public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/kresd: use DNSSEC root trust anchor from nixpkgs

Browse Source 
in read-only way.  If the cache directory is empty and you use the
very same service for system's DNS, kresd is unable to bootstrap root
trust anchors, as it would need a DNS lookup.

Also, if we don't rely on bootstrap, the extra lua deps of kresd could
be dropped by default, but let's not do that now, as the difference in
closure size is only ~4 MB, and there may be other use cases than
running the package as nixos service this way.
This commit is contained in:
Vladimír Čunát 2018-01-09 17:13:39 +01:00
parent f312e6d993
commit 3ab85ed1ac
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/networking/kresd.nix
View File

@ -99,7 +99,7 @@ in
script = '' script = ''
exec '${package}/bin/kresd' --config '${configFile}' \ exec '${package}/bin/kresd' --config '${configFile}' \
-k '${cfg.cacheDir}/root.key' -k '${pkgs.dns-root-data}/root.key'
''; '';
requires = [ "kresd.socket" ]; requires = [ "kresd.socket" ];