From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id WMFZMqjTHGINKgEAgWs5BA (envelope-from ) for ; Mon, 28 Feb 2022 14:52:40 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id kMIPL6jTHGLo7wAAauVa8A (envelope-from ) for ; Mon, 28 Feb 2022 14:52:40 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 83109477EC for ; Mon, 28 Feb 2022 14:52:40 +0100 (CET) Received: from localhost ([::1]:55078 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nOgS7-0005U6-Kn for larch@yhetil.org; Mon, 28 Feb 2022 08:52:39 -0500 Received: from eggs.gnu.org ([209.51.188.92]:37788) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nOgIp-0003Lf-14 for guix-devel@gnu.org; Mon, 28 Feb 2022 08:43:06 -0500 Received: from [2a0c:e300::1] (port=35114 helo=hera.aquilenet.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nOgIn-0005zg-4R for guix-devel@gnu.org; Mon, 28 Feb 2022 08:43:02 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 46DCE448; Mon, 28 Feb 2022 14:42:58 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gJ9tZUIXVnc8; Mon, 28 Feb 2022 14:42:57 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 367A51A4; Mon, 28 Feb 2022 14:42:57 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Chris Marusich Subject: Re: How to use Guix with sssd, not nscd, on a foreign distro? References: <87y222usfr.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 10 =?utf-8?Q?Vent=C3=B4se?= an 230 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 28 Feb 2022 14:42:56 +0100 In-Reply-To: <87y222usfr.fsf@gmail.com> (Chris Marusich's message of "Tue, 22 Feb 2022 20:18:16 -0800") Message-ID: <87pmn7cdjz.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: / X-Rspamd-Server: hera X-Rspamd-Queue-Id: 46DCE448 X-Spamd-Result: default: False [0.90 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_ENVRCPT(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; SUBJECT_ENDS_QUESTION(1.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a0c:e300::1 (failed) Received-SPF: softfail client-ip=2a0c:e300::1; envelope-from=ludo@gnu.org; helo=hera.aquilenet.fr X-Spam_score_int: -4 X-Spam_score: -0.5 X-Spam_bar: / X-Spam_report: (-0.5 / 5.0 requ) BAYES_00=-1.9, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1646056360; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=vcsEEpLZ+HNFccREgGz4H1LNK0StpTqTaYgyNDwI+QM=; b=QjGono/qndAMfoZ3njYkMRKp4eA03hnSEm0KqGexZr8dLV2L9STbiJeICcz2CJUechfvJP pqpiOrwX4RI5+NTP+B7+3jU0pNZNZCJwNVCu0CSMySNlYXyshxMthozOOxQ1StaAKUnV2s Phs95S3HwPtvocQwcsonuUhCGZKmnjYdgT75HeTIO5az0LIARJ2H6cYYpiCwZ7hTbWAZRc 4F8bHqjjRopyoUgtWMecLKmmukCVUa0f6hlA44CsebkzgjcHgTH4CEtz7o1b5lh6aVB6ab dPtgZlGYGLGbPMOZeUs18yFLnkNtvbD5fT1yGJRWZ1mI/zkyaJrfl+KPiNe15w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1646056360; a=rsa-sha256; cv=none; b=gElVpyASsVR3SLeo8/oWU58y/Cf4v8HXrJUWtg+SDqDiqW8jADyT5ttzwp/S/qiVvtenfJ 6nSLbnj/WakDIZ4L/YbG98HkjMwB8YXUWXJ7qeaMwVlhh4kV1tz4jwantZBBJ+o8oCgxFH 4iTd2Y3v7hKFmJRl5QvJsul/oiBIprk12x/nytz3lgJcnUcXClyUaGXRrhS90jQDkKtOpN cqF0AfFsiMndsTIoBXDctY4hD6FJ/S+nI2wrYKUZDUO6jGMHmpZDaw9Oz5SdtNNHdPR9A7 TTPYFr6WypHvxlbGR8yac7Eq0ZrMJJw5sR0zG6OMUHOqOqdP74XhseBh9wVA6A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.40 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 83109477EC X-Spam-Score: -3.40 X-Migadu-Scanner: scn0.migadu.com X-TUID: 07vZ1hmet3wE Hello, Chris Marusich skribis: > The Guix manual recommends running nscd: > > https://guix.gnu.org/manual/en/html_node/Application-Setup.html > > However, Fedora intends to remove it: > > https://fedoraproject.org/wiki/Changes/RemoveNSCD D=E2=80=99oh! This is bad. It might suggest that nscd will vanish from gl= ibc as well, given it=E2=80=99s partly developed by the same group of people. AFAIK, nscd is the only way to allow glibc=E2=80=99s name service switch (N= SS) to be used on a system where multiple glibc versions might coexist. This is a problem Fedora doesn=E2=80=99t have: there=E2=80=99s always a sin= gle glibc package installed. [...] > The Fedora document explains that at least the hosts cache will be > handled by systemd-resolved. Can I expect Guix-built programs to "try > to use systemd" when resolving host names, or is additional > configuration likely to be required? I suppose there=E2=80=99s a systemd-resolved NSS module, and /etc/nsswitch.= conf points to it. > Regarding sssd specifically, how can I arrange for a Guix-built program > to "try to use sssd" first? The relevant glibc functions always check nsswitch.conf and use the methods prescribed there. When nscd is not running, they might end up trying to dlopen libnss_sssd.so, which will usually fail. One way to work around it is described here: https://lists.gnu.org/archive/html/guix-devel/2020-08/msg00168.html But this is pretty much a last resort and not something we=E2=80=99d recomm= end for general use. HTH! Ludo=E2=80=99.