Ondřej Surý wrote: > Package: release.debian.org > Severity: normal > User: [email protected] > Usertags: unblock > > Please unblock package dns-root-data > > Dear release team, > > Robert Edmonds has prepared patch to fix the regression caused by > dns-root-data package in dnsmasq, so the root.ds format can now be > parsed by both dnsmasq in testing and in unstable. > > Thanks goes to Robert to thinking better than me and preparing the > fix. > > unblock dns-root-data/2017041102
Hi, release team: There are further details about the fix in the commit message: https://anonscm.debian.org/cgit/pkg-dns/dns-root-data.git/commit/?id=be97d5a000cc592cacc50623883fb2d67f2b7432 This will fix the following bugs in stretch: #860064, #858506, #860274, #864016 Since this restores compatibility with the version of dnsmasq in stretch, it will also obsolete the unblock request for dnsmasq: #864085 The following transcript of a stretch machine running dnsmasq exhibits the buggy behavior with dns-root-data 2017041101 (testing) and the fixed behavior with dns-root-data 2017041102 (unstable). Thanks! root@845s:~# dpkg -l dnsmasq dns-root-data Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==============================-====================-====================-================================================================== hi dns-root-data 2015052300+h+1 all DNS root data including root zone and DNSSEC key ii dnsmasq 2.76-5 all Small caching DNS proxy and DHCP/TFTP server root@845s:~# systemctl -l -n0 status dnsmasq ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2017-06-06 10:46:39 EDT; 1h 2min ago Main PID: 8015 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─8015 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 root@845s:~# apt install dns-root-data/stretch Reading package lists... Done Building dependency tree Reading state information... Done Selected version '2017041101' (Debian:testing [all]) for 'dns-root-data' The following held packages will be changed: dns-root-data (2015052300+h+1 => 2017041101) The following packages will be upgraded: dns-root-data (2015052300+h+1 => 2017041101) 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 4,670 B of archives. After this operation, 38.9 kB disk space will be freed. Do you want to continue? [Y/n] y Get:1 http://ftp.us.debian.org/debian stretch/main amd64 dns-root-data all 2017041101 [4,670 B] Fetched 4,670 B in 0s (25.3 kB/s) Reading changelogs... Done apt-listchanges: Changelogs --------------------------- dns-root-data (2017041101) unstable; urgency=medium * Fix parse-root-anchors.sh in non-dash shells (Closes: #862252) * Update to 2017041101 version of root zone * Remove timestamps from root.key to make the build reproducible * Shell syntax cleanup -- Ondřej Surý <[email protected]> Mon, 29 May 2017 14:05:37 +0200 dns-root-data (2017020200) unstable; urgency=medium * Update to 2016102001 version of the root.zone * Add KSK-2017 (valid from 2017-02-02) into root.key file * Reduce number of IANA files as they don't exist at upstream anymore * draft-icann-dnssec-trust-anchor is now RFC 7958 * Update all other IANA DNSSEC files to 2017-02-02 versions * Strip the GPG verification as IANA doesn't provide the GPG signatures anymore * Rewrite DS creation check to xml2 and ldnsutils, as neither xmllint nor bind9utils handle multiple DNSKEY in one file correctly -- Ondřej Surý <[email protected]> Wed, 22 Mar 2017 09:06:08 +0100 apt-listchanges: Do you want to continue? [Y/n] y (Reading database ... 51072 files and directories currently installed.) Preparing to unpack .../dns-root-data_2017041101_all.deb ... Unpacking dns-root-data (2017041101) over (2015052300+h+1) ... Setting up dns-root-data (2017041101) ... root@845s:~# systemctl -l -n0 status dnsmasq ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2017-06-06 10:46:39 EDT; 1h 3min ago Main PID: 8015 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─8015 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 root@845s:~# systemctl restart dnsmasq Job for dnsmasq.service failed because the control process exited with error code. See "systemctl status dnsmasq.service" and "journalctl -xe" for details. root@845s:~# systemctl -l -n0 status dnsmasq ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2017-06-06 11:50:09 EDT; 3s ago Process: 16380 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS) Process: 16416 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=1/FAILURE) Process: 16413 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS) Main PID: 8015 (code=exited, status=0/SUCCESS) root@845s:~# apt install dns-root-data/unstable Reading package lists... Done Building dependency tree Reading state information... Done Selected version '2017041102' (Debian:unstable [all]) for 'dns-root-data' The following packages will be upgraded: dns-root-data (2017041101 => 2017041102) 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 4,754 B of archives. After this operation, 1,024 B of additional disk space will be used. Get:1 http://ftp.us.debian.org/debian sid/main amd64 dns-root-data all 2017041102 [4,754 B] Fetched 4,754 B in 0s (26.6 kB/s) Reading changelogs... Done apt-listchanges: Changelogs --------------------------- dns-root-data (2017041102) unstable; urgency=high [ Robert Edmonds ] * Change DS creation to omit TTL and use spaces instead of tabs (Closes: #864016) -- Ondřej Surý <[email protected]> Tue, 06 Jun 2017 12:54:28 +0200 apt-listchanges: Do you want to continue? [Y/n] y (Reading database ... 51070 files and directories currently installed.) Preparing to unpack .../dns-root-data_2017041102_all.deb ... Unpacking dns-root-data (2017041102) over (2017041101) ... Setting up dns-root-data (2017041102) ... root@845s:~# systemctl restart dnsmasq root@845s:~# systemctl -l -n0 status dnsmasq ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2017-06-06 11:50:29 EDT; 3s ago Process: 16380 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS) Process: 16486 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS) Process: 16477 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS) Process: 16475 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS) Main PID: 16485 (dnsmasq) Tasks: 1 (limit: 4915) CGroup: /system.slice/dnsmasq.service └─16485 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d root@845s:~# -- Robert Edmonds [email protected]
