Bug 2301344 - unbound: FTBFS in Fedora rawhide/f41
Summary: unbound: FTBFS in Fedora rawhide/f41
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: unbound
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Petr Menšík
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 2296273 2073068
Blocks: F41FTBFS 2255591
TreeView+ depends on / blocked
 
Reported: 2024-07-29 21:39 UTC by Fedora Release Engineering
Modified: 2024-10-10 00:16 UTC (History)
3 users (show)

Fixed In Version: unbound-1.21.1-1.fc41
Clone Of:
Environment:
Last Closed: 2024-10-10 00:16:51 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
build.log (32.00 KB, text/plain)
2024-07-29 21:39 UTC, Fedora Release Engineering 		no flags Details
root.log (32.00 KB, text/plain)
2024-07-29 21:39 UTC, Fedora Release Engineering 		no flags Details
state.log (1.63 KB, text/plain)
2024-07-29 21:39 UTC, Fedora Release Engineering 		no flags Details
View All

Description Fedora Release Engineering 2024-07-29 21:39:38 UTC 
unbound failed to build from source in Fedora rawhide/f41

https://koji.fedoraproject.org/koji/taskinfo?taskID=120787199


For details on the mass rebuild see:

https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
Please fix unbound at your earliest convenience and set the bug's status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
unbound will be orphaned. Before branching of Fedora 42,
unbound will be retired, if it still fails to build.

For more details on the FTBFS policy, please visit:
https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
Comment 1 Fedora Release Engineering 2024-07-29 21:39:46 UTC 
Created attachment 2042922 [details]
build.log

file build.log too big, will only attach last 32768 bytes
Comment 2 Fedora Release Engineering 2024-07-29 21:39:52 UTC 
Created attachment 2042923 [details]
root.log

file root.log too big, will only attach last 32768 bytes
Comment 3 Fedora Release Engineering 2024-07-29 21:39:55 UTC 
Created attachment 2042924 [details]
state.log
Comment 4 Petr Menšík 2024-10-03 10:24:23 UTC 
This is caused by change https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer, where it makes Unbound to fail passing its test suite.

This can be avoided by disabling SHA1 completely in Unbound, like we did for RHEL9+ builds. But I do not like that way much, because it does not allow even after configuration change to validate SHA-1 DNSSEC signatures.

Which are still a MUST to support, making it deprecated were expired at IETF: https://datatracker.ietf.org/doc/draft-hardaker-dnsop-must-not-sha1/
Comment 5 Petr Menšík 2024-10-03 10:29:47 UTC 
Oh, it is tracked under different draft: https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-sha1/

This is a table, where SHA-1 is still mandatory for validation: 
https://www.rfc-editor.org/rfc/rfc8624.html#section-3.1

Which with current default policy since F41 is not possible.
Comment 6 Fedora Update System 2024-10-03 20:47:13 UTC 
FEDORA-2024-a5d6cd9f0a (unbound-1.21.1-1.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-a5d6cd9f0a
Comment 7 Fedora Update System 2024-10-04 02:57:15 UTC 
FEDORA-2024-a5d6cd9f0a has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-a5d6cd9f0a`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-a5d6cd9f0a

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2024-10-10 00:16:51 UTC 
FEDORA-2024-a5d6cd9f0a (unbound-1.21.1-1.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.