gnu: knot-resolver: Install but disable the default managed root TA.

* gnu/packages/dns.scm (knot-resolver)[arguments]: Enable 'managed_ta', so 'icann-ca.pem' get installed. Add 'disable-default-ta' phase.
2025-01-11 13:49:23 -05:00 · 2020-01-22 20:06:41 +08:00 · 2020-01-22 20:06:41 +08:00 · 8a5c4384e0
commit 8a5c4384e0
parent fe109349d0
1 changed files with 8 additions and 3 deletions
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@ -680,11 +680,16 @@ (define-public knot-resolver
                "09ffmqx79lv5psr433x4n946njgsn071b9b7161pcb9bmrqz380c"))))
    (build-system meson-build-system)
    (arguments
-     '(#:configure-flags
-       '("-Dmanaged_ta=disabled"      ; we'll manage the DNS root data ourself
-         "-Ddoc=enabled")
+     '(#:configure-flags '("-Ddoc=enabled")
       #:phases
       (modify-phases %standard-phases
+         (add-before 'configure 'disable-default-ta
+           (lambda _
+             ;;  Disable the default managed root TA, since we don't have
+             ;;  write access to the keyfile and its directory in store.
+             (substitute* "daemon/lua/sandbox.lua.in"
+               (("^trust_anchors\\.add_file.*") ""))
+             #t))
         (add-after 'build 'build-doc
           (lambda _
             (invoke "ninja" "doc")))