[PATCH 0/7] Nsncd: Introduce package + nscd service update

  • Open
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • picnoir
Owner
unassigned
Submitted by
picnoir
Severity
normal
P
P
picnoir wrote on 19 May 14:34 +0200
(address . guix-patches@gnu.org)(name . Picnoir)(address . picnoir@alternativebit.fr)
cover.1716121730.git.picnoir@alternativebit.fr
From: Picnoir <picnoir@alternativebit.fr>

Hey Guix,

Some context first. Nscd is a daemon distributed through Glibc originally used
to cache the potentially expensive NSS requests. NSS modules are usually
distributed as shared libraries that are DL-opened at runtime by the programs
linked against glibc. This interface is unstable, Glibc advise to always build
the NSS modules with the same Glibc version the host system uses. This is
obviously an issue for us: a single system closure can contain programs built
against different Glibc versions.

In Guix, we're mis-using Nscd to provide a ABI compatibility layer to load NSS
modules for programs built against a different GLIBC version than the system
one. Nscd is set with a TTL to 0 to disable the caching feature of the
original tool. While this works fine most of the times, it sometimes still
caches failed domain names resolution. It happens quite often While switching
between wifi networks for instance.

Nsncd is a non-caching Nscd replacement. It was originally written

NixOS adopted this Nscd replacement last year. This migration solved the
unwanted caching issues there.

This patch introduces the Nsnncd package and modifies the current Nscd service
adding a flag to use Nsncd instead of Nscd. This flag is disabled by default.

Package-wise: I had to introduce a bunch of packages to please the Cargo
version resolver. I'm a upstream contributor, I can probably relax those later
on. I was a bit shy to bump rust-nix for all the packages, I just introduced a
new version of it.

Service-wise: I introduced a new flag in the Nscd service instead of creating
a new Nsncd service from scratch to keep the existing service dependency
graph. It does not make 100% sense because Nsncd does not share the same CLI
API with Nscd. Nsncd actually does not support any configuration file. ?

Picnoir (7):
gnu: Add rust-libc-0.2.153.
gnu: Add rust-nix-0.28.
gnu: Add rust-dns-lookup-2.
gnu: Add rust-temp-env-0.3.
gnu: Add rust-slog-async-2-8.
gnu: Add nsncd.
gnu: services: nscd: add Nsncd optional support.

gnu/packages/crates-io.scm | 112 +++++++++++++++++++++++++++++++++++++
gnu/packages/nss.scm | 44 +++++++++++++++
gnu/services/base.scm | 9 ++-
3 files changed, 163 insertions(+), 2 deletions(-)


base-commit: cf5f7a8bf9ca2288700fcf351bbca0fc341ec969
--
2.41.0
P
P
picnoir wrote on 19 May 14:46 +0200
[PATCH 1/7] gnu: Add rust-libc-0.2.153.
(address . 71064@debbugs.gnu.org)(name . Picnoir)(address . picnoir@alternativebit.fr)
e846dd7100eca991df76b4928b6de98b467b0775.1716121731.git.picnoir@alternativebit.fr
From: Picnoir <picnoir@alternativebit.fr>

* gnu/packages/crates-io.scm (rust-libc-0.2.153): New variable. Required by
rust-nix 0.18.

Change-Id: I95c6663b0262f3e893c38ed51c34176144e4f750
---
gnu/packages/crates-io.scm | 13 +++++++++++++
1 file changed, 13 insertions(+)

Toggle diff (26 lines)
diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm
index cce3e8b0b1..e8e643589a 100644
--- a/gnu/packages/crates-io.scm
+++ b/gnu/packages/crates-io.scm
@@ -33597,6 +33597,19 @@ (define-public rust-libc-0.2
(license (list license:expat
license:asl2.0))))
+(define-public rust-libc-0.2.153
+ (package
+ (inherit rust-libc-0.2)
+ (name "rust-libc")
+ (version "0.2.153")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (crate-uri "libc" version))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32 "1gg7m1ils5dms5miq9fyllrcp0jxnbpgkx71chd2i0lafa8qy6cw"))))))
+
(define-public rust-libc-print-0.1
(package
(name "rust-libc-print")
--
2.41.0
P
P
picnoir wrote on 19 May 14:46 +0200
[PATCH 4/7] gnu: Add rust-temp-env-0.3.
(address . 71064@debbugs.gnu.org)(name . Picnoir)(address . picnoir@alternativebit.fr)
032dbe64894d0187026e9e7fc52ace0947222b16.1716121731.git.picnoir@alternativebit.fr
From: Picnoir <picnoir@alternativebit.fr>

* gnu/packages/crates-io.scm (rust-temp-env-0.3): New variable. Required by
Nsncd.

Change-Id: I0cf5084339b889aa6fdaeeeca7b6be2ffcdcb48c
---
gnu/packages/crates-io.scm | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)

Toggle diff (34 lines)
diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm
index 1753dc0ac8..2b71e1d588 100644
--- a/gnu/packages/crates-io.scm
+++ b/gnu/packages/crates-io.scm
@@ -68736,6 +68736,27 @@ (define-public rust-tectonic-xetex-layout-0.2
a C API.")
(license license:expat)))
+(define-public rust-temp-env-0.3
+ (package
+ (name "rust-temp-env")
+ (version "0.3.6")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (crate-uri "temp-env" version))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32 "0l7hpkd0nhiy4w70j9xbygl1vjr9ipcfxii164n40iwg0ralhdwn"))))
+ (build-system cargo-build-system)
+ (arguments
+ `(#:cargo-inputs (("rust-futures" ,rust-futures-0.3)
+ ("rust-parking-lot" ,rust-parking-lot-0.12))
+ #:cargo-development-inputs (("rust-tokio" ,rust-tokio-1))))
+ (home-page "https://github.com/vmx/temp-env")
+ (synopsis "Set environment variables temporarily.")
+ (description "Set environment variables temporarily.")
+ (license (list license:expat license:asl2.0))))
+
(define-public rust-temp-testdir-0.2
(package
(name "rust-temp-testdir")
--
2.41.0
P
P
picnoir wrote on 19 May 14:46 +0200
[PATCH 2/7] gnu: Add rust-nix-0.28.
(address . 71064@debbugs.gnu.org)(name . Picnoir)(address . picnoir@alternativebit.fr)
5faf20cbe9f32a93fbe28ae55f66ec94ac11bdf4.1716121731.git.picnoir@alternativebit.fr
From: Picnoir <picnoir@alternativebit.fr>

* gnu/packages/crates-io.scm (rust-nix-0.28): New variable. Required by Nsncd.

Change-Id: I51964d3be9cfb5e78b727a1a9e400fb61e57321f
---
gnu/packages/crates-io.scm | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)

Toggle diff (44 lines)
diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm
index e8e643589a..ecae320792 100644
--- a/gnu/packages/crates-io.scm
+++ b/gnu/packages/crates-io.scm
@@ -41005,6 +41005,37 @@ (define-public rust-nispor-1
(description "Unified interface for Linux network state querying.")
(license license:asl2.0)))
+(define-public rust-nix-0.28
+ (package
+ (name "rust-nix")
+ (version "0.28.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (crate-uri "nix" version))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32 "1r0rylax4ycx3iqakwjvaa178jrrwiiwghcw95ndzy72zk25c8db"))))
+ (build-system cargo-build-system)
+ (arguments
+ `(#:cargo-inputs (("rust-bitflags" ,rust-bitflags-2)
+ ("rust-cfg-if" ,rust-cfg-if-1)
+ ("rust-cfg-aliases" ,rust-cfg-aliases-0.1)
+ ("rust-libc" ,rust-libc-0.2.153)
+ ("rust-memoffset" ,rust-memoffset-0.9)
+ ("rust-pin-utils" ,rust-pin-utils-0.1))
+ #:cargo-development-inputs (("rust-assert-impl" ,rust-assert-impl-0.1)
+ ("rust-caps" ,rust-caps-0.5)
+ ("rust-parking-lot" ,rust-parking-lot-0.12)
+ ("rust-rand" ,rust-rand-0.8)
+ ("rust-semver" ,rust-semver-1)
+ ("rust-sysctl" ,rust-sysctl-0.4)
+ ("rust-tempfile" ,rust-tempfile-3))))
+ (home-page "https://github.com/nix-rust/nix")
+ (synopsis "Rust friendly bindings to *nix APIs")
+ (description "Rust friendly bindings to *nix APIs")
+ (license license:expat)))
+
(define-public rust-nix-0.27
(package
(name "rust-nix")
--
2.41.0
P
P
picnoir wrote on 19 May 14:46 +0200
[PATCH 3/7] gnu: Add rust-dns-lookup-2.
(address . 71064@debbugs.gnu.org)(name . Picnoir)(address . picnoir@alternativebit.fr)
8e7a44e03a7a7ddedf6068287ef58471b7689732.1716121731.git.picnoir@alternativebit.fr
From: Picnoir <picnoir@alternativebit.fr>

* gnu/packages/crates-io.scm (rust-dns-lookup-2): New variable. Required by
Nsncd.

Change-Id: I66a8488c93cc0c119417270db93733424a791069
---
gnu/packages/crates-io.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)

Toggle diff (38 lines)
diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm
index ecae320792..1753dc0ac8 100644
--- a/gnu/packages/crates-io.scm
+++ b/gnu/packages/crates-io.scm
@@ -19942,6 +19942,31 @@ (define-public rust-dns-parser-0.8
not support network, only raw protocol parser.")
(license (list license:expat license:asl2.0))))
+(define-public rust-dns-lookup-2
+ (package
+ (name "rust-dns-lookup")
+ (version "2.0.4")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (crate-uri "dns-lookup" version))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32 "1z74n2zij2gahycabm0gkmkyx574h76gwk7sz93yqpr3qa3n0xp5"))))
+ (build-system cargo-build-system)
+ (arguments
+ `(#:cargo-inputs (("rust-cfg-if" ,rust-cfg-if-1)
+ ("rust-libc" ,rust-libc-0.2)
+ ("rust-socket2" ,rust-socket2-0.5)
+ ("rust-windows-sys" ,rust-windows-sys-0.48))))
+ (home-page "https://github.com/keeperofdakeys/dns-lookup/")
+ (synopsis
+ "A simple dns resolving api, much like rust's unstable api. Also includes getaddrinfo and getnameinfo wrappers for libc variants.")
+ (description
+ "This package provides a simple dns resolving api, much like rust's unstable api.
+ Also includes getaddrinfo and getnameinfo wrappers for libc variants.")
+ (license (list license:expat license:asl2.0))))
+
(define-public rust-dns-sd-0.1
(package
(name "rust-dns-sd")
--
2.41.0
P
P
picnoir wrote on 19 May 14:46 +0200
[PATCH 5/7] gnu: Add rust-slog-async-2-8.
(address . 71064@debbugs.gnu.org)(name . Picnoir)(address . picnoir@alternativebit.fr)
980baf17bbca36e2e5dfc7e1fbc1c14e87e9fdbf.1716121731.git.picnoir@alternativebit.fr
From: Picnoir <picnoir@alternativebit.fr>

* gnu/packages/crates-io.scm (rust-slog-async-2-8): New variable. Required by
Nsncd.

Change-Id: I9f1a6041c92760b481acc30c0bddd28330b98b2c
---
gnu/packages/crates-io.scm | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)

Toggle diff (35 lines)
diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm
index 2b71e1d588..2f574ee255 100644
--- a/gnu/packages/crates-io.scm
+++ b/gnu/packages/crates-io.scm
@@ -62944,6 +62944,28 @@ (define-public rust-slog-async-2
(description "This package provides an asynchronous drain for slog.")
(license (list license:mpl2.0 license:expat license:asl2.0))))
+(define-public rust-slog-async-2-8
+ (package
+ (name "rust-slog-async")
+ (version "2.8.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (crate-uri "slog-async" version))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32 "113b17aw7jx7mr68vwfq2yiv6mb4702hz6a0g587jb4ai67h7j3j"))))
+ (build-system cargo-build-system)
+ (arguments
+ `(#:cargo-inputs (("rust-crossbeam-channel" ,rust-crossbeam-channel-0.5)
+ ("rust-slog" ,rust-slog-2)
+ ("rust-take-mut" ,rust-take-mut-0.2)
+ ("rust-thread-local" ,rust-thread-local-1))))
+ (home-page "https://github.com/slog-rs/slog")
+ (synopsis "Asynchronous drain for slog-rs")
+ (description "Asynchronous drain for slog-rs")
+ (license (list license:mpl2.0 license:expat license:asl2.0))))
+
(define-public rust-slog-kvfilter-0.7
(package
(name "rust-slog-kvfilter")
--
2.41.0
P
P
picnoir wrote on 19 May 14:46 +0200
[PATCH 6/7] gnu: Add nsncd.
(address . 71064@debbugs.gnu.org)(name . Picnoir)(address . picnoir@alternativebit.fr)
cce059070b36f3007fa8db1003930b8fea980314.1716121731.git.picnoir@alternativebit.fr
From: Picnoir <picnoir@alternativebit.fr>

* gnu/packages/nss.scm (nsncd): New variable. Introducing Nsncd, a non-caching
alternative of Glibc Nscd.

Change-Id: I18ba7ffbb6fb59c4928829bb98a8da4e6963e587
---
gnu/packages/nss.scm | 44 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)

Toggle diff (68 lines)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 162e748094..492b5ef3bd 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -28,6 +28,8 @@ (define-module (gnu packages nss)
#:use-module (guix utils)
#:use-module (guix gexp)
#:use-module (guix download)
+ #:use-module (guix git-download)
+ #:use-module (guix build-system cargo)
#:use-module (guix build-system gnu)
#:use-module (guix build-system mozilla)
#:use-module ((guix licenses) #:prefix license:)
@@ -35,6 +37,7 @@ (define-module (gnu packages nss)
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
#:use-module (gnu packages check)
+ #:use-module (gnu packages crates-io)
#:use-module (gnu packages compression)
#:use-module (gnu packages perl)
#:use-module (gnu packages sqlite))
@@ -286,3 +289,44 @@ (define-public nss/fixed
;; work around that, set the time to roughly the release date.
(invoke "faketime" "2024-01-23" "./nss/tests/all.sh"))
(format #t "test suite not run~%"))))))))))))
+
+(define-public nsncd
+ (package
+ (name "nsncd")
+ (version "unstable-2024-04-09")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/twosigma/nsncd")
+ (commit "7605e330d5a313a8656e6fcaf1c10cd6b5cdd427")))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "1hk8bh2a02nyk3rpzbjx1a2iiz15d0vx3ysa180wmr8gsc9ymph5"))))
+ (build-system cargo-build-system)
+ (arguments
+ `(#:cargo-test-flags
+ '("--"
+ ; These tests fail with the current builder network setup
+ "--skip=ffi::test_gethostbyaddr_r"
+ "--skip=ffi::test_gethostbyname2_r")
+ #:cargo-inputs
+ (("rust-anyhow" ,rust-anyhow-1)
+ ("rust-atoi" ,rust-atoi-2)
+ ("rust-slog" ,rust-slog-2)
+ ("rust-slog-async" ,rust-slog-async-2-8)
+ ("rust-slog-term" ,rust-slog-term-2)
+ ("rust-crossbeam-channel" ,rust-crossbeam-channel-0.5)
+ ("rust-nix" ,rust-nix-0.28)
+ ("rust-num-derive" ,rust-num-derive-0.3)
+ ("rust-num-traits" ,rust-num-traits-0.2)
+ ("rust-sd-notify" ,rust-sd-notify-0.4)
+ ("rust-static-assertions" ,rust-static-assertions-1)
+ ("rust-dns-lookup" ,rust-dns-lookup-2))
+ #:cargo-development-inputs
+ (("rust-criterion" ,rust-criterion-0.5)
+ ("rust-temp-env" ,rust-temp-env-0.3))))
+ (home-page "https://github.com/twosigma/nsncd")
+ (synopsis "The name service non-caching daemon")
+ (description "The name service non-caching daemon")
+ (license (list license:asl2.0))))
--
2.41.0
P
P
picnoir wrote on 19 May 14:46 +0200
[PATCH 7/7] gnu: services: nscd: add Nsncd optional support.
(address . 71064@debbugs.gnu.org)(name . Picnoir)(address . picnoir@alternativebit.fr)
cb8c3c48fb9affbab0a748be01f4afa743ad6ff2.1716121731.git.picnoir@alternativebit.fr
From: Picnoir <picnoir@alternativebit.fr>

* gnu/services/base.scm (services: nscd: add Nsncd optional support): Add a
new nscd-use-nscd? field in the Nscd configuration record. When set to #t, the
nscd service will use Nsncd in place of the Glibc's Nscd. I'm not 100% sure
adding this to the existing Nscd service is a good idea, it's however the most
convenient option for now. Or is it? :)

Change-Id: I73d03bd149ff005130e1ed2532e1b4b0e3d572f5
---
gnu/services/base.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

Toggle diff (40 lines)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 85160bd3ab..66306384c0 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -79,6 +79,7 @@ (define-module (gnu services base)
#:select (bcachefs-tools exfat-utils jfsutils zfs))
#:use-module (gnu packages fonts)
#:use-module (gnu packages terminals)
+ #:use-module (gnu packages nss)
#:use-module ((gnu packages wm) #:select (sway))
#:use-module ((gnu build file-systems)
#:select (mount-flags->bit-mask
@@ -1284,6 +1285,8 @@ (define-deprecated (mingetty-service config)
(define-record-type* <nscd-configuration> nscd-configuration
make-nscd-configuration
nscd-configuration?
+ (use-nsncd? nscd-use-nsncd? ;boolean
+ (default #t))
(log-file nscd-configuration-log-file ;string
(default "/var/log/nscd.log"))
(debug-level nscd-debug-level ;integer
@@ -1447,12 +1450,14 @@ (define (nscd-shepherd-service config)
(requirement '(user-processes syslogd))
(start #~(make-forkexec-constructor
- (list #$nscd "-f" #$nscd.conf "--foreground")
+ #$(if (nscd-use-nsncd? config)
+ #~(list #$(file-append nsncd "/bin/nsncd"))
+ #~(list #$nscd "-f" #$nscd.conf "--foreground"))
;; Wait for the PID file. However, the PID file is
;; written before nscd is actually listening on its
;; socket (XXX).
- #:pid-file "/var/run/nscd/nscd.pid"
+ #$@(if (nscd-use-nsncd? config) '() '(#:pid-file "/var/run/nscd/nscd.pid"))
#:environment-variables
(list (string-append "LD_LIBRARY_PATH="
--
2.41.0
L
L
Ludovic Courtès wrote on 2 Jun 20:52 +0200
Re: [bug#71064] [PATCH 0/7] Nsncd: Introduce package + nscd service update
(address . picnoir@alternativebit.fr)(address . 71064@debbugs.gnu.org)
874jabkwj3.fsf@gnu.org
Howdy Picnoir,

Thanks for the patch set! As you write, nsncd is going to be very
useful for Nix and Guix, so this is a much welcome addition.

picnoir@alternativebit.fr skribis:

Toggle quote (8 lines)
> gnu: Add rust-libc-0.2.153.
> gnu: Add rust-nix-0.28.
> gnu: Add rust-dns-lookup-2.
> gnu: Add rust-temp-env-0.3.
> gnu: Add rust-slog-async-2-8.
> gnu: Add nsncd.
> gnu: services: nscd: add Nsncd optional support.

I applied everything but the last patch. I took the liberty to tweak
descriptions as per our guidelines¹, adding me as co-author. I also
changed the ‘version’ field of nsncd to remove the “unstable-” prefix.
Let me know if anything’s amiss.

As for the last patch, I’ll comment separately.

Thanks,
Ludo’.

L
L
Ludovic Courtès wrote on 2 Jun 20:55 +0200
Re: [bug#71064] [PATCH 7/7] gnu: services: nscd: add Nsncd optional support.
(address . picnoir@alternativebit.fr)(address . 71064@debbugs.gnu.org)
87zfs3jhs5.fsf@gnu.org
Hi,

picnoir@alternativebit.fr skribis:

Toggle quote (8 lines)
> From: Picnoir <picnoir@alternativebit.fr>
>
> * gnu/services/base.scm (services: nscd: add Nsncd optional support): Add a
> new nscd-use-nscd? field in the Nscd configuration record. When set to #t, the
> nscd service will use Nsncd in place of the Glibc's Nscd. I'm not 100% sure
> adding this to the existing Nscd service is a good idea, it's however the most
> convenient option for now. Or is it? :)

Well, there needs to be a flag somehow. :-)

Nitpick: could you describe the changes at a syntactic level in the
commit log? I know our conventions aren’t common today, so whoever
commits it can eventually tweak it on your behalf if needed.

Toggle quote (3 lines)
> + (use-nsncd? nscd-use-nsncd? ;boolean
> + (default #t))

I’m tempted to make it:

(implementation nscd-implementation (default 'glibc))

And thus 'nsncd would be the other supported value.

Do you think that makes sense?

Anyhow, could you adjust doc/guix.texi to mention the new field?

Apart from that, the patch looks good to me. Could you send an updated
version?

Thanks!

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 71064@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 71064
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch