Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#28619 closed defect (invalid)

bind9 @9.8.0_0 fails at startup with openssl error

Reported by: dlb@… Owned by: danielluke (Daniel J. Luke)
Priority: Normal Milestone:
Component: ports Version: 1.9.2
Keywords: Cc:
Port: bind9

Description (last modified by jmroot (Joshua Root))

I upgraded the bind9 port to 9.8.0_0. Now bind is failing at start up with the following error:

Mar  3 10:41:33 gw3 named[8220]: starting BIND 9.8.0 -f -t /etc/namedb -u named -c /etc/named.conf
Mar  3 10:41:33 gw3 named[8220]: built with '--prefix=/opt/local' '--mandir=/opt/local/share/man' '--with-openssl=/opt/local' '--with-libxml2=/opt/local' '--enable-threads' '--enable-ipv6' 'CC=/usr/bin/gcc-4.2' 'CFLAGS=-O2 -arch x86_64' 'LDFLAGS=-L/opt/local/lib -arch x86_64' 'CPPFLAGS=-I/opt/local/include' 'CXX=/usr/bin/g++-4.2' 'CXXFLAGS=-O2 -arch x86_64' 'FFLAGS=-O2 -m64'
Mar  3 10:41:33 gw3 named[8220]: initializing DST: openssl failure
Mar  3 10:41:33 gw3 named[8220]: exiting (due to fatal error)

I am and have been running bind in a chroot environment, but this might be the trigger for the problem in this release. Google turned up a Gentoo bug report of the same failure that says it is supposed a due to running in a chroot environment. Although supposedly it was fixed in 9.8.0_0 final. Here's the link:

http://bugs.gentoo.org/show_bug.cgi?id=356519

Let me know if you need more info.

Thanks - David

Change History (11)

comment:1 Changed 13 years ago by dlb@…

Sorry forgot to fill in the port field. Should be bind9.

comment:2 Changed 13 years ago by jmroot (Joshua Root)

Cc: dlb@… removed
Description: modified (diff)
Owner: changed from macports-tickets@… to dluke@…
Port: bind9 added

Please also remember to preview and use WikiFormatting, and cc the maintainer. You do not need to be in cc when you are the reporter.

comment:3 Changed 13 years ago by danielluke (Daniel J. Luke)

Can you paste the output of otool -L /opt/local/sbin/named ? The gentoo bug says it was a linking error.

comment:4 Changed 13 years ago by dlb@…

otool -L /opt/local/sbin/named                             
/opt/local/sbin/named:
	/opt/local/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 125.2.1)
	/opt/local/lib/libxml2.2.dylib (compatibility version 10.0.0, current version 10.8.0)
	/opt/local/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
	/opt/local/lib/libiconv.2.dylib (compatibility version 8.0.0, current version 8.0.0)

comment:5 Changed 13 years ago by danielluke (Daniel J. Luke)

That looks fine.

Does it work for you without the chroot? How do you have your chroot set up? Are you running on Mac OS X (and which version?)

You may have luck asking on a bind mailing list, and you can at least find out if it's an upstream problem or not. I don't think there's anything in the port that would cause this problem.

comment:6 Changed 13 years ago by dlb@…

Okay changed my config and tried running without chroot. It starts up without the error and seems to be running fine.

I'm running Mac OS X 10.6.6. and MacPorts 1.9.2.

I'll check to the bind mailing list and see if I can find anything.

comment:7 Changed 13 years ago by danielluke (Daniel J. Luke)

Status: newassigned

comment:8 Changed 13 years ago by danielluke (Daniel J. Luke)

OK, please post here if you find out anything.

Thanks.

comment:9 Changed 13 years ago by dlb@…

I didn't find anything on the bind mailing list archives, but did find some other references. Turns out that I needed to copy the /opt/local/etc/openssl and /opt/local/lib/engines directories into the equivalent locations in my chroot environment. I don't know if this is a change in bind9 or maybe openssl.

Previously the only thing I've needed in the chroot environment aside from bind9 specific stuff (config, zone, log files, etc.) were /dev/null, /dev/random, and /dev/zero. And I've been running with that configuration for a few years using bind9 from macports until 9.8.0_0.

It's working now, but I'll sign up for the bind mailing list and ask there. Let you know when I find out more.

comment:10 Changed 13 years ago by danielluke (Daniel J. Luke)

Resolution: invalid
Status: assignedclosed

OK, sounds like it's just a new configuration requirement.

I'm going to close this ticket for now. Feel free to update when/if you find out more. If there ends up being something that needs to be done in the port, we can re-open this ticket and get it done.

comment:11 Changed 13 years ago by dlb@…

Okay.

Note: See TracTickets for help on using tickets.