[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: gnu: knot-resolver: Install but disable the default managed root
|
From: |
guix-commits |
|
Subject: |
01/02: gnu: knot-resolver: Install but disable the default managed root TA. |
|
Date: |
Wed, 22 Jan 2020 07:19:47 -0500 (EST) |
iyzsong pushed a commit to branch master
in repository guix.
commit 8a5c4384e059b83edb5869748706bad17ae5f8ff
Author: 宋文武 <address@hidden>
AuthorDate: Wed Jan 22 20:06:41 2020 +0800
gnu: knot-resolver: Install but disable the default managed root TA.
* gnu/packages/dns.scm (knot-resolver)[arguments]: Enable 'managed_ta', so
'icann-ca.pem' get installed. Add 'disable-default-ta' phase.
---
gnu/packages/dns.scm | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index e5148d5..3091444 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -680,11 +680,16 @@ synthesis, and on-the-fly re-configuration.")
"09ffmqx79lv5psr433x4n946njgsn071b9b7161pcb9bmrqz380c"))))
(build-system meson-build-system)
(arguments
- '(#:configure-flags
- '("-Dmanaged_ta=disabled" ; we'll manage the DNS root data ourself
- "-Ddoc=enabled")
+ '(#:configure-flags '("-Ddoc=enabled")
#:phases
(modify-phases %standard-phases
+ (add-before 'configure 'disable-default-ta
+ (lambda _
+ ;; Disable the default managed root TA, since we don't have
+ ;; write access to the keyfile and its directory in store.
+ (substitute* "daemon/lua/sandbox.lua.in"
+ (("^trust_anchors\\.add_file.*") ""))
+ #t))
(add-after 'build 'build-doc
(lambda _
(invoke "ninja" "doc")))