> Would this work as a non-root user ? > No, you need to be root to do chroot builds. >
This is unfortunately a problem: Nix is advertised to work in non-root environment and is used as this. You have common situations where root access is just not possible. A Linux cluster configured with LDAP ( libnss_sss ) is one of the most common type of "shared" / "non-root" environment existing around. Almost all scientific or academic organizations in this world have one and All HPC centers are in this situation too. Solving this issue by enforcing chroot for any Nix build is like forbidding any usage of Nix in these environments. Would it not be possible to create a wrapper that map any "host" libnss-* plugin into the stdenv build path ? That would allow to use any kind of exotic nss/pam auth configured on the host transparently. It is an impure solution but a solution that would fix this kind of issue definitively. Adrien Le 23/06/2015 15:38, Eelco Dolstra a écrit : > Hi, > > On 23/06/15 14:50, Adrien Devresse wrote: > >>> If possible, you could also enable chroot builds. It might be possible to >>> override /etc/nsswitch.conf in the chroot by setting the Nix option >>> "build-chroot-dirs = /etc/nsswitch.conf=/path/to/my-nsswitch.conf" (where >>> my-nsswitch.conf doesn't contain libnss_nss). However, looking at the code, >>> it >>> may not be possible to override /etc/nsswitch.conf at the moment, but fixing >>> that wouldn't be hard. >> Would this work as a non-root user ? > No, you need to be root to do chroot builds. > >> If the current user is an LDAP-referenced user, this will cause a >> failure too even if sss is not configured through /etc/nsswitch.conf > The user inside the chroot is always called "nixbld" and has an entry in the > chroot's /etc/passwd file, so looking up that user would not require LDAP > lookups. >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
