unscd: init at 0.53

nixos/modules/services/system/nscd.nix

@@ -7,10 +7,6 @@ let
   nssModulesPath = config.system.nssModules.path;
   cfg = config.services.nscd;
 
-  nscd = if pkgs.stdenv.hostPlatform.libc == "glibc"
-         then pkgs.stdenv.cc.libc.bin
-         else pkgs.glibc.bin;
-
 in
 
 {
@@ -37,6 +33,14 @@ in
         description = "Configuration to use for Name Service Cache Daemon.";
       };
 
+      package = mkOption {
+        type = types.package;
+        default = if pkgs.stdenv.hostPlatform.libc == "glibc"
+          then pkgs.stdenv.cc.libc.bin
+          else pkgs.glibc.bin;
+        description = "package containing the nscd binary to be used by the service";
+      };
+
     };
 
   };
@@ -69,16 +73,16 @@ in
         # files. So prefix the ExecStart command with "!" to prevent systemd
         # from dropping privileges early. See ExecStart in systemd.service(5).
         serviceConfig =
-          { ExecStart = "!@${nscd}/sbin/nscd nscd";
+          { ExecStart = "!@${cfg.package}/bin/nscd nscd";
             Type = "forking";
             DynamicUser = true;
             RuntimeDirectory = "nscd";
             PIDFile = "/run/nscd/nscd.pid";
             Restart = "always";
             ExecReload =
-              [ "${nscd}/sbin/nscd --invalidate passwd"
-                "${nscd}/sbin/nscd --invalidate group"
-                "${nscd}/sbin/nscd --invalidate hosts"
+              [ "${cfg.package}/bin/nscd --invalidate passwd"
+                "${cfg.package}/bin/nscd --invalidate group"
+                "${cfg.package}/bin/nscd --invalidate hosts"
               ];
           };
       };

pkgs/os-specific/linux/unscd/0001-adjust-socket-paths-for-nixos.patch

@@ -0,0 +1,41 @@
+From 9d76d183a97cb667a1ab6d95af69d6db745215df Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Milan=20P=C3=A4ssler?= <[email protected]>
+Date: Tue, 1 Jun 2021 16:55:45 +0200
+Subject: [PATCH] adjust socket paths for nixos
+
+The original unscd would crash, because it is not allowed to create its
+legacy socket at /var/run/.nscd_socket.
+
+This socket is only required for very old glibc versions, but removing it
+is currently non-trivial, so we just move it somewhere, where it is
+allowed to be created. A patch has been submitted upstream to make this
+hack unnecessary.
+
+Also change /var/run to /run, since we shouldn't be using /var/run
+anymore.
+---
+ nscd.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/nscd.c b/nscd.c
+index a71e474..0cd7106 100644
+--- a/nscd.c
++++ b/nscd.c
+@@ -2100,10 +2100,10 @@ static void main_loop(void)
+ ** Initialization
+ */
+
+-#define NSCD_PIDFILE    "/var/run/nscd/nscd.pid"
+-#define NSCD_DIR        "/var/run/nscd"
+-#define NSCD_SOCKET     "/var/run/nscd/socket"
+-#define NSCD_SOCKET_OLD "/var/run/.nscd_socket"
++#define NSCD_PIDFILE    "/run/nscd/nscd.pid"
++#define NSCD_DIR        "/run/nscd"
++#define NSCD_SOCKET     "/run/nscd/socket"
++#define NSCD_SOCKET_OLD "/run/nscd/socket_legacy"
+
+ static smallint wrote_pidfile;
+
+-- 
+2.31.1
+

pkgs/os-specific/linux/unscd/default.nix

@@ -0,0 +1,76 @@
+{ fetchurl, fetchpatch, stdenv, systemd, lib }:
+
+stdenv.mkDerivation rec {
+  pname = "unscd";
+  version = "0.54";
+
+  src = fetchurl {
+    url = "https://busybox.net/~vda/unscd/nscd-${version}.c";
+    sha256 = "0iv4iwgs3sjnqnwd7dpcw6s7i4ar9q89vgsms32clx14fdqjrqch";
+  };
+
+  unpackPhase = ''
+    runHook preUnpack
+    cp $src nscd.c
+    chmod u+w nscd.c
+    runHook postUnpack
+  '';
+
+  patches = [
+    # Patches from Debian that have not (yet) been included upstream, but are useful to us
+    (fetchpatch {
+      url = "https://sources.debian.org/data/main/u/${pname}/${version}-1/debian/patches/change_invalidate_request_info_output";
+      sha256 = "17whakazpisiq9nnw3zybaf7v3lqkww7n6jkx0igxv4z2r3mby6l";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.org/data/main/u/${pname}/${version}-1/debian/patches/support_large_numbers_in_config";
+      sha256 = "0jrqb4cwclwirpqfb6cvnmiff3sm2jhxnjwxa7h0wx78sg0y3bpp";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.org/data/main/u/${pname}/${version}-1/debian/patches/no_debug_on_invalidate";
+      sha256 = "0znwzb522zgikb0mm7awzpvvmy0wf5z7l3jgjlkdpgj0scxgz86w";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.org/data/main/u/${pname}/${version}-1/debian/patches/notify_systemd_about_successful_startup";
+      sha256 = "1ipwmbfwm65yisy74nig9960vxpjx683l3skgxfgssfx1jb9z2mc";
+    })
+
+    # The original unscd would crash, because it is not allowed to create its
+    # legacy socket at /var/run/.nscd_socket.
+    # This socket is only required for very old glibc versions, but removing it
+    # is currently non-trivial, so we just move it somewhere, where it is
+    # allowed to be created. A patch has been submitted upstream to make this
+    # hack unnecessary.
+    # Also change /var/run to /run, since we shouldn't be using /var/run
+    # anymore.
+    # See also: http://lists.busybox.net/pipermail/busybox/2021-June/088866.html
+    ./0001-adjust-socket-paths-for-nixos.patch
+  ];
+
+  buildInputs = [ systemd ];
+
+  buildPhase = ''
+    runHook preBuild
+    gcc -Wall \
+      -Wl,--sort-section -Wl,alignment \
+      -Wl,--sort-common \
+      -fomit-frame-pointer \
+      -lsystemd \
+      -o nscd nscd.c
+    runHook postBuild
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    install -Dm755 -t $out/bin nscd
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    homepage = "https://busybox.net/~vda/unscd/";
+    description = "Less buggy replacement for the glibc name service cache daemon";
+    license = licenses.gpl2Only;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ petabyteboy ];
+  };
+}

pkgs/top-level/all-packages.nix

@@ -23490,6 +23490,8 @@ with pkgs;
 
   ugtrain = callPackage ../tools/misc/ugtrain { };
 
+  unscd = callPackage ../os-specific/linux/unscd { };
+
   untie = callPackage ../os-specific/linux/untie { };
 
   upower = callPackage ../os-specific/linux/upower { };