2.25 Core 141 Testing

Hi,

A first quick test does not reveal anything noticeable. Thanks.

1 Like

What happened to build 140?

Why is there a version number increase? I thought this will just happen with a kernel update?

Some users has a bunch of old libs leftover from various updates.
So core140 ships only a filesystem cleanup script and run it.

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=69c529972aec2641f9f689915c0a29f84d457002

The version was updated because some addons are now build and linked against the new libs so you cannot install it on the old versions without the actual core system.

btw: the kernel was not updated yet. This will follow with core142…

1 Like

AH OK makes sence. Thx.

…a thing just came up on dns over tls:

If I enter the DNS servers for Digitalcourage and LWL including TLS Hostname, dns is broken.

If I use the ones for Cloudflare and Digitalcourage it works.

btw it would be nice if tls hostnames can be to find here: https://wiki.ipfire.org/dns/public-servers

unfortunately the editing is very creepy so that I do not really dare to do it.

You can find in here --> https://dnsprivacy.org/wiki/ some DoT servers. Am using currently only the ones from the testing section --> https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers which more or less works. Which does not work at this time are OpenNIC, Iana, BlahDNS (jp), Secure DNS Project by PumpleX , ibksturm.synology.me from 19 configured servers (which are not all from there).

Best,

Erik

Hi

I think I just detected a problem, version 139 updated to 141 (I am tested it on a FriendlyARM R1) and the problem is that Clamav’s service is not UP:

imagen

I have erased the Clamav database since it gave me an error:

|08:53:58|freshclam[9196]: |Stderr output from database load : WARNING: [LibClamAV] mpool_malloc(): Can't al locate memory (262144 bytes). [...] ERROR: Failed to load new database: Malforme d database|
|---|---|---|
|08:53:58|freshclam[9196]: |Database load exited with "Test failed" (8)|

Now it seems correct but it gives the following error:

|09:21:17|clamd[4569]: |daemonize() failed: Cannot allocate memory|
|---|---|---|
|09:21:17|clamd[4569]: |Socket file removed.|

What could it be?

Regards

Clamav needs too much ram. On smaller machines without swap it may not work.

Hi all,

have also found this one
“Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file.”
in here --> https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html . The “Malformed database” message sounds a little like this ? A patch is meanwhile on the way --> https://patchwork.ipfire.org/patch/2764/ but am not sure if this is the problem at all.

Best,

Erik

To @arne_f

Memory resources:

To @ummeegge

Sorry, I don´t now how apply patch.

Thanks.

After a few hours of running 141 I noticed all my internal DNS names were not working and everything was going out to the internet on my secondary DNS entry… A look at /var/log/messages showed:

Feb  7 23:04:56 ipfire dhcp[25418]: Could not run unbound-control local_data thanos.mattsnoby.com 60 IN A 10.0.0.155, error code: 1:
Feb  7 23:04:56 ipfire dhcp[25418]: Could not run unbound-control local_data thanos.mattsnoby.com 60 IN A 10.0.0.202, error code: 1:
Feb  7 23:04:56 ipfire dhcp[25418]: Could not run unbound-control local_data heavy.mattsnoby.com 60 IN A 10.0.0.131, error code: 1:
Feb  7 23:04:56 ipfire dhcp[25418]: Could not run unbound-control local_data batman.mattsnoby.com 60 IN A 10.0.0.193, error code: 1:

I went into unbound.conf and turned the verbosity up and ran unboundctl restart. ( it had not been running).

Hi Roberto,

this is a update to version 0.102.2 which needs to be compiled. Have pulled origin/next but this update is not part of Core 141 and currently also not in origin/next but i think it will be in the next days.

Best,

Erik

Is there anything in the logs why unbound is not running?

1 Like

Looking at the log after the restart of the update and I see

`   Feb  6 11:31:32 ipfire unbound: [1531:0] fatal error: Could not read config file: /etc/unbound/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf`

It never tried again. Keep in mind I’m running this on a really fast core i7 machine… It could be some race condition happened at startup. I can 1:1 the /var/log/messages file

Feb  6 11:31:24 ipfire kernel: r8169 0000:02:00.0 green0: link up
Feb  6 11:31:25 ipfire dhcpcd[1668]: red0: carrier acquired
Feb  6 11:31:25 ipfire kernel: e1000e: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Feb  6 11:31:25 ipfire dhcpcd[1668]: DUID 00:04:41:c7:8b:24:42:a6:11:df:83:67:f9:bc:67:86:b4:41
Feb  6 11:31:25 ipfire dhcpcd[1668]: red0: IAID 21:ad:7a:dc
Feb  6 11:31:25 ipfire dhcpcd[1668]: red0: adding address fe80::21b:21ff:fead:7adc
Feb  6 11:31:25 ipfire dhcpcd[1668]: ipv6_addaddr1: Permission denied
Feb  6 11:31:25 ipfire dhcpcd[1668]: red0: soliciting an IPv6 router
Feb  6 11:31:26 ipfire dhcpcd[1668]: red0: soliciting a DHCP lease
Feb  6 11:31:26 ipfire dhcpcd[1668]: red0: offered 24.99.70.100 from 76.96.22.210
Feb  6 11:31:26 ipfire dhcpcd[1668]: red0: probing address 24.99.70.100/23
Feb  6 11:31:31 ipfire dhcpcd[1668]: red0: leased 24.99.70.100 for 251656 seconds
Feb  6 11:31:31 ipfire dhcpcd[1668]: red0: adding route to 24.99.70.0/23
Feb  6 11:31:31 ipfire dhcpcd[1668]: red0: adding default route via 24.99.70.1
Feb  6 11:31:31 ipfire dhcpcd.exe[1706]: red0 has been (re)configured with IP=24.99.70.100
Feb  6 11:31:31 ipfire unbound: [1531:4] info: generate keytag query _ta-4a5c-4f66. NULL IN
Feb  6 11:31:32 ipfire unbound: [1531:0] info: service stopped (unbound 1.9.6).
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 1: 4 queries, 3 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: average recursion processing time 0.002132 sec
Feb  6 11:31:32 ipfire unbound: [1531:0] info: histogram of recursion processing times
Feb  6 11:31:32 ipfire unbound: [1531:0] info: [25%]=0 median[50%]=0 [75%]=0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: lower(secs) upper(secs) recursions
Feb  6 11:31:32 ipfire unbound: [1531:0] info:    0.002048    0.004096 1
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 2: 2 queries, 0 answers from cache, 2 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: average recursion processing time 0.002055 sec
Feb  6 11:31:32 ipfire unbound: [1531:0] info: histogram of recursion processing times
Feb  6 11:31:32 ipfire unbound: [1531:0] info: [25%]=0 median[50%]=0 [75%]=0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: lower(secs) upper(secs) recursions
Feb  6 11:31:32 ipfire unbound: [1531:0] info:    0.001024    0.002048 1
Feb  6 11:31:32 ipfire unbound: [1531:0] info:    0.002048    0.004096 1
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 3: 2 queries, 1 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: average recursion processing time 0.002208 sec
Feb  6 11:31:32 ipfire unbound: [1531:0] info: histogram of recursion processing times
Feb  6 11:31:32 ipfire unbound: [1531:0] info: [25%]=0 median[50%]=0 [75%]=0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: lower(secs) upper(secs) recursions
Feb  6 11:31:32 ipfire unbound: [1531:0] info:    0.002048    0.004096 1
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 4: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 4: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 5: 4 queries, 1 answers from cache, 3 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 5: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: average recursion processing time 0.002158 sec
Feb  6 11:31:32 ipfire unbound: [1531:0] info: histogram of recursion processing times
Feb  6 11:31:32 ipfire unbound: [1531:0] info: [25%]=0 median[50%]=0 [75%]=0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: lower(secs) upper(secs) recursions
Feb  6 11:31:32 ipfire unbound: [1531:0] info:    0.002048    0.004096 3
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 6: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 6: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 7: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb  6 11:31:32 ipfire unbound: [1531:0] info: server stats for thread 7: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: average recursion processing time 0.002036 sec
Feb  6 11:31:32 ipfire unbound: [1531:0] info: histogram of recursion processing times
Feb  6 11:31:32 ipfire unbound: [1531:0] info: [25%]=0 median[50%]=0 [75%]=0
Feb  6 11:31:32 ipfire unbound: [1531:0] info: lower(secs) upper(secs) recursions
Feb  6 11:31:32 ipfire unbound: [1531:0] info:    0.001024    0.002048 1
Feb  6 11:31:32 ipfire unbound: [1531:0] notice: Restart of unbound 1.9.6.
Feb  6 11:31:32 ipfire unbound: [1531:0] fatal error: Could not read config file: /etc/unbound/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf
Feb  6 11:32:04 ipfire kernel: HTB: quantum of class 10001 is big. Consider r2q change.
Feb  6 11:32:04 ipfire kernel: HTB: quantum of class 10102 is big. Consider r2q change.
Feb  6 11:32:04 ipfire kernel: HTB: quantum of class 10110 is small. Consider r2q change.
Feb  6 11:32:04 ipfire kernel: HTB: quantum of class 10120 is small. Consider r2q change.
Feb  6 11:32:04 ipfire kernel: u32 classifier

i also saw this in the log

Feb  6 11:32:13 ipfire Profile was not sent propertly: [Errno -2] Name or service not known

Let me know how else I can help

Check /etc/unbound/unbound.conf !
https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=config/unbound/unbound.conf;h=24822ee67a59bd3247a7fd7693a1eb38b33db7ef;hb=57b17167eb6cdbc35bdcf7f6614f00d8ac50fdd1

If this is correct check the user includes: /etc/unbound/local.d/*.conf
have you added other settings that may inkompatible with the new version?

diff of git version verse running version

[root@ipfire ~]# vim unbound_git_version
[root@ipfire ~]# diff -Nau unbound_git_version /etc/unbound/unbound.conf

Nothing in the local directory either

[root@ipfire ~]# cd /etc/unbound/local.d/
[root@ipfire local.d]# ls
[root@ipfire local.d]#

I did a reboot and unbound came up correctly, I did notice this in the bootlog…
however

[   11.551396] e1000e 0000:03:00.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
[   11.603811] e1000e 0000:03:00.0 0000:03:00.0 (uninitialized): registered PHC clock
[   11.663796] e1000e 0000:03:00.0 eth1: (PCI Express:2.5GT/s:Width x1) 00:1b:21:ad:7e:f7
[   11.663798] e1000e 0000:03:00.0 eth1: Intel(R) PRO/1000 Network Connection
[   11.663810] e1000e 0000:03:00.0 eth1: MAC: 3, PHY: 8, PBA No: E46981-005
[   11.663970] e1000e 0000:04:00.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
[   11.717088] e1000e 0000:04:00.0 0000:04:00.0 (uninitialized): registered PHC clock
[   11.776077] e1000e 0000:04:00.0 eth2: (PCI Express:2.5GT/s:Width x1) 00:1b:21:ad:7a:dc
[   11.776078] e1000e 0000:04:00.0 eth2: Intel(R) PRO/1000 Network Connection
[   11.776090] e1000e 0000:04:00.0 eth2: MAC: 3, PHY: 8, PBA No: E46981-005
[   11.845089] snd_hda_intel 0000:01:00.1: Disabling MSI
[   11.845095] snd_hda_intel 0000:01:00.1: Handle vga_switcheroo audio client
[   11.869200] kvm: disabled by bios
[   11.909045] kvm: disabled by bios
[   11.969397] kvm: disabled by bios
[   12.035633] kvm: disabled by bios
[   12.085665] kvm: disabled by bios
[   12.125876] kvm: disabled by bios
[   12.172271] kvm: disabled by bios
[   12.212235] kvm: disabled by bios
[   12.334754] irq 17: nobody cared (try booting with the "irqpoll" option)
[   12.334756] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 4.14.154-ipfire #1
[   12.334756] Hardware name: Hewlett-Packard HP Elite 7000 Microtower PC/2A90h, BIOS 5.09 11/05/2009
[   12.334757] Call Trace:
[   12.334759]  <IRQ>
[   12.334763]  dump_stack+0x66/0x88
[   12.334766]  __report_bad_irq+0x37/0xae
[   12.334768]  note_interrupt.cold.7+0xa/0x69
[   12.334769]  handle_irq_event_percpu+0x6a/0x80
[   12.334770]  handle_irq_event+0x27/0x44
[   12.334772]  handle_fasteoi_irq+0x86/0x130
[   12.334774]  handle_irq+0x1c/0x30
[   12.334775]  do_IRQ+0x49/0xe0
[   12.334778]  common_interrupt+0x85/0x85
[   12.334778]  </IRQ>
[   12.334781] RIP: 0010:cpuidle_enter_state+0xb6/0x2d0
[   12.334782] RSP: 0018:ffffb1488008beb8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff3e
[   12.334783] RAX: ffff98897fd21100 RBX: 00000002df35608c RCX: 000000000000001f
[   12.334784] RDX: 00000002df35608c RSI: fffffffb70c852b5 RDI: 0000000000000000
[   12.334784] RBP: ffff98897fd28f00 R08: 0000000000000004 R09: 0000000000020940
[   12.334785] R10: 0000000000000004 R11: ffff98897fd20004 R12: 0000000000000001
[   12.334785] R13: ffffffff888a3758 R14: 00000002df35588e R15: 0000000000000000
[   12.334787]  ? cpuidle_enter_state+0x94/0x2d0
[   12.334788]  do_idle+0x1a6/0x1d0
[   12.334789]  cpu_startup_entry+0x6f/0x80
[   12.334792]  start_secondary+0x1ae/0x200
[   12.334793]  secondary_startup_64+0xa5/0xb0
[   12.334794] handlers:
[   12.334801] [<ffffffffc04732b0>] azx_interrupt [snd_hda_codec]
[   12.334802] Disabling IRQ #17
[   13.684317] Adding 1048572k swap on /dev/sda2.  Priority:1 extents:1 across:1048572k 

looks like a bios/efi/firmware problem. It is early in the bootprocess (this parts of IPFire are not changed in core141)

I think this is the built in sound card… not a big deal.

Update 141 looks fine from here, but i haven’t tested the “safe search over DNS” thing quite well yet.