(address . guix-patches@gnu.org)(name . Bruno Victal)(address . mirai@makinata.eu)
* gnu/packages/dns.scm (get-trust-anchor): New variable.
* gnu/packages/patches/get-trust-anchor-setuptools.patch: New file.
* gnu/local.mk: Register it.
---
Notes:
* Patch sent upstream: https://github.com/iana-org/get-trust-anchor/pull/7
gnu/local.mk | 1 +
gnu/packages/dns.scm | 49 +++++++++++++++++++
.../patches/get-trust-anchor-setuptools.patch | 48 ++++++++++++++++++
3 files changed, 98 insertions(+)
create mode 100644 gnu/packages/patches/get-trust-anchor-setuptools.patch
Toggle diff (132 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 96f4594835..1f40cf8fa9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1228,6 +1228,7 @@ dist_patch_DATA = \
%D%/packages/patches/genimage-mke2fs-test.patch \
%D%/packages/patches/geoclue-config.patch \
%D%/packages/patches/gettext-libunicode-update.patch \
+ %D%/packages/patches/get-trust-anchor-setuptools.patch \
%D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \
%D%/packages/patches/ghc-9.2-glibc-2.33-link-order.patch \
%D%/packages/patches/ghc-9.2-grep-warnings.patch \
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index a34e4ced89..f375c608a6 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -92,8 +92,57 @@ (define-module (gnu packages dns)
#:use-module (guix build-system glib-or-gtk)
#:use-module (guix build-system gnu)
#:use-module (guix build-system meson)
+ #:use-module (guix build-system python)
#:use-module (guix build-system trivial))
+;; Manually test by running (requires online connectivity):
+;; $ guix shell --container --network --no-cwd \
+;; get-trust-anchor nss-certs -- get-trust-anchor
+(define-public get-trust-anchor
+ (let ((commit "a149f31483a647af09f1b4c99871a07f7614e08f")
+ (revision "0")) ; no releases
+ (package
+ (name "get-trust-anchor")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/iana-org/get-trust-anchor")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "05dsqykyqfxy90s264a6wk1xxpnv31gzil7fgcccbxi64zpx8zq4"))
+ (patches (search-patches "get-trust-anchor-setuptools.patch"))))
+ (build-system python-build-system)
+ (arguments
+ (list
+ #:tests? #f ; tests require online connectivity
+ #:modules '((guix build python-build-system)
+ (guix build utils)
+ (srfi srfi-1))
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-before 'wrap 'wrap-path
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((prog (string-append #$output "/bin/get-trust-anchor"))
+ (path (map (lambda (f)
+ (dirname (search-input-file inputs f)))
+ '("/bin/openssl" "/bin/which"))))
+ (wrap-program prog
+ `("PATH" = ,path))))))))
+ (inputs (list openssl which))
+ (native-search-paths
+ (list $SSL_CERT_DIR $SSL_CERT_FILE))
+ (synopsis "Tool for fetching IANA's DNS Root Trust Anchors")
+ (description "This package provides the @command{get-trust-anchor}
+command, a tool that fetches the current DNSSEC trust anchor from IANA
+and the root @acronym{KSK, Key Signing Key} from Google Public DNS
+via @acronym{DoH, DNS over HTTPS} or by downloading the root zone file.")
+ (home-page "https://www.iana.org/dnssec/files")
+ (license license:bsd-2))))
+
(define-public cloudflare-cli
(let ((commit "2d986d3ec1b0e3158c4bd40e8918947cb74aa392")
(revision "1"))
diff --git a/gnu/packages/patches/get-trust-anchor-setuptools.patch b/gnu/packages/patches/get-trust-anchor-setuptools.patch
new file mode 100644
index 0000000000..f3de9b1ae3
--- /dev/null
+++ b/gnu/packages/patches/get-trust-anchor-setuptools.patch
@@ -0,0 +1,48 @@
+From fcc6daa582400a68d9cbc9e834c018a8c90650c4 Mon Sep 17 00:00:00 2001
+Message-Id: <fcc6daa582400a68d9cbc9e834c018a8c90650c4.1688921926.git.mirai@makinata.eu>
+From: Bruno Victal <mirai@makinata.eu>
+Date: Sun, 9 Jul 2023 17:31:37 +0100
+Subject: [PATCH] setuptools: use entry_points.
+
+---
+ get_trust_anchor.py => get_trust_anchor/__main__.py | 2 +-
+ setup.py | 9 ++++++---
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+ rename get_trust_anchor.py => get_trust_anchor/__main__.py (99%)
+
+diff --git a/get_trust_anchor.py b/get_trust_anchor/__main__.py
+similarity index 99%
+rename from get_trust_anchor.py
+rename to get_trust_anchor/__main__.py
+index 42bd041..369ce54 100644
+--- a/get_trust_anchor.py
++++ b/get_trust_anchor/__main__.py
+@@ -474,4 +474,4 @@ def main():
+ print("Could not delete {}: '{}'. Continuing".format(this_file, this_exception))
+
+ if __name__ == "__main__":
+- main()
++ sys.exit(main())
+diff --git a/setup.py b/setup.py
+index 491c832..7900037 100644
+--- a/setup.py
++++ b/setup.py
+@@ -12,7 +12,10 @@ setup(
+ 'Programming Language :: Python :: 3'
+ ],
+ url='https://github.com/iana-org/get_trust_anchor/',
+- scripts=[
+- 'get_trust_anchor.py'
+- ]
++ packages=['get_trust_anchor'],
++ entry_points={
++ 'console_scripts': [
++ 'get-trust-anchor = get_trust_anchor.__main__:main'
++ ]
++ }
+ )
+
+base-commit: a149f31483a647af09f1b4c99871a07f7614e08f
+--
+2.40.1
+
base-commit: 2ba2e80ee6e19f6ab710035445d8e234f100e25d
--
2.40.1