From: "Ludovic Courtès" <ludovic.courtes@inria.fr>
To: <guix-devel@gnu.org>
Subject: Dealing with foreign distros without nscd
Date: Fri, 28 Aug 2020 11:38:49 +0200 [thread overview]
Message-ID: <87blivrtxy.fsf@inria.fr> (raw)
Hello Guix!
One of the most important pieces of advice we give to use Guix on
foreign distros is to make sure the distro runs nscd, so we don’t end up
dlopening NSS modules in Guix-produced programs:
https://guix.gnu.org/manual/en/html_node/Application-Setup.html#Name-Service-Switch
A situation where this is not possible is HPC clusters: you would like
to run packs there, but you’re not root and cannot spawn nscd, and those
machines typically use a Red Hat derivative with ‘sssd’:
--8<---------------cut here---------------start------------->8---
$ grep sss /etc/nsswitch.conf
passwd: files sss
shadow: files sss
group: files sss
services: files sss
netgroup: files sss
automount: files sss
--8<---------------cut here---------------end--------------->8---
If you try to run binaries from ‘guix pack’ there, they’ll fail to find
libnss_sss.so, and so user name lookups etc. (e.g., getpw(3)) will fail.
The workaround I found is to add ‘sssd’ to the pack, like so:
guix pack -RR -S /lib=lib -S /bin=bin sssd guile
That way, on the other machine, you can set LD_LIBRARY_PATH such that
Guix’ libnss_sss.so gets loaded:
tar xf /path/to/pack.tgz
LD_LIBRARY_PATH=$PWD/lib ./bin/guile -c '(pk (getpw (getuid)))'
It works! However, if people have ideas of less arcane workarounds, I’m
interested.
For the record, I pushed one commit that fixes ‘sssd’¹ and another one
to have LD_LIBRARY_PATH honored when using
GUIX_EXECUTION_ENGINE=fakechroot².
Ludo’.
¹ https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8df6900dffa9e1c74ac3f64877f067974eee0eeb
² https://git.savannah.gnu.org/cgit/guix.git/commit/?id=28dce8f02db38a41e59ecdf3786baa6f732636ff
next reply other threads:[~2020-08-28 9:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-28 9:38 Ludovic Courtès [this message]
2020-08-28 10:03 ` Dealing with foreign distros without nscd Ricardo Wurmus
2020-08-29 10:07 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87blivrtxy.fsf@inria.fr \
--to=ludovic.courtes@inria.fr \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).