>> Ideally, libnss_sss should be part of stdenv. > That's not going to happen because there are any number of NSS modules that we > can't possibly all add to stdenv. >
Indeed, I was not thinking about making it part of stdenv by default. What about "enrich" stdenv ( through config.nix or configuration.nix) on some specific platforms without triggering a full recompilation ? > Yes, by using nscd. It is not a solution. Red Hat itself documents to not use nscd and sssd together https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/usingnscd-sssd.html sssd is very likely going to be the new norm for ldap authentication ( for good reasons ) . Make it supported into Nix by wrapping old daemons around is probably not a very good long term solution. > If possible, you could also enable chroot builds. It might be possible to > override /etc/nsswitch.conf in the chroot by setting the Nix option > "build-chroot-dirs = /etc/nsswitch.conf=/path/to/my-nsswitch.conf" (where > my-nsswitch.conf doesn't contain libnss_nss). However, looking at the code, it > may not be possible to override /etc/nsswitch.conf at the moment, but fixing > that wouldn't be hard. Would this work as a non-root user ? If the current user is an LDAP-referenced user, this will cause a failure too even if sss is not configured through /etc/nsswitch.conf > As a hack, it might also be possible to add LD_LIBRARY_PATH to the > impureEnvVars > attribute of fetchgit and other affected fixed-output derivations. > (Fixed-output > derivations are allowed to have some "impure" inputs because their output is > guaranteed to be the same regardless of the inputs.) So you could pass in an > LD_LIBRARY_PATH pointing to a directory containing the required NSS modules. That's would make it for git. But like I said, the problem is not limited to git. For instance, all core-utils derivations would still fail. core-util check phase run some tests related to user-right command line tools ... and naturally, these tests need libnss_sss to succeed too... Any other derivation that use user/passwd/group syscall triggers the error too. Adrien Le 23/06/2015 12:48, Eelco Dolstra a écrit : > Hi, > > On 23/06/15 11:47, Adrien Devresse wrote: > >> Ideally, libnss_sss should be part of stdenv. > That's not going to happen because there are any number of NSS modules that we > can't possibly all add to stdenv. > >> Do you have any elegant way in Nix to add a "module" / modify the stdenv >> without retriggering a compilation of the entire system ? > Yes, by using nscd. > > If possible, you could also enable chroot builds. It might be possible to > override /etc/nsswitch.conf in the chroot by setting the Nix option > "build-chroot-dirs = /etc/nsswitch.conf=/path/to/my-nsswitch.conf" (where > my-nsswitch.conf doesn't contain libnss_nss). However, looking at the code, it > may not be possible to override /etc/nsswitch.conf at the moment, but fixing > that wouldn't be hard. > > As a hack, it might also be possible to add LD_LIBRARY_PATH to the > impureEnvVars > attribute of fetchgit and other affected fixed-output derivations. > (Fixed-output > derivations are allowed to have some "impure" inputs because their output is > guaranteed to be the same regardless of the inputs.) So you could pass in an > LD_LIBRARY_PATH pointing to a directory containing the required NSS modules. >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
