[ISSUE] Unbound cannot (re)start after update

[ISSUE] Unbound cannot (re)start after update

[Anachron]

[-- Attachment #1: Type: text/plain, Size: 944 bytes --]

New issue by Anachron on void-packages repository

https://github.com/void-linux/void-packages/issues/38080

Description:
### Is this a new report?

Yes

### System Info

Void 5.15.36_1 x86_64 GenuineIntel/VM uptodate rFFFF

### Package(s) Affected

unbound-1.16.1_1

### Does a report exist for this bug with the project's home (upstream) and/or another distro?

No.

### Expected behaviour

Service for unbound starts

### Actual behaviour

Doesn't start, errors out with:

```
[1657871853] unbound[1576:0] notice: Start of unbound 1.16.1.
[1657871854] unbound[1576:0] debug: chdir to /etc/unbound
[1657871854] unbound[1576:0] debug: drop user privileges, run as _unbound
[1657871854] unbound[1576:0] debug: switching log to /var/log/unbound/unbound.log
```

Because https://github.com/void-linux/void-packages/blob/master/srcpkgs/unbound/files/unbound/run doesn't switch user.

### Steps to reproduce

1. Update
2. Restart unbound

Re: Unbound cannot (re)start after update

[Anachron]

[-- Attachment #1: Type: text/plain, Size: 773 bytes --]

New comment by Anachron on void-packages repository

https://github.com/void-linux/void-packages/issues/38080#issuecomment-1185288473

Comment:
On another note, switching the user doesn't work as port is `53` ...

`exec chpst -u _unbound unbound -dp`

```
[1657872257] unbound[2508:0] warning: setrlimit: Operation not permitted
[1657872257] unbound[2508:0] warning: cannot increase max open fds from 1024 to 4152
[1657872257] unbound[2508:0] warning: continuing with less udp ports: 972
[1657872257] unbound[2508:0] warning: increase ulimit or decrease threads, ports in config to remove this warning
[1657872257] unbound[2508:0] error: can't bind socket: Permission denied for 0.0.0.0 port 53
[1657872257] unbound[2508:0] fatal error: could not open ports
```

Re: Unbound cannot (re)start after update

[Anachron]

[-- Attachment #1: Type: text/plain, Size: 773 bytes --]

New comment by Anachron on void-packages repository

https://github.com/void-linux/void-packages/issues/38080#issuecomment-1185288473

Comment:
On another note, switching the user doesn't work as port is `53` ...

`exec chpst -u _unbound unbound -dp`

```
[1657872257] unbound[2508:0] warning: setrlimit: Operation not permitted
[1657872257] unbound[2508:0] warning: cannot increase max open fds from 1024 to 4152
[1657872257] unbound[2508:0] warning: continuing with less udp ports: 972
[1657872257] unbound[2508:0] warning: increase ulimit or decrease threads, ports in config to remove this warning
[1657872257] unbound[2508:0] error: can't bind socket: Permission denied for 0.0.0.0 port 53
[1657872257] unbound[2508:0] fatal error: could not open ports
```

Re: Unbound cannot (re)start after update

[paper42]

[-- Attachment #1: Type: text/plain, Size: 291 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/issues/38080#issuecomment-1185290802

Comment:
I can not reproduce this issue. Unbound should run as root, it binds the port and then changes its user to _unbound. Could you run unbound with -v?

Re: Unbound cannot (re)start after update

[Anachron]

[-- Attachment #1: Type: text/plain, Size: 736 bytes --]

New comment by Anachron on void-packages repository

https://github.com/void-linux/void-packages/issues/38080#issuecomment-1185290974

Comment:
From `/var/log/unbound/unbound.log`:

```
[1657872460] unbound[2829:0] notice: init module 0: validator
[1657872460] unbound[2829:0] error: failed to read /etc/unbound/root.key
[1657872460] unbound[2829:0] error: error reading auto-trust-anchor-file: /etc/unbound/root.key
[1657872460] unbound[2829:0] error: validator: error in trustanchors config
[1657872460] unbound[2829:0] error: validator: could not apply configuration settings.
[1657872460] unbound[2829:0] error: module init for module validator failed
[1657872460] unbound[2829:0] fatal error: failed to setup modules
```

Re: Unbound cannot (re)start after update

[Anachron]

[-- Attachment #1: Type: text/plain, Size: 351 bytes --]

New comment by Anachron on void-packages repository

https://github.com/void-linux/void-packages/issues/38080#issuecomment-1185296788

Comment:
Closing.

Something emptied the file in `/etc/unbound/root.key` which stopped unbound from working.
Ran `unbound-anchor` and moved it to the appropiate place `mv /etc/dns/root.key /etc/unbound/root.key`.

Re: [ISSUE] [CLOSED] Unbound cannot (re)start after update

[Anachron]

[-- Attachment #1: Type: text/plain, Size: 947 bytes --]

Closed issue by Anachron on void-packages repository

https://github.com/void-linux/void-packages/issues/38080

Description:
### Is this a new report?

Yes

### System Info

Void 5.15.36_1 x86_64 GenuineIntel/VM uptodate rFFFF

### Package(s) Affected

unbound-1.16.1_1

### Does a report exist for this bug with the project's home (upstream) and/or another distro?

No.

### Expected behaviour

Service for unbound starts

### Actual behaviour

Doesn't start, errors out with:

```
[1657871853] unbound[1576:0] notice: Start of unbound 1.16.1.
[1657871854] unbound[1576:0] debug: chdir to /etc/unbound
[1657871854] unbound[1576:0] debug: drop user privileges, run as _unbound
[1657871854] unbound[1576:0] debug: switching log to /var/log/unbound/unbound.log
```

Because https://github.com/void-linux/void-packages/blob/master/srcpkgs/unbound/files/unbound/run doesn't switch user.

### Steps to reproduce

1. Update
2. Restart unbound