Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#65690 - [dnscrypt-proxy] Service fails after re-build for Go

Attached to Project: Community Packages
Opened by physkets (physkets) - Tuesday, 03 March 2020, 04:06 GMT
Last edited by David Runge (dvzrv) - Friday, 06 March 2020, 20:21 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To David Runge (dvzrv)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

After installing the the most recent version, the service no longer starts. The journal shows the following messages:

dnscrypt-proxy.service: Main process exited, code=dumped, status=31/SYS
dnscrypt-proxy.service: Failed with result 'core-dump'.

Additional info:
* version: 2.0.39-2
* attaching strace output
   dnscrypt-proxy.log (26.8 KiB)
This task depends upon

Closed by  David Runge (dvzrv)
Friday, 06 March 2020, 20:21 GMT
Reason for closing:  Not a bug
Comment by David Runge (dvzrv) - Thursday, 05 March 2020, 07:28 GMT
@physkets: Thanks for the report.

Sorry, but I can't reproduce this. I'm currently successfully running dnscrypt-proxy 2.0.39-2 on linux-hardened 5.4.23.a-1 as a socket activated service, which is used as a forward-addr in a forward-zone of unbound.

Please make sure, that your configuration is correct: `dnscrypt-proxy -check -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml`

Also, please provide more information about your system and how you are running dnscrypt-proxy.
Comment by physkets (physkets) - Friday, 06 March 2020, 15:44 GMT
I tried it on two different machines and with 3 different kernels: 5.5.8-1-ck-skylake, 5.5.7-zen1-1-zen, and the plain kernel.

I'm running dnscrypt as a service, along with the Sandboxing described in: https://wiki.archlinux.org/index.php/Dnscrypt-proxy#Sandboxing

I then set the network connection to use 127.0.0.1 and ::1 as DNS.

This setup has worked for me for a while now. I am also attaching my config file.
   dnscrypt-proxy.toml (20.3 KiB)
Comment by David Runge (dvzrv) - Friday, 06 March 2020, 20:20 GMT
Please use the service file, that is shipped with the package instead (I can add some of the hardening options, although most of them are already implicitely activated).

For the record: Remove `@ipc` from the `SystemCallFilter` and it will work. I added the options mentions on the wiki and tested around a bit by removing a bunch of the options until it worked again.

Also: Please make sure to debug this yourself before writing a ticket (as this is about a custom set of configuration options).

Loading...