Open cspoonerprice opened 1 month ago
Hi @cspoonerprice, Thanks for reporting! As I do not have any ArmV6 devices in my hand right now (but have tested on ArmV7, it works fine) to test and after investigating it seems something is wrong from unbound itself. I've pushed an update to take further logs and report it to unbound directly. Send me the new logs after trying updated docker image. This docker image works completely different from other community builds ex. chriscrowe's. So, there's a chance you can face some bugs there but can't face it here and vice versa.
Hi @cspoonerprice, a new version of unbound is released. Let me know if it's fixed.
Doesn't seem to be unfortunately.
I cloned down the repo, and built the new image for linux/arm/v6:
$ docker buildx build --platform linux/arm/v6 -t unbound-pihole:v1 --load .
[+] Building 35.3s (18/18) FINISHED docker-container:build
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 3.54kB 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 4) 0.1s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 34) 0.1s
=> [internal] load metadata for docker.io/pihole/pihole:latest 0.4s
=> [internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.0s
=> [openssl 1/3] FROM docker.io/pihole/pihole:latest@sha256:0def896a596e8d45780b6359dbf82fc8c75ef05b97e095452e67a0a4ccc95377 0.1s
=> => resolve docker.io/pihole/pihole:latest@sha256:0def896a596e8d45780b6359dbf82fc8c75ef05b97e095452e67a0a4ccc95377 0.1s
=> [internal] load build context 0.1s
=> => transferring context: 483B 0.0s
=> CACHED [openssl 2/3] WORKDIR /tmp/src 0.0s
=> CACHED [openssl 3/3] RUN set -e -x && build_deps="build-essential ca-certificates curl dirmngr gnupg libidn2-0-dev libssl-dev" && DEBIAN_F 0.0s
=> CACHED [unbound 3/4] COPY --from=openssl /opt/openssl /opt/openssl 0.0s
=> CACHED [unbound 4/4] RUN build_deps="curl gcc libc-dev libevent-dev libexpat1-dev libnghttp2-dev make flex bison" && set -x && DEBIAN_FRON 0.0s
=> CACHED [stage-2 3/9] COPY --from=unbound /opt /opt 0.0s
=> CACHED [stage-2 4/9] RUN set -x && DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --no-install-recommends bsdmainut 0.0s
=> CACHED [stage-2 5/9] WORKDIR /opt/unbound/ 0.0s
=> CACHED [stage-2 6/9] COPY lighttpd-external.conf /etc/lighttpd/external.conf 0.0s
=> CACHED [stage-2 7/9] COPY 99-edns.conf /etc/dnsmasq.d/99-edns.conf 0.0s
=> CACHED [stage-2 8/9] COPY data/ / 0.0s
=> CACHED [stage-2 9/9] RUN chmod +x /unbound.sh 0.0s
=> exporting to docker image format 34.4s
=> => exporting layers 0.0s
=> => exporting manifest sha256:16be404fb3acbc07c352ff3357064cfb81a0a0932a5944f91bd07f76e6e48358 0.0s
=> => exporting config sha256:ac58ce40e3ca92f3945c81c30404a7b9b9f2dd31326a620803c821510d07c262 0.0s
=> => sending tarball 34.3s
=> importing to docker 24.2s
=> => loading layer a6bf1ef4c831 28.02MB / 28.94MB 24.2s
=> => loading layer d5b0d1a0944f 58.49MB / 59.17MB 16.6s
=> => loading layer 5f70bf18a086 32B / 32B 7.3s
=> => loading layer bbd8e8ba82d5 120B / 120B 7.2s
=> => loading layer c07849f99559 12.92kB / 12.92kB 7.1s
=> => loading layer b3aac98fdda7 716B / 716B 7.0s
=> => loading layer aa07f8a92ad1 18.35MB / 22.90MB 6.7s
=> => loading layer 62f5543240cc 14.39kB / 14.39kB 4.0s
=> => loading layer fa4317cd1026 14.39kB / 14.39kB 3.9s
=> => loading layer 3ece899e9aee 113B / 113B 3.8s
=> => loading layer 24be0c7e67db 30.67MB / 36.40MB 3.7s
=> => loading layer 8649d344e7cd 32.77kB / 983.70kB 0.8s
=> => loading layer 5593d0e4f12c 311B / 311B 0.4s
=> => loading layer d63b26d83d84 185B / 185B 0.4s
=> => loading layer d1af9999b838 7.37kB / 7.37kB 0.3s
=> => loading layer 99294dd1d0c4 6.60kB / 6.60kB 0.2s
4 warnings found (use --debug to expand):
- FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 4)
- FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 34)
- LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 125)
- LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 126)
View build details: docker-desktop://dashboard/build/build/build/zdzsys8uhiqxj8m64k6twnm2d
Build multi-platform images faster with Docker Build Cloud: https://docs.docker.com/go/docker-build-cloud
Loaded, and tried to start the container. Here's the relevant logs:
[✓] Installing latest Cron script
[i] setup_blocklists now setting default blocklists up:
[i] TIP: Use a docker volume for /etc/pihole/adlists.list if you want to customize for first boot
[i] Blocklists (/etc/pihole/adlists.list) now set to:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
[i] Setting DNS servers based on PIHOLE_DNS_ variable
[i] Applying pihole-FTL.conf setting LOCAL_IPV4=0.0.0.0
[i] FTL binding to default interface: eth0
[i] Enabling Query Logging
[i] Testing lighttpd config: Syntax OK
[i] All config checks passed, cleared for startup ...
[i] Docker start setup complete
[i] pihole-FTL (no-daemon) will be started as pihole
s6-rc: info: service _startup successfully started
s6-rc: info: service pihole-FTL: starting
s6-rc: info: service pihole-FTL successfully started
s6-rc: info: service lighttpd: starting
s6-rc: info: service lighttpd successfully started
s6-rc: info: service _postFTL: starting
s6-rc: info: service _postFTL successfully started
s6-rc: info: service legacy-services: starting
Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
s6-rc: info: service legacy-services successfully started
ARCHITECTURE=armv6l
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
UNBOUND=Version 1.21.0
Configure line: --disable-dependency-tracking --prefix=/opt/unbound --with-pthreads --with-username=_unbound --with-ssl=/opt/openssl --with-libevent --with-libnghttp2 --enable-dnstap --enable-tfo-server --enable-tfo-client --enable-event-api --enable-subnet
Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.4.0-dev
Linked modules: dns64 subnetcache respip validator iterator
TCP Fastopen feature available
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues
[i] Neutrino emissions detected...
/unbound.sh: line 424: 287 Illegal instruction (core dumped) /opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key
Illegal instruction (core dumped)
[✓] Pulling blocklist source list into range
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service _postFTL: stopping
s6-rc: info: service _postFTL successfully stopped
s6-rc: info: service lighttpd: stopping
[✓] Preparing new gravity database
[i] Creating new gravity databases...Stopping lighttpd
s6-rc: info: service lighttpd successfully stopped
s6-rc: info: service pihole-FTL: stopping
[✓] Creating new gravity databases
Stopping pihole-FTL
s6-rc: info: service pihole-FTL successfully stopped
Terminated
s6-rc: info: service _startup: stopping
s6-rc: info: service _startup successfully stopped
s6-rc: info: service _uid-gid-changer: stopping
s6-rc: info: service _uid-gid-changer successfully stopped
s6-rc: info: service cron: stopping
Stopping cron
s6-rc: info: service cron successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
Updated the unbound.sh file to list the opt/unbound/sbin dir and just run the unbound-anchor command without args:
...
drwxr-xr-x 2 root root 4096 Aug 15 15:28 .
drwxrwxr-x 1 root root 4096 Aug 15 09:41 ..
-rwxr-xr-x 1 root root 10668240 Aug 15 15:27 unbound
-rwxr-xr-x 1 root root 4688360 Aug 15 15:27 unbound-anchor
-rwxr-xr-x 1 root root 9197304 Aug 15 15:27 unbound-checkconf
-rwxr-xr-x 1 root root 6178844 Aug 15 15:27 unbound-control
-rwxr-xr-x 1 root root 6143 Aug 15 15:28 unbound-control-setup
-rwxr-xr-x 1 root root 4748440 Aug 15 15:27 unbound-host
[i] Neutrino emissions detected...
/unbound.sh: line 421: 283 Illegal instruction (core dumped) /opt/unbound/sbin/unbound-anchor
/unbound.sh: line 427: 296 Illegal instruction (core dumped) /opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key
[✓] Pulling blocklist source list into range
...
Looks to me like building unbound in this way will successfully build, doesn't work on the linux/arm/v6
The issue is mentioned in https://github.com/NLnetLabs/unbound/issues/1124 & waiting for unbound team response.
as mentioned in the unbound ticket, the issue is with building the latest openssl version with unbound. Building openssl with OpenSSL_1_1_1-stable lets the build finish and run on v6 architecture. Unsure if this is a bug with unbound or working as intended with a need for a different build process on the pihole/unbound side.
Let's wait for the unbound devs!
When using armel arch, on say a Rpi 1B+, the container will fail to start with: /unbound.sh: line 420: 274 Illegal instruction (core dumped) /opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key Illegal instruction (core dumped)
This is a: Bug
Details with Docker log
s6-rc: info: service _startup successfully started s6-rc: info: service pihole-FTL: starting s6-rc: info: service pihole-FTL successfully started s6-rc: info: service lighttpd: starting s6-rc: info: service lighttpd successfully started s6-rc: info: service _postFTL: starting s6-rc: info: service _postFTL successfully started s6-rc: info: service legacy-services: starting Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf s6-rc: info: service legacy-services successfully started /unbound.sh: line 420: 274 Illegal instruction (core dumped) /opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key Illegal instruction (core dumped) s6-rc: info: service legacy-services: stopping s6-rc: info: service legacy-services successfully stopped s6-rc: info: service _postFTL: stopping s6-rc: info: service _postFTL successfully stopped s6-rc: info: service lighttpd: stopping Stopping lighttpd s6-rc: info: service lighttpd successfully stopped s6-rc: info: service pihole-FTL: stopping Stopping pihole-FTL Terminated
How to reproduce the issue
Environment data
docker run command is default or you can specify the v6 platform: docker run --platform=linux/arm/v6 -d --name pihole-unbound --name=pihole-unbound -e TZ=America/New_York -p 53:53/tcp -p 53:53/udp -p 80:80/tcp -e WEBPASSWORD='qwerty123' --restart=always rlabinc/pihole-unbound:latest
any additional info to help reproduce Seems to reproduce on command pretty easily. Just have an rpi1 and try to run.
These common fixes didn't work for my issue
docker run
example(s) in the readme (removing any customizations I added)I've been able to get pihole/unbound working in combination using other community builds (chriscrowe), so it can work.