Bug#919256: dnssec-trigger: Failed to upgrade: installed dnssec-trigger package post-installation script subprocess returned error exit status 1

Sun, 13 Jan 2019 23:10:44 -0800 

Package: dnssec-trigger
Version: 0.17+repack-1
Severity: serious

Setting up dnssec-trigger (0.17+repack-1) ...
Job for dnssec-triggerd.service failed because the control process exited with 
error code.
See "systemctl status dnssec-triggerd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript dnssec-triggerd, action "restart" failed.
# dnssec-triggerd.service - Reconfigure local DNSSEC resolver on connectivity 
changes
   Loaded: loaded (/lib/systemd/system/dnssec-triggerd.service; enabled; vendor 
preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Mon 2019-01-14 
07:20:18 CET; 16ms ago
  Process: 29431 ExecStartPre=/usr/lib/dnssec-trigger/dnssec-trigger-script 
--prepare (code=exited, status=0/SUCCESS)
  Process: 29438 ExecStart=/usr/sbin/dnssec-triggerd -d (code=exited, 
status=1/FAILURE)
  Process: 29439 ExecStartPost=/usr/lib/dnssec-trigger/dnssec-trigger-script 
--update_all (code=exited, status=0/SUCCESS)
  Process: 29443 ExecStopPost=/usr/lib/dnssec-trigger/dnssec-trigger-script 
--cleanup (code=exited, status=1/FAILURE)
 Main PID: 29438 (code=exited, status=1/FAILURE)
dpkg: error processing package dnssec-trigger (--configure):
 installed dnssec-trigger package post-installation script subprocess returned 
error exit status 1
Processing triggers for libc-bin (2.28-5) ...
Errors were encountered while processing:
 dnssec-trigger

I said "no" to the new dnssec-trigger.conf, but except comments the only
difference is the search domain setting:

$ diff /etc/dnssec-trigger/dnssec-trigger.conf 
/etc/dnssec-trigger/dnssec-trigger.conf.dpkg-dist 
28c28
< search: "deuxchevaux.org noone.org ethz.ch debian.org"
---
> # search: ""
51c51
< # check-updates: 
---
> # check-updates: no
65a66
> # These relay incoming DNS traffic on the other port numbers to the usual DNS
76a78,86
> 
> # Use VPN servers for all traffic
> # use-vpn-forwarders: no
> 
> # Forward RFC 1918 private addresses to global forwarders
> # use-private-addresses: yes
> 
> # Add domains provided by VPN connections into Unbound forward zones
> # add-wifi-provided-zones: no

The syslog shows again this:

Jan 14 07:18:59 c-cactus2 dnssec-triggerd[22039]: Jan 14 07:18:59 
dnssec-triggerd[22039] error: Error in SSL_CTX use_certificate_file crypto 
error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

So maybe https://bugs.debian.org/898969 is not fully fixed yet?

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (980, 'unstable-debug'), (600, 'testing'), 
(111, 'buildd-unstable'), (111, 'buildd-experimental'), (110, 'experimental'), 
(105, 'experimental-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dnssec-trigger depends on:
ii  gir1.2-nm-1.0       1.14.4-4
ii  libc6               2.28-5
ii  libgdk-pixbuf2.0-0  2.38.0+dfsg-7
ii  libglib2.0-0        2.58.2-3
ii  libgtk2.0-0         2.24.32-3
ii  libldns2            1.7.0-3.1+b1
ii  libssl1.1           1.1.1a-1
ii  python3             3.7.1-3
ii  python3-gi          3.30.4-1
ii  python3-lockfile    1:0.12.2-2
ii  sensible-utils      0.0.12
ii  unbound             1.8.1-1+b1

dnssec-trigger recommends no packages.

dnssec-trigger suggests no packages.

-- Configuration Files:
/etc/dnssec-trigger/dnssec-trigger.conf changed:
search: "deuxchevaux.org noone.org ethz.ch debian.org"
url: "http://ster.nlnetlabs.nl/hotspot.txt OK"
url: "http://fedoraproject.org/static/hotspot.txt OK"
tcp80: 185.49.140.67
tcp80: 2a04:b900::10:0:0:67
ssl443: 185.49.140.67 
7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
ssl443: 2a04:b900::10:0:0:67 
7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF


-- no debconf information

Reply via email to