diff options
author | 宋文武 <iyzsong@member.fsf.org> | 2020-01-22 20:06:41 +0800 |
---|---|---|
committer | 宋文武 <iyzsong@member.fsf.org> | 2020-01-22 20:18:56 +0800 |
commit | 8a5c4384e059b83edb5869748706bad17ae5f8ff (patch) | |
tree | e8fc9d6b30a8e7098fff8a0f91869ec3b3255e02 | |
parent | fe109349d0cfb8d6c2cc8509ed6c4da86da0ca26 (diff) | |
download | guix-8a5c4384e059b83edb5869748706bad17ae5f8ff.tar.gz guix-8a5c4384e059b83edb5869748706bad17ae5f8ff.zip |
gnu: knot-resolver: Install but disable the default managed root TA.
* gnu/packages/dns.scm (knot-resolver)[arguments]: Enable 'managed_ta', so
'icann-ca.pem' get installed. Add 'disable-default-ta' phase.
-rw-r--r-- | gnu/packages/dns.scm | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index e5148d5bc9..3091444ed6 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -680,11 +680,16 @@ synthesis, and on-the-fly re-configuration.") "09ffmqx79lv5psr433x4n946njgsn071b9b7161pcb9bmrqz380c")))) (build-system meson-build-system) (arguments - '(#:configure-flags - '("-Dmanaged_ta=disabled" ; we'll manage the DNS root data ourself - "-Ddoc=enabled") + '(#:configure-flags '("-Ddoc=enabled") #:phases (modify-phases %standard-phases + (add-before 'configure 'disable-default-ta + (lambda _ + ;; Disable the default managed root TA, since we don't have + ;; write access to the keyfile and its directory in store. + (substitute* "daemon/lua/sandbox.lua.in" + (("^trust_anchors\\.add_file.*") "")) + #t)) (add-after 'build 'build-doc (lambda _ (invoke "ninja" "doc"))) |