From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Name service switch configuration Date: Wed, 04 Feb 2015 23:00:25 +0100 Message-ID: <87fvalqqva.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58845) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YJ7zw-0003Nt-3x for guix-devel@gnu.org; Wed, 04 Feb 2015 17:00:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YJ7zs-0004My-Iu for guix-devel@gnu.org; Wed, 04 Feb 2015 17:00:35 -0500 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58218) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YJ7zs-0004Mu-Cb for guix-devel@gnu.org; Wed, 04 Feb 2015 17:00:32 -0500 Received: from reverse-83.fdn.fr ([80.67.176.83]:43493 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1YJ7zr-0007Y6-L3 for guix-devel@gnu.org; Wed, 04 Feb 2015 17:00:32 -0500 List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello Guix! Commit 996ed73 adds support to configure libc=E2=80=99s name service switch (NSS). To enable something like nss-mdns (for the resolution of =E2=80=98.local=E2=80=99 names), one needs two things: 1. Add this snippet to the =E2=80=98operating-system=E2=80=99 declaration: (name-service-switch (name-service-switch (hosts (list %files (name-service (name "mdns_minimal") (reaction (lookup-specification (not-found =3D> retur= n)))) (name-service (name "dns")) (name-service (name "mdns")))))) 2. Arrange to have =E2=80=98nscd-service=E2=80=99 called with: #:name-services (list nss-mdns) And that works! The reason to have complete bindings for nsswitch.conf, as opposed to letting users write nsswitch.conf snippets directly, is that it=E2=80=99s hopefully nicer to work with, allows for static checking, and is inexpensive in terms of maintenance since the NSS interface is essentially frozen. However! Currently, step #2 is absurdly difficult. The =E2=80=98nscd-serv= ice=E2=80=99 call is buried in =E2=80=98%base-services=E2=80=99, so one needs to either = expand =E2=80=98%base-services=E2=80=99, simply modifying the =E2=80=98nscd-servic= e=E2=80=99 call to have the required argument, or to maintain a local modification in (gnu system base). This sucks. The solution to that will be to make service instances declarative (as opposed to being a list of opaque monadic values as is currently the case.) That will allow users to, say, map/filter over =E2=80=98%base-servi= ces=E2=80=99 and change the options as they see fit. I=E2=80=99ll try to come up with a proposal for that soon, but ideas are welcome. Below is the NSS documentation from the manual. Comments welcome! Ludo=E2=80=99. 6.2.9 Name Service Switch =2D------------------------ The =E2=80=98(gnu system nss)=E2=80=99 module provides bindings to the conf= iguration file of libc=E2=80=99s "name service switch" or "NSS" (*note (libc)NSS Configuration File::). In a nutshell, the NSS is a mechanism that allows libc to be extended with new =E2=80=9Cname=E2=80=9D lookup methods f= or system databases, which includes host names, service names, user accounts, and more (*note System Databases and Name Service Switch: (libc)Name Service Switch.). The NSS configuration specifies, for each system database, which lookup method is to be used, and how the various methods are chained together=E2=80=94for instance, under which circumstances NSS should try the= next method in the list. The NSS configuration is given in the =E2=80=98name-service-switch=E2=80=99 field of =E2=80=98operating-system=E2= =80=99 declarations (*note =E2=80=98name-service-switch=E2=80=99: operating-system Reference.). As an example, the declaration below configures the NSS to use the =E2=80=98nss-mdns=E2=80=99 back-end for host name lookups: (name-service-switch (hosts (list %files ;first, check /etc/hosts ;; If the above did not succeed, try ;; with 'mdns_minimal'. (name-service (name "mdns_minimal") ;; 'mdns_minimal' is authoritative for ;; '.local'. When it returns "not found", ;; no need to try the next methods. (reaction (lookup-specification (not-found =3D> return)))) ;; Then fall back to DNS. (name-service (name "dns")) ;; Finally, try with the "full" 'mdns'. (name-service (name "mdns"))))) The reference for name service switch configuration is given below. It is a direct mapping of the C library=E2=80=99s configuration file format= , so please refer to the C library manual for more information (*note (libc)NSS Configuration File::). Compared to libc=E2=80=99s NSS configurat= ion file format, it has the advantage not only of adding this warm parenthetic feel that we like, but also static checks: you=E2=80=99ll know = about syntax errors and typos as soon as you run =E2=80=98guix system=E2=80=99. -- Scheme Variable: %default-nss This is the default name service switch configuration, a =E2=80=98name-service-switch=E2=80=99 object. -- Data Type: name-service-switch This is the data type representation the configuration of libc=E2=80= =99s name service switch (NSS). Each field below represents one of the supported system databases. =E2=80=98aliases=E2=80=99 =E2=80=98ethers=E2=80=99 =E2=80=98group=E2=80=99 =E2=80=98gshadow=E2=80=99 =E2=80=98hosts=E2=80=99 =E2=80=98initgroups=E2=80=99 =E2=80=98netgroup=E2=80=99 =E2=80=98networks=E2=80=99 =E2=80=98password=E2=80=99 =E2=80=98public-key=E2=80=99 =E2=80=98rpc=E2=80=99 =E2=80=98services=E2=80=99 =E2=80=98shadow=E2=80=99 The system databases handled by the NSS. Each of these fields must be a list of =E2=80=98=E2=80=99 objects (see b= elow.) -- Data Type: name-service This is the data type representing an actual name service and the associated lookup action. =E2=80=98name=E2=80=99 A string denoting the name service (*note (libc)Services in the NSS configuration::). Note that name services listed here must be visible to nscd. This is achieved by passing the =E2=80=98#:name-services=E2=80=99= argument to =E2=80=98nscd-service=E2=80=99 the list of packages providing the= needed name services (*note =E2=80=98nscd-service=E2=80=99: Base Services.). =E2=80=98reaction=E2=80=99 An action specified using the =E2=80=98lookup-specification=E2=80= =99 macro (*note (libc)Actions in the NSS configuration::). For example: (lookup-specification (unavailable =3D> continue) (success =3D> return)) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJU0pZ9AAoJEAkLEZk9muu1xcQP/jLNOcJNinMC4hOC0WjIYWDZ 2TYEjEHFeAo5QJadz6yy9md5jy9UVjz8y06lNx+QMKO/4Q/OBbIePv+415+HYRv4 MLvV9w2Fh8R6/KV9PbrQmgMgjAACeJhNiEu4FAG5XJIP6R5z8hchTq9hqc4TEsLR 1tpM9+boo1gZtI9RPCojT+DsYJi14oI3H5/Ugo+ma5urF/JUIgq6ukb5u5ApsIRV hsSk1nkxXjdGlK9oGTI9/I+Sv3KrvkKVZkzJMYOk7GU1DuXHj2VFwLb1prXnslF7 cY73NDPY46f6vmbcJ8qcUjqGOzi/F6FxjsRlteMxc7BMuNXjR/nJBN0cpYq8so0F H58iLkod+oRKp6geHFOZq4P37eZ3at6IMeQxEdhZW8096dn615hx3qIgflPSx41y qSNeBTdXrvQxQN00r3YiyGil9erLon58wvRwEgQyGi9ZNS4DphCG72ALbmmhyuVQ Ckib5X34t7nkXxAwzD6Rhz0WjJFSL5E2QOwM3lw0wOo0Sk/h912VS7BJZhcUp2oc N05c587U7BHlEog05//V7EmtKWacHlJeFi9dIjSW0/BsO6HKY9DmYX3GrMzmUtTd F7MOBH/EG7jx4GZlISb+CAvCgJL5XePq+gdc2MgrekS9jUMeb43iJ3v7IcxZPFo6 F+vBKyC5/cL0EoKjmzsQ =IbBn -----END PGP SIGNATURE----- --=-=-=--