summary refs log tree commit diff
diff options
context:
space:
mode:
author宋文武 <iyzsong@member.fsf.org>2020-01-22 20:06:41 +0800
committer宋文武 <iyzsong@member.fsf.org>2020-01-22 20:18:56 +0800
commit8a5c4384e059b83edb5869748706bad17ae5f8ff (patch)
treee8fc9d6b30a8e7098fff8a0f91869ec3b3255e02
parentfe109349d0cfb8d6c2cc8509ed6c4da86da0ca26 (diff)
downloadguix-8a5c4384e059b83edb5869748706bad17ae5f8ff.tar.gz
gnu: knot-resolver: Install but disable the default managed root TA.
* gnu/packages/dns.scm (knot-resolver)[arguments]: Enable 'managed_ta', so
'icann-ca.pem' get installed.  Add 'disable-default-ta' phase.
-rw-r--r--gnu/packages/dns.scm11
1 files changed, 8 insertions, 3 deletions
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index e5148d5bc9..3091444ed6 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -680,11 +680,16 @@ synthesis, and on-the-fly re-configuration.")
                 "09ffmqx79lv5psr433x4n946njgsn071b9b7161pcb9bmrqz380c"))))
     (build-system meson-build-system)
     (arguments
-     '(#:configure-flags
-       '("-Dmanaged_ta=disabled"      ; we'll manage the DNS root data ourself
-         "-Ddoc=enabled")
+     '(#:configure-flags '("-Ddoc=enabled")
        #:phases
        (modify-phases %standard-phases
+         (add-before 'configure 'disable-default-ta
+           (lambda _
+             ;;  Disable the default managed root TA, since we don't have
+             ;;  write access to the keyfile and its directory in store.
+             (substitute* "daemon/lua/sandbox.lua.in"
+               (("^trust_anchors\\.add_file.*") ""))
+             #t))
          (add-after 'build 'build-doc
            (lambda _
              (invoke "ninja" "doc")))