diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index 00a87e788dc4d..c9f2a60a31df6 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -7,10 +7,6 @@ let nssModulesPath = config.system.nssModules.path; cfg = config.services.nscd; - nscd = if pkgs.stdenv.hostPlatform.libc == "glibc" - then pkgs.stdenv.cc.libc.bin - else pkgs.glibc.bin; - in { @@ -37,6 +33,14 @@ in description = "Configuration to use for Name Service Cache Daemon."; }; + package = mkOption { + type = types.package; + default = if pkgs.stdenv.hostPlatform.libc == "glibc" + then pkgs.stdenv.cc.libc.bin + else pkgs.glibc.bin; + description = "package containing the nscd binary to be used by the service"; + }; + }; }; @@ -69,16 +73,16 @@ in # files. So prefix the ExecStart command with "!" to prevent systemd # from dropping privileges early. See ExecStart in systemd.service(5). serviceConfig = - { ExecStart = "!@${nscd}/sbin/nscd nscd"; + { ExecStart = "!@${cfg.package}/bin/nscd nscd"; Type = "forking"; DynamicUser = true; RuntimeDirectory = "nscd"; PIDFile = "/run/nscd/nscd.pid"; Restart = "always"; ExecReload = - [ "${nscd}/sbin/nscd --invalidate passwd" - "${nscd}/sbin/nscd --invalidate group" - "${nscd}/sbin/nscd --invalidate hosts" + [ "${cfg.package}/bin/nscd --invalidate passwd" + "${cfg.package}/bin/nscd --invalidate group" + "${cfg.package}/bin/nscd --invalidate hosts" ]; }; }; diff --git a/pkgs/os-specific/linux/unscd/0001-adjust-socket-paths-for-nixos.patch b/pkgs/os-specific/linux/unscd/0001-adjust-socket-paths-for-nixos.patch new file mode 100644 index 0000000000000..941b5c90a6240 --- /dev/null +++ b/pkgs/os-specific/linux/unscd/0001-adjust-socket-paths-for-nixos.patch @@ -0,0 +1,41 @@ +From 9d76d183a97cb667a1ab6d95af69d6db745215df Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Milan=20P=C3=A4ssler?= +Date: Tue, 1 Jun 2021 16:55:45 +0200 +Subject: [PATCH] adjust socket paths for nixos + +The original unscd would crash, because it is not allowed to create its +legacy socket at /var/run/.nscd_socket. + +This socket is only required for very old glibc versions, but removing it +is currently non-trivial, so we just move it somewhere, where it is +allowed to be created. A patch has been submitted upstream to make this +hack unnecessary. + +Also change /var/run to /run, since we shouldn't be using /var/run +anymore. +--- + nscd.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/nscd.c b/nscd.c +index a71e474..0cd7106 100644 +--- a/nscd.c ++++ b/nscd.c +@@ -2100,10 +2100,10 @@ static void main_loop(void) + ** Initialization + */ + +-#define NSCD_PIDFILE "/var/run/nscd/nscd.pid" +-#define NSCD_DIR "/var/run/nscd" +-#define NSCD_SOCKET "/var/run/nscd/socket" +-#define NSCD_SOCKET_OLD "/var/run/.nscd_socket" ++#define NSCD_PIDFILE "/run/nscd/nscd.pid" ++#define NSCD_DIR "/run/nscd" ++#define NSCD_SOCKET "/run/nscd/socket" ++#define NSCD_SOCKET_OLD "/run/nscd/socket_legacy" + + static smallint wrote_pidfile; + +-- +2.31.1 + diff --git a/pkgs/os-specific/linux/unscd/default.nix b/pkgs/os-specific/linux/unscd/default.nix new file mode 100644 index 0000000000000..1f974029b0174 --- /dev/null +++ b/pkgs/os-specific/linux/unscd/default.nix @@ -0,0 +1,76 @@ +{ fetchurl, fetchpatch, stdenv, systemd, lib }: + +stdenv.mkDerivation rec { + pname = "unscd"; + version = "0.54"; + + src = fetchurl { + url = "https://busybox.net/~vda/unscd/nscd-${version}.c"; + sha256 = "0iv4iwgs3sjnqnwd7dpcw6s7i4ar9q89vgsms32clx14fdqjrqch"; + }; + + unpackPhase = '' + runHook preUnpack + cp $src nscd.c + chmod u+w nscd.c + runHook postUnpack + ''; + + patches = [ + # Patches from Debian that have not (yet) been included upstream, but are useful to us + (fetchpatch { + url = "https://sources.debian.org/data/main/u/${pname}/${version}-1/debian/patches/change_invalidate_request_info_output"; + sha256 = "17whakazpisiq9nnw3zybaf7v3lqkww7n6jkx0igxv4z2r3mby6l"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/u/${pname}/${version}-1/debian/patches/support_large_numbers_in_config"; + sha256 = "0jrqb4cwclwirpqfb6cvnmiff3sm2jhxnjwxa7h0wx78sg0y3bpp"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/u/${pname}/${version}-1/debian/patches/no_debug_on_invalidate"; + sha256 = "0znwzb522zgikb0mm7awzpvvmy0wf5z7l3jgjlkdpgj0scxgz86w"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/u/${pname}/${version}-1/debian/patches/notify_systemd_about_successful_startup"; + sha256 = "1ipwmbfwm65yisy74nig9960vxpjx683l3skgxfgssfx1jb9z2mc"; + }) + + # The original unscd would crash, because it is not allowed to create its + # legacy socket at /var/run/.nscd_socket. + # This socket is only required for very old glibc versions, but removing it + # is currently non-trivial, so we just move it somewhere, where it is + # allowed to be created. A patch has been submitted upstream to make this + # hack unnecessary. + # Also change /var/run to /run, since we shouldn't be using /var/run + # anymore. + # See also: http://lists.busybox.net/pipermail/busybox/2021-June/088866.html + ./0001-adjust-socket-paths-for-nixos.patch + ]; + + buildInputs = [ systemd ]; + + buildPhase = '' + runHook preBuild + gcc -Wall \ + -Wl,--sort-section -Wl,alignment \ + -Wl,--sort-common \ + -fomit-frame-pointer \ + -lsystemd \ + -o nscd nscd.c + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + install -Dm755 -t $out/bin nscd + runHook postInstall + ''; + + meta = with lib; { + homepage = "https://busybox.net/~vda/unscd/"; + description = "Less buggy replacement for the glibc name service cache daemon"; + license = licenses.gpl2Only; + platforms = platforms.linux; + maintainers = with maintainers; [ petabyteboy ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4c65f21346cd6..03c814d8509f6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23490,6 +23490,8 @@ with pkgs; ugtrain = callPackage ../tools/misc/ugtrain { }; + unscd = callPackage ../os-specific/linux/unscd { }; + untie = callPackage ../os-specific/linux/untie { }; upower = callPackage ../os-specific/linux/upower { };