Release     : 17.el8
Architecture: x86_64
Install Date: Sun Oct 31 11:11:01 2021
Group       : Unspecified
Size        : 5344276
License     : BSD
Signature   : RSA/SHA256, Mon May 17 16:12:40 2021, Key ID 05b555b38483c65d
Source RPM  : unbound-1.7.3-17.el8.src.rpm
Build Date  : Mon May 17 15:16:07 2021
Build Host  : x86-02.mbox.centos.org
Relocations : (not relocatable)
Packager    : CentOS Buildsys <bugs>
Vendor      : CentOS
URL         : https://www.unbound.net/
Summary     : Validating, recursive, and caching DNS(SEC) resolver
Description :
Unbound is a validating, recursive, and caching DNS(SEC) resolver.

The C implementation of Unbound is developed and maintained by NLnet
Labs. It is based on ideas and algorithms taken from a java prototype
developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run
as a server, but are linked into an application) are easily possible.

It should have a dependency on it

Comment 8 Petr Menšík 2022-08-09 10:48:06 UTC

Thank you for the report, you are correct. The unbound has to depend not only on openssl libs, but also openssl tool.

Comment 16 errata-xmlrpc 2022-11-08 09:51:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: unbound security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7622

Note You need to log in before you can comment on or make changes to this bug.