[PATCH] gnu: Add get-trust-anchor.

Bruno Victal wrote on 9 Jul 2023 20:15

Recipients:(address . guix-patches@gnu.org)(name . Bruno Victal)(address . mirai@makinata.eu)

Message-ID:9e371eab576e76ee438c39746ddbe4be103231a7.1688926431.git.mirai@makinata.eu

* gnu/packages/dns.scm (get-trust-anchor): New variable.

* gnu/packages/patches/get-trust-anchor-setuptools.patch: New file.

* gnu/local.mk: Register it.

---

Notes:

* Patch sent upstream: https://github.com/iana-org/get-trust-anchor/pull/7

gnu/local.mk | 1 +

gnu/packages/dns.scm | 49 +++++++++++++++++++

.../patches/get-trust-anchor-setuptools.patch | 48 ++++++++++++++++++

3 files changed, 98 insertions(+)

create mode 100644 gnu/packages/patches/get-trust-anchor-setuptools.patch

Toggle diff (132 lines)diff --git a/gnu/local.mk b/gnu/local.mk
index 96f4594835..1f40cf8fa9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1228,6 +1228,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/genimage-mke2fs-test.patch		\
   %D%/packages/patches/geoclue-config.patch			\
   %D%/packages/patches/gettext-libunicode-update.patch		\
+  %D%/packages/patches/get-trust-anchor-setuptools.patch	\
   %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch	\
   %D%/packages/patches/ghc-9.2-glibc-2.33-link-order.patch \
   %D%/packages/patches/ghc-9.2-grep-warnings.patch \
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index a34e4ced89..f375c608a6 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -92,8 +92,57 @@ (define-module (gnu packages dns)
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system meson)
+  #:use-module (guix build-system python)
   #:use-module (guix build-system trivial))
 
+;; Manually test by running (requires online connectivity):
+;; $ guix shell --container --network --no-cwd \
+;;     get-trust-anchor nss-certs -- get-trust-anchor
+(define-public get-trust-anchor
+  (let ((commit "a149f31483a647af09f1b4c99871a07f7614e08f")
+        (revision "0"))  ; no releases
+    (package
+      (name "get-trust-anchor")
+      (version (git-version "0.0.0" revision commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/iana-org/get-trust-anchor")
+               (commit commit)))
+         (file-name (git-file-name name version))
+         (sha256
+          (base32
+           "05dsqykyqfxy90s264a6wk1xxpnv31gzil7fgcccbxi64zpx8zq4"))
+         (patches (search-patches "get-trust-anchor-setuptools.patch"))))
+      (build-system python-build-system)
+      (arguments
+       (list
+        #:tests? #f ; tests require online connectivity
+        #:modules '((guix build python-build-system)
+                    (guix build utils)
+                    (srfi srfi-1))
+        #:phases
+        #~(modify-phases %standard-phases
+            (add-before 'wrap 'wrap-path
+              (lambda* (#:key inputs #:allow-other-keys)
+                (let ((prog (string-append #$output "/bin/get-trust-anchor"))
+                      (path (map (lambda (f)
+                                   (dirname (search-input-file inputs f)))
+                                 '("/bin/openssl" "/bin/which"))))
+                  (wrap-program prog
+                    `("PATH" = ,path))))))))
+      (inputs (list openssl which))
+      (native-search-paths
+       (list $SSL_CERT_DIR $SSL_CERT_FILE))
+      (synopsis "Tool for fetching IANA's DNS Root Trust Anchors")
+      (description "This package provides the @command{get-trust-anchor}
+command, a tool that fetches the current DNSSEC trust anchor from IANA
+and the root @acronym{KSK, Key Signing Key} from Google Public DNS
+via @acronym{DoH, DNS over HTTPS} or by downloading the root zone file.")
+      (home-page "https://www.iana.org/dnssec/files")
+      (license license:bsd-2))))
+
 (define-public cloudflare-cli
   (let ((commit "2d986d3ec1b0e3158c4bd40e8918947cb74aa392")
         (revision "1"))
diff --git a/gnu/packages/patches/get-trust-anchor-setuptools.patch b/gnu/packages/patches/get-trust-anchor-setuptools.patch
new file mode 100644
index 0000000000..f3de9b1ae3
--- /dev/null
+++ b/gnu/packages/patches/get-trust-anchor-setuptools.patch
@@ -0,0 +1,48 @@
+From fcc6daa582400a68d9cbc9e834c018a8c90650c4 Mon Sep 17 00:00:00 2001
+Message-Id: <fcc6daa582400a68d9cbc9e834c018a8c90650c4.1688921926.git.mirai@makinata.eu>
+From: Bruno Victal <mirai@makinata.eu>
+Date: Sun, 9 Jul 2023 17:31:37 +0100
+Subject: [PATCH] setuptools: use entry_points.
+
+---
+ get_trust_anchor.py => get_trust_anchor/__main__.py | 2 +-
+ setup.py                                            | 9 ++++++---
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+ rename get_trust_anchor.py => get_trust_anchor/__main__.py (99%)
+
+diff --git a/get_trust_anchor.py b/get_trust_anchor/__main__.py
+similarity index 99%
+rename from get_trust_anchor.py
+rename to get_trust_anchor/__main__.py
+index 42bd041..369ce54 100644
+--- a/get_trust_anchor.py
++++ b/get_trust_anchor/__main__.py
+@@ -474,4 +474,4 @@ def main():
+                     print("Could not delete {}: '{}'. Continuing".format(this_file, this_exception))
+ 
+ if __name__ == "__main__":
+-    main()
++    sys.exit(main())
+diff --git a/setup.py b/setup.py
+index 491c832..7900037 100644
+--- a/setup.py
++++ b/setup.py
+@@ -12,7 +12,10 @@ setup(
+         'Programming Language :: Python :: 3'
+     ],
+     url='https://github.com/iana-org/get_trust_anchor/',
+-    scripts=[
+-        'get_trust_anchor.py'
+-    ]
++    packages=['get_trust_anchor'],
++    entry_points={
++        'console_scripts': [
++            'get-trust-anchor = get_trust_anchor.__main__:main'
++        ]
++    }
+ )
+
+base-commit: a149f31483a647af09f1b4c99871a07f7614e08f
+-- 
+2.40.1
+

base-commit: 2ba2e80ee6e19f6ab710035445d8e234f100e25d
-- 
2.40.1

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date