Revert unbound to 18.7.7 - not possible?

[chemlud]

Hi Franco!

Many thanks for reply!

# opnsense-code ports tools

...downloaded a gazillion of bytes.

# cd /usr/ports/net/unbound

...finds no directory named unbound. I checked manually (ls- l) in /usr/ports/net, there are some hundred directories, none is named unbound or related. Strange!

[franco]

Sorry I tested and corrected it but forgot to change the notes before pasting :/

net -> dns

[chemlud]

That helped ;-)

... but only half way:

Code Select Expand

root@OPN0119:/usr/ports/dns/unbound # make package deinstall install
===>   unbound-1.8.1 depends on package: autoconf>=2.69 - not found
===>   autoconf-2.69_1 depends on executable: gm4 - not found
===>   m4-1.4.18,1 depends on executable: makeinfo - not found
===>  License GPLv3+ accepted by the user
===>   texinfo-6.5,1 depends on file: /usr/local/sbin/pkg - found
=> htmlxref.cnf doesn't seem to exist in /usr/ports/distfiles/texinfo/6.5.
=> Attempting to fetch http://distcache.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf
fetch: http://distcache.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf: size mismatch: expected 20137,6
=> Attempting to fetch http://distcache.us-east.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf
fetch: http://distcache.us-east.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf: size mismatch: expecte6
=> Attempting to fetch http://distcache.eu.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf
fetch: http://distcache.eu.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf: size mismatch: expected 2016
=> Attempting to fetch http://distcache.us-west.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf
fetch: http://distcache.us-west.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf: size mismatch: expecte6
=> Attempting to fetch http://distcache.FreeBSD.org/ports-distfiles/texinfo/6.5/htmlxref.cnf
fetch: http://distcache.FreeBSD.org/ports-distfiles/texinfo/6.5/htmlxref.cnf: size mismatch: expected 20137, actual 6
=> Couldn't fetch it - please try to retrieve this
=> port manually into /usr/ports/distfiles/texinfo/6.5 and try again.
*** Error code 1

Stop.
make[3]: stopped in /usr/ports/print/texinfo
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/devel/m4
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/devel/autoconf
*** Error code 1

Stop.
make: stopped in /usr/ports/dns/unbound

[franco]

# pkg install -A gmake automake pkgconf

And try again....

[chemlud]

...now we have:

Code Select Expand

root@OPN0119:/usr/ports/dns/unbound # make package deinstall install
===>   unbound-1.8.1 depends on package: autoconf>=2.69 - found
===>   unbound-1.8.1 depends on package: automake>=1.16.1 - found
===>   unbound-1.8.1 depends on executable: libtoolize - not found
===>  License GPLv2 accepted by the user
===>   libtool-2.4.6 depends on file: /usr/local/sbin/pkg - found
=> libtool-2.4.6.tar.xz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch https://ftpmirror.gnu.org/libtool/libtool-2.4.6.tar.xz
libtool-2.4.6.tar.xz                          100% of  950 kB 3227 kBps 00m00s
===> Fetching all distfiles required by libtool-2.4.6 for building
===>  Extracting for libtool-2.4.6
=> SHA256 Checksum OK for libtool-2.4.6.tar.xz.
===>  Patching for libtool-2.4.6
===>   libtool-2.4.6 depends on executable: gm4 - found
===>   libtool-2.4.6 depends on executable: gmake - found
===>   libtool-2.4.6 depends on executable: makeinfo - not found
===>  License GPLv3+ accepted by the user
===>   texinfo-6.5,1 depends on file: /usr/local/sbin/pkg - found
=> htmlxref.cnf doesn't seem to exist in /usr/ports/distfiles/texinfo/6.5.
=> Attempting to fetch http://distcache.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf
fetch: http://distcache.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf: size mismatch: expected 20137,6
=> Attempting to fetch http://distcache.us-east.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf
fetch: http://distcache.us-east.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf: size mismatch: expecte6
=> Attempting to fetch http://distcache.eu.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf
fetch: http://distcache.eu.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf: size mismatch: expected 2016
=> Attempting to fetch http://distcache.us-west.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf
fetch: http://distcache.us-west.FreeBSD.org/local-distfiles/sunpoet/texinfo/6.5/htmlxref.cnf: size mismatch: expecte6
=> Attempting to fetch http://distcache.FreeBSD.org/ports-distfiles/texinfo/6.5/htmlxref.cnf
fetch: http://distcache.FreeBSD.org/ports-distfiles/texinfo/6.5/htmlxref.cnf: size mismatch: expected 20137, actual 6
=> Couldn't fetch it - please try to retrieve this
=> port manually into /usr/ports/distfiles/texinfo/6.5 and try again.
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/print/texinfo
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/devel/libtool
*** Error code 1

Stop.
make: stopped in /usr/ports/dns/unbound

...still sumfink missing

[franco]

# pkg install -A libtool

8)

[chemlud]

That worked well, but now the console doesn'T stop throwing text lines for minutes now. Is it making the WHOLE sense? I thought it was just unbound I ordered... :-D


PS: some minutes later...

Code Select Expand

root@OPN0119:/usr/ports/dns/unbound # make package deinstall install

***skipped some million lines of text outpt here...***

ln -sf "tls_init.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_new.3"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_add_keypair_"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_add_keypair_"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_add_keypair_"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_add_keypair_"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_clear_keys.3"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_ca_file."
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_ca_mem.3"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_ca_path."
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_cert_fil"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_cert_mem"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_crl_file"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_crl_mem."
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_key_file"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_key_mem."
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_keypair_"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_keypair_"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_keypair_"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_keypair_"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_ocsp_sta"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_ocsp_sta"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_set_verify_d"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_verify_clien"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_config_verify_clien"
ln -sf "tls_load_file.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_unload_file.3"
ln -sf "tls_ocsp_process_response.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_peer_oc"
ln -sf "tls_ocsp_process_response.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_peer_oc"
ln -sf "tls_ocsp_process_response.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_peer_oc"
ln -sf "tls_ocsp_process_response.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_peer_oc"
ln -sf "tls_ocsp_process_response.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_peer_oc"
ln -sf "tls_ocsp_process_response.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_peer_oc"
ln -sf "tls_ocsp_process_response.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_peer_oc"
ln -sf "tls_ocsp_process_response.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_peer_oc"
ln -sf "tls_read.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_close.3"
ln -sf "tls_read.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_error.3"
ln -sf "tls_read.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_handshake.3"
ln -sf "tls_read.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_reset.3"
ln -sf "tls_read.3" "/usr/obj/usr/ports/security/libressl/work/stage/usr/local/man/man3/tls_write.3"
/bin/mkdir -p '/usr/obj/usr/ports/security/libressl/work/stage/usr/local/libdata/pkgconfig'
install  -m 0644 libcrypto.pc libssl.pc libtls.pc openssl.pc '/usr/obj/usr/ports/security/libressl/work/stage/usr/l'
/bin/rm -f -r /usr/obj/usr/ports/security/libressl/work/stage//usr/local/etc/ssl/cert.pem
====> Compressing man pages (compress-man)
===>  Installing for libressl-2.7.4
===>  Checking if libressl already installed
===>   libressl-2.7.4 is already installed
      You may wish to ``make deinstall'' and install this port again
      by ``make reinstall'' to upgrade it properly.
      If you really wish to overwrite the old port of libressl
      without deleting it first, set the variable "FORCE_PKG_REGISTER"
      in your environment or the "make install" command line.
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/security/libressl
*** Error code 1

Stop.
make: stopped in /usr/ports/dns/unbound



[franco]

Frustrating, kinda like every other day behind the scenes for us.  8)

I'll build an old version for you in a bit.

For now try the newly released 1.9.1:

# pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/libressl/All/unbound-1.9.1.txz


Cheers,
Franco

[chemlud]

1.9.1 installed, on reboot:

Code Select Expand

Mar 19 09:34:27 opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.11.1 ::)
Mar 19 09:34:27 kernel: em4: permanently promiscuous mode enabled
Mar 19 09:34:27 kernel: em3: link state changed to DOWN
Mar 19 09:34:27 kernel: em3: permanently promiscuous mode enabled
Mar 19 09:34:08 kernel: pid 38636 (unbound), uid 59: exited on signal 11
Mar 19 09:34:07 kernel: OK
Mar 19 09:34:06 kernel: OK
Mar 19 09:33:13 opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv6 default route
Mar 19 09:33:13 opnsense: /usr/local/etc/rc.newwanip: ROUTING: keeping current default gateway '192.168.199.1'

...and after manual restart:

Code Select Expand

Mar 19 09:36:52 kernel: -> pid: 5881 ppid: 1 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
Mar 19 09:36:52 kernel: [HBSD SEGVGUARD] [unbound (5881)] Suspension expired.
Mar 19 09:36:52 kernel: pid 5881 (unbound), uid 59: exited on signal 11
Mar 19 09:35:37 kernel: pid 6235 (unbound), uid 59: exited on signal 11


I disabled DNSsec for the moment to see, if it makes a difference...

[chemlud]

...same difference, w/o DNSsec reboot came back fine, but trying to update the only client in LAN kills off unbound after some seconds.

[franco]

Sorry, busy week. Here's your 1.8.1 on LibreSSL 2.8.3:

# pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/unbound-1.8.1.txz

[chemlud]

...installed and rebooted. Stable for the moment...

Many thanks! Any way to store this unbound 1.8.1 locally and install via console, in case I decide to update my production systems? :-)

PS: Stored a copy on my computer (wget....) and on the opnsense (fetch). But how to install it from my computer on another opnsense? Do I need to setup a webserver on my computer? No idea how to mount an USB-stick on my sense by hand...

[franco]

You can install the file via any HTTP server or locally on the box, "pkg add -f location/to/package.txz" will do the trick...


Cheers,
Franco

[chemlud]

...yeah, would have to setup a http server locally or learn how to mount an USB-stick on my sense install ;-)

Many thanks again, 1.8.1 is stable on 19.1.4 up to now.

Will a package lock of unbound 1.8.1 on 19.1.1 install survive an update to 19.1.4?

Or is unbound 1.8.1 available on 19.1.1 not functional on 19.1.4?

[franco]

Lock the unbound package, it'll likely keep working until it's time to upgrade to 19.7.


Cheers,
Franco