On Thu, Feb 01, 2018 at 10:06:07AM +0100, Ludovic Courtès wrote:
> Leo Famulari <l...@famulari.name> skribis:
> > And we can see the core-updates guix-daemon try and fail to open
> > libnss_compat.so:
>
> Yes, but in the trace I gave, it then goes on dlopening libnss_files,
> which is the NSS module to read databases like /etc/groups directly, and
> succeeds:
>
> --8<---------------cut here---------------start------------->8---
> connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1
> ENOENT (No such file or directory)
> close(3) = 0
> open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0444, st_size=207, ...}) = 0
> read(3, "group:\tcompat [NOTFOUND=return] "..., 4096) = 207
> read(3, "", 4096) = 0
> close(3) = 0
> openat(AT_FDCWD,
> "/gnu/store/n6acaivs0jwiwpidjr551dhdni5kgpcr-glibc-2.26.105-g0890d5379c/lib/libnss_compat.so.2",
> O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD,
> "/gnu/store/n6acaivs0jwiwpidjr551dhdni5kgpcr-glibc-2.26.105-g0890d5379c/lib/libnss_files.so.2",
> O_RDONLY|O_CLOEXEC) = 3
> read(3,
> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\"\0\0\0\0\0\0"..., 832) =
> 832
> fstat(3, {st_mode=S_IFREG|0555, st_size=56928, ...}) = 0
> mmap(NULL, 2168632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0x7f420943d000
> mprotect(0x7f4209448000, 2093056, PROT_NONE) = 0
> mmap(0x7f4209647000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f4209647000
> mmap(0x7f4209649000, 22328, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f4209649000
> close(3) = 0
> mprotect(0x7f4209647000, 4096, PROT_READ) = 0
> open("/etc/group", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=666, ...}) = 0
> read(3, "root:x:0:\nwheel:x:999:ludo\nusers"..., 4096) = 666
> --8<---------------cut here---------------end--------------->8---
>
> The problem in your case is that /etc/nsswitch.conf has this:
>
> --8<---------------cut here---------------start------------->8---
> passwd: compat
> group: compat
> shadow: compat
> --8<---------------cut here---------------end--------------->8---
>
> … meaning that it only tries libnss_compat, and fails if its missing.
> If you replace these “compat” with “files”, I think it’ll work.
>
> FWIW on GuixSD I have this:
>
> --8<---------------cut here---------------start------------->8---
> group: compat [NOTFOUND=return] files
> hosts: files mdns_minimal [NOTFOUND=return] dns mdns
> networks: files dns [!UNAVAIL=return]
> passwd: compat [NOTFOUND=return] files
> shadow: compat [NOTFOUND=return] files
> --8<---------------cut here---------------end--------------->8---
>
> The nsswitch.conf on GuixSD is based on the defaults defined in glibc,
> as noted in (gnu system nss).
Thanks for writing all this out, it's very educational!
> I’m not sure what can be done on our side. We already recommend
> starting the nscd:
>
>
> https://www.gnu.org/software/guix/manual/html_node/Application-Setup.html#Name-Service-Switch-1
In that case, I think the solution is for me to `apt-get install nscd`.
Closing :)
