tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

nixos/nscd: use nsncd by default

As announced in the NixOS 22.11 release notes, 23.05 will switch NixOS
to using nsncd (a non-caching reimplementation in Rust) as NSS lookup
dispatcher, instead of the buggy and deprecated glibc-provided nscd.

If you need to switch back, set `services.nscd.enableNsncd = false`, but
please open an issue in nixpkgs so your issue can be fixed.

Florian Klink fbfe2907 56f5f40f

+31 -14
unified split
+10
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
··· 529 </listitem> 530 <listitem> 531 <para> 532 The <literal>dnsmasq</literal> service now takes configuration 533 via the <literal>services.dnsmasq.settings</literal> attribute 534 set. The option
··· 529 </listitem> 530 <listitem> 531 <para> 532 + NixOS now defaults to using nsncd (a non-caching 533 + reimplementation in Rust) as NSS lookup dispatcher, instead of 534 + the buggy and deprecated glibc-provided nscd. If you need to 535 + switch back, set 536 + <literal>services.nscd.enableNsncd = false</literal>, but 537 + please open an issue in nixpkgs so your issue can be fixed. 538 + </para> 539 + </listitem> 540 + <listitem> 541 + <para> 542 The <literal>dnsmasq</literal> service now takes configuration 543 via the <literal>services.dnsmasq.settings</literal> attribute 544 set. The option
+2
nixos/doc/manual/release-notes/rl-2305.section.md
··· 130 131 DocBook option documentation support will be removed in the next release and CommonMark will become the default. DocBook option documentation that has not been migrated until then will no longer render properly or cause errors. 132 133 - The `dnsmasq` service now takes configuration via the 134 `services.dnsmasq.settings` attribute set. The option 135 `services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches
··· 130 131 DocBook option documentation support will be removed in the next release and CommonMark will become the default. DocBook option documentation that has not been migrated until then will no longer render properly or cause errors. 132 133 + - NixOS now defaults to using nsncd (a non-caching reimplementation in Rust) as NSS lookup dispatcher, instead of the buggy and deprecated glibc-provided nscd. If you need to switch back, set `services.nscd.enableNsncd = false`, but please open an issue in nixpkgs so your issue can be fixed. 134 + 135 - The `dnsmasq` service now takes configuration via the 136 `services.dnsmasq.settings` attribute set. The option 137 `services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches
+7 -3
nixos/modules/services/system/nscd.nix
··· 29 30 enableNsncd = mkOption { 31 type = types.bool; 32 - default = false; 33 description = lib.mdDoc '' 34 - Whether to use nsncd instead of nscd. 35 This is a nscd-compatible daemon, that proxies lookups, without any caching. 36 ''; 37 }; 38 ··· 55 config = mkOption { 56 type = types.lines; 57 default = builtins.readFile ./nscd.conf; 58 - description = lib.mdDoc "Configuration to use for Name Service Cache Daemon."; 59 }; 60 61 package = mkOption {
··· 29 30 enableNsncd = mkOption { 31 type = types.bool; 32 + default = true; 33 description = lib.mdDoc '' 34 + Whether to use nsncd instead of nscd from glibc. 35 This is a nscd-compatible daemon, that proxies lookups, without any caching. 36 + Using nscd from glibc is discouraged. 37 ''; 38 }; 39 ··· 56 config = mkOption { 57 type = types.lines; 58 default = builtins.readFile ./nscd.conf; 59 + description = lib.mdDoc '' 60 + Configuration to use for Name Service Cache Daemon. 61 + Only used in case glibc-nscd is used. 62 + ''; 63 }; 64 65 package = mkOption {
+12 -11
nixos/tests/nscd.nix
··· 40 }; 41 42 specialisation = { 43 withUnscd.configuration = { ... }: { 44 services.nscd.package = pkgs.unscd; 45 - }; 46 - withNsncd.configuration = { ... }: { 47 - services.nscd.enableNsncd = true; 48 }; 49 }; 50 }; ··· 118 test_host_lookups() 119 test_nss_myhostname() 120 121 with subtest("unscd"): 122 machine.succeed('${specialisations}/withUnscd/bin/switch-to-configuration test') 123 machine.wait_for_unit("default.target") ··· 129 130 # known to fail, unscd doesn't load external NSS modules 131 # test_nss_myhostname() 132 - 133 - with subtest("nsncd"): 134 - machine.succeed('${specialisations}/withNsncd/bin/switch-to-configuration test') 135 - machine.wait_for_unit("default.target") 136 - 137 - test_dynamic_user() 138 - test_host_lookups() 139 - test_nss_myhostname() 140 ''; 141 })
··· 40 }; 41 42 specialisation = { 43 + withGlibcNscd.configuration = { ... }: { 44 + services.nscd.enableNsncd = false; 45 + }; 46 withUnscd.configuration = { ... }: { 47 + services.nscd.enableNsncd = false; 48 services.nscd.package = pkgs.unscd; 49 }; 50 }; 51 }; ··· 119 test_host_lookups() 120 test_nss_myhostname() 121 122 + with subtest("glibc-nscd"): 123 + machine.succeed('${specialisations}/withGlibcNscd/bin/switch-to-configuration test') 124 + machine.wait_for_unit("default.target") 125 + 126 + test_dynamic_user() 127 + test_host_lookups() 128 + test_nss_myhostname() 129 + 130 with subtest("unscd"): 131 machine.succeed('${specialisations}/withUnscd/bin/switch-to-configuration test') 132 machine.wait_for_unit("default.target") ··· 138 139 # known to fail, unscd doesn't load external NSS modules 140 # test_nss_myhostname() 141 ''; 142 })