Bug 31264 - named-setup-rndc.service fails due to use of deprecated option
Summary: named-setup-rndc.service fails due to use of deprecated option
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-11 17:17 CET by Dave Hodgins
Modified: 2022-12-11 17:18 CET (History)
0 users

See Also:
Source RPM: bind-9.18.9-1.mga9
CVE:
Status comment:

Attachments
Patch to fix rndc key generation (477 bytes, patch)
2022-12-11 17:18 CET, Dave Hodgins 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Description Dave Hodgins 2022-12-11 17:17:22 CET 
# systemctl status named-setup-rndc.service
× named-setup-rndc.service - Generate rndc key for BIND (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named-setup-rndc.service; static)
     Active: failed (Result: exit-code) since Sun 2022-12-11 10:50:55 EST; 10min ago
   Main PID: 28467 (code=exited, status=1/FAILURE)
        CPU: 59ms

Dec 11 10:50:55 x9v.hodgins.homeip.net systemd[1]: Starting named-setup-rndc.service...
Dec 11 10:50:55 x9v.hodgins.homeip.net generate-rndc-key.sh[28467]: Generating /etc/rndc.key:[FAILED]
Dec 11 10:50:55 x9v.hodgins.homeip.net systemd[1]: named-setup-rndc.service: Main process exited, code=exited, status=1/FAILURE
Dec 11 10:50:55 x9v.hodgins.homeip.net systemd[1]: named-setup-rndc.service: Failed with result 'exit-code'.
Dec 11 10:50:55 x9v.hodgins.homeip.net systemd[1]: Failed to start named-setup-rndc.service.

The script runs
/usr/sbin/rndc-confgen -a -A hmac-sha256 -r /dev/urandom > /dev/null 2>&1
which fails.

Running it without the redirection ...
# /usr/sbin/rndc-confgen -a -A hmac-sha256 -r /dev/urandom
rndc-confgen: The -r option has been deprecated.

Running it without the "-r /dev/urandom" ...
# /usr/sbin/rndc-confgen -a -A hmac-sha256
wrote key file "/etc/rndc.key"

After removing "-r /dev/urandom" from /usr/libexec/generate-rndc-key.sh
and deleting the manually created /etc/rndc.key ...

[root@x9v libexec]# systemctl start named-setup-rndc.service
[root@x9v libexec]# systemctl status named-setup-rndc.service
○ named-setup-rndc.service - Generate rndc key for BIND (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named-setup-rndc.service; static)
     Active: inactive (dead)

Dec 11 11:07:04 x9v.hodgins.homeip.net systemd[1]: Starting named-setup-rndc.service...
Dec 11 11:07:04 x9v.hodgins.homeip.net systemd[1]: named-setup-rndc.service: Deactivated successfully.
Dec 11 11:07:04 x9v.hodgins.homeip.net systemd[1]: Finished named-setup-rndc.service.
Dec 11 11:08:48 x9v.hodgins.homeip.net systemd[1]: Starting named-setup-rndc.service...
Dec 11 11:08:48 x9v.hodgins.homeip.net systemd[1]: named-setup-rndc.service: Deactivated successfully.
Dec 11 11:08:48 x9v.hodgins.homeip.net systemd[1]: Finished named-setup-rndc.service.
Dec 11 11:12:02 x9v.hodgins.homeip.net systemd[1]: Starting named-setup-rndc.service...
Dec 11 11:12:02 x9v.hodgins.homeip.net generate-rndc-key.sh[69725]: Generating /etc/rndc.key:[  OK  ]
Dec 11 11:12:02 x9v.hodgins.homeip.net systemd[1]: named-setup-rndc.service: Deactivated successfully.
Dec 11 11:12:02 x9v.hodgins.homeip.net systemd[1]: Finished named-setup-rndc.service.
Comment 1 Dave Hodgins 2022-12-11 17:18:07 CET 
Created attachment 13563 [details]
Patch to fix rndc key generation
Note You need to log in before you can comment on or make changes to this bug.