From 2ca3fdc2db1aef96fbf702a2f26f5e18ce832038 Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Mon, 4 Mar 2019 12:45:59 +0100 Subject: [PATCH] gnu: shishi: Make shishi keys and database administrator-modifiable. Fixes . * gnu/packages/kerberos.scm (shishi)[arguments]<#:configure-flags>: Add --with-key-dir, --with-db-dir. <#:phases>[disable-automatic-key-generation]: New phase. --- gnu/packages/kerberos.scm | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index 7cf61c8d0f..1253a58546 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -116,9 +116,19 @@ (define-public shishi (build-system gnu-build-system) (arguments '(;; This is required since we patch some of the build scripts. - ;; Remove for the next Shishi release after 1.0.2 or when - ;; removing 'shishi-fix-libgcrypt-detection.patch'. - #:configure-flags '("ac_cv_libgcrypt=yes" "--disable-static"))) + ;; Remove first two items for the next Shishi release after 1.0.2 or + ;; when removing 'shishi-fix-libgcrypt-detection.patch'. + #:configure-flags + '("ac_cv_libgcrypt=yes" "--disable-static" + "--with-key-dir=/etc/shishi" "--with-db-dir=/var/shishi") + #:phases + (modify-phases %standard-phases + (add-after 'configure 'disable-automatic-key-generation + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "Makefile" + (("^install-data-hook:") + "install-data-hook:\nx:\n")) + #t))))) (native-inputs `(("pkg-config" ,pkg-config))) (inputs `(("gnutls" ,gnutls) @@ -132,7 +142,10 @@ (define-public shishi (description "GNU Shishi is a free implementation of the Kerberos 5 network security system. It is used to allow non-secure network nodes to communicate in a -secure manner through client-server mutual authentication via tickets.") +secure manner through client-server mutual authentication via tickets. + +After installation, the system administrator should generate keys using +@code{shisa -a /etc/shishi/shishi.keys}.") (license license:gpl3+))) (define-public heimdal