Bug#1003983: opendkim cannot initialize resolver in dkim_dns_init() (libunbound, libnettle, ...?)

[Robert Siemer]

Package: opendkim
Version: 2.11.0~beta2-6
Severity: important
X-Debbugs-Cc: Robert.Siem...@backsla.sh

Opendkim does not run.

# opendkim -f
[1642532480] libunbound[837:0] error: nettle random(yarrow) cannot initialize, getentropy failed: Function not implemented
opendkim: can't configure DKIM library: failed to initialize resolver

I even recompiled from source deb, both opendkim and libunbound.
An ltrace showed that dkim_dns_init() fails with -1, and that
one calls ub_ctx_create() which returns 0 but provokes the
first line to be printed. The second line is the reason printed
when dkim_dns_init() fails.

# opendkim -n
#

Fyi: this works, but -n only checks the config file.


-- System Information:
Debian Release: bookworm/sid
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages opendkim depends on:
ii adduser 3.118
ii dns-root-data 2021011101
ii init-system-helpers 1.61
ii libbsd0 0.11.3-1
ii libc6 2.33-2
ii libdb5.3 5.3.28+dfsg1-0.8
ii libldap-2.4-2 2.4.59+dfsg-1
ii liblua5.3-0 5.3.6-1
ii libmemcached11 1.0.18-4.2
ii libmilter1.0.1 8.16.1-2
ii libopendbx1 1.4.6-16
ii libopendkim11 2.11.0~beta2-6
ii librbl1 2.11.0~beta2-6
ii libssl1.1 1.1.1m-1
ii libunbound8 1.13.1-1
ii libvbr2 2.11.0~beta2-6
ii lsb-base 11.1.0

Versions of packages opendkim recommends:
ii opendkim-tools 2.11.0~beta2-6

opendkim suggests no packages.

-- Configuration Files:
/etc/dkimkeys/README.PrivateKeys [Errno 13] Permission denied: '/etc/dkimkeys/README.PrivateKeys'
/etc/opendkim.conf changed:
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
OversignHeaders From
SigningTable csl:*=submission
KeyTable csl:submission=backsla.sh:submission:/etc/dkimkeys/submission.private
UserID opendkim
UMask 007
Socket local:/var/spool/postfix/opendkim/opendkim.sock
PidFile /run/opendkim/opendkim.pid
TrustAnchorFile /usr/share/dns/root.key


-- no debconf information

[David Bürgin]

Robert Siemer:

> Opendkim does not run.
>
> # opendkim -f
> [1642532480] libunbound[837:0] error: nettle random(yarrow) cannot initialize, getentropy failed: Function not implemented
> opendkim: can't configure DKIM library: failed to initialize resolver
>
> I even recompiled from source deb, both opendkim and libunbound.
> An ltrace showed that dkim_dns_init() fails with -1, and that
> one calls ub_ctx_create() which returns 0 but provokes the
> first line to be printed. The second line is the reason printed
> when dkim_dns_init() fails.

opendkim uses libunbound by default. The error is from libunbound,
perhaps try building opendkim without libunbound and see what happens?

https://salsa.debian.org/debian/opendkim/-/blob/debian/2.11.0_beta2-6/debian/rules#L10-14

[Robert Siemer]

Without libunbound it works. – Problem solved? :-o

[David Bürgin]

Robert Siemer:

> Without libunbound it works. – Problem solved? :-o

You decide. Well, I don’t think there’s much we can do in opendkim.

You could ask the unbound maintainers. It might be expected behaviour on
some unusual OS’es …? But I don’t know.