search

origamiofficial / docker-pihole-unbound

A supercharged Pi-Hole docker container with Unbound built-in. [Auto Updates 🚀]
https://hub.docker.com/r/rlabinc/pihole-unbound
MIT License
56 stars 5 forks source link

Illegal instruction on armel #29

Open cspoonerprice opened 1 month ago

cspoonerprice commented 1 month ago

When using armel arch, on say a Rpi 1B+, the container will fail to start with: /unbound.sh: line 420: 274 Illegal instruction (core dumped) /opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key Illegal instruction (core dumped)

This is a: Bug

Details with Docker log

s6-rc: info: service _startup successfully started s6-rc: info: service pihole-FTL: starting s6-rc: info: service pihole-FTL successfully started s6-rc: info: service lighttpd: starting s6-rc: info: service lighttpd successfully started s6-rc: info: service _postFTL: starting s6-rc: info: service _postFTL successfully started s6-rc: info: service legacy-services: starting Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf s6-rc: info: service legacy-services successfully started /unbound.sh: line 420: 274 Illegal instruction (core dumped) /opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key Illegal instruction (core dumped) s6-rc: info: service legacy-services: stopping s6-rc: info: service legacy-services successfully stopped s6-rc: info: service _postFTL: stopping s6-rc: info: service _postFTL successfully stopped s6-rc: info: service lighttpd: stopping Stopping lighttpd s6-rc: info: service lighttpd successfully stopped s6-rc: info: service pihole-FTL: stopping Stopping pihole-FTL Terminated

How to reproduce the issue

  1. Environment data

    • Operating System: Raspbian GNU/Linux 12 (bookworm)
    • Hardware: Raspberry Pi Model B Plus Rev 1.2
    • Docker Install Info and version: Docker version 27.1.1, build 6312585
    • Hardware architecture: ARMv6
    • Docker Image Tag: latest

  2. docker run command is default or you can specify the v6 platform: docker run --platform=linux/arm/v6 -d --name pihole-unbound --name=pihole-unbound -e TZ=America/New_York -p 53:53/tcp -p 53:53/udp -p 80:80/tcp -e WEBPASSWORD='qwerty123' --restart=always rlabinc/pihole-unbound:latest

  3. any additional info to help reproduce Seems to reproduce on command pretty easily. Just have an rpi1 and try to run.

These common fixes didn't work for my issue

I've been able to get pihole/unbound working in combination using other community builds (chriscrowe), so it can work.

origamiofficial commented 1 month ago

Hi @cspoonerprice, Thanks for reporting! As I do not have any ArmV6 devices in my hand right now (but have tested on ArmV7, it works fine) to test and after investigating it seems something is wrong from unbound itself. I've pushed an update to take further logs and report it to unbound directly. Send me the new logs after trying updated docker image. This docker image works completely different from other community builds ex. chriscrowe's. So, there's a chance you can face some bugs there but can't face it here and vice versa.

origamiofficial commented 1 month ago

Hi @cspoonerprice, a new version of unbound is released. Let me know if it's fixed.

cspoonerprice commented 1 month ago

Doesn't seem to be unfortunately.

I cloned down the repo, and built the new image for linux/arm/v6:

$ docker buildx build --platform linux/arm/v6 -t unbound-pihole:v1 --load .
[+] Building 35.3s (18/18) FINISHED                                                                                                   docker-container:build
 => [internal] load build definition from Dockerfile                                                                                                    0.1s
 => => transferring dockerfile: 3.54kB                                                                                                                  0.0s
 => WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 4)                                                                          0.1s
 => WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 34)                                                                         0.1s
 => [internal] load metadata for docker.io/pihole/pihole:latest                                                                                         0.4s
 => [internal] load .dockerignore                                                                                                                       0.1s
 => => transferring context: 2B                                                                                                                         0.0s
 => [openssl 1/3] FROM docker.io/pihole/pihole:latest@sha256:0def896a596e8d45780b6359dbf82fc8c75ef05b97e095452e67a0a4ccc95377                           0.1s
 => => resolve docker.io/pihole/pihole:latest@sha256:0def896a596e8d45780b6359dbf82fc8c75ef05b97e095452e67a0a4ccc95377                                   0.1s
 => [internal] load build context                                                                                                                       0.1s
 => => transferring context: 483B                                                                                                                       0.0s
 => CACHED [openssl 2/3] WORKDIR /tmp/src                                                                                                               0.0s
 => CACHED [openssl 3/3] RUN set -e -x &&     build_deps="build-essential ca-certificates curl dirmngr gnupg libidn2-0-dev libssl-dev" &&     DEBIAN_F  0.0s
 => CACHED [unbound 3/4] COPY --from=openssl /opt/openssl /opt/openssl                                                                                  0.0s
 => CACHED [unbound 4/4] RUN build_deps="curl gcc libc-dev libevent-dev libexpat1-dev libnghttp2-dev make flex bison" &&     set -x &&     DEBIAN_FRON  0.0s
 => CACHED [stage-2 3/9] COPY --from=unbound /opt /opt                                                                                                  0.0s
 => CACHED [stage-2 4/9] RUN set -x &&     DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --no-install-recommends       bsdmainut  0.0s
 => CACHED [stage-2 5/9] WORKDIR /opt/unbound/                                                                                                          0.0s
 => CACHED [stage-2 6/9] COPY lighttpd-external.conf /etc/lighttpd/external.conf                                                                        0.0s
 => CACHED [stage-2 7/9] COPY 99-edns.conf /etc/dnsmasq.d/99-edns.conf                                                                                  0.0s
 => CACHED [stage-2 8/9] COPY data/ /                                                                                                                   0.0s
 => CACHED [stage-2 9/9] RUN chmod +x /unbound.sh                                                                                                       0.0s
 => exporting to docker image format                                                                                                                   34.4s
 => => exporting layers                                                                                                                                 0.0s
 => => exporting manifest sha256:16be404fb3acbc07c352ff3357064cfb81a0a0932a5944f91bd07f76e6e48358                                                       0.0s
 => => exporting config sha256:ac58ce40e3ca92f3945c81c30404a7b9b9f2dd31326a620803c821510d07c262                                                         0.0s
 => => sending tarball                                                                                                                                 34.3s
 => importing to docker                                                                                                                                24.2s
 => => loading layer a6bf1ef4c831 28.02MB / 28.94MB                                                                                                    24.2s
 => => loading layer d5b0d1a0944f 58.49MB / 59.17MB                                                                                                    16.6s
 => => loading layer 5f70bf18a086 32B / 32B                                                                                                             7.3s
 => => loading layer bbd8e8ba82d5 120B / 120B                                                                                                           7.2s
 => => loading layer c07849f99559 12.92kB / 12.92kB                                                                                                     7.1s
 => => loading layer b3aac98fdda7 716B / 716B                                                                                                           7.0s
 => => loading layer aa07f8a92ad1 18.35MB / 22.90MB                                                                                                     6.7s
 => => loading layer 62f5543240cc 14.39kB / 14.39kB                                                                                                     4.0s
 => => loading layer fa4317cd1026 14.39kB / 14.39kB                                                                                                     3.9s
 => => loading layer 3ece899e9aee 113B / 113B                                                                                                           3.8s
 => => loading layer 24be0c7e67db 30.67MB / 36.40MB                                                                                                     3.7s
 => => loading layer 8649d344e7cd 32.77kB / 983.70kB                                                                                                    0.8s
 => => loading layer 5593d0e4f12c 311B / 311B                                                                                                           0.4s
 => => loading layer d63b26d83d84 185B / 185B                                                                                                           0.4s
 => => loading layer d1af9999b838 7.37kB / 7.37kB                                                                                                       0.3s
 => => loading layer 99294dd1d0c4 6.60kB / 6.60kB                                                                                                       0.2s

 4 warnings found (use --debug to expand):
 - FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 4)
 - FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 34)
 - LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 125)
 - LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 126)

View build details: docker-desktop://dashboard/build/build/build/zdzsys8uhiqxj8m64k6twnm2d

Build multi-platform images faster with Docker Build Cloud: https://docs.docker.com/go/docker-build-cloud

Loaded, and tried to start the container. Here's the relevant logs:

  [✓] Installing latest Cron script
  [i] setup_blocklists now setting default blocklists up:
  [i] TIP: Use a docker volume for /etc/pihole/adlists.list if you want to customize for first boot
  [i] Blocklists (/etc/pihole/adlists.list) now set to:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [i] Setting DNS servers based on PIHOLE_DNS_ variable
  [i] Applying pihole-FTL.conf setting LOCAL_IPV4=0.0.0.0
  [i] FTL binding to default interface: eth0
  [i] Enabling Query Logging
  [i] Testing lighttpd config: Syntax OK
  [i] All config checks passed, cleared for startup ...
  [i] Docker start setup complete

  [i] pihole-FTL (no-daemon) will be started as pihole

s6-rc: info: service _startup successfully started
s6-rc: info: service pihole-FTL: starting
s6-rc: info: service pihole-FTL successfully started
s6-rc: info: service lighttpd: starting
s6-rc: info: service lighttpd successfully started
s6-rc: info: service _postFTL: starting
s6-rc: info: service _postFTL successfully started
s6-rc: info: service legacy-services: starting
  Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
s6-rc: info: service legacy-services successfully started
ARCHITECTURE=armv6l
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
UNBOUND=Version 1.21.0

Configure line: --disable-dependency-tracking --prefix=/opt/unbound --with-pthreads --with-username=_unbound --with-ssl=/opt/openssl --with-libevent --with-libnghttp2 --enable-dnstap --enable-tfo-server --enable-tfo-client --enable-event-api --enable-subnet
Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.4.0-dev
Linked modules: dns64 subnetcache respip validator iterator
TCP Fastopen feature available

BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues
  [i] Neutrino emissions detected...
/unbound.sh: line 424:   287 Illegal instruction     (core dumped) /opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key
Illegal instruction (core dumped)
  [✓] Pulling blocklist source list into range

s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service _postFTL: stopping
s6-rc: info: service _postFTL successfully stopped
s6-rc: info: service lighttpd: stopping
  [✓] Preparing new gravity database   
  [i] Creating new gravity databases...Stopping lighttpd
s6-rc: info: service lighttpd successfully stopped
s6-rc: info: service pihole-FTL: stopping
  [✓] Creating new gravity databases   
Stopping pihole-FTL
s6-rc: info: service pihole-FTL successfully stopped
Terminated
s6-rc: info: service _startup: stopping
s6-rc: info: service _startup successfully stopped
s6-rc: info: service _uid-gid-changer: stopping
s6-rc: info: service _uid-gid-changer successfully stopped
s6-rc: info: service cron: stopping
Stopping cron
s6-rc: info: service cron successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
cspoonerprice commented 1 month ago

Updated the unbound.sh file to list the opt/unbound/sbin dir and just run the unbound-anchor command without args:

...
drwxr-xr-x 2 root root     4096 Aug 15 15:28 .
drwxrwxr-x 1 root root     4096 Aug 15 09:41 ..
-rwxr-xr-x 1 root root 10668240 Aug 15 15:27 unbound
-rwxr-xr-x 1 root root  4688360 Aug 15 15:27 unbound-anchor
-rwxr-xr-x 1 root root  9197304 Aug 15 15:27 unbound-checkconf
-rwxr-xr-x 1 root root  6178844 Aug 15 15:27 unbound-control
-rwxr-xr-x 1 root root     6143 Aug 15 15:28 unbound-control-setup
-rwxr-xr-x 1 root root  4748440 Aug 15 15:27 unbound-host
  [i] Neutrino emissions detected...
/unbound.sh: line 421:   283 Illegal instruction     (core dumped) /opt/unbound/sbin/unbound-anchor
/unbound.sh: line 427:   296 Illegal instruction     (core dumped) /opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key
  [✓] Pulling blocklist source list into range
...

Looks to me like building unbound in this way will successfully build, doesn't work on the linux/arm/v6

origamiofficial commented 4 weeks ago

The issue is mentioned in https://github.com/NLnetLabs/unbound/issues/1124 & waiting for unbound team response.

cspoonerprice commented 3 weeks ago

as mentioned in the unbound ticket, the issue is with building the latest openssl version with unbound. Building openssl with OpenSSL_1_1_1-stable lets the build finish and run on v6 architecture. Unsure if this is a bug with unbound or working as intended with a need for a different build process on the pihole/unbound side.

origamiofficial commented 3 weeks ago

Let's wait for the unbound devs!