Package: hash-slinger Version: 2.5-1 Severity: normal Dear Maintainer,
I'm having difficulty getting the scripts to run with errors like:
$ tlsa www.fedoraproject.org
[1391984661] libunbound[18958:0] error: error opening file
/etc/unbound/root.key: No such file or directory
[1391984661] libunbound[18958:0] error: error reading trusted-keys-file:
/etc/unbound/root.key
[1391984661] libunbound[18958:0] error: validator: error in trustanchors config
[1391984661] libunbound[18958:0] error: validator: could not apply
configuration settings.
[1391984661] libunbound[18958:0] error: module init for module validator failed
Unable to resolve www.fedoraproject.org.: Unsuccesful lookup or no data
returned for rrtype 1.
[1391984661] libunbound[18958:0] error: error opening file
/etc/unbound/root.key: No such file or directory
[1391984661] libunbound[18958:0] error: error reading trusted-keys-file:
/etc/unbound/root.key
[1391984661] libunbound[18958:0] error: validator: error in trustanchors config
[1391984661] libunbound[18958:0] error: validator: could not apply
configuration settings.
[1391984661] libunbound[18958:0] error: module init for module validator failed
Unable to resolve www.fedoraproject.org.: Unsuccesful lookup or no data
returned for rrtype 28.
$ openpgpkey --verify p...@nohats.ca
/var/lib/unbound/root.anchor is not a file. Unable to use it as rootanchor
$ openpgpkey --rootanchor=/var/lib/unbound/root.key --verify p...@nohats.ca
[1391984798] libunbound[18970:0] error: error opening file
/var/lib/unbound/root.anchor: No such file or directory
[1391984798] libunbound[18970:0] error: error reading trust-anchor-file:
/var/lib/unbound/root.anchor
[1391984798] libunbound[18970:0] error: validator: error in trustanchors config
[1391984798] libunbound[18970:0] error: validator: could not apply
configuration settings.
[1391984798] libunbound[18970:0] error: module init for module validator failed
Unsuccesful lookup or no data returned for rrtype 65280.
Looks like the problem is with hard-coded paths.
tlsa has the following code:
ROOTKEY="/etc/unbound/root.key"
DLVKEY="/etc/unbound/dlv.isc.org.key"
CAFILE='/etc/pki/tls/certs/ca-bundle.crt'
openpgpkey has the following code:
parser.add_argument('--rootanchor', action='store',
default='/var/lib/unbound/root.anchor', help='Location of the unbound
compatible DNSSEC root.anchor (default: /var/lib/unbound/root.anchor)')
rootanchor = "/var/lib/unbound/root.anchor"
dlvkey = "/etc/unbound/dlv.isc.org.key"
These paths are incorrect and they're not obviously fixable (at least
not to me!):
* /var/lib/unbound/root.key
Generated by unbound postinst. Perhaps depend on package
unbound-anchor and execute unbound-anchor in the postinst of this
package?
* dlv.isc.org.key
I'm confused, I thought DLV was a temporary measure while DNSSEC
wasn't adopted by the root zones. Downloaded the file from
https://www.isc.org/downloads/bind/dlv/
* /etc/ssl/certs/ca-certificates.crt
Depend on ca-certificates package?
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages hash-slinger depends on:
ii libpython2.7-stdlib [python-argparse] 2.7.6-5
ii openssh-client 1:6.4p1-2
ii python 2.7.5-5
ii python-dnspython 1.11.1-1
ii python-gnupg 0.3.5-2
ii python-ipaddr 2.1.10-1
ii python-m2crypto 0.21.1-3
ii python-unbound 1.4.21-1
hash-slinger recommends no packages.
hash-slinger suggests no packages.
-- no debconf information
--
Gerald Turner Encrypted mail preferred!
0xEC942276FDB8716D CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
pgpkSd6E3ldSz.pgp
Description: PGP signature
