aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author宋文武 <iyzsong@member.fsf.org>2020-01-22 20:06:41 +0800
committer宋文武 <iyzsong@member.fsf.org>2020-01-22 20:18:56 +0800
commit8a5c4384e059b83edb5869748706bad17ae5f8ff (patch)
treee8fc9d6b30a8e7098fff8a0f91869ec3b3255e02
parentfe109349d0cfb8d6c2cc8509ed6c4da86da0ca26 (diff)
downloadguix-8a5c4384e059b83edb5869748706bad17ae5f8ff.tar.gz
guix-8a5c4384e059b83edb5869748706bad17ae5f8ff.zip
gnu: knot-resolver: Install but disable the default managed root TA.
* gnu/packages/dns.scm (knot-resolver)[arguments]: Enable 'managed_ta', so 'icann-ca.pem' get installed. Add 'disable-default-ta' phase.
-rw-r--r--gnu/packages/dns.scm11
1 files changed, 8 insertions, 3 deletions
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index e5148d5bc9..3091444ed6 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -680,11 +680,16 @@ synthesis, and on-the-fly re-configuration.")
"09ffmqx79lv5psr433x4n946njgsn071b9b7161pcb9bmrqz380c"))))
(build-system meson-build-system)
(arguments
- '(#:configure-flags
- '("-Dmanaged_ta=disabled" ; we'll manage the DNS root data ourself
- "-Ddoc=enabled")
+ '(#:configure-flags '("-Ddoc=enabled")
#:phases
(modify-phases %standard-phases
+ (add-before 'configure 'disable-default-ta
+ (lambda _
+ ;; Disable the default managed root TA, since we don't have
+ ;; write access to the keyfile and its directory in store.
+ (substitute* "daemon/lua/sandbox.lua.in"
+ (("^trust_anchors\\.add_file.*") ""))
+ #t))
(add-after 'build 'build-doc
(lambda _
(invoke "ninja" "doc")))