From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maxim Cournoyer Subject: bug#30109: [PATCH] gnu: shishi: Make shishi keys and database administrator-modifiable. Date: Thu, 18 Apr 2019 19:06:38 -0400 Message-ID: <874l6uud4x.fsf@gmail.com> References: <20190304114559.17864-1-dannym@scratchpost.org> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([209.51.188.92]:50753) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hHG7T-0004w9-Dg for bug-guix@gnu.org; Thu, 18 Apr 2019 19:07:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hHG7S-00021R-8U for bug-guix@gnu.org; Thu, 18 Apr 2019 19:07:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:57412) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hHG7S-00020y-4E for bug-guix@gnu.org; Thu, 18 Apr 2019 19:07:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hHG7R-0005LI-M6 for bug-guix@gnu.org; Thu, 18 Apr 2019 19:07:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20190304114559.17864-1-dannym@scratchpost.org> (Danny Milosavljevic's message of "Mon, 4 Mar 2019 12:45:59 +0100") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Danny Milosavljevic Cc: 30109@debbugs.gnu.org Hello Danny! Danny Milosavljevic writes: > Fixes . > > * gnu/packages/kerberos.scm (shishi)[arguments]<#:configure-flags>: > Add --with-key-dir, --with-db-dir. > <#:phases>[disable-automatic-key-generation]: New phase. > --- > gnu/packages/kerberos.scm | 21 +++++++++++++++++---- > 1 file changed, 17 insertions(+), 4 deletions(-) > > diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm > index 873f5d8a3..9cfe95f4e 100644 > --- a/gnu/packages/kerberos.scm > +++ b/gnu/packages/kerberos.scm > @@ -116,9 +116,19 @@ cryptography.") > (build-system gnu-build-system) > (arguments > '(;; This is required since we patch some of the build scripts. > - ;; Remove for the next Shishi release after 1.0.2 or when > - ;; removing 'shishi-fix-libgcrypt-detection.patch'. > - #:configure-flags '("ac_cv_libgcrypt=yes" "--disable-static"))) > + ;; Remove first two items for the next Shishi release after 1.0.2 or > + ;; when removing 'shishi-fix-libgcrypt-detection.patch'. > + #:configure-flags > + '("ac_cv_libgcrypt=yes" "--disable-static" > + "--with-key-dir=/etc/shishi" "--with-db-dir=/var/shishi") > + #:phases > + (modify-phases %standard-phases > + (add-after 'configure 'disable-automatic-key-generation > + (lambda* (#:key outputs #:allow-other-keys) > + (substitute* "Makefile" > + (("^install-data-hook:") > + "install-data-hook:\nx:\n")) > + #t))))) > (native-inputs `(("pkg-config" ,pkg-config))) > (inputs > `(("gnutls" ,gnutls) > @@ -132,7 +142,10 @@ cryptography.") > (description > "GNU Shishi is a free implementation of the Kerberos 5 network security > system. It is used to allow non-secure network nodes to communicate in a > -secure manner through client-server mutual authentication via tickets.") > +secure manner through client-server mutual authentication via tickets. > + > +After installation, the system administrator should generate keys using > +@code{shisa -a /etc/shishi/shishi.keys}.") > (license license:gpl3+))) > > (define-public heimdal I've applied and tried your proposed fix, and it made shishi reproducible; so LGTM! Could you apply your fix to core-updates? Thank you! Maxim