Hello,
Leo Famulari <l...@famulari.name> skribis:
> On Thu, Feb 01, 2018 at 12:28:32AM +0100, Ludovic Courtès wrote:
>> I think you attached strace to the running guix-daemon process here.
>> What I meant is that we should trace it from the beginning of its
>> execution (so either run it by hand or modify the .service file to run
>> “strace -f guix-daemon …”.)
>
> Oh, right. The issue is that, starting in glibc 2.26, libnss_compat is
> not built unless the glibc build is configured with
> --enable-obsolete-nsl:
[...]
> And we can see the core-updates guix-daemon try and fail to open
> libnss_compat.so:
Yes, but in the trace I gave, it then goes on dlopening libnss_files,
which is the NSS module to read databases like /etc/groups directly, and
succeeds:
--8<---------------cut here---------------start------------->8---
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=207, ...}) = 0
read(3, "group:\tcompat [NOTFOUND=return] "..., 4096) = 207
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD,
"/gnu/store/n6acaivs0jwiwpidjr551dhdni5kgpcr-glibc-2.26.105-g0890d5379c/lib/libnss_compat.so.2",
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD,
"/gnu/store/n6acaivs0jwiwpidjr551dhdni5kgpcr-glibc-2.26.105-g0890d5379c/lib/libnss_files.so.2",
O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\"\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0555, st_size=56928, ...}) = 0
mmap(NULL, 2168632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f420943d000
mprotect(0x7f4209448000, 2093056, PROT_NONE) = 0
mmap(0x7f4209647000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f4209647000
mmap(0x7f4209649000, 22328, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f4209649000
close(3) = 0
mprotect(0x7f4209647000, 4096, PROT_READ) = 0
open("/etc/group", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=666, ...}) = 0
read(3, "root:x:0:\nwheel:x:999:ludo\nusers"..., 4096) = 666
--8<---------------cut here---------------end--------------->8---
The problem in your case is that /etc/nsswitch.conf has this:
--8<---------------cut here---------------start------------->8---
passwd: compat
group: compat
shadow: compat
--8<---------------cut here---------------end--------------->8---
… meaning that it only tries libnss_compat, and fails if its missing.
If you replace these “compat” with “files”, I think it’ll work.
FWIW on GuixSD I have this:
--8<---------------cut here---------------start------------->8---
group: compat [NOTFOUND=return] files
hosts: files mdns_minimal [NOTFOUND=return] dns mdns
networks: files dns [!UNAVAIL=return]
passwd: compat [NOTFOUND=return] files
shadow: compat [NOTFOUND=return] files
--8<---------------cut here---------------end--------------->8---
The nsswitch.conf on GuixSD is based on the defaults defined in glibc,
as noted in (gnu system nss).
I’m not sure what can be done on our side. We already recommend
starting the nscd:
https://www.gnu.org/software/guix/manual/html_node/Application-Setup.html#Name-Service-Switch-1
Thoughts?
Ludo’.
